Iran link to social media spying on military leaders

Facebook logo Facebook said it shut down fake accounts used to target key personnel

Related Stories

Fake social media accounts have been used by Iranian hackers to spy on senior military and political staff worldwide, a report suggests.

The accounts aided a four-year campaign that aimed to befriend targets, said computer security firm iSight Partners.

Accounts were used to make it appear that bogus identities set up by the spies were real people.

iSight said it was the most elaborate net-based spying campaign using social media it had ever seen.

Stealth campaign

US Navy admirals, politicians, ambassadors and lobbyists, as well as senior government and military figures from the UK, Saudi Arabia, Syria, Iraq and Afghanistan, were all targeted, said iSight.

"If it's been going on for so long, clearly they have had success," said Tiffany Jones, a spokeswoman for iSight, told Reuters.

In total, said the report, fake personas for 14 people were created and maintained on a variety of social media sites, including Facebook, Twitter, LinkedIn, Google+, YouTube and Blogger. The bogus identities were for staff who supposedly worked for a fictitious news agency as well as defence workers, an accountant and a naval IT administrator.

Friends, relatives, workmates and acquaintances of targets were initially contacted via social media to establish ties that were later used to lend more credibility to requests to connect to the true targets of the campaign.

About 2,000 people were used to establish these lower-level ties, which were used to go after a smaller group of about 200 higher-profile individuals.

Alerted the FBI

Initially links free of malware were shared through the connections set up on social media. Later, links to sites seeded with malware were used to attempt to catch out victims and gain access to useful data.

"This campaign is not loud. It is low and slow," said Ms Jones. "They want to be stealth. They want to be under the radar."

Evidence gathered during the investigation pointed the finger squarely at Iran, iSight said in its report, but it did not know whether the campaign was state-sponsored or carried out by a third party.

iSight said it had contacted many of the people targeted by the campaign and had alerted the FBI and law enforcement agencies.

Facebook said it independently spotted the fake accounts as part of its regular site-wide sweeps for bogus users. LinkedIn said it was investigating but noted that none of the fake 14 accounts were currently active. Twitter did not comment.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features & Analysis

BBC Future

(Getty Images)

Robot ships: Poised to set sail?

Computer-control, far out to sea Read more...

Programmes

  • Tourists wearing bikinis in MajorcaThe Travel Show Watch

    Why wearing a bikini could land you with a fine on the Spanish island of Majorca

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.