(Cyberwar.news) The Iranian government is using sophisticated cyber attacks to target political dissidents living abroad in a bid “to steel their email communications and contacts,” according to a recently released report by Canadian researchers.
The Voice of America reported that civil society activists in the Iranian diaspora community are being targeted in particular with an elaborate and sophisticated phishing campaign, the Canadian researchers said in their report, “London Calling.”
The report details multi-layered, real-time phishing campaigns that use a cybersecurity technique known as “two-factor authorization” – which is used often to bolster online security – in an effort to trick targets.
“Two-factor authorization is a fantastic security tool that everyone should use,” said John Scott-Railton, a senior researcher at Citizen Lab, an interdisciplinary center at the Munk School of Global Affairs at the University of Toronto and co-author of the report along with Katie Kleemola.
“It basically involves asking Google or another provider to send you a text message when you try to log in to your account; it’s another layer of protection,” he told VOA.
Have you visited our online store? Click here for the Cyberwar.news Cyber Cafe!
“What these hackers have done is created an elaborate deception to trick targets into giving both their passwords and their messages, generated by the text verification via Gmail,” Scott-Railton said.
The spoof works like this: A target receives an early-morning phone call, usually from London, and the caller, pretending to be a trusted source, informs the target that he or she would seen receive a Google document, which arrives nearly instantly in the target’s Gmail account.
“So before you’re fully awake, you get something that looks legitimate,” Scott-Railton told VOA. “But what you’re actually looking at is a fake Web page controlled by the attackers.”
After the target enters a password, the attackers who control the phony Google page see it instantly. They then log into the target’s real Gmail account; using two-factor authorization, a legitimate text message would be sent from Google with a code needed to enter in order to complete the log-in process, just like normal.
As VOA further reports:
Scott-Railton said the attackers, working in real time, would then show the target a second fake page asking for the code. The target, seeing everything looked legitimate, would enter it. The attackers would again immediately see the code and enter it into the real Google themselves, thus seizing full control of the target’s Gmail account.
“Once in, this attack gives immediate access to [the target’s] email. So imagine if you’re working on sensitive topics and secret contacts: This gives the attackers access, putting everyone you’ve been in contact with at risk,” Scott-Railton said.
Iran is also active in cyber warfare and activity directed at Israel, as well as Iranian surrogates Hamas and Hezbollah.
“While we’ve had cyber attacks all along, it really picked up last year, during Operation Protective Edge, when we were faced with new challenges that we have not faced before,” said an unnamed Israeli Defense Force officer, in an interview with the Times of Israel. “Attacks were conducted by all the players – Hezbollah, Hamas, Palestinian hacker groups, and Iran, and they displayed strong capabilities that have gotten considerably better over the years.”
Have you ‘liked’ Cyberwar.news on Facebook? Click here!