A bunch of Iranian hackers made a successful attempt in compromising the high profile U.S. officials, including military and law and enforcement officials. The operation which was running for past three years came to knowledge when a security firm, iSIght, brought it into day light. It is still unknown what and how much of data has been compromised, the hackers used social networking websites such as YouTube, Facebook and Google Plus for the targeting the victims.
Pretending as journalists and government officials, the hackers made their way to the victims by connecting more than 2000 people in the process. “While it’s low sophistication technically, it’s actually one of the most elaborate social media, or socially engineered, espionage campaigns we’ve ever seen,” said Tiffany Jones, a senior vice president at iSight, ““The fact that this has gone largely unnoticed for three years suggests they’ve been very successful in this approach,” he included.
The firm said, there aren’t any concrete proofs about it, but “the targeting, operational schedule, and infrastructure used in this campaign is consistent with Iranian origins.”
Keeping themselves beneath the reach of radar, hackers were able to spy on the officials for almost three years. They used social engineering techniques to trick U.S. officials. During the initial stages of the operation, hackers started developing a trust by sharing legitimate links to the articles and other websites, and later in an attempt to take over the computers they started sending out the links to malicious websites.
Although FBI has not yet spitted a word about it, Facebook and other social networking websites, including LinkedIn, has started removing the fake accounts from their websites. Officials are now being warned about not accepting friend requests from unknown people.
Security is a process not a product and the biggest loophole to it are the humans, there is no patch for the human stupidity.