US officials are defenseless against phishing Iranian hackers in social networks

    Over the past few months, Iranian hackers have been successfully using phishing emails to gain access to US officials' email and social media accounts. Employees detect hacking only after Facebook warnings about suspicious activity. No one uses two-factor authentication. The hackers hit officials who work with Iran and the Middle East.

    John Kerry with American delegation during negotiations on Iran’s nuclear program in Vienna

    Access to your account on social networks makes it possible to find out about user relationships. Attackers can switch from account to account in order to gain access to thousands of people associated with their ultimate goal. The Iranian authorities used this model to obtain evidence for allegedly spying on Washington Post in Tehran, Jason Rezayan .

    US Federal Bureau of Investigation in 2007 usedthis method. The criminal from MySpace spread threats to mine the school, and the social network refused to provide the FBI with the data of this user. The FBI made a copy of the Seattle Times, a popular publication in the region, and posted information describing the case. By clicking on the link, the user sent the FBI information about himself, including the IP and MAC address.

    Iranian attackers usually position themselves as reporters and employees of fake news agencies. To get to the victim, they first receive a “credit of trust” - they are looking for mutual friends. Users confirm a quarter of all applications for adding to friends, after which new colleagues and friends of the victim with greater confidence add the attacker to their friends. Such social engineering allows you to add the fact that the target clicks on the desired link and enters the username and password in the fake site field or downloads malware to your computer. After gaining access to accounts, hackers can learn a lot of secrets by reading the correspondence, and then use these accounts to send victims new friends and develop this network.

    Officials who became victims of Iranian hackers only learned about the hack when they were warned of suspicious activity by the Facebook service launched in October 2015 . Users receive such notifications when Facebook believes that a particular attack could be sponsored by government agencies.

    An example of a Facebook notification of suspicious activity

    Iranian hackers previously expressed their political position through hacks. In 2013, billionaire Sheldon Adelson called for a nuclear attack on Iran, and in 2014, hackers attackedhis casino in Las Vegas. Attackers erased data from hard drives, disabled mail servers and phones, and paralyzed the company. They used the vulnerability in a web server on Microsoft IIS and the Mimikatz program. Businessweek noted that Las Vegas Sands used the services of security guards recruited from former agents of the US Secret Service and Mossad, but five people for twenty-five thousand cars were involved in computer protection two years before the event.

    Also popular now: