Modern field guide to security and privacy

How Iran duped high-ranking US officials with fake website

An elaborate online ruse centered on a fake news website tricked some US military and diplomatic officials into divulging password and login information to Iran cyber-spies, a report says.

Chris Helgren/Reuters
A portion of the homepage is seen on a computer screen in Toronto, Ontario, May 28. In an unprecedented, three-year cyber espionage campaign, Iranian hackers created false social networking accounts and a fake news website to spy on military and political leaders in the United States, Israel and other countries, a Dallas-based cyber intelligence firm, Isight Partners, said May 29, 2014.

Iran appears to be the hidden hand behind a three-year cyber-espionage campaign aimed at stealing information from leading high-ranking US military and diplomatic officials via an elaborate fake online news operation, according to a new report.

In spirit, if not daring, the fake news operation offers a whiff of e-payback for the CIA’s own fake movie-making gambit of 35 years ago, as dramatized in the movie “Argo,” in which US Embassy staff who evaded Iranian revolutionary hostage-takers were rescued.

Fake news stories, a fake media mogul who supposedly owned the news site they appeared on, his fake friends, and fake reporters who worked for him were all part of an extensive structure of fictitious personas, pictures, and messages strung across a host of social media sites including LinkedIn, Facebook, and Twitter.

That network was used to win “friend” status from about 2,000 targeted people – including senior military officers and diplomats, says the report by iSight Partners, a Dallas cyber-security company.

Once connected, the cyber-spy “friend” sent the targets poisoned links to websites that then stole the targets’ passwords and other login information. That  permitted the spies to harvest e-mail and other data from those systems.

Dubbed “Newscaster” by iSight investigators, the operation employed a slick but entirely fake site called On the site, the text of actual news stories was plagiarized and credited to fake journalists. Twitter was often used to send links to the articles to victims. Fake web pages of what appeared to be Yahoo, Google, and Outlook Web Access appeared, requiring login information, which was sent to computer servers in Iran.

“The network was principally leveraged against US and Israeli targets in public and private sectors ... with deliberate attempts to connect with certain entities suggest an interest in political, military, diplomatic, and technical intelligence,” the report said. “The majority of personas purport to be journalists, members of the military or defense contractors.”

The fake network, while not especially technically sophisticated, shows that Iran is expanding its offensive cyber-capabilities, experts say.

“This is an Iranian attempt to get smart on US policymaking – quite probably to give them insight into how the US will respond or react in these nuclear talks,” says Ilan Berman, vice president of the American Foreign Policy Council, a Washington think tank.

The news site and other fake sites associated with it appear to have been created about the time that Iran was crunched by US sanctions and under tremendous pressure to negotiate on reducing its nuclear program, adds John Bumgarner, a former intelligence officer.

“Someone went to a lot of effort to put this together,” he says. “It does seem to parallel the Iranian nuclear program.... And this was a way for Iran to get a look behind the curtain at US intentions.”

Iran is widely credited with carrying out damaging cyber-attacks on oil and gas company computers in Saudi Arabia and Qatar in August 2012. A spate of intense distributed denial of service (DDoS) attacks against US banks began in fall 2012, running for about a year before inexplicably petering out.

Along the way, it seems to have expanded its cyber-spying. While not nearly as sophisticated as the US, Russia, China, or France, Iran’s cyber-espionage efforts included a recent four-month incursion into a US Navy network that put US cyber-counter intelligence on notice, other experts say.

“They’ve put in place the structures, strategy, and have acquired software tools from the black market,” James Lewis, a cyber expert with the Center for Strategic and International Studies, concurred in a recent interview. “They have groups whose job it is to hack.”

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to