Fake identities and pseudonymity is a common feature of Internet. The United States has been planning to use fake virtual people botnet and persona management software for long. Till now U.S. must actually be using these tactics. It has been alleged that radio waves and malware have been used by United State’s NSA for world wide e-surveillance.
The relationship between intelligence community, social media and open source intelligence is now well established. It is common practice among intelligence agencies around the world to use social media platforms and Internet for gathering intelligence related information and data. The cyberspace landscape of India is fast changing as is reflected in various cyber security and ICT trends. Keeping the contemporary requirements, the intelligence infrastructure of India needs transparency and strengthening.
It has been reported that the Iranian hackers created false social networking accounts and a bogus news website to spy on military and political leaders in the United States, Israel and other countries. ISight Partners, which uncovered the operation, said the targets include a four-star U.S. Navy admiral, U.S. lawmakers and ambassadors, and personnel from Afghanistan, Britain, Iraq, Israel, Saudi Arabia and Syria.
The firm declined to identify victims and said it could not say what data had been stolen by the hackers, who were seeking credentials to access government and corporate networks, as well as intelligence on weapons systems and diplomatic negotiations.
ISight dubbed the operation “Newscaster” because it said the Iranian hackers created six “personas” who appeared to work for a fake news site, NewsOnAir.org, which used content from the Associated Press, BBC, Reuters and other media outlets. The hackers created another eight personas that purported to work for defense contractors and other organizations, iSight said.
The hackers set up false accounts on Facebook and other social networks for these 14 personas, populated profiles with fictitious personal content, and then tried to befriend targets, according to iSight. The operation has been active since at least 2011, iSight said, noting that it was the most elaborate cyber espionage campaign using “social engineering” uncovered to date from any nation.
To build credibility, the hackers would approach high-value targets by first establishing ties with the victims’ friends, colleagues, relatives and other connections over social networks including Facebook Inc, Google Inc LinkedIn Corp and Twitter Inc. The hackers would initially send the targets content that was not malicious, such as links to news articles on NewsOnAir.org, in a bid to establish trust. Then they would send links that infected PCs with malicious software, or direct targets to web portals that ask for network log-in credentials, iSight said.
Iranian hackers stepped up their activity in the wake of the 2010 Stuxnet computer virus attack on Tehran’s nuclear program, widely believed to have been launched by the United States and Israel. Malware like Stuxnet, Duqu, Flame, Uroburos/Snake, Blackshades, FinFisher, etc have changed the way cyber warfare and cyber espionage battles are fought these days.
ISight said it could not ascertain whether the hackers were tied to the Tehran government, though it believed they were supported by a nation state because of the operation’s complexity.