Fake Facebook Profile For NATO Senior Commander Used To Phish Senior Brass

2012-03-12T16:53:15
ID THREATPOST:63DB92060A960D062A39548936C3FB16
Type threatpost
Reporter Paul Roberts
Modified 2013-04-17T16:32:38

Description

A fake Facebook profile for NATO Senior Commander James Stavridis, a US Navy Admiral, was used to trick senior officers in both the U.S. and British military to becoming friends.

The spear phishing attack is of unknown origin and is believed to have divulged a wide range of personal information of senior military brass that could be used in subsequent, targeted attacks, the Telegraph reported.

A fake Facebook profile for NATO Senior Commander James Stavridis, a US Navy Admiral, was used to trick senior officers in both the U.S. and British military to becoming friends.

The spear phishing attack is of unknown origin and is believed to have divulged a wide range of personal information of senior military brass that could be used in subsequent, targeted attacks, the Telegraph reported.

Stavridis, NATO’s Supreme Allied Commander Europe, headed up NATO operations in Libya and is a regular user of social media. The Admiral maintains an active Facebook page and a blog on NATO’s Web site, where he discourses on NATO policy, his travels to global hot spots and his official duties.

The impostor page has since been taken down. It isn’t known how long the page was active for or who was tricked into “friend-ing” the fake James Stavridis. The Telegraph cites unnamed sources saying that military officers and diplomats were told the attacks were tracked to “state sponsored individuals in China.”

Officials say it unlikely that the attacks would have yielded any classified data. However, it likely divulged personal e-mail addresses, dates if birth, phone numbers and a wealth of information on the military and defense officials social network that could be used in subsequent targeted attacks.

Impersonating well known figures on Facebook and Twitter is easy to do, though both companies will remove fraudulent accounts when made aware of them. Facebook said in February that it will allow high profile members to verify their account and begin using nicknames to identify themselves. The company says the new feature will allow celebrities and other Facebook VIPs to get higher billing on Facebook and attract more followers. However, its unclear whether the offer was extended to prominent members of the military or government. As of this writing, Admiral Stavridis had not taken advantage of the verified account feature.