Iranian Hackers Spent Three Years Quietly Attacking 2,000 U.S. Computers

They seem to be getting better and better at infiltrating U.S. systems — and intelligence officials have noticed.

National Journal
Marina Koren
Add to Briefcase
Marina Koren
May 29, 2014, 7:45 a.m.

It was the “most elab­or­ate so­cial-en­gin­eer­ing cam­paign” these se­cur­ity re­search­ers had ever seen.

A new re­port from iSight Part­ners, a Dal­las-based com­puter-se­cur­ity firm, ex­posed on Thursday a three-year cyberes­pi­on­age cam­paign car­ried out by Ir­a­ni­an hack­ers. The di­git­al at­tacks, which in­fec­ted about 2,000 U.S. per­son­al com­puters since 2011, tar­geted mem­bers of the U.S. mil­it­ary and Con­gress, as well as dip­lo­mats, lob­by­ists, and Wash­ing­ton-based journ­al­ists.

The long-term cam­paign, dubbed “News­caster” by the se­cur­ity firm, em­ployed a dozen fake so­cial-me­dia ac­counts on sites such as Face­book, Twit­ter, and Linked­In. Hack­ers sent tar­gets links that, when ac­cessed, would un­leash mal­ware. They dir­ec­ted people to fake lo­gin screens to steal their user names and pass­words. They im­per­son­ated journ­al­ists and de­fense con­tract­ors, and even set up a fake news web­site to lure vic­tims.

All signs poin­ted to Ir­an as the source. Nicole Per­l­roth writes in The New York Times:

There were many clues. The fake News­On­Air.org web­site was re­gistered in Tehran and sites that hack­ers used to de­ploy their mal­ware were also hos­ted in Ir­an. The mal­ware that the hack­ers used con­tained sev­er­al Per­sian words. The time stamps of hack­ers’ activ­ity tracked with pro­fes­sion­al work­ing hours in Tehran. They even took the day off on Ir­a­ni­an week­ends and hol­i­days.

An­oth­er tell­tale sign, re­search­ers said, was the con­tent the hack­ers pos­ted on their per­so­nas’ so­cial me­dia. In some cases, they pos­ted Ir­a­ni­an jokes to their Face­book pages. One hack­er used a Face­book page to ask fol­low­ers, “What’s kind of sanc­tion will lead to un­der­min­ing the Ir­a­ni­an na­tion?”

It’s un­clear ex­actly what in­form­a­tion these hack­ers stole. But the fact that such a highly co­ordin­ated at­tack went un­noticed for sev­er­al years sug­gests that the tech­nic­al skills of Ir­a­ni­an hack­ers, usu­ally out­done by far-su­per­i­or Chinese and Rus­si­an hack­ers, are im­prov­ing. This time last year, a wave of at­tacks tar­get­ing Amer­ic­an en­ergy com­pan­ies was traced to Ir­an. Back then, U.S. in­tel­li­gence of­fi­cials were already wor­ried about Ir­a­ni­an hack­ers’ grow­ing tal­ents.

What We're Following See More »
BIGGEST SHAKEUP OF ALL?
Bannon Is Out at the White House
9 hours ago
THE LATEST

First, it was Sean Spicer. Then Reince Priebus. Now, presidential adviser Steve Bannon, perhaps the administration's biggest lightning rod for criticism, is out. “White House Chief of Staff John Kelly and Steve Bannon have mutually agreed today would be Steve’s last day,” the White House press secretary, Sarah Huckabee Sanders, said in a statement. “We are grateful for his service and wish him the best.” That's not to say the parting of ways isn't controversial. Bannon says he submitted his resignation on Aug. 7, but earlier today, "the president had told senior aides that he had decided to remove Mr. Bannon."

Source:
INITIATIVE TARGETED GUN RETAILERS, OTHERS
Trump Ends Obama’s “Operation Choke Point”
11 hours ago
THE DETAILS

"The Trump administration has ended Operation Choke Point, the anti-fraud initiative started under the Obama administration that many Republicans argued was used to target gun retailers and other businesses that Democrats found objectionable. Assistant Attorney General Stephen Boyd told GOP representatives in a Wednesday letter that the long-running program had ended, bringing a conclusion to a chapter in the Obama years that long provoked and angered conservatives who saw Choke Point as an extra-legal crackdown on politically disfavored groups."

Source:
LIBERALS RAISE CONFLICT OF ISSUE QUESTIONS
Gorsuch to Deliver Speech at Trump Hotel
11 hours ago
THE LATEST

"Liberal groups are raising questions about a speaking appearance Supreme Court Justice Neil Gorsuch plans to make next month at the Trump International Hotel in Washington. Gorsuch is scheduled to headline a luncheon celebrating the 50th anniversary of conservative group The Fund for American Studies on September 28, days before the next SCOTUS term begins October 2. Steve Slattery, a spokesman for The Fund for American Studies, said Gorsuch had nothing to do with venue choice, which was made long before the group asked Gorsuch to speak."

Source:
SAYS TRUMP JUST ATTACKING REPUBLICANS
Former Top Aide to McConnell Says GOPers Should Abandon Trump
1 days ago
THE LATEST
“YOU CAN’T CHANGE HISTORY, BUT YOU CAN LEARN FROM IT”
Trump Defends Confederate Statues in Tweetstorm
1 days ago
WHY WE CARE
×
×

Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.

Login