LinkedIn Infiltrated by Iranian Hackers

Going back to 2012, Congress held hearings on how the United States is losing the cyber espionage war. To date, there has been no ground gained outside of the scope of creating more task forces and adding cyber personnel. To stop the intrusions by China, Russia and Iran has been a failure.

For a report on the major hacks in 2014, go here. This is by no means a complete list of corporations but it does give a view into the depth of the cyber threat.

WASHINGTON: The United States is “losing the cyber espionage war” against China, Russia and other countries, but even in the face of such a grave threat the country cannot agree on how to protect its precious intellectual seed capital from these predations, the chairman of the House Intelligence Committee says.

“We are running out of time on this,” Rep. Mike Rogers, respected for working closely with his ranking member, said in a speech at today’s Intelligence and National Security Alliance‘s (INSA) cyber conference here.

China is stealing intellectual property on a massive scale, as Gen. Keith Alexander, head of both the National Security Agency and Cyber Command, has made clear with his estimates of such thefts topping $1 trillion. While China is not alone, U.S government officials have made clear that no country engages in cyber espionage as systematically, as thoroughly or as broadly as does the People’s Republic of China.

“China is investing hugely in this technology,” Rogers notes. And the impact of that investment is felt not only in the economic sphere, important as that is. Cyber is now an integral of military planning and operations, as the Russians have demonstrated several times.

To help stem those thefts and to protect critical infrastructure such as power grids, Rogers and Rep. Dutch Ruppersberger, his Democratic colleague on the HPSCI, met with hundreds of business leaders, civil rights and privacy groups over several months as they began to craft what became their 13-page bill. It would have offered businesses liabliity insurance in return for their agreeing to share threat information with the government. The government also would have shared threat information with the businesses.

But there was a catch. Because of how sensitive sources and methods are in the cyber world, the businesses would have to get top secret clearance for senior officials, build and maintain a Sensitive Compartmented Information Facility (SCIF), and maintain the physical and bureaucratic complex required of anyone dealing with classified information.

As Rogers put it, his committee had offered industry a “carrot and a stick.” But his colleagues in the Senate wanted to chart a different path, so the Rogers-Ruppersberger bill is on life support. I asked him today what he planned to do with his “dead” bill. “All is not lost. I am reaching out to members of the Senate just to see what our options are,” as is Ruppersberger. “We are not giving up.”

LinkedIn profiles said to be part of Iranian cyber-espionage campaign


WashingtonTimes: Iranian hackers are suspected of operating a network of bogus LinkedIn accounts that security researchers believe is part of a campaign targeting employees of corporations in the Middle East.

By creating phony profiles containing fabricated job histories and endorsements from other concocted accounts, researchers at Dell said this week that a group of hackers, likely acting on behalf of Iran, attempted to collect intelligence from legitimate LinkedIn users employed in the Arabian and African telecommunications and defense industries.  Twenty-five fake LinkedIn accounts have been identified by researchers working for the company’s SecureWorks Counter Threat Unit, including those of supposed recruitment consultants with hundreds of connections apiece, Dell said on Wednesday.

“CTU researchers assess with high confidence the purpose of this network is to target potential victims through social engineering,” Dell said in the latest report, referring to a tactic in which sensitive data becomes compromised when an individual reveals information to an attacker, often under false pretenses.

Dell has named the actors “Threat Group-2889” and said it’s likely the same organization dubbed “Operation Cleaver” in a report released last year by Cylance, a security firm that linked the group to Iran and claimed it was working to undermine the security of over 50 companies across 15 industries in the region, possibly as retaliation for the U.S.-led Stuxnet campaign.

“Creating a network of seemingly genuine and established LinkedIn personas helps TG-2889 identify and research potential victims. The threat actors can establish a relationship with targets by contacting them directly, or by contacting one of the target’s connections. It may be easier to establish a direct relationship if one of the fake personas is already in the target’s LinkedIn network,” Dell said.

“The level of detail in the profiles suggests that the threat actors invested substantial time and effort into creating and maintaining these personas.”

According to the findings published by Cylance in December, the “Operation Cleaver” hackers used social engineering to trick targets into installing malware that would allow data to then be stolen from infected computers.

Cylance’s report had linked the group to attacks across the world, but Dell’s CTU team said the LinkedIn campaign seems to largely target account holders in the Middle East and northern Africa, a quarter of which work in telecommunications.

“Updates to profile content such as employment history suggest that TG-2889 regularly maintains these fake profiles. The persona changes and job alterations could suggest preparations for a new campaign, and the decision to reference Northrup Grumman and Airbus Group may indicate that the threat actors plan to target the aerospace vertical,” Dell said.

Last month, Director of National Intelligence James Clapper told a congressional committee that Iran uses its cyber program to carry out “asymmetric but proportional retaliation against political foes, as well as a sophisticated means of collecting intelligence.” He went on to blame Iranian hackers for cyberattacks against American banks in 2012 and 2013, as well as an assault last year on the Las Vegas Sands casino company.

Posted in #StopIran, Citizens Duty, Cyber War, Department of Defense, Department of Homeland Security, Middle East, Terror, The Denise Simon Experience.

Denise Simon