Facebook said Wednesday it had disabled accounts used by the Palestinian Authority’s internal intelligence organisation to spy on journalists, human rights activists and political opponents.
In a report, the US social media giant also said it had identified and disabled “politically motivated” espionage operations by a group believed to be based in Gaza and affiliated with Hamas, the Islamist rulers of the Palestinian enclave.
The report released Wednesday comes ahead of landmark Palestinian legislative elections set for next month that will see the rival West Bank-based Palestinian Authority (PA) and Hamas facing off for the first time in 15 years.
According to Facebook, the PA’s Preventive Security Service (PSS) targeted “journalists, people opposing the Fatah-led government, human rights activists and military groups,” primarily in the West Bank, Gaza and Syria, “and to a lesser extent Turkey, Iraq, Lebanon and Libya”.
Operating from the West Bank, the operatives used “low-sophistication malware disguised as secure chat applications” to infiltrate Android devices and collect information from them, including “call logs, location, contacts and text messages,” the report said.
The PSS also created a fake application to which journalists were invited to submit “human rights-related articles for publication”, according to the Facebook cyber espionage and threat investigators who penned the report.
In addition, the intelligence service used false accounts posing primarily as young women but also “as supporters of Hamas, Fatah, various military groups, journalists and activists” in order “to build trust with people they targeted and trick them into installing malicious software”.
The report also noted what it called “state-sponsored cyber espionage operations” believed to be “politically motivated” by the so-called Arid Viper group.
Independent researchers say the group has been launching cyber attacks from Gaza towards Israel since 2013.
Arid Viper’s target this time, however, was not Israel, rather Palestinians, including “individuals associated with pro-Fatah groups, Palestinian government organisations, military and security personnel, and student groups within Palestine,” Facebook said.
Arid Viper used “over a hundred websites that either hosted iOS and Android malware, attempted to steal credentials through phishing or acted as command and control servers,” the report said.
“They appear to operate across multiple internet services, using a combination of social engineering, phishing websites and continually evolving Windows and Android malware in targeted cyber espionage campaigns,” it added.
Facebook said it had taken down the accounts affiliated with both the PSS and Arid Viper, “released malware hashes, blocked domains associated with their activity and alerted people” targeted.