John Bolton, the former U.N. ambassador under George W. Bush, is playing an unexpectedly prominent role in an Iranian cyber spying campaign. In Iran’s intelligence war against America, the regime has a new weapon: “John R. Bolton.” No, Iran has not turned President Bush’s former ambassador to the United Nations into a sleeper agent. Instead, hackers believed to be connected to the Tehran government are posing as Bolton on social media platforms in a scheme to get human rights activists and national security wonks to hand over their passwords and user names. The fake Bolton LinkedIn account provides a window into how Iran’s hackers are trying to penetrate the policy networks of their government’s adversaries. Most experts say Iran lacks the sophistication to launch the kinds of advanced cyber attacks it has suffered at the hands of the west, such as the Stuxnet worm that burrowed into the Natanz uranium enrichment facility. But the Linkedin attack and others like it exposed this week by the cyber security firm iSight Partners show how aggressive Iran’s cyber spies can be to obtain the kind of personal information that could be used to blackmail and compromise the people Iran’s regime considers its enemies in Washington.
Here’s how it works. “John R. Bolton” sends a request to connect on LinkedIn. If you respond, he begins to strike up a conversation through its private message function. Over a period of weeks, the hacker builds trust and then Bolton asks for your input on a new website he is launching. When you get to the website—which is not yet ready to be seen by the public—you are asked for your email and password. If you proceed, it will only be a few hours until some hacker in Tehran is downloading your electronic correspondence. This is what happened to Kit Bigelow, one of Washington’s leading advocates for the Baha’i, a religious faith that has been the subject of mistreatment in Iran. “I was surprised to get this invitation from him, but it was not completely out of the blue,” she told The Daily Beast. “Why would he be in touch with me? We had not been in touch for several years but because we had been in touch on and off I did not think it was outrageous.” Bolton confirmed that he did indeed know Bigelow and had sought her counsel many years ago. But he also said he has not made a LinkedIn connection for more than a year and never uses the network’s private message function. The messages from the fake Bolton began with chit chat, and expressed a desire to get together after all these years. Then came the ask, albeit in less than perfect English. “Speaking of the meeting tells me to remind you of the new project I am recently conducting with a team of specialists under my supervision,” the hacker wrote through a private LinkedIn message. “Considering your experience and background in Bahaism and some other related fields, I’d like to offer you an opportunity for cooperation! I have recently established a web site containing a summary of what actually will be done within the purview of our research. I will do my best to show you the web site in the week to come.” “I am honored to be selected by the Ayatollahs for this distinction. Maybe I should create a fake Iranian LinkedIn account and offer to give away the country’s nuclear weapons secrets. I will try to get to John Kerry first.” Bigelow said the fake Bolton had taken two months to build up trust before sending her the link to the website he asked her to review. When she finally got around to doing it, the intrusions started soon after. “During that night in the middle of the night, there were two attempts from the United States to break into my professional Gmail account. They had the chutzpah to send me a test email from an outlook.com address. I woke up that morning and Google had sent me a note that said someone from Tehran has tried to break into your account,” she said. She then changed her passwords and ended all contact with the Iranian Bolton and then alerted the office of the real one. It’s difficult to prove with courtroom certainty, but experts believe the fake Bolton LinkedIn account was part of a sophisticated Iranian scheme to steal the passwords and credentials of government officials, journalists, human rights activists and members of the pro-Israel lobby. John Hultquist, an analyst with iSight Partners, said the fake Bolton profile matched the methods used by Iranian hackers exposed in his firm’s new research paper on Iran’s cyber-espionage operations through social engineering. That paper exposed an elaborate network of fake social media profiles and even an entire fake news site known as newsonair.com, where Iranians posing as journalists or other kinds of analysts sought to connect through Twitter, Facebook and LinkedIn with their targets. “We saw connections in neoconservative think tanks as well as the Bahai faith,” Hultquist said of his research. Because the hackers targeted the pro-Israel lobby, Baha’i activists and others who would be considered hawkish on Iran, Hultquist said these matched the intelligence targets for Iran more generally. In some ways the operation echoes “Shady Rat,” a similar kind of scheme that penetrated the email systems of journalists and human rights activists critical of China’s government. In his research, Hultquist also saw how the time stamps on most of the activity on these fake profiles were conducted during business hours in Iran. Beyond that, the newsonair.com website was hosted by Iranian servers and the malware used in the final attacks had Persian words written into their codes. “This is consistent with the modus operandi of the newscaster operatives from Iran,” Hultquist said after reviewing the LinkedIn messages between Bigelow and “John R. Bolton.” Hulquist declined in his research to publicly name any of the victims of the hackers. The first person to suspect something was fishy with the Bolton LinkedIn profile was one of the former ambassador’s highest profile rivals, Steve Clemons, who is now an editor at large of the Atlantic. Back in 2005, Clemons led a campaign to sink Bolton’s nomination in the Senate to be the U.S. ambassador to the United Nations. Bolton was granted a recess appointment. In January, Clemons warned his readers to avoid the LinkedIn request from Bolton after an Atlantic information technology specialist suspected it was part of a phishing scam. It’s not the first time Bolton has been associated with hackers. In December Foreign Policy reported that Bolton’s AOL email account was hacked after he sent out an alarming email asking friends for money after he and his family were robbed at gun point in the Philippines. For now Bolton is taking the episode in stride. “I am honored to be selected by the Ayatollahs for this distinction,” he told The Daily Beast. “Maybe I should create a fake Iranian LinkedIn account and offer to give away the country’s nuclear weapons secrets. I will try to get to John Kerry first.”
Source : www.thedailybeast.com
Sep 21, 2017 Comments Off on Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware
Jan 25, 2017 Comments Off on Why does the GCC need its own electronic army?
Jan 20, 2017 Comments Off on Secret details emerge on Iran’s Cyber Army
Dec 06, 2016 Comments Off on Signs that Iran, too, is stepping up its cyberattacks
Nov 15, 2017 Comments Off on Iranian officials present a multi-million pound shopping list to free Nazanin Zaghari-RatcliffeIranian officials present a multi-million pound shopping list to free Nazanin Zaghari-Ratcliffe IRANIAN officials have presented ministers with a multi-million pound shopping list of demands to free Nazanin...
Nov 06, 2017 Comments Off on Donald Trump blames Iran after Saudi Arabia is forced to blast a ballistic missile out of the sky as it headed for one of the kingdom’s main airportsDonald Trump blames Iran after Saudi Arabia is forced to blast a ballistic missile out of the sky as it headed for one of the kingdom’s main airports Saudi Arabia said its forces intercepted a ballistic missile...
Jul 14, 2016 Comments Off on Corps’ one hundred thousand of triggered missiles in Lebanon:An official Israel-threatening by CorpsIran Briefing: Since August 7, 1979, when Ayatollah Khomeini declared the last Friday of Ramadhan as “Quds Day”, the Islamic Republic has always tried to hold an imposing ceremony by using state resources as well as requiring people’s involvement. This year’s Quds march had fundamental...