How do you lose the battle plans for your side of the war? Fall for some old-school, lipstick espionage, with a high tech twist.
The New York Times reports that forces, working in support of Syrian dictator Bashar al-Assad, used a ‘honey pot’ scheme in late 2013 and early 2014 to gain access to rebel fighters’ phones and steal information, battle plans and thousands of pages of other sensitive data:
FireEye, a US-based cyber security firm, said it had come across the stolen files while investigating cyber crime gangs. It is unclear who the hackers were working for, but the victims included fighters, media activists and humanitarian aid workers. Those tricked included rebels from the Free Syrian Army, as well as Islamist fighting groups.
How did they fall for the scam? Jezebel sums it up nicely:
Hackers took to Skype with “attractive” lady avatars, according to CNBC, and began heavy digital flirting with Syrian opposition fighters. Then a hacker would ask the rebel what device he was using so “she” could send some spicy pictures, and he easily obliged. But when the rebel opened the pictures, the hidden malware swarmed through and the “attractive” hackers gained access to his entire device or devices.
The New York Times reports the hack may have had real time fall out:
According to FireEye … the rebels shared photocopied battle plans, and in red ballpoint pen added defensive embankments, storing their plans electronically as pictures taken with their cellphones. They prepared for a battle involving 700 to 800 men, who were divided into groups to launch separate attacks, including an ambush.
They mapped locations for reserve fighters, staging areas and support personnel; settled on a field operations area; and planned supply routes for their forces, according to FireEye.
But FireEye says that battle didn’t take place. It’s not known if the rebels got a hint of the hack.
This is a new development in the Syrian battle. Usually hackers have done denial of service attacks, but this is the first time malware was used to extract vital battle data.
—Courtesy of IJ Review