Iranian hackers used Facebook socks

Iranian spooks were involved in a three year hacker campaign using Facebook socks and a fake news website to spy on military and political leaders in the United States, Israel and other countries.

ISight Partners, which uncovered the operation, said the hackers’ targets include a four-star U.S. Navy admiral, US lawmakers and ambassadors, members of the US Israeli lobby, and personnel from Britain, Saudi Arabia, Syria, Iraq and Afghanistan.

It is not clear what data had been stolen by the hackers, who were looking for passwords to government and corporate networks.

iSight Executive Vice President Tiffany Jones told Reuters that the fact the programme went for so long indicated that they had some success.

The hackers created six “personas” who appeared to work for a fake news site,, which used content from the Associated Press, BBC, Reuters and other media outlets. They then built eight personas who purported to work for defence contractors and other organizations.

The next part of the plan was to set up false accounts on Facebook and other online social networks for these 14 personas, populated their profiles with fictitious personal content, and then tried to befriend the victims.

iSight said it was the most elaborate cyber espionage campaign using “social engineering” that has been uncovered to date from any country.

The hackers would approach high-value targets by first establishing ties with the victims’ mates, classmates, colleagues, relatives and other connections over social networks.

They then sent content that was not malicious, such as links to news articles on, in a bid to establish trust. Later they would send links that infected PCs with malicious software, or direct targets to web portals that ask for network log-in credentials.

The hackers used the 14 personas to make connections with more than 2,000 people, the firm said, adding that it believed the group ultimately targeted several hundred individuals.

Facebook has removed all of the offending profiles found to be associated with the fake NewsOnAir organisation.