The extent to which hackers think up elaborate schemes to win people's trust online never ceases to amaze. The latest ones to be so bold are a crew of Iranian hackers who won the trust of American leaders by building a fake news site, along with phony social media profiles for all its fake writers.And it worked.
Security experts at iSight just revealed the details of a three-year-long campaign believed to be masterminded by Iranian spies. This scheme involved creating a fake news organization, NewsOnAir.org, that they filled with stole stories from Reuters, CNN, BBC, and others. They used to site to add credibility to a vast network of fake social media profiles that they'd created for the fake news site's writers and editors. All of this effort was simply so that members of Congress, military leaders, defense contractors, lobbyists, and journalists would trust them and accept their friend requests. From there, the hackers would gain access to all kinds of persona information.
If this sounds incredibly elaborate, that's because it is. "We've never seen a cyber espionage campaign from the Iranians as complex, broad reaching and persistent as this one," Tiffany Jones, senior vice president of client services at iSight, told Wired. "The dozen or so primary fictitious personas have done a pretty successful job over the last few years in gleaning thousands of connections and ultimately targeting legitimate individuals through their social media networks."
However complex this particular scheme was, the curious art of impersonation is actually fairly common in the hacker community. A couple years ago, a destructive form of malware that impersonated Microsoft code started popping up in the Middle East, and some even think it was Iranian in origin. Our own NSA similarly impersonated both Google and Facebook to spy.