Tech by VICE

Government Employees Got Hacked and Didn’t Find Out Until Facebook Told Them

Iranian hackers allegedly broke into the social media accounts of several State Department employees...and the victims didn’t notice until Facebook told them.

by Lorenzo Franceschi-Bicchierai
Nov 24 2015, 8:51pm

Image: dolphfyn/Shutterstock

Hackers working for the Iranian government reportedly broke into the social media accounts of several people at the State Department last month. And neither the victims nor the US government knew about it until Facebook alerted them to the breach.

These intrusions are part of a bigger cyberespionage campaign, according to a report in The New York Times that cites anonymous government officials. It's unclear how damaging or successful the hacking campaign has been, but these attacks confirm that Iran is active in cyberspace, and that the US government, as well as its employees, are ill-prepared to counter or prevent such attacks.

State Department employees didn't even notice the attacks until Facebook sent a message notifying them they had been victims of a cyberattack. "We believe your Facebook account and your other online accounts may be the target of attacks by state-sponsored actors," the alert stated. The State Department did not answer a request for comment, and Facebook also declined to comment. But a source close to the incident, who asked to speak anonymously given the sensitivity of the matter, confirmed The New York Times report.

An example of a Facebook alert in case of state-sponsored attack. (Image: Facebook)

For the last couple of years, US government officials and private security firms alike have been warning that Iran has been getting more active and sophisticated in its cyberattack efforts, although there's little hard evidence of what, exactly, those efforts entail.

Earlier this year, Motherboard reported that hackers with links to the Iranian government were involved in a series of attempts to compromise the Gmail accounts of journalists and activists. That campaign targeted diaspora Iranians and the activists working with them. Its apparent goal was to gather intelligence, and to uncover the victims' contacts inside Iran.

The hackers were apparently very determined, and used phishing attempts designed to get around Gmail's two-factor authentication. Phishing is a simple type of attack designed to trick a target into clicking a malicious link, usually contained in an innocuous-looking email, that allows the hacker to take over the victim's account.

In the case of the recent attacks on the State Department employees, it's unclear which technique they used. It seems likely they also used phishing. It's further proof that sometimes, hackers don't need sophisticated techniques to compromise high-level targets.