Biggest Shame Of The Year: Iranian Hackers Accidentally Leaked Videos Showing Them Hacking

Security researchers usually have only thin trails of evidence to follow to trace a state-sponsored hacking operation.

However, their job just got a lot easier with a group of Iranian hackers who recorded everything they do and posted the video to an unprotected server.

According to researchers of IBM’s X-Force, they recently got their hands on 5-hour long footage recording the screen of some hackers working for ITG18. This group is also known as Charming Kitten or APT35.

It is one of the most active espionage teams with sponsors from the Iranian government. The video and other clues prove that the hackers attacked an Iranian-American philanthropist and some US State Department staff.

As stated by the IBM experts, the footage was exposed because of a security setting misconfiguration of a virtual private cloud server they kept track of in some previous hacking attempts of APT35.

Just when IBM researchers were keeping an eye on the server, the files, including the video, were uploaded. The footage is apparently training material for junior hackers, showing them how to deal with the hacked accounts.

While the work shown in the video is far from being anything sophisticated, rather a labor-intensive task important for any operation, it shows a first-hand view of how a state-sponsored hacking attempt was executed.

The two videos IBM got demonstrated the process of siphoning data from a hacked account. One of them shows hackers logging into a dummy Gmail account with credentials from a text document. Next, they linked it to Zimbra, an email software to manage several accounts from one interface.

With Zimbra, the hackers were able to save all inbox’s information to their computers. The next step was to delete the notification saying Gmail permission has been changed. What comes next was saving victims’ contacts and photos. The other video demonstrates the same process for a Yahoo account.

Data stored in a Google account was stolen in less than four minutes while it takes only three minutes to do the same for a Yahoo account. However, in real life with tens of hundreds of gigabytes of data, hackers may have to spend more time than that.

This isn’t the first time hackers left behind evidence of their work but according to former NSA staffer Emily Crose, this is a rare win for the defenders as it wasn’t until now that we had actual video of state-sponsored hacking attempts, which could force the espionage team to change their tactics.

According to IBM, this discovery won’t slow down the pace of hacking. Last year, Microsoft seized close to a hundred domains and that did little to prevent the hackers from doing their job.

So if that kind of infrastructure purge couldn’t do anything, a few leaked videos won’t either.

>>> Hackers Reportedly Earn 120,000$ From Hacking Major Twitter Accounts