E’ il nome che una società americana di cyber-intelligence, la ISight Partners, ha dato ad un’operazione di spionaggio che gli iraniani avrebbero condotto ai danni di 14 alti dirigenti delle forze armate statunitensi.
Secondo il report appena prodotto dalla ISight, infatti, l’Iran avrebbe rubato dati sensibili di generali ed ammiragli (ma anche giornalisti, lobbisti e parlamentari) creando falsi profili Linkedin, Facebook e Twitter sfruttando un elaborato schema di social engineering che ha permesso agli hacker di sviluppare contatti con almeno 2.000 soggetti.
[…] The hacker group, which maintained hours consistent with the Iranian work week, taking Thursday and Friday off, created more than a dozen fake personas or identities. In one case, though, it used a real Reuters reporter’s name and professional bio, and in another it used a Fox TV reporter’s photo. Other fake identities involved defense contractor employees and, in one case, a systems administrator for the U.S. Navy.
Using these personas, the hackers established online relationships with friends, relatives and colleagues of their targets through sites such as LinkedIn and Facebook. Having established those social links, they sought to “friend” or create online relationships with their targets.
Once connected to their targets, they established their bona fides by, for instance, sending friendly messages with links to fake sites such as NewsOnAir.org. That site contained legitimate articles first published elsewhere, but with the bylines replaced by fake reporters’ names. New stories were tweeted out through the account @NewsOnAir2.
As the ruse went on, they would send their targets links to, for instance, a YouTube video of a weapons system. When the target clicked on the link, he would be redirected to a spoof page — maybe a Gmail log-in or company e-mail log-in page — designed to steal his log-in and password information.
In all, the hackers established connections with more than 2,000 people, including targets and their friends, family and co-workers, iSight said.
“This is the most elaborate social engineering scheme we’ve seen associated with cyber-espionage,” Hultquist said.
The Newscaster campaign also targeted journalists, lobbyists for Israeli interests and members of Congress, iSight researchers said.
The Iranians are not among the elite or most sophisticated of hackers. The United States, Russia, Israel and China still are leagues ahead. But the Iranians are working hard to catch up, experts say.
ISight researchers said one concern is that the type of access obtained through operations such as Newscaster could be exploited in support of disruptive or destructive attacks on U.S. companies or government networks. […]