Hackers Lure, Infiltrate Syrian Opposition Using ‘Attractive’ Female Avatars

When engaged in war, it's of utmost importance to keep plans and secrets secure. On the other side of the coin, it's likewise important to do what you can to gather intelligence on the opposition -- something quite difficult given the obvious fact that the opposition is also doing its best to keep its secrets, secret.

But lest we forget that there are sometimes much easier ways to get information you need. Sometimes it can involve social engineering of the most modest levels, because after all, the bearers of this important information are still human.

Hackers targeting the Syrian opposition (an investigation pinpointed Lebanon as the source of the attacks) managed to gather its enemy's secrets in a simple, almost unbelievable way.

Syrian Soldier

With hackers posing as attractive women, conversations would be struck up with members of the opposition, and being that these men are no doubt a bit lonely, given their circumstances, they're essentially very vulnerable. If successfully lured, these faux women sent over a malware-laden picture, and as soon as it was viewed, malware was installed, and full access to the data on that person's phone was made possible.

data syria
Amount of data retrieved by the hackers (Source: FireEye)

The way this "attack" happened is almost scary, but the kind of information retrieved is even scarier. There's everything from political strategy discussions, details on military hardware, names of members of fighting groups, humanitarian needs assessments, and even lists of aid recipients.

Quite simply, to gather that kind of information solely by posing as attractive women is almost mind-boggling, and goes to prove that even with good security in place, effective social engineering can break those barriers quick.