Iranian Hackers Target US Military Personnel via Social Media

People trust and share way too much on social media sites, and unfortunately this extends to government employees and military troops around the world. Iranian hackers have taken advantage of this and for the last three years have been targeting high ranking officials worldwide by attacking social media accounts using social engineering.

Social Engineering means to attempt to gain access or information from someone by pretending to be someone else or by physiologically manipulating someone to trick them into doing something they normally wouldn’t. Hackers use these techniques to gain account login information, access to a physical location or confidential data, or to gain information that could be used in future attacks.

According to the security firm iSight Partners in Dallas, Iranian hackers pretending to be members of US News media and defense contractors have social engineered high ranking officials via sites like Facebook, Linked-In, YouTube and Twitter since 2011. The firm has tracked the attacks for six months and have been amazed at the depth and persistence of the hackers:

It is such a complex and broad-reaching, long-term espionage campaign for the Iranians, what they lack in technical sophistication, they make up in creativity and persistence,” said iSight Senior Vice President Tiffany Jones.

The targets included a US Navy Admiral and other high ranking officials from the US and also Israel, UK, Iraq, Saudi Arabia and Syria.

People share way to much via social media assuming it is a safe environment. Military personnel and government officials around the globe share where they are, what technology they are working on, unit locations and capabilities, and other seemingly innocent data shared with “friends” that could be a gold mind to cyber espionage and social engineering hackers.

Officials should be very wary of unknown social media contacts pressing them for confidential data or account information. High ranking military personnel or those in top secret positions should not use social media sites as resumes or to share where they are or what they are working on.

Some country’s even prohibit soldiers from posting any pictures of themselves in uniform or discussing any military occupation information on social media sites.

Advertisements

Iran inside US Navy Unclassified Intranet System for Four Months

Navy NMCI

It took the Navy longer than previously reported to remove Iranian hackers from the Navy and Marine Corps Intranet (NMCI). According to the Wall Street Journal, the hackers had access to the system last year for four months.

The hackers were able to gain access via a hole in a public facing website and conducted surveillance on the intranet, though a senior official told the WSJ that no emails were hacked and no data was extracted.

The NMCI is the largest enterprise network in the world and second only to the internet itself in size. It handles about 70% of the Department of the Navy’s IT needs. It encompasses more than 360,000 computers and 4,100 servers connected together in over 600 locations.

The sheer size of this network makes is very difficult to secure. IT specialists have to make sure everything is kept updated and all security issues are dealt with on the hundreds of thousands of systems.

Attackers just need to find one opening to exploit.

Then once someone does gain access into a network of this size, it can take a long time for security specialists to analyze what was touched, what was compromised and what, if any, backdoors were left.

Though the system is the Navy’s unclassified network, the fact that Iran was able to gain access to this military intranet is very concerning.

It was a real big deal, it was a significant penetration that showed a weakness in the system.” a senior official told the WSJ.

Of interest to this story too, is that just five days after the breach was initially disclosed last year, an Iranian cyber commander was apparently assassinated.

Iranian Cyber Commander Mojtaba Ahmadi’s body was found in a remote area near Karaj. Initial police reports stated that he has shot by two men on a motorbike.

An eyewitness reported that there were “two bullet wounds on his body”, and that ‘”The extent of his injuries indicated that he had been assassinated from a close range with a pistol“.

This style of attack seems to be a very similar to a tactic used by Israeli secret agents.

Though it has not been proved that Israel was involved, and Iranian officials later denied that Ahmadi was assassinated – One thing seems true, physical responses for cyber attacks seem to be on the table.

And, you don’t mess with the United States Marine Corps!