Report: Hackers in Iran use social media to target senior U.S., Israeli officials

Hackers based in Iran used social networks to spy on high-ranking U.S. and Israeli officials, a new report by a cybersecurity firm claims.

Posing as journalists and government officials, the hackers have been working for about three years to get close to their targets, connecting with at least 2,000 people in the process, according to the report from iSight Partners.

“While it’s low sophistication technically, it’s actually one of the most elaborate social media, or socially engineered, espionage campaigns we’ve ever seen,” Tiffany Jones, a senior vice president at iSight, told CNN.

The firm says that it doesn’t have hard evidence tying Iran to the hacking but that “the targeting, operational schedule, and infrastructure used in this campaign is consistent with Iranian origins.”

Fake identities

How does the scheme work?

According to iSight, the hackers create fake accounts on social networks masquerading as journalists, government officials and defense contractor employees.

They have even set up a bogus online news website, newsonair.org, to bolster their credentials, and have sometimes used real reporters’ names, photographs and biographies.

The hackers endeavor to build social network connections with friends, relatives and colleagues of their targets, who included senior American military and diplomatic officials, congressional staffers and defense contractors in the United States and Israel.

Once they make contact with a target individual, the hackers try to establish their credibility, by initially sending messages with links to real news stories, for example.

But over time, they lure the target to a fake website, where they steal their passwords and other credentials, or get them to download malicious software.

U.S. admiral among connections

The investigators at iSight said it isn’t clear at the moment how many credentials the campaign has harvested so far. But among the more than 2,000 people with whom the hackers made connections are a four-star U.S. admiral, British and Saudi officials, journalists and lawmakers.

None of the people were named.

The hackers appeared to be after national security information, but what exactly they got their hands on remains unclear.

“The actors have intimated their interest in specific defense technology as well as military and diplomatic information by their targeting,” iSight said. “This type of targeting is inconsistent with cybercriminal behavior.”

There’s no smoking gun pointing to official Iranian involvement in the scheme. The report cites circumstantial evidence that suggests the hackers operated from Iran.

“What we can say is – based on who was targeted, the types of information they were going after, the infrastructure that was used and where it’s registered in Tehran and a number of other indicators – that we believe there are links to Iranian actors here,” Jones said.

The hackers kept up a regular schedule that fits with working hours in Tehran, including the lunch break, according to iSight.

Networks respond

Facebook says it became aware of the scheme while investigating suspicious activity and has removed the fake profiles associated with the hackers.

LinkedIn says it’s looking into the claims.

The FBI and State Department say they received copies of the report but aren’t commenting on it directly. The State Department says it has been aware in the past of hackers from Iran using social media websites to investigate targets, including U.S. officials.

As far as the general public is concerned, iSight advises vigilance when using social networks.

“Do not create trusted connections with unknown organizations and/or individuals,” it says. “Never provide login credentials with any site or person who contacts to you (rather than you contacting it).”

CNN’s Elise Labott reported from Washington, and Jethro Mullen reported and wrote from Hong Kong.