Iranian Hackers Spent Three Years Quietly Attacking 2,000 U.S. Computers

They seem to be getting better and better at infiltrating U.S. systems — and intelligence officials have noticed.

National Journal
Marina Koren
Add to Briefcase
Marina Koren
May 29, 2014, 7:45 a.m.

It was the “most elab­or­ate so­cial-en­gin­eer­ing cam­paign” these se­cur­ity re­search­ers had ever seen.

A new re­port from iSight Part­ners, a Dal­las-based com­puter-se­cur­ity firm, ex­posed on Thursday a three-year cyberes­pi­on­age cam­paign car­ried out by Ir­a­ni­an hack­ers. The di­git­al at­tacks, which in­fec­ted about 2,000 U.S. per­son­al com­puters since 2011, tar­geted mem­bers of the U.S. mil­it­ary and Con­gress, as well as dip­lo­mats, lob­by­ists, and Wash­ing­ton-based journ­al­ists.

The long-term cam­paign, dubbed “News­caster” by the se­cur­ity firm, em­ployed a dozen fake so­cial-me­dia ac­counts on sites such as Face­book, Twit­ter, and Linked­In. Hack­ers sent tar­gets links that, when ac­cessed, would un­leash mal­ware. They dir­ec­ted people to fake lo­gin screens to steal their user names and pass­words. They im­per­son­ated journ­al­ists and de­fense con­tract­ors, and even set up a fake news web­site to lure vic­tims.

All signs poin­ted to Ir­an as the source. Nicole Per­l­roth writes in The New York Times:

There were many clues. The fake News­On­Air.org web­site was re­gistered in Tehran and sites that hack­ers used to de­ploy their mal­ware were also hos­ted in Ir­an. The mal­ware that the hack­ers used con­tained sev­er­al Per­sian words. The time stamps of hack­ers’ activ­ity tracked with pro­fes­sion­al work­ing hours in Tehran. They even took the day off on Ir­a­ni­an week­ends and hol­i­days.

An­oth­er tell­tale sign, re­search­ers said, was the con­tent the hack­ers pos­ted on their per­so­nas’ so­cial me­dia. In some cases, they pos­ted Ir­a­ni­an jokes to their Face­book pages. One hack­er used a Face­book page to ask fol­low­ers, “What’s kind of sanc­tion will lead to un­der­min­ing the Ir­a­ni­an na­tion?”

It’s un­clear ex­actly what in­form­a­tion these hack­ers stole. But the fact that such a highly co­ordin­ated at­tack went un­noticed for sev­er­al years sug­gests that the tech­nic­al skills of Ir­a­ni­an hack­ers, usu­ally out­done by far-su­per­i­or Chinese and Rus­si­an hack­ers, are im­prov­ing. This time last year, a wave of at­tacks tar­get­ing Amer­ic­an en­ergy com­pan­ies was traced to Ir­an. Back then, U.S. in­tel­li­gence of­fi­cials were already wor­ried about Ir­a­ni­an hack­ers’ grow­ing tal­ents.

What We're Following See More »
STARTS LEGAL FUND FOR WH STAFF
Trump to Begin Covering His Own Legal Bills
1 days ago
THE DETAILS
DISCUSSED THE MATTER FOR A NEW BOOK
Steele Says Follow the Money
1 days ago
STAFF PICKS

"Christopher Steele, the former British intelligence officer who wrote the explosive dossier alleging ties between Donald Trump and Russia," says in a new book by The Guardian's Luke Harding that "Trump's land and hotel deals with Russians needed to be examined. ... Steele did not go into further detail, Harding said, but seemed to be referring to a 2008 home sale to the Russian oligarch Dmitry Rybolovlev. Richard Dearlove, who headed the UK foreign-intelligence unit MI6 between 1999 and 2004, said in April that Trump borrowed money from Russia for his business during the 2008 financial crisis."

Source:
BRITISH PUBLICIST CONNECTED TO TRUMP TOWER MEETING
Goldstone Ready to Meet with Mueller’s Team
1 days ago
THE LATEST

"The British publicist who helped set up the fateful meeting between Donald Trump Jr. and a group of Russians at Trump Tower in June 2016 is ready to meet with Special Prosecutor Robert Mueller's office, according to several people familiar with the matter. Rob Goldstone has been living in Bangkok, Thailand, but has been communicating with Mueller's office through his lawyer, said a source close to Goldstone."

Source:
SPEAKING ON RUSSIAN STATE TV
Kislyak Says Trump Campaign Contacts Too Numerous to List
1 days ago
THE LATEST

"Russian Ambassador Sergey Kislyak said on Wednesday that it would take him more than 20 minutes to name all of the Trump officials he's met with or spoken to on the phone. ... Kislyak made the remarks in a sprawling interview with Russia-1, a popular state-owned Russian television channel."

Source:
“BLOWING A SURE THING”
Sabato Moves Alabama to “Lean Democrat”
2 days ago
WHY WE CARE
×
×

Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.

Login