Iran cyberspies created fake news website, researchers say (Update)

May 29, 2014 by Rob Lever
Spies based in Iran created a bogus news organization used for espionage since 2011 against US and Israeli military targets, security researchers said

Spies based in Iran created a bogus news organization used for espionage since 2011 against US and Israeli military targets, security researchers said.

A report released this week by iSight Partners says that more than 2,000 people are or have been targeted in the operation dubbed Newscaster, which uses a "front media outlet" called NewsOnAir.org.

The operation appears to be "carried out by Iranian actors, though there is a dearth of information implicating its ultimate sponsor," the report said. It is believed to still be ongoing.

Under the program, spies plagiarized the work of real media outlets "to legitimize their personas as journalists," the report added.

Some of the news organizations whose work was misappropriated included the Associated Press, Reuters and the BBC.

'Brash and complex'

The documents from iSight called the operation "brash and complex," and the analysts found at least two legitimate identities falsified from news organizations including Fox News and Reuters.

The effort is part of a campaign that also used social media and "spear-phishing" to connect with officials and contractors in order to gain access to secret networks and steal data.

In addition to the fake news operation, the network uses its made-up personas to establish connections on Facebook and other social networks, with the aim of stealing email logins and other credentials.

"What this group lacks in technical sophistication, they make up for in brashness, creativity and patience," the iSight report said.

The length of the operation "is indicative of at least marginal success" it added.

In addition to the US and Israel, the report said that the operation may have targeted "high- and low-ranking personnel in multiple countries," including Britain, Iraq and Saudi Arabia.

Specific targets included members of the US military, congressional personnel, Washington area journalists and diplomats, US and Israeli defense contractors and members of the "US/Israeli lobby."

Of particular interest to the network were people involved in nuclear non-proliferation and sanctions that could affect Tehran.

"We are aware that hackers in Iran and elsewhere often use social media to gain information or make connections with targets of interest, including US government and private entities," US State Department spokeswoman Jen Psaki said.

"To defend against these threats, the United States is committed to helping the public and private sector protect itself in cyberspace by sharing actionable information."

'Alternative approach'

The operation suggests a stealth effort to steal data, unlike some of the more overt cyberattacks, said iSight's John Hultquist.

"In many ways, these operators have escaped the malware arms race in lieu of an alternative approach," Hultquist said in a blog post.

"Newscaster focuses on human factors and third-party platforms, weak spots for many of the most sophisticated enterprise defenses."

The report said the news site was registered in Iran and that the IP addresses used by the site also appear to be Iranian.

Other evidence, including the use of a Persian password, bolster suspicions the operation came from Iran.

"The network of personas is especially complex, including dozens of accounts with fictitious personal and professional material, many of whom claim to work for the news provider NewsOnAir.org," the report said.

The researchers said the impact is hard to assess, but warned that "successful compromises could be leveraged for diplomatic, military and other strategic advantages, and possibly even used as reconnaissance for attack."

Explore further: Report: Iran court orders Instagram blocked

add to favorites email to friend print save as pdf

Related Stories

Report: Iran court orders Instagram blocked

May 23, 2014

An Iranian court ordered that the photo-sharing app Instagram be blocked over privacy concerns, a semiofficial news agency reported Friday, the latest in a series of websites to be banned in the Islamic Republic.

Facebook woos journalists with 'FB Newswire'

Apr 25, 2014

Facebook launched Thursday FB Newswire, billed as an online trove of real-time information for journalists and newsrooms to mine while reporting on events or crafting stories.

Iran denies it summoned Facebook CEO to court (Update)

May 28, 2014

An Iranian prosecutor Wednesday denied reports that a local judge ordered Facebook founder and CEO Mark Zuckerberg to appear in court to answer complaints by individuals who say Facebook-owned applications Instagram and Whatsapp ...

Iran summons Facebook's Zuckerberg over privacy

May 27, 2014

An Iranian judge has summoned Facebook co-founder and chief executive Mark Zuckerberg to answer allegations that his company's apps have breached people's privacy, it was reported Tuesday.

Recommended for you

Apple issues security warning for iCloud

Oct 22, 2014

Apple has posted a new security warning for users of its iCloud online storage service amid reports of a concerted effort to steal passwords and other data from people who use the popular service in China.

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

COCO
not rated yet Jun 02, 2014
sounds a lot like FAUX News in Amerika - BBC in the UK and the CBC in Kanada