Skip to main content

Report: Hackers in Iran use social media to target senior U.S., Israeli officials

By Elise Labott and Jethro Mullen, CNN
updated 7:16 AM EDT, Fri May 30, 2014
STORY HIGHLIGHTS
  • Hackers posed as journalists and government officials, a cybersecurity report says
  • They built connections on social networks to get close to their targets
  • The aim was to get passwords and other credentials from diplomatic and defense officials
  • The firm says the targets and the infrastructure used points to Iran-based hackers

Washington (CNN) -- Hackers based in Iran used social networks to spy on high-ranking U.S. and Israeli officials, a new report by a cybersecurity firm claims.

Posing as journalists and government officials, the hackers have been working for about three years to get close to their targets, connecting with at least 2,000 people in the process, according to the report from iSight Partners.

"While it's low sophistication technically, it's actually one of the most elaborate social media, or socially engineered, espionage campaigns we've ever seen," Tiffany Jones, a senior vice president at iSight, told CNN.

The firm says that it doesn't have hard evidence tying Iran to the hacking but that "the targeting, operational schedule, and infrastructure used in this campaign is consistent with Iranian origins."

When acting your age is a crime

Fake identities

How does the scheme work?

According to iSight, the hackers create fake accounts on social networks masquerading as journalists, government officials and defense contractor employees.

They have even set up a bogus online news website, newsonair.org, to bolster their credentials, and have sometimes used real reporters' names, photographs and biographies.

The hackers endeavor to build social network connections with friends, relatives and colleagues of their targets, who included senior American military and diplomatic officials, congressional staffers and defense contractors in the United States and Israel.

Once they make contact with a target individual, the hackers try to establish their credibility, by initially sending messages with links to real news stories, for example.

But over time, they lure the target to a fake website, where they steal their passwords and other credentials, or get them to download malicious software.

U.S. admiral among connections

The investigators at iSight said it isn't clear at the moment how many credentials the campaign has harvested so far. But among the more than 2,000 people with whom the hackers made connections are a four-star U.S. admiral, British and Saudi officials, journalists and lawmakers.

None of the people were named.

The hackers appeared to be after national security information, but what exactly they got their hands on remains unclear.

"The actors have intimated their interest in specific defense technology as well as military and diplomatic information by their targeting," iSight said. "This type of targeting is inconsistent with cybercriminal behavior."

There's no smoking gun pointing to official Iranian involvement in the scheme. The report cites circumstantial evidence that suggests the hackers operated from Iran.

"What we can say is -- based on who was targeted, the types of information they were going after, the infrastructure that was used and where it's registered in Tehran and a number of other indicators -- that we believe there are links to Iranian actors here," Jones said.

The hackers kept up a regular schedule that fits with working hours in Tehran, including the lunch break, according to iSight.

Networks respond

Facebook says it became aware of the scheme while investigating suspicious activity and has removed the fake profiles associated with the hackers.

LinkedIn says it's looking into the claims.

The FBI and State Department say they received copies of the report but aren't commenting on it directly. The State Department says it has been aware in the past of hackers from Iran using social media websites to investigate targets, including U.S. officials.

As far as the general public is concerned, iSight advises vigilance when using social networks.

"Do not create trusted connections with unknown organizations and/or individuals," it says. "Never provide login credentials with any site or person who contacts to you (rather than you contacting it)."

CNN's Elise Labott reported from Washington, and Jethro Mullen reported and wrote from Hong Kong.

ADVERTISEMENT
Part of complete coverage on
updated 12:46 PM EST, Sun December 21, 2014
The tragic killing of two cops could not have happened at a worse time for a city embroiled in a bitter public battle over police-community relations, Errol Louis says.
updated 8:27 AM EST, Mon December 22, 2014
North Korea warns the United States that U.S. "citadels" will be attacked, dwarfing the hacking attack on Sony that led to the cancellation of a comedy film's release.
updated 9:51 PM EST, Sun December 21, 2014
The gateway to Japan's capital, Tokyo Station, is celebrating its centennial this month -- and it's never looked better.
updated 11:21 AM EST, Sat December 20, 2014
More than 1.7 million children in conflict-torn areas of eastern Ukraine face an "extremely serious" situation, Unicef has warned.
updated 8:22 AM EST, Fri December 19, 2014
Boko Haram's latest abductions may meet a weary global reaction, Nigerian journalist Tolu Ogunlesi says.
updated 5:34 AM EST, Fri December 19, 2014
Drops, smudges, pools of blood are everywhere -- but in the computer room CNN's Nic Robertson reels from the true horror of the Peshawar school attack.
updated 9:43 PM EST, Wed December 17, 2014
The gunman behind the deadly siege in Sydney this week was not on a security watch list, and Australia's Prime Minister wants to know why.
updated 4:48 AM EST, Thu December 18, 2014
Bestselling author Marjorie Liu had set her sights on being a lawyer, but realized it wasn't what she wanted to do for the rest of her life.
updated 3:27 PM EST, Tue December 16, 2014
CNN's Matthew Chance looks into an HRW report saying Russia has "legalized discrimination against LGBT people."
updated 9:12 PM EST, Mon December 15, 2014
The Sydney siege has brought home some troubling truths to Australians. They are not immune to what are often called "lone-wolf" terror attacks.
Bill Cosby has kept quiet as sexual assault allegations mounted against him, but his wife, Camille, finally spoke out in defense of her husband.
updated 12:01 PM EST, Mon December 22, 2014
Each day, CNN brings you an image capturing a moment to remember, defining the present in our changing world.
Browse through images from CNN teams around the world that you don't always see on news reports.
ADVERTISEMENT