Allison Wikoff has spent years tracking suspected Iranian hackers, sifting through data they’ve left behind and analyzing their techniques. But in May, when her colleague stumbled upon a server with 40 gigabytes of the hackers’ training videos and online personas, Wikoff knew she had struck gold.
“[When] we started combing through all the data and video files we couldn’t believe what we were seeing,” said Wikoff, a cyber threat analyst on IBM’s X-Force security team. “This discovery brought a whole new meaning to observing ‘hands-on keyboard activity.’”
The nearly five hours of videos found on the server, which IBM reported publicly on Thursday, include evidence of a suspected Iranian hacker stealing data from the personal email and social media accounts of an enlisted member of the U.S. Navy and a Greek naval officer.