Iran-Based Hacking Crew Uses Fake LinkedIn Profiles In Espionage Attacks

An anonymous reader writes: The Iranian hacker group Cleaver has been directing a cyber spying campaign at bodies in the Middle East across a network of fake LinkedIn accounts. It is thought that the threat actors were using the professional platform to gather intelligence using six 'leader' profiles, each with over 500 connections, and a collection of 'supporter' accounts. According to Dell researchers, recruitment advertisements and skill endorsements from 'supporter' accounts were used to boost credibility. Perhaps they're after the New Yorker crowd, too.

Not surprised ...

[gstoddart]

I've seen a fair bit of evidence of shady players (most of whom seem to be recruiters) on LinkedIn.

I recently got an invite from someone who had crafted their profile to strongly suggest they had worked at a previous employer, and you had to look pretty closely to realize they didn't. Either he was a shady recruiter, or an even shadier player -- definitely a profile which took me several minutes to look at against who I thought it could me.

I have a fairly firm policy that if I don't know you, I'm not adding you. So all those recruiters who are obviously recruiters get ignored.

But the ones who have carefully crafted a profile to mislead you into thinking it could be someone you know, those are much more worrying. I even saw that one of those misleading ones had been added by someone I did formerly work with, because it was a good enough fake that people would fall for it.

This has always been a problem with social networks in my opinion: if the goal is to collect as many links as possible without actually stopping to think of "just who the hell is this person again?", then people are going to be suckered into linking to people they don't know at all.

So you pretty much have a platform in which people are trying to expand their network, and don't seem to think critically enough about just who those people are and if you really want a random recruiter or someone you don't know in your network. Me, I've pretty much decided that I won't link to people I don't actually know.

So, am I surprised to see stuff like this? Not hardly, because in a lot of ways LinkedIn is as much of a pest on the internet as Facebook and Twitter. And if fooling people into adding you into their network gives you a way to fool more people, it's all the more reason to look at those invites and ask "who the fuck is this and why the hell do I care?".

Re:Not surprised ...

[gstoddart]

If someone says "I'm a recruiter", then you can choose to add them or not. Me, I don't have any interest in unsolicited recruiters trying to pester me ... I consider them like door to door salesmen or spam; I'm just not interested.

But, yes, some people do choose to link in recruiters. I personally won't do it.

This fake that I saw the other week ... it was really hard for me to identify what the heck it was. It was written in such a way as to insinuate he'd worked at a place I knew, but fell just short of stating it .. the more I read it the more I became convinced there was something quite slippery about it. In the end after some pretty careful reading I concluded the profile wasn't what it claimed to be.

I find it highly unlikely nefarious super hackers are personally targeting me, but if it was a recruiter it seemed like a pretty well crafted way to lie your way into someone's network ... and any recruiter trying that hard to mislead you about who they are isn't someone you should be trusting. At all. Ever.

So, either it was what I'd consider a really shady recruiter, or some other shady entity.

Either way, people in general need to have a little more "street smarts", both on the intertubes and in real life. Because, there's an awful lot of humans who are complete bastards and need to be distrusted. Not nearly enough people stop to think "just who the hell is this person and what are their motives?"

Which is precisely why social engineering and other con artists are so successful.

Some people think being wary and distrustful is a bad way to live .. me, I have seen enough of crap like this to know that it's better than being someone's mark and realizing you've been ripped off.

So what

[aaaaaaargh!]

LinkedIn is about the most shady network one could imagine, so it's not surprising that Iranians would use it in addition to the CIA and about every other intelligence agency on the world. Half of what LinkedIn does is probably even plain illegal in most of the countries in which it operates. For Christ's sake, they even ask you for your personal email login password so they can spam all of your email contacts!