"Operation Newscaster", as labelled by American firm ''iSIGHT Partners'' in 2014, is a cyber espionage

covert operation A covert operation is a military operation intended to conceal the identity of (or allow plausible deniability by) the party that instigated the operation. Covert operations should not be confused with clandestine operations, which are performe ...

directed at military and political figures using

social networking A social network is a social structure made up of a set of social actors (such as individuals or organizations), sets of dyadic ties, and other social interactions between actors. The social network perspective provides a set of methods for an ...

, allegedly done by Iran. The operation has been described as "creative", "long-term" and "unprecedented". According to ''iSIGHT Partners'', it is "the most elaborate cyber espionage campaign using

social engineering Social engineering may refer to: * Social engineering (political science), a means of influencing particular attitudes and social behaviors on a large scale * Social engineering (security), obtaining confidential information by manipulating and/or ...

that has been uncovered to date from any nation".

ISight's perceptions

On 29 May 2014, Texas-based cyber espionage research firm ''iSIGHT Partners'' released a report, uncovering an operation it labels "Newscaster" since at-least 2011, has targeted at least 2,000 people in United States, Israel, Britain, Saudi Arabia,

Syria Syria ( ar, سُورِيَا or سُورِيَة, translit=Sūriyā), officially the Syrian Arab Republic ( ar, الجمهورية العربية السورية, al-Jumhūrīyah al-ʻArabīyah as-Sūrīyah), is a Western Asian country loc ...

, Iraq and Afghanistan. The victims who are not identified in the document due to security reasons, are senior U.S. military and diplomatic personnel, congresspeople, journalists, lobbyists, think tankers and defense contractors, including a

four-star admiral Military star ranking is military terminology, used to describe general and flag officers. Within NATO's armed forces, the stars are equal to OF-6–10. Star ranking One–star A one–star rank is usually the lowest ranking general or flag ...

. The firm couldn’t determine what data the hackers may have stolen. According to the ''iSIGHT Partners'' report, hackers used 14 "elaborated fake" personas claiming to work in journalism, government, and defense contracting and were active in Facebook, Twitter, LinkedIn, Google+, YouTube and Blogger. To establish trust and credibility, the users fabricated a fictitious journalism website, ''NewsOnAir.org'', using content from the media like Associated Press, BBC, Reuters and populated their profiles with fictitious personal content. They then tried to befriend target victims and sent them "friendly messages" with

Spear-phishing Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwar ...

to steal email passwords and attacks and infecting them to a "not particularly sophisticated" malware for data exfiltration. The report says ''NewsOnAir.org'' was registered in Tehran and likely hosted by an Iranian provider. The Persian word "Parastoo" (; meaning ''swallow'') was used as a password for malware associated with the group, which appeared to work during business hours in Tehran as they took Thursday and Friday off. ''iSIGHT Partners'' could not confirm whether the hackers had ties to the Iranian government.

Analysis

According to ''

Al Jazeera Al Jazeera ( ar, الجزيرة, translit-std=DIN, translit=al-jazīrah, , "The Island") is a state-owned Arabic-language international radio and TV broadcaster of Qatar. It is based in Doha and operated by the media conglomerate Al Jazeera ...

'', Chinese army's cyber unit carried out scores of similar phishing schemes.

Morgan Marquis-Boire Morgan Marquis-Boire is a New Zealand-born hacker, journalist, and security researcher. In late 2017 he was accused of at least ten sexual assaults. He was the Director of Security at First Look Media and a contributing writer at ''The Intercept'' ...

, a researcher at the University of Toronto stated that the campaign "appeared to be the work of the same actors performing malware attacks on Iranian dissidents and journalists for at least two years". Franz-Stefan Gady, a senior fellow at the

EastWest Institute The EastWest Institute (EWI), originally known as the Institute for East-West Security Studies and officially the Institute for EastWest Studies, Inc., was an international not-for-profit, non-partisan think tank focusing on international confli ...

and a founding member of the Worldwide Cybersecurity Initiative, stated that “They’re not doing this for a quick buck, to extrapolate data and extort an organization. They’re in it for the long haul. Sophisticated human engineering has been the preferred method of state actors”.

Reactions

* Facebook spokesman said the company discovered the hacking group while investigating suspicious friend requests and removed all of the fake profiles. * LinkedIn spokesman said they are investigating the report, though none of the 14 fake profiles uncovered were currently active. * Twitter declined to comment. *

Federal Bureau of Investigation The Federal Bureau of Investigation (FBI) is the domestic intelligence and security service of the United States and its principal federal law enforcement agency. Operating under the jurisdiction of the United States Department of Justice, t ...

told ''

'' "it was aware of the report but that it had no comment".

References

External links

NEWSCASTER – An Iranian Threat Inside Social Media
{{Hacking in the 2010s Cyberwarfare in Iran Cyberwarfare in the United States Cyberattacks Hacking in the 2010s Social engineering (security)