‘Femme Fatale’ Hacks Battle Plans, Weaponries From Syrian Rebels

Avatars of beautiful women hacked Syrian rebels’ battle plans, weaponry and ammunition lists and personal information through Skype. These femme fatales posed as beautiful women who are ostensibly compassionate to the cause and purpose of the Syrian rebels fighting against the regime of President Bashar al-Assad.


The unidentified group of hackers was able to steal pertinent military, political and strategic plans of the mutineers through simple hacking strategy that starts with seemingly harmless Skype hook up. A female avatar would strike up a conversation on Skype with a rebel up until the point she is willing to send a “personal” photo. Before sending the photo, the femme fatale would ask whether her victim was using an Android phone or a computer – sizing up what appropriate malware to send her prey.

Once the unknowing victim downloaded her photo infected with malware, the hackers will then accessed his device, scan through files, chat logs, contacts and documents that reveal the opposition’s strategy in combating the government forces. The elaborate hacking that took place between November 2013 to January 2014 was discovered by cyber security watchdog FireEye and detailed in a report titled Behind the Syrian Conflict’s Digital Front Lines.

The hackers that posed as attractive women were able to steal hundreds of documents and were able to access 31,107 logged Skype chat sessions revealing plans and logistics of the Syrian opposition’s attacks on Mr Assad’s forces, the report said.

Like us on Facebook

They used hacking tools such as DarkComet RAT, a customized keylogger and tools with different shellcode payloads, the report outlined. The rebels were targeting armed opposition members, media activists, humanitarian aid and workers located in Syria and nearby regions, the report stated.

The unidentified hacker group was also able to access details of upcoming large-scale military operations including correspondence, rosters, annotated satellite images, battle maps, orders of battle, geographic coordinates for attacks, and lists of weapons from a range of fighting groups, according to the report.

FireEye was able to see records of the amount of Kalashnikovs and light machine guns taken, materials found and casualties suffered during operations; and a record describing a warehouse filled with chemical weapons protective equipment, suits, cleaning products and antidotes. In one chat accessed by the hackers, rebels were discussing strategy of shipping 9M113 TOW missiles and launchers.

FireEye was not able to identify the hackers behind the attack but the leader in cyber security knows that these ‘femme fatales’ used social media for government forces to have an advantage in the war that is currently happening in Syria.

“While we cannot identify who is behind these attacks, we know that they used social media to infiltrate victims’ machines and steal military information that would provide an advantage to President Assad’s forces on the battlefield,” Nart Villeneuve, senior threat intelligence researcher at FireEye said in a statement.