Fake 'femmes fatales' aid Syrian battle hack

Syrian opposition soldier Image copyright AP
Image caption Information about weapons and troop movements were stolen in the attack

Fake "femmes fatales" have been used to steal battle plans and other data from Syrian opposition groups, a report suggests.

The virtual women had been used in text chat on Skype to engage potential victims, security company FireEye said.

And data had been stolen via booby-trapped images of the women to whom the victims had believed they had been chatting.

"We cannot positively identify who is behind these attacks," said FireEye.

Tailored attack

Security researcher Nart Villeneuve added: "We know that they used social media to infiltrate victims' machines and steal military information that would provide an advantage to President [Bashar al-]Assad's forces on the battlefield."

The attack had been mounted between November 2013 and January 2014 and the information that had been stolen had come to light as FireEye had investigated a separate incident, it said.

In total, it said, 7.7GB of data had been stolen, including more than 240,000 messages, 31,000 conversations and 64 separate Skype account databases.

Annotated satellite images and maps, the times that assaults had been planned and lists of the type of weapons to be used in each phase of an upcoming battle had all been included among the stolen data, FireEye said.

The attackers had also grabbed information about the movement of weapons away from the front line, as well as casualties, financing and humanitarian activity, it said.

According to FireEye:

  • Initial contact was made via Skype, with attackers posing as attractive women keen to lend a sympathetic ear to fighters in opposition forces
  • During these conversations, the attackers sought information about how their target was accessing Skype
  • Soon after, the victim received an image of their supposed contact that was seeded with malware tailored to compromise their PC or smartphone

The malware was a well-known remote-access tool known as DarkComet but had been adapted to the particular circumstances in Syria, said FireEye.

Victims were located mainly in Syria but also in other Middle Eastern and European countries, it said.

More on this story

Related Internet links

The BBC is not responsible for the content of external Internet sites