Hackers use any number of different techniques to get why they are after from advanced aware attacks to basic spear phishing scams. New reports suggest pro-Assad hackers have resulted to basic catfishing strategies in order to lure battle plans out of the hands of the Syrian rebel army.
Over the span of several years, security research firm FireEye has been gathering data for an investigation it has dubbed "Behind the Syrian Conflict's Digital Frontlines." Among other specifics, the firm has detailed a basic catfishing scam whereby pro-Assad hackers would simply pose as attractive women in order to inject malware onto the computers and mobile devices of unsuspecting Syrian rebels.
After making all the usual arrangements including fake Facebook and Skype accounts for the fake woman, hackers would then make contact with Syrian rebels. After determining whether or not the victim was using a mobile device, the hacker would then send the appropriate malware to scrape for pertinent data disguised as a photo of the attractive woman.
Reports suggests these techniques have been widespread and quite successful. FireEye said pro-Assad forces have stolen more than 7.7GB worth of data from more than 12,356 contacts, spread across 8 different nations. The Intel has apparently helped to stop of at least one major battle and contains everything from satellite images and battle maps, to attack coordinates and various weapons cache details.