In February 2017, a firm called SecureWorks was hired to help a Middle Eastern company diagnose an attempted spyware infection, and investigators soon discovered the breach: A company employee had been communicating with a woman named “Mia Ash” on LinkedIn for more than a month.
According to Wired, Ash claimed to be a 30-year-old photographer based in London who was looking for love.
She had a hot profile photo, more than 500 Facebook friends, and was very active on Instagram. Ash claimed that she had attended the Royal Academy of Arts followed by Goldsmiths, University of London.
She also had hundreds of contacts listed on LinkedIn.
Alas, “Mia Ash” did not exist. She was a fake persona that had been invented by an international hacking gang – and her profile photo was stolen from the social media accounts of an innocent Romanian blogger.
Allison Wikoff, a SecureWorks researcher who led the analysis presented at the Black Hat security conference, said that Ash was one of the most well fleshed-out Internet personas that the company had ever encountered.
And she was not the only one.
From Delilah to Mata Hari, beautiful women have always played a key role in international espionage. But experts say that increasingly, the threat comes from strangers in cyberspace, as honeytrap hackers trawl the Internet for powerful men with secrets to steal.
Before all traces of Ash were apparently deleted from the Internet in February, she is reported to have lured senior figures in sensitive industries in the U.S., Israel, India and Saudi Arabia into revealing confidential data.
She was able to infiltrate the Middle Eastern company after she asked the employee to complete an Excel program spreadsheet she sent to him as an email attachment.
He agreed – and launched a “Trojan horse” virus that smuggled malware into his company’s IT system in order to steal company information.
According to SecureWorks website, “further analysis revealed a well-established collection of fake social media profiles that appear intended to build trust and rapport with potential victims.”
The firm identified Iran as the likely culprit, stating:
“CTU researchers assess that COBALT GYPSY (formerly known as TG-2889), a threat group associated with Iranian government-directed cyber operations, is likely responsible for these campaigns and the Mia Ash persona. COBALT GYPSY has used spearphishing to target telecommunications, government, defense, oil, and financial services organizations based in or affiliated with the MENA region, identifying individual victims through social media sites.”
Since most targets of corporate espionage are males, they are often especially vulnerable to attractive female online personas.
In 2015, hackers posing as beautiful females stole battle plans from rebel groups fighting the Syrian government, according to the U.S.-based cyber-security firm FireEye.
In that instance, the hackers sent photos to their victims that contained a spy program.
But these cases are only the tip of the iceberg: In 2015, the FBI announced a sharp rise in economic espionage cases aimed at U.S. companies, with a vast majority of the perpetrators originating from China with ties to the nation’s government.
Randall Coleman, the head of the agency’s counterintelligence division, said at a briefing that the bureau had seen a 53% increase in economic espionage cases, or the theft of trade secrets leading to the loss of hundreds of billions of dollars, over the past year.
He cited examples of large corporations successfully targeted in the past such as DuPont, Lockheed Martin and Valspar.
Main photo: Free photo of laptop with bra [PXhere.com]