Become a fan of Slashdot on Facebook


Forgot your password?
Security Social Networks

Iran-Based Hacking Crew Uses Fake LinkedIn Profiles In Espionage Attacks ( 41

An anonymous reader writes: The Iranian hacker group Cleaver has been directing a cyber spying campaign at bodies in the Middle East across a network of fake LinkedIn accounts. It is thought that the threat actors were using the professional platform to gather intelligence using six 'leader' profiles, each with over 500 connections, and a collection of 'supporter' accounts. According to Dell researchers, recruitment advertisements and skill endorsements from 'supporter' accounts were used to boost credibility. Perhaps they're after the New Yorker crowd, too.
This discussion has been archived. No new comments can be posted.

Iran-Based Hacking Crew Uses Fake LinkedIn Profiles In Espionage Attacks

Comments Filter:
  • by Anonymous Coward

    Is that the one that set up a ghost account for me and spammed my email that people wanted to connect to the profile I didn't even know I had?

    Yeah, fuck those guys.

  • Not surprised ... (Score:5, Interesting)

    by gstoddart ( 321705 ) on Friday October 09, 2015 @08:35AM (#50692297) Homepage

    I've seen a fair bit of evidence of shady players (most of whom seem to be recruiters) on LinkedIn.

    I recently got an invite from someone who had crafted their profile to strongly suggest they had worked at a previous employer, and you had to look pretty closely to realize they didn't. Either he was a shady recruiter, or an even shadier player -- definitely a profile which took me several minutes to look at against who I thought it could me.

    I have a fairly firm policy that if I don't know you, I'm not adding you. So all those recruiters who are obviously recruiters get ignored.

    But the ones who have carefully crafted a profile to mislead you into thinking it could be someone you know, those are much more worrying. I even saw that one of those misleading ones had been added by someone I did formerly work with, because it was a good enough fake that people would fall for it.

    This has always been a problem with social networks in my opinion: if the goal is to collect as many links as possible without actually stopping to think of "just who the hell is this person again?", then people are going to be suckered into linking to people they don't know at all.

    So you pretty much have a platform in which people are trying to expand their network, and don't seem to think critically enough about just who those people are and if you really want a random recruiter or someone you don't know in your network. Me, I've pretty much decided that I won't link to people I don't actually know.

    So, am I surprised to see stuff like this? Not hardly, because in a lot of ways LinkedIn is as much of a pest on the internet as Facebook and Twitter. And if fooling people into adding you into their network gives you a way to fool more people, it's all the more reason to look at those invites and ask "who the fuck is this and why the hell do I care?".

    • Actually, if its recruiters, many people might actually want them (thinking "who knows, I might need him in the future").

      Come to think of it, maybe some of these recruiters aren't actually recruiters, but hackers pretending to be recruiters because that's easier to fake than former colleagues.

      • Re:Not surprised ... (Score:4, Interesting)

        by gstoddart ( 321705 ) on Friday October 09, 2015 @09:04AM (#50692403) Homepage

        If someone says "I'm a recruiter", then you can choose to add them or not. Me, I don't have any interest in unsolicited recruiters trying to pester me ... I consider them like door to door salesmen or spam; I'm just not interested.

        But, yes, some people do choose to link in recruiters. I personally won't do it.

        This fake that I saw the other week ... it was really hard for me to identify what the heck it was. It was written in such a way as to insinuate he'd worked at a place I knew, but fell just short of stating it .. the more I read it the more I became convinced there was something quite slippery about it. In the end after some pretty careful reading I concluded the profile wasn't what it claimed to be.

        I find it highly unlikely nefarious super hackers are personally targeting me, but if it was a recruiter it seemed like a pretty well crafted way to lie your way into someone's network ... and any recruiter trying that hard to mislead you about who they are isn't someone you should be trusting. At all. Ever.

        So, either it was what I'd consider a really shady recruiter, or some other shady entity.

        Either way, people in general need to have a little more "street smarts", both on the intertubes and in real life. Because, there's an awful lot of humans who are complete bastards and need to be distrusted. Not nearly enough people stop to think "just who the hell is this person and what are their motives?"

        Which is precisely why social engineering and other con artists are so successful.

        Some people think being wary and distrustful is a bad way to live .. me, I have seen enough of crap like this to know that it's better than being someone's mark and realizing you've been ripped off.

    • Not hardly, because in a lot of ways LinkedIn is as much of a pest on the internet as Facebook and Twitter.

      The big difference is you can safely ignore LinkedIn. Ignoring FB only works if you live in the boondocks or in some weird country like Russia, China or Japan.

      • It may surprise you to know that tons of people successfully ignore Facebook all the time.

        I have all my browsers set to explicitly not trust facebook at all .. I don't allow their shit to set cookies, run scripts, or track me across the internet. Nada. Zip.

        Actively blocking and not using facebook is an entirely viable strategy.

        If you can't ignore FB, that's your problem.

    • I've had one try to "friend" me that was pretending to be a journalist. It looked plausible except for the fact that it used a stock photo that was easily found by image search, and the name couldn't be found on published articles anywhere.

  • So what (Score:5, Interesting)

    by aaaaaaargh! ( 1150173 ) on Friday October 09, 2015 @08:45AM (#50692331)

    LinkedIn is about the most shady network one could imagine, so it's not surprising that Iranians would use it in addition to the CIA and about every other intelligence agency on the world. Half of what LinkedIn does is probably even plain illegal in most of the countries in which it operates. For Christ's sake, they even ask you for your personal email login password so they can spam all of your email contacts!

    • Re: (Score:2, Funny)

      by Anonymous Coward

      > LinkedIn is about the most shady network one could imagine,

      May I assume that you've never visited 4chan? Or Anonymous? Or experienced Scientology? Or dealt with an outsourced QA department hosted in Bangalore?

    • Yes, they do ... and if you ever give a website your email address and the password for that email address you should consider yourself a fucking moron.

      But, I think I've seen Facebook do it, I think I may have seen Google do it ... for some reason I will never understand people will do this. They think "oh, awesome, how convenient".

      Why the hell anybody would let an entity like LinkedIn access to their email account is utterly mind boggling to me. Imagine walking into a store and someone just saying "hey,

      • p>Why the hell people think that isn't utterly idiotic on the internet is beyond me. It's like the internet makes people stupid or something.

        The degree of "internet stupid" increased dramatically with smartphones and tablets with everyone giving away their privacy for a "free" app. That idiocy of accepting whatever has carried over into everything on the internet and soon to be fully embedded in all OS's. If you try to avoid this stuff people start looking at you as if you live under a bridge.. "you don't have a facebook account?" "you've never been on instagram?" "you don't play angry birds?". It's like I'm the moron for not being oblivio

  • Apps!

  • by timholman ( 71886 ) on Friday October 09, 2015 @09:48AM (#50692633)

    This has been going on for years. My colleagues and I get email inquiries from Iranian students quite frequently, seeking research positions. Their email messages will include embedded mail bugs to track who opens the email. The same students will then try to friend us through Linkedin.

    It's a unique pattern of behavior, quite different than what we see with students from other countries. We have speculated that it is being coordinated by some agency within Iran, although we have no real proof of it.

  • The "Steven Highsmith" account, that one I recognize. He reached out to me...jesus...

May all your PUSHes be POPped.