Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Privacy

Iranian Spies Accidentally Leaked Videos of Themselves Hacking (wired.com) 41

An anonymous reader quotes a report from Wired: Researchers at IBM's X-Force security team revealed today that they've obtained roughly five hours of video footage that appears to have been recorded directly from the screens of hackers working for a group IBM calls ITG18, and which other security firms refer to as APT35 or Charming Kitten. It's one of the most active state-sponsored espionage teams linked to the government of Iran. The leaked videos were found among 40 gigabytes of data that the hackers had apparently stolen from victim accounts, including U.S. and Greek military personnel. Other clues in the data suggest that the hackers targeted U.S. State Department staff and an unnamed Iranian-American philanthropist.

The IBM researchers say they found the videos exposed due to a misconfiguration of security settings on a virtual private cloud server they'd observed in previous APT35 activity. The files were all uploaded to the exposed server over a few days in May, just as IBM was monitoring the machine. The videos appear to be training demonstrations the Iran-backed hackers made to show junior team members how to handle hacked accounts. They show the hackers accessing compromised Gmail and Yahoo Mail accounts to download their contents, as well as exfiltrating other Google-hosted data from victims. This sort of data exfiltration and management of hacked accounts is hardly sophisticated hacking. It's more the kind of labor-intensive but relatively simple work that's necessary in a large-scale phishing operation. But the videos nonetheless represent a rare artifact, showing a first-hand view of state-sponsored cyberspying that's almost never seen outside of an intelligence agency.

This discussion has been archived. No new comments can be posted.

Iranian Spies Accidentally Leaked Videos of Themselves Hacking

Comments Filter:
  • It shouldn't be that hard to track them down, and "stop" their activities.

    • Comment removed based on user account deletion
    • that sounds like war and if you hit non combat people? Say an school with kids or an hospital?
      Some states may have the hackers in / under an school building as cover / to have the think of the children people stop an attack

      • that sounds like war and if you hit non combat people? Say an school with kids or an hospital?

        Or a wedding? That's just business as usual for the US military. The use of drone strikes expanded greatly under Obama. We know because he set a rule telling us about how many drone strikes were used. Trump has expanded them even more. We know because his numbers were way higher than Obama's (pretty much the only ones that were, mind you) and then he rescinded that rule so he didn't have to tell us how many drone strikes he was using. The government always tells us that we shouldn't need privacy unless we h

        • Hold up.. So, your evidence that Trump has stepped up drone strikes is that he receded the rules about reporting them?

          Yea, Trump stepped up his prosecution of the caliphate known as ISIS/ISIL, and yea he suspended the reporting news, but your theory that such attacks continue is not borne out by the rest of the evidence.

          With the possible exception of the Soleimani strike in Iraq, I'm not seeing very many news reports about unexplained or unclaimed drone strikes. You'd think that if a couple of weddings ha

          • The use of drone strikes expanded greatly under Obama. We know because he set a rule telling us about how many drone strikes were used. Trump has expanded them even more. We know because his numbers were way higher than Obama's (pretty much the only ones that were, mind you) and then he rescinded that rule

            So, your evidence that Trump has stepped up drone strikes is that he receded the rules about reporting them?

            You're not a strong reader, are you?

            Yea, Trump stepped up his prosecution of the caliphate known as ISIS/ISIL, and yea he suspended the reporting news, but your theory that such attacks continue is not borne out by the rest of the evidence.

            What evidence? Trump changed the rules so that he didn't have to report his numbers.

            With the possible exception of the Soleimani strike in Iraq, I'm not seeing very many news reports about unexplained or unclaimed drone strikes.

            Absence of evidence is not evidence of absence. All that means is that he hasn't been hitting mediapathic targets.

            • You are a bit dense too..

              There are independent ways of reporting on drone strikes that Trump doesn't control. IF such independent reporting is not reporting drone strikes like they used to, doesn't that at least lower the probability that the drone strikes are not happening?

              I didn't just say "no reporting = not happening" here. I said, no INDEPENDANT reporting + no need and the president's voiced policy means there is a good chance the drone strikes have dropped in frequency.

          • by Shaiku ( 1045292 )

            You seem to have trouble with reading comprehension but here you go:
            https://chicago.suntimes.com/n... [suntimes.com]

            "According to a 2018 report in The Daily Beast, Obama launched 186 drone strikes in Yemen, Somalia and Pakistan during his first two years in office. In Trumpâ(TM)s first two years, he launched 238.

            The Trump administration has carried out 176 strikes in Yemen in just two years, compared with 154 there during all eight years of Obamaâ(TM)s tenure, according to a count by The Associated Press and the

      • That's why we have the R9X "flying Ginsu", more here:

        https://www.militarytimes.com/... [militarytimes.com]

    • Someone wants to start a(nother) war.
      • by 1s44c ( 552956 )

        Someone does. Israel is strongly incentivized to start a conflict between Iran and the US before Trump leaves office. Isreal has a history of using cyber warfare tactics and deceit against Iran. See Stuxnet.

        Somebody is currently using advanced cyber warfare tactics against Iran causing random buildings and ships to catch fire. Maybe the US, maybe Israel, maybe both.

        Standard tactics have always been to blame your enemy for the things you are doing.

    • What gives you the idea US can drone strike inside Iran? US has trouble keeping its drones in the air around Iran, let alone inside.
    • by gtall ( 79522 )

      This might work...once. After that, Iran would just put their least capable hackers in a building housing a school telling the hackers they are there to providing a vital job for the State, i.e., encouragement to the students for the Islamic Revolution. The Iranians will then leave "telltale" signs about where the hackers are located. One drone strike on it will result in children being bombed which will be shown in breathtaking color and slow motion by the cameras the Iranians installed to record the actio

    • The way the current Israel/US vs Iran war is going, I'm sure Iran is more than capable of blowing up their own hackers.
  • I guess we'll just nuke Iran so Eretz Israel can happen, that's the plan, right?
    • by 1s44c ( 552956 )

      Nuking civilian populations went out of fashion in 1945. If the US did that again it would at a minimum trigger a cold war with every other nuclear power on the planet. At best everyone takes huge economic damage due to loss of trust and cooperation, at worst everyone dies.

  • Wade Wilson approves of your inclusive team naming.

  • by Lucas123 ( 935744 ) on Friday July 17, 2020 @09:24AM (#60299605) Homepage

    "The IBM researchers say they found the videos exposed due to a misconfiguration of security settings on a virtual private cloud server they'd observed in previous APT35 activity."

    So, the hackers were using IBM's cloud service to record their hacking training video and because they didn't use the proper security settings in configuring the virtual server, they exposed their nefarious activities.

    I'm thinking the threat level from Iranian hackers is going to remain relatively low.

    • by bws111 ( 1216812 )

      Nowhere does it say anything about IBM's cloud service. In fact, it specifically says PRIVATE cloud (IBM's cloud services, like everyone else's, are PUBLIC cloud).

      • In fact, it specifically says PRIVATE cloud (IBM's cloud services, like everyone else's, are PUBLIC cloud).

        It says "Virtual Private Cloud server", which generally means public cloud. AWS/Azure/GCP and other major cloud environments use VPC as a term essentially for what was once considered a VLAN or network segment. Thus, the term "private cloud" as you seem to understand it in the context of the very early days of the cloud -- single-tenant hosts etc -- is apples and oranges to the concept of a VPC.

    • Hey ! Looking for some fun to get into? () Me too! Let's get to know each other on a much more personal level ==>> v.ht/iiVnP
  • If you have insight into the enemy's operations, it seems like it would be more valuable to keep your mouth shut and watch, rather than submit a press release and show your hand.
    • by Aereus ( 1042228 )

      I would assume if they are revealing this info, the loophole had already been closed.

    • by MobyDisk ( 75490 )

      Perhaps this was so unlikely to happen again that the PR to make the hackers seem like fools is worth more than the secret?

    • It's IBM, not the NSA. They need to crow, or they're shown the door. Maybe Watson helped.

  • Videos, or this is just a Trump government press release via IBM.

    Release the video and Iran gets globally embarrassed and the US gets huge public support. Don't and it's Saddams WMD again.

  • planted there to give Trump an argument.

    Wouldn't be the first time.

    Though in fact we simply do not know, and our only choice is to trust the source. To me, the source is almost 100% completely untrustworthy. Especially with it being soo convenient.

    That does NOT mean either hypothesis is true. Nor false.
    It means the information is *useless*.
    And I will not think either way, nor include it in my thinking. I will focus on the real world. Like offline, outside my door.

  • Iranian hackers called “ITG18”. No mention of how these accounts were hacked in the first place.

The truth of a proposition has nothing to do with its credibility. And vice versa.

Working...