As the Syrian Civil War prepares to enter its fourth year, an unusual new battlefield has opened up: catfishing on Skype.
Once a target was identified, the rebels would be approached by a “woman” on Skype, and the pair would get talking. At some point, the attacker would ask what operating system or platform the rebel was using, so the attack be targeted more accurately. The two would then share “photos.” However, the attacker’s fake photo would be loaded with malware that would infect the target’s device upon opening.
The accounts often had corresponding fake Facebook profiles. Here’s two examples from FireEye’s report:
The hackers have had numerous successes with the attack strategy. At the end of 2013, they were able to withdraw more than 7 gigabytes of data after gaining access via the “catfish” method. This includes details of military hardware, political strategies and manifestos, humanitarian financing documents, and lists of casualties from the conflict.
Here’s an example chatlog:
It’s indicative of how warfare is changing in the digital age and how important “cyber” capabilities can be.
“Cyber espionage is traditionally understood as a method aimed at achieving an information edge or a strategic goal,” FireEye writes. “However, our research on malware activity related to the ongoing conflict in Syria indicates that such operations can provide actionable military intelligence for an immediate battlefield advantage.”