Facebook says it stops hackers tied to Palestinian security

Jerusalem — Facebook said Wednesday that it had dismantled the hacker network used by Palestinian Authority President Mahmoud Abbas intelligence to monitor journalists, human rights activists and government critics.

A report by a social networking giant threatened to give another embarrassing blow to the Fatah party in Abbas a few weeks before the parliamentary elections. Suffering from civil war and fatigue, Fatah appears ready to lose power and influence in next month’s vote.

In its report, Facebook states that the element linked to the preventive security service “created a fictitious persona using fake and compromised accounts.” The aim was to “build trust with the targeted people and encourage them to install malicious software” in the guise of young women, journalists, and political activists.

According to Facebook, malware disguised as a chat application provides security agencies with access to targeted phones, including contacts, text messages, locations, and even keystrokes.

Based on the West Bank, the ring is intended for Palestinian territories and Syrian people, and for Turkey, Iraq, Lebanon and Libya.

“This relentless threat actor focused on a wide range of targets, including journalists, opponents of the Fatah-led government, human rights activists, Syrian opposition and military groups including the Iraqi army,” he said.

Mike Dvilyanski, head of Facebook’s cyber espionage investigation, said the company used “technical signals and infrastructure” to link its network to preventive security. He said Facebook had “high credibility” in the findings, but refused to elaborate.

A total of nearly 800 people were targeted, he said. According to the company, it is impossible to determine how many people have downloaded the malware or how security agencies processed the information. However, we believe this effort has spread to other online platforms, indicating that there may have been additional targets.

Security agency officials could not get immediate comments.

Facebook also announced the detection of a second irrelevant network on Palestinian territory connected to a group known as the “Dry Viper.” It was unclear who was behind the group or how they were trying to process the information they gathered.

Facebook logo
In the picture in this photo, the smartphone screen shows the Facebook logo in the background of the Facebook website in Arlington, Virginia on April 7, 2021. (Olivier Douliery / AFP via Getty Images)

According to Facebook, it targeted a small number of people, but used a little more sophisticated technology to give people access to their cameras and microphones.

Dvilyanski described both networks as “less sophisticated” but “very persistent.” He said preventive security service activity was detected as early as 2018 and has intensified in the last six months.

That would be in line with Abbas’ plan to hold the first Palestinian election in 15 years, which was publicly announced in January.

Abbas’s Fatah movement, trapped in fierce competition with rival Islamic terrorist group Hamas, was hurt by the formation of a rival sect. Palestinian officials have hinted that Abbas may use the dispute with Israel over the disputed vote in East Jerusalem as an excuse to cancel the election.

Human rights groups have long accused both Abbas and Hamas rivals of suppressing and even imprisoning their criticisms on social media platforms.

“Hacking the phones of hundreds of Palestinian civil society officials is yet another brave attempt by Palestinian security agencies to silence critics and opponents to police,” said the Israeli and Palestinian Human Rights Watch. Omar Shakir, director of Rights Watch, said. “No one deceives the election story when the dissenting quarrel continues unabated.”

According to Facebook, the activities of the Arid Viper group originated in “Palestine” and focused on national goals such as government officials, Fatah members, student groups and security forces. Arid Viper used more than 100 websites, including sites hosting iOS and Android malware, and attempted to steal people’s credentials through phishing and other tactics.

Facebook is one of the social media platforms under intense pressure to crack down on hackers and false information.

In March, Facebook said Chinese hackers attempted to break into Uighur Muslim computers and smartphones using fake accounts and fraudster websites.

According to the company, sophisticated covert operations targeted Uighur activists, journalists, opponents of the Xinjiang Uighur Autonomous Region of China, and individuals living in Turkey, Kazakhstan, the United States, Syria, Australia, Canada and other countries.

David Agranovich, Facebook’s director of threat destruction, said the company canceled accounts related to hacking networks, notified targets and shared findings with other tech companies to prevent further disruption.

“This announcement is the latest in action against these campaigns to distribute malware inside and outside the platform and compromise accounts across the Internet,” said Agranovich. “The people behind these operations are relentless. I hope they will evolve their tactics and come back.”

Ron Moritz, a venture partner and cybersecurity expert at Israeli investment firm Our Crowd, said the tactics used in both hacking rings were not particularly sophisticated. He said the announcement was “good storytelling” by Facebook and appeared to be cracking down on the Internet.

He said that tactics resulting from preventive security are often found in societies where freedom of speech is constrained and makes sense as elections approach.

“It’s probably pretty important to know what chatter is,” he said. “It is generally considered good to keep track of who the enemy is.”

By Josef Federman