Iranian recruiting offensive cyber operators

tl;dr - Iran tries to recruit an offensive cyber operator back in 2012, victim goes public, things happen.

The Middle East Insitute summarise it as follows:

Cyber security researcher Chris Kubecka shares the story of how the Iranian government attempted for over two years to recruit her to come to Iran and teach the skills needed to hack critical infrastructure targets--until the FBI stepped in.

The actual talk is on mei.edu, and goes for about 20 minutes I’ve grabbed the key points, but go give it a listen.

The audio is at https://www.mei.edu/multimedia/podcast/hacker-hire-story-iranian-cyber-recruitment

Kind of interesting that she went public, got a cryptic death threat, but ultimately not much else happened. Also curious that when she tried informing the authorities, they didn’t do much, and she only go help due to being at a party at the right time.

This is my summary:

Background

• Chris Kubecka

  • Security Researcher / etc
  • https://en.wikipedia.org/wiki/Chris_Kubecka

• Started in 2015

• Started with a request to train people with GPEN-like stuff, over LinkedIn

• Came in over linkedin, tranisitioned to whatsapp

• They were very friendly

• Eventually it turned from Training request to something else

  • VIP tour of our country, meet our ministers
  • Train our guys for two weeks, on hacking critical infra, on nuclear facilities

• Our Guy(lady) points out theres sanctions and we’re not doing that

• This went over 2 years

Getting authorities involved

• Eventually the other side asks for her home address ‘to send a gift’
  • Lady tries to get help from US authorities, they’re fairly useless
  • She ends up talking about it at a party, coincidentally someone is interested, things happen

Communications

• Started on LinkedIn
• They transitioned to WhatsApp
• They wanted to move to Telegram, our lady didn’t

Rejecting offers

• She said no
• The other side was friendly and encouraging
• They just kept asking for more information and trying to recruit
• They also offered 100k Euro’s a month

The other side

• Company name: Telecommunications company of Iran
• Over 100k employees, has LinkedIn profile, etc
• Has heaps of presence, but all with stock photos
  • Misc: Even the pro’s mess up, put effort into your fake presence!

When she went public

• FBI told her to cut contact
• She ended up getting more requests from other operators, ignored them
• Mostly over WhatsApp comms, getitng invited to weird groups
• Sometimes she gets cryptic Twitter DM’s
  • She got a cryptic, threatening video to “leave subjects alone”
• Her address got dumped on extremist forums

Requests for information

• Kept asking about how flat networks are at Saudi Aramco
  • Sort of implies they knew the network layouts, etc