In a most disturbing turn of events, perhaps indicative of how low one may go, multiple media outlets are reporting how Russian hackers posed as Islamic State terrorists to target and threaten the families of U.S. service members in 2015. Hackers used the Facebook Messenger to send chilling messages to military spouses.
One Army wife reported the following message received on her iPhone:
Dear Angela! Bloody Valentine’s Day!
We know everything about you, your husband and your children…We’re much closer than you can even imagine.
This is one of five documented cases of outreach by the Russians to military spouses. A review of those targeted indicates that each had an above average social profile. Perhaps as a blogger or advocate, and thus their social media profile was more public than others. Angela Ricketts, recipient of the above message, is an author and advocate for veterans and military families. The other four are:
- Lori Volkman, a well-known blogger and deputy prosecutor in Oregon;
- Ashley Broadway-Mack of Washington D.C., and head of a gay-lesbian association supporting military family members;
- Amy Bushatz of Alaska, a journalist for Military.com on spouse and family issues
- Liz Snell, resident in California, and head of the charity, “Military Spouses of Strength.” Additionally, the charity’s Twitter account was breached and hate messages and threats posted.
As one can imagine, these vocal spouses of service members became vocal, sharing the experience and receipt of these messages far and wide via their substantive social networks. The FBI had issued a warning in November 2014 warning spouses that they could be targeted by ISIS, and carried the suggestion to review their social profiles. Until recently, this activity had been identified as having been carried out by ISIS.
The connection to Russia
According to security firm Secureworks, the Russian connection is well documented. The June 2016 report, “Threat Group-4127 Targets Google Accounts”, included the accounts of journalists, defense personnel, and others. Military spouses made up 22 percent of the targeted individuals. Secureworks estimated 35 percent of the spear phishing emails were successful.
Falling victim to the spear phishing attempt may have been the gateway to compromising the Twitter account of Snell’s charity. With access to the email, and absent two-factor authentication, the miscreants could request a password reset and take control of the account via the compromised Gmail account.
This revelation indicates how insidious the active measures of the Russian Federation can be, and how they use our own messages and warnings to concoct their plans.
What lessons can be learned? Use multi-factor authentication for email accounts. And never reuse passwords for your email accounts, because that account is the gateway to changing your user credentials.