‘Femmes fatales’ in the Syrian conflict trained to seduce and then hack the opposition

A revealing cyber threat intelligence report has revealed intimate details of an operation planned by the Syrian opposition forces, which was hacked and leaked online – purportedly by the Syrian government.

The report, Behind the Syrian Conflict’s Digital Front Lines, explains how the hackers obtained the opposition fighters’ battle plans by using sophisticated manoeuvres involving the ancient techniques of seduction and deceit.

The report explains: “Between at least November 2013 and January 2014, the hackers stole a cache of critical documents and Skype conversations revealing the Syrian opposition’s strategy, tactical battle plans, supply needs, and troves of personal information and chat sessions belonging to the men fighting against Syrian President Bashar al-Assad’s forces. While we do not know who conducted this hacking operation, if this data was acquired by Assad’s forces or their allies it could confer a distinct battlefield advantage.”

The modus operandi was for a female avatar to strike up a conversation with one of the targets on Skype and share a “personal” photo with her target. The photo would be riddled with malware and provide the hackers with access to the victim’s device.  They would then “steal data identifying opposition members, their Skype chat logs and contacts, and scores of documents that shed valuable insight into military operations planned against President Assad’s forces.”

The threat group also created a fake pro-opposition website that contained links to malicious downloads, as well as Facebook profiles with malicious links.  Operations were conducted using servers located outside Syria.

The stolen data included military and political information, humanitarian activities, financial plans, refugee information and more.

The female avatars had generic names that were appropriate to their victims’ nationalities, and displayed profile images in their Skype accounts.  They were trained to develop a rapport with the victim before sending the malicious file, by using a series of personal questions that seem to have been part of a carefully worded script.

The media has previously reported on the use of women or those posing as women to entrap opposition members and activists using social media tools such as Skype and Facebook.

The group appears to have focused on their victims’ Skype databases, which provided them with information about their contacts, relationships and plans, which might have led them to their next victim.

The report states that this type of intelligence provides “actionable military intelligence

for an immediate battlefield advantage… but also comes with a potentially devastating human cost.”

The tactics employed by the threat group are not dissimilar to those employed by cyber criminals looking to target large organisations.

While cyber security solutions can help an organisation stay secure, it is only through ongoing staff awareness and training that you can secure the ‘people’ element of information security.  ISO 27001 is the international information security management best-practice standard that will help you protect your information assets, comply with local requirements and thrive as you give your customers confidence that their information is protected.

vsRisk™ simplifies and accelerates the risk assessment and reporting process, and delivers an automated, ISO 27001-compliant risk assessment.

Leave a Reply

Your email address will not be published. Required fields are marked *