Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

Facebook Says Palestinian Intelligence Used Platform to Spy on Citizens

Facebook said Wednesday it had disabled accounts used by the Palestinian Authority’s internal intelligence organisation to spy on journalists, human rights activists and political opponents.

Facebook said Wednesday it had disabled accounts used by the Palestinian Authority’s internal intelligence organisation to spy on journalists, human rights activists and political opponents.

In a report, the US social media giant also said it had identified and disabled “politically motivated” espionage operations by a group believed to be based in Gaza and affiliated with Hamas, the Islamist rulers of the Palestinian enclave.

The report released Wednesday comes ahead of landmark Palestinian legislative elections set for next month that will see the rival West Bank-based Palestinian Authority (PA) and Hamas facing off for the first time in 15 years.

According to Facebook, the PA’s Preventive Security Service (PSS) targeted “journalists, people opposing the Fatah-led government, human rights activists and military groups,” primarily in the West Bank, Gaza and Syria, “and to a lesser extent Turkey, Iraq, Lebanon and Libya”.

Operating from the West Bank, the operatives used “low-sophistication malware disguised as secure chat applications” to infiltrate Android devices and collect information from them, including “call logs, location, contacts and text messages,” the report said.

The PSS also created a fake application to which journalists were invited to submit “human rights-related articles for publication”, according to the Facebook cyber espionage and threat investigators who penned the report.

In addition, the intelligence service used false accounts posing primarily as young women but also “as supporters of Hamas, Fatah, various military groups, journalists and activists” in order “to build trust with people they targeted and trick them into installing malicious software”.

The report also noted what it called “state-sponsored cyber espionage operations” believed to be “politically motivated” by the so-called Arid Viper group.

Independent researchers say the group has been launching cyber attacks from Gaza towards Israel since 2013.

Arid Viper’s target this time, however, was not Israel, rather Palestinians, including “individuals associated with pro-Fatah groups, Palestinian government organisations, military and security personnel, and student groups within Palestine,” Facebook said.

Arid Viper used “over a hundred websites that either hosted iOS and Android malware, attempted to steal credentials through phishing or acted as command and control servers,” the report said.

“They appear to operate across multiple internet services, using a combination of social engineering, phishing websites and continually evolving Windows and Android malware in targeted cyber espionage campaigns,” it added.

Facebook said it had taken down the accounts affiliated with both the PSS and Arid Viper, “released malware hashes, blocked domains associated with their activity and alerted people” targeted.

Written By

AFP 2023

Click to comment

Expert Insights

Related Content

Threat Intelligence

How threat intelligence is critical when justifying budget for GRC personnel, and for threat intelligence, incident response, security operations and CISO buyers.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Cybercrime

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybercrime

Cybercriminals earned significantly less from ransomware attacks in 2022 compared to 2021 as victims are increasingly refusing to pay ransom demands.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.