Hackers Target Syrian Rebels By Posing As Pretty Women
Hackers are targeting Syrian rebels by posing as women in support of the opposition, then sending pictures infected with viruses over Skype.
According to a report by FireEye, the hackers were able to steal critical documents from the Syrian rebels. The documents revealed the opposition’s strategies, tactical battle plans, supply needs and personal information. The hacked data belonged to everyone from the men on the ground as well as those in the media, aid workers and others supporting the opposition.
We uncovered these battle plans in the course of our ongoing threat research. It quickly became apparent that we had come across stolen documents containing the secret communications and plans of Syrian opposition forces that had fallen victim to a well-executed hacking operation.
Nart Villeneuve, the senior threat intelligence researcher at FireEye, said they don’t know who’s behind the attack, but that the hackers have certainly found a way to get the intelligence they were searching for.
In the course of our threat research, we found the activity focused on the Syrian opposition that shows another innovative way threat groups have found to gain the advantage they seek.
While we cannot positively identify who is behind these attacks, we know that they used social media to infiltrate victims’ machines and steal military information that would provide an advantage to President Assad’s forces on the battlefield.
The tactics used were apparently taking place between November 2013 and January 2014. The hackers would flirt with the Syrian rebels over Skype, eventually asking what kind of device the rebel was using. Once they got the proper information, they’d send over a picture riddled with malware.
Attack Against Syrian Rebels Sponsored by Lebanon?
According to the report, the tools and tactics used by the fake female hackers are not what they’ve witnessed in other groups fighting the Syrian rebels. The malware used by these hackers does not match up with other incidents, and the malware arsenal is quite diverse.
The baffling part about it all though is that Lebanon is a reoccurring theme that kept popping up in their findings.
“While researching this activity, we came across numerous references to Lebanon. We observed a user in Lebanon upload what appear to be two test versions of malware used to target opposition elements (the YABROD downloader and the CABLECAR launcher). The avatars, social media seeding, and fake opposition website are also filled with references to Lebanon.”
They also claim that during some chats, the female characters would often tell the Syrian rebels that they were in Lebanon, having no problem talking about social issues of the region.
There was also a training course in Lebanon in 2012 that taught attendees the same tactics used in this scenario. The course was called “Training Course for Internet and Social Media Activists,” and described tactics that pro-Assad recruits utilized and were trained to complete.
FireEye isn’t entirely certain that Lebanon sponsored the attacks, but their research does provide a wide variety of evidence pointing in their direction.
“This intelligence likely serves a critical role in the adversary’s operational plans and tactical decisions,” FireEye said. “However, this tactical edge comes with a potentially devastating human cost.”
Images from Shutterstock and Wikipedia.