Iranian Hackers Spent Three Years Quietly Attacking 2,000 U.S. Computers

They seem to be getting better and better at infiltrating U.S. systems — and intelligence officials have noticed.

National Journal
Marina Koren
Add to Briefcase
Marina Koren
May 29, 2014, 7:45 a.m.

It was the “most elab­or­ate so­cial-en­gin­eer­ing cam­paign” these se­cur­ity re­search­ers had ever seen.

A new re­port from iSight Part­ners, a Dal­las-based com­puter-se­cur­ity firm, ex­posed on Thursday a three-year cyberes­pi­on­age cam­paign car­ried out by Ir­a­ni­an hack­ers. The di­git­al at­tacks, which in­fec­ted about 2,000 U.S. per­son­al com­puters since 2011, tar­geted mem­bers of the U.S. mil­it­ary and Con­gress, as well as dip­lo­mats, lob­by­ists, and Wash­ing­ton-based journ­al­ists.

The long-term cam­paign, dubbed “News­caster” by the se­cur­ity firm, em­ployed a dozen fake so­cial-me­dia ac­counts on sites such as Face­book, Twit­ter, and Linked­In. Hack­ers sent tar­gets links that, when ac­cessed, would un­leash mal­ware. They dir­ec­ted people to fake lo­gin screens to steal their user names and pass­words. They im­per­son­ated journ­al­ists and de­fense con­tract­ors, and even set up a fake news web­site to lure vic­tims.

All signs poin­ted to Ir­an as the source. Nicole Per­l­roth writes in The New York Times:

There were many clues. The fake News­On­Air.org web­site was re­gistered in Tehran and sites that hack­ers used to de­ploy their mal­ware were also hos­ted in Ir­an. The mal­ware that the hack­ers used con­tained sev­er­al Per­sian words. The time stamps of hack­ers’ activ­ity tracked with pro­fes­sion­al work­ing hours in Tehran. They even took the day off on Ir­a­ni­an week­ends and hol­i­days.

An­oth­er tell­tale sign, re­search­ers said, was the con­tent the hack­ers pos­ted on their per­so­nas’ so­cial me­dia. In some cases, they pos­ted Ir­a­ni­an jokes to their Face­book pages. One hack­er used a Face­book page to ask fol­low­ers, “What’s kind of sanc­tion will lead to un­der­min­ing the Ir­a­ni­an na­tion?”

It’s un­clear ex­actly what in­form­a­tion these hack­ers stole. But the fact that such a highly co­ordin­ated at­tack went un­noticed for sev­er­al years sug­gests that the tech­nic­al skills of Ir­a­ni­an hack­ers, usu­ally out­done by far-su­per­i­or Chinese and Rus­si­an hack­ers, are im­prov­ing. This time last year, a wave of at­tacks tar­get­ing Amer­ic­an en­ergy com­pan­ies was traced to Ir­an. Back then, U.S. in­tel­li­gence of­fi­cials were already wor­ried about Ir­a­ni­an hack­ers’ grow­ing tal­ents.

What We're Following See More »
RSC OPPOSITION
House Conservatives Balk on Obamacare Replacement
4 hours ago
THE LATEST

"The chairman of the influential Republican Study Committee said Monday he would vote against a draft ObamaCare replacement bill that leaked last week. Rep. Mark Walker (R-NC), head of the 172-member committee, said Monday his opposition stems from the draft bill's use of refundable tax credits." He said the current plan simply "kicks the can down the road" rather than attempt any real reform.

Source:
ENLISTS THEIR HELP IN REPEAL/REPLACE
Trump Meets with Health Execs
4 hours ago
THE LATEST
ALSO VICTIMS OF VIOLENCE BY ILLEGAL IMMIGRANTS
Scalia’s Widow to Be Trump’s Guest at Speech
4 hours ago
THE DETAILS

The White House revealed its guest list for President Trump's address to Congress on Tuesday night. The marquee name: Maureen Scalia, the wife of the late Justice Antonin Scalia. Also seated with the first lady will be three family members of people killed by illegal immigrants.

ZINKE NEXT IN LINE
Wilbur Ross Confirmed as Commerce Secretary
5 hours ago
THE LATEST
FORMER GOVERNOR, AMBASSADOR TO CHINA
Jon Huntsman in Line to be #2 at State
13 hours ago
THE DETAILS
×
×

Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.

Login