In a digital twist on the classic honeypot spy tactic, hackers lured Syrian rebels with fake Skype accounts and extracted critical military data from the rebels’ devices. Posing as femme fatales, the pro-Assad hackers prompted the rebels to download malware-infested photos that spit back data on upcoming operations.
Computer security firm FireEye released a report detailing years of efforts by pro-Syrian government forces to extract data from rebels. Known better as catfishing (creating fake accounts to lure targets into divulging information), the hackers typically asked targets what device they were Skyping from–ostensibly to share appropriate malware. Because multiple Syrian rebels’ computers would be linked to a single hub linking up to satellite Internet, the hackers only needed to infect one computer to infect the whole hub.
The hacker effort was extensive, acquiring 7.7 gigabytes of data from 12,356 contacts over 31,107 Skype conversations with targets in eight countries. While FireEye couldn’t prove that the hacks came directly from within the Assad regime, they noted that the hacks worked heavily in its favor.
“While we cannot positively identify who is behind these attacks, we know that they used social media to infiltrate victims’ machines and steal military information that would provide an advantage to President Assad’s forces on the battlefield.”
FireEye first discovered the data cache in unprotected directories on a data server in Germany. They reasoned it had been stolen from Syrian rebels and subsequently teased out the hackers’ strategy and extent of operations. The hacking was part of a large campaign from at least November 2013 to January 2014. Examining the type of malware used and patterns of the femme fatale social media accounts suggests to FireEye that the attacks might have come from Lebanon.
It’s also unclear whether Assad’s forces ever used the informationthe trove included detailed data of a planned rebel offensive that was never actually carried out. Whether it was thwarted or the rebels sensed that their plans were compromised is likewise unknown.