Modern Day Honey Pots: Iranian Hackers Are Looking for Secrets, Not Love

Iranian group Cobalt Gypsy uses social media to lure powerful executives

The person in the picture and the person behind the picture may not be one in the same. Adam Berry/Getty Images

If you hear “honey pot,” don’t think Winnie the Pooh. A “honey pot” is a much more nefarious computer mechanism geared to lure men of influence or wealth into compromising cyber situations. The flirty honey pot urges the target—usually a man—to click on a link that then exposes their top secret material.

Honey pots are easy to detect, until ego gets in the way. Many men fall victim to the ruse, thereby placing their secrets in danger. Entire companies, even countries, can be compromised when someone is lured into the honey pot.

Back in the day, the honey pot was a real person. Before personal computers and cell phones, she was a valuable tool in the world of espionage. If a beautiful young woman appeared to be falling for a regular looking Joe at a hotel bar or hang out around town, she was probably a spy more interested in stealing his secrets than his wallet.

When espionage was king, it was easy to target an executive, industry leader or another spy with a honey pot. The target was lonely, far away from home and vulnerable. The honey pot had one of several simple objectives: She wanted to get intel, she wanted to plant a bug or something incriminating on the target, or, as in most cases, her objective was to procure incriminating documentation, especially photos, on the target.

Sometimes pictures were taken of the target with a beautiful young woman or in a homosexual affair. The results were torrid enough to extort information and gain power over the target.

Today’s honey pots are virtual and are primarily on social networks. In January 2017, for example, Hamas hackers successfully lured Israeli soldiers on Facebook and online dating sites. Israeli cyber security detected the attack, and it was quickly and safely removed.

But that is not always the case.

A new honey pot has emerged. Her targets have divulged deep secrets to the contrived character in hope of getting (virtually) closer to the fake profile. Just like adolescents lured by the intrigue of the Internet and oblivious to its dangers, the targets have no idea that the people they are communicating with are hackers.

Specifically, they are Iranian hackers. A group called Cobalt Gypsy is probably the brain behind this particular honey pot scheme. The plot involved fabricating a single profile on Linkedin and Facebook. Her name was Mia Ash, and she was 29-years old-and lived in London. Mia was a photographer taking courses at the University of London. Her relationship status was “complicated.”

Her profiles said she likes social media. She is a bit of a “hipster” and listens to indie music. She is looking for love and is mainly attracted to older men in executive positions, especially in hi-tech and energy. That last piece of information, which should have been a dead giveaway, apparently didn’t set off cautionary alarms.

Mia, aka Cobalt Gypsy, searched for and found targets. She made her first move on Linkedin and then lured her targets onto less secure sites. In one case, she sent her target a picture to comment on. The comments page was an Excel document that needed to be downloaded from a more powerful computer: the target’s work computer.

Doing it from work, she explained, was important because it would make the comments on the photo simpler and easier to access. The target fell for the ruse.

Mission accomplished.

The virus began cascading and infecting. The hackers could now listen and watch all the computers on the network and use each computer as a microphone and camera to monitor what was happening. The virus then uploaded another more powerful, undetectable virus that removed any trace of the first.

Mia, this Iranian honey pot, set out to invade intel companies and governments in Saudi Arabia, the United States, India and Israel. In the case described, the effected company’s cyber security unit eventually detected the invasion and shut it down. Israel also repelled the attack.

Mia’s picture was from a Romanian student’s profile.

Iran is working hard to get up to speed on modern-day espionage. Its goal is to crack into high tech firms that support Western defense and intelligence industries, thereby giving them a huge advantage in their battle against the West.

Companies’ and governments’ need to double down on their vigilance.

Just like in the old days of espionage, the best defense against honey pots is realizing that when a beautiful young woman approaches a middle-aged, overweight executive, she is not looking for love.

Micah Halpern is a political and foreign affairs commentator, author the “The Micah Report,” and host of the weekly TV show “Thinking Out Loud w Micah Halpern.” Follow him on twitter: @MicahHalpern

Modern Day Honey Pots: Iranian Hackers Are Looking for Secrets, Not Love