Report Links Sophisticated Hacking Scheme to Iran

Researchers have linked a sophisticated hacking scheme targeting Iranian dissidents back to Iran. A report released Thursday by the Citizen Lab at the University of Toronto's Munk School of Global Affairs describes how the hackers used text message and phone-based phishing to try to get around the security of Google's Gmail and access the accounts of their targets.

The attacks studied by the Citizen Lab were very similar to others connected to Iranian hackers, the report says.

According to the report, some of the attacks began when the targets received text messages that appeared to be from Google saying that there had been an unauthorized attempt to access their Gmail accounts.

The hackers would then follow up with a carefully crafted email notification containing personal details and stating that the login attempt had been from "The Iran," boosting the fears of people already worried about Iranian hackers.

The emails contained links directing the target to a page where they could reset their password. But in fact, the links were to phishing sites designed to collect the target's password. The hackers would then, in real time, use the password to login to the user's account and trigger the sending of an identification code to the target.

Gmail uses the code as a form of two-factor authentication, which adds a second layer of security on top of a person's password. The hackers would then wait for the target to enter the code, collect it through the fraudulent website, and then use it to take control of the account.

In other cases, the targets were contacted by phone by a person speaking English or Farsi, the predominate language in Iran, who would make a "proposal" related to the target's business activities. The fake proposal, usually promising thousands of dollars, would then be sent to the target's Gmail in the...

Comments are closed.