A hacking campaign targeting American and Israeli has been exposed by a cybersecurity company on Thursday.
The Washington Post reports that iSight Partners uncovered the scheme.
Since at least 2011, the hackers have targeted current and former senior military officials, including a four-star admiral; current and former foreign policy officials who work on nonproliferation issues; as well as personnel from more than 10 U.S. and Israeli defense contractors, according to iSight Partners, a cybersecurity research firm.
The operation, which the firm dubbed Newscaster, uses sites such as Twitter, Facebook and LinkedIn to draw in the hackers’ targets, iSight Partners researchers said. Its centerpiece is a fake news site called NewsOnAir.org, which features foreign policy and defense stories.
According to the iSight report, among the targets of the hacking were “intelligence that could support weapon systems development, or … insight into the U.S. military, the U.S.-Israel alliance or nuclear negotiations between Iran and the United States and other powers.”
Among the indications that Iranian nationals were behind the hacking were that the hackers “maintained hours consistent with the Iranian workweek, taking Thursday and Friday off” and that “NewsOnAir.org site is registered in Tehran and was located on a server that hosted mostly Iranian Web sites.”
The Times of Israel adds a disturbing dimension to the report. The sophistication of the scheme suggests that a government was behind the hacking.
While phishing scams go on all the time and are conducted by all manner of Internet criminals, the level of sophistication and organization indicates that the people behind the scam belonged to a large organization, and the type of victims targeted indicates that it was conducted by a government seeking to get information about defense systems, strategies, and policies. That the main targets were Israelis and supporters of Israel in the US and the UK — and that the topic of discussion was usually Israeli defense — makes it most likely that Iran is the culprit.
The scam, the company said, may have been Iran’s cyber-response to Stuxnet, in which Israeli hackers allegedly unleashed malware that significantly retarded the progress of Iran’s nuclear development program.
This latest report comes as the P5+1 negotiations with Iran approaches its July 20 deadline for a comprehensive deal on Iran’s illicit nuclear program. The P5+1 agreed to relax sanctions in return for limited restrictions on Iran’s nuclear program. Despite the relaxing of sanctions, Iran has maintained its hostile stance towards the West, maintained its nuclear weapons program, and continued its support of the brutal Bashar al-Assad regime in Syria, while benefiting by violating caps on its oil exports.
[Photo: Ivan David Gomez Arce / Flickr ]