Fake 'femmes fatales' aid Syrian battle hack

Fake "femmes fatales" have been used to steal battle plans and other data from Syrian opposition groups, a report suggests.

The virtual women had been used in text chat on Skype to engage potential victims, security company FireEye said.

And data had been stolen via booby-trapped images of the women to whom the victims had believed they had been chatting.

"We cannot positively identify who is behind these attacks," said FireEye.

Security researcher Nart Villeneuve added: "We know that they used social media to infiltrate victims' machines and steal military information that would provide an advantage to President [Bashar al-]Assad's forces on the battlefield."

The attack had been mounted between November 2013 and January 2014 and the information that had been stolen had come to light as FireEye had investigated a separate incident, it said.

In total, it said, 7.7GB of data had been stolen, including more than 240,000 messages, 31,000 conversations and 64 separate Skype account databases.

Annotated satellite images and maps, the times that assaults had been planned and lists of the type of weapons to be used in each phase of an upcoming battle had all been included among the stolen data, FireEye said.

The attackers had also grabbed information about the movement of weapons away from the front line, as well as casualties, financing and humanitarian activity, it said.

According to FireEye:

The malware was a well-known remote-access tool known as DarkComet but had been adapted to the particular circumstances in Syria, said FireEye.

Victims were located mainly in Syria but also in other Middle Eastern and European countries, it said.