Hackers posing as attractive women steal sensitive info from rebels that could greatly benefit pro-Assad forces.
Recently, opposition fighters in Syria looking for love on the internet got more than they bargained for when it was revealed that they were actually chatting with the enemy. In a report released Monday from security research firm FireEye, the result of a years-long investigation, it was confirmed that members of a group, perhaps sympathetic to President Bashar al-Assad, posing as young, attractive females, were able to utilize a catfishing scheme to collect over 7.7 gigabytes worth of stolen data from 12,356 contacts in at least eight countries. These hackers, using avatars and fake photos, made contact with rebels via Skype and Facebook requesting a photo swap. Once downloaded, these malware-laden photos were able to absorb a plethora of sensitive information including strategic contacts, battle plans, movement information, even the IDs of refugees who’d fled to Turkey—often housed on basic phones and laptops. While the FireEye report stopped short of making a direct link between pro-Assad forces and the hackers, the information the group recovered would certainly have benefitted Assad’s army.
Image via FireEye
The hackers were startlingly thorough in their ruse, creating detailed fake profiles on social media with country-appropriate names, dummy opposition websites, and elaborate Live Cam IDs. Once an affection-starved rebel was located and willing to chat, the target was asked if they were on a smartphone or computer—enabling the launch of precise malware. (Androids proved to be the most popular smartphone with fighters, FYI.) According to coverage in The New York Times: “Sometimes, the threat group would take whole sets of files pertaining to upcoming large-scale military operations. These included correspondence, rosters, annotated satellite images, battle maps, orders of battle, geographic coordinates for attacks, and lists of weapons from a range of fighting groups.”
The FireEye report also found a treasure trove of archived chats and documents while investigating malware embedded in PDF documents. These were found to contain conversations between media activists, humanitarian aid workers, and other Syrian opposition forces in the region and internationally. One such piece of information was a conversation held in December 2013 between a fighter and an operative posing as a woman in Lebanon named Iman Almasri who claimed to work “in a programing company in Beirut.” After chatting for a few hours, the rebel and the woman exchanged photos. “Angel like,” he responded. “You drive me crazy.” Little did he know.
Image via Fireye