The first known Facebook security violation took place in December 2005 when researchers at MIT developed a script that could download publicly posted information. In this case, researchers were trying to prove that social media users were vulnerable to leaks because of their over-sharing of information online. This MIT group then gained personal data on over 70,000 users without getting their permission.
A public server owned by an unknown group was found to have 419 million Facebook Records containing everything from unique Facebook IDs and phone numbers to gender and location. This was a disturbing call-back to the April incident when Facebook announced that they were making changes and knew they had work to do.
hack group di facebook
Those hoping that 2021 would be smooth sailing were disappointed by a huge Facebook hack over the weekend of April 3. This Facebook lapse exposed the personal information of approximately half a billion users, including their names, birthdays, locations, and phone numbers.
Facebook acknowledged the leak but said it stemmed from a security problem in 2019 that their team has since fixed. But many Facebook users found that statement to be of little comfort. The information is out there, and the damage could be ongoing. In the US alone, 30 million accounts were affected. Facebook has not made it easy to find out if your account was one of them. According to experts, you have around a 20% chance of being hacked if hackers stole your account information. Check haveibeenpwned.com to see if you are affected.
Password security is still one of the best ways to keep your personal information and account access safe. Security breaches are so damaging because hackers take your stolen password, perhaps from Facebook, and then input it into all of your other accounts, hoping that you reuse passwords.
Infamous Israeli surveillance firm NSO Group created a web domain that looked as if it belonged to Facebook's security team to entice targets to click on links that would install the company's powerful cell phone hacking technology, according to data analyzed by Motherboard.
It is not uncommon for hackers working for governments to impersonate Facebook, perhaps with a phishing page that displays a Facebook login screen but which secretly steals a target's password. But NSO's approach complicates its ongoing conflict with the tech giant. NSO is currently embroiled in a lawsuit with Facebook, which is suing the surveillance firm for leveraging a vulnerability in WhatsApp to let NSO clients remotely hack phones. Motherboard has also found more evidence that NSO used infrastructure based in the United States; a server used by NSO's system to deliver malware was owned by Amazon.
A former NSO employee provided Motherboard with the IP address of a server setup to infect phones with NSO's Pegasus hacking tool. Motherboard granted the source anonymity to protect them from retaliation from the company. Pegasus can target modern iPhone and Android devices, and once installed on a device it can steal text and social media messages, track the GPS location of the phone, and remotely turn on the camera and microphone. NSO sells Pegasus in either 0- or 1-click versions, with the former needing no interaction from the target, and the latter requiring the target to click a link.
NSO is most well known for selling its Pegasus technology to authoritarian regimes like Saudi Arabia, which used the tool to target associates of murdered Washington Post journalist Jamal Khashoggi. NSO says it only sells Pegasus to law enforcement and intelligence agencies. Motherboard recently revealed NSO tried to sell its hacking technology to local U.S. police, and that an NSO employee abused access to an installation of the Pegasus tool in the United Arab Emirates to target a love interest.
In April, Facebook filed court documents that contained specific U.S. IP addresses used by NSO's systems to hack phones via a vulnerability in WhatsApp in 2019. One of those IP addresses was hosted by California-based QuadraNet; the second belonged to Amazon.
"Molerats," an Arabic-speaking advanced persistent threat group that has been targeting victims mainly in the Middle East for several years, is now abusing Facebook accounts, as well as other cloud-based platforms, to deploy previously undocumented malware as part of an ongoing espionage campaign, according to security firm Cybereason.
The hacking group, which is also known as the Gaza Cybergang, is a politically motivated organization that has been active since at least 2012. The group was previously tied to espionage campaigns in Israel and Palestine, but it also has targeted victims in the U.S. and Europe (see: Molerats Hackers Hit US, EU Governments).
In its recent campaign, which started in September and was active at least through November, the hackers targeted Arabic-speaking victims in the Palestinian territories, the United Arab Emirates and Egypt as well as non-Arabic speaking targets in Turkey, Cybereason notes in the report released Wednesday. The intended victims are usually high-ranking government officials, and the hackers are looking to steal documents.
Although the victims of this campaign were initially infected using phishing emails that contained malicious documents, the researchers note the hackers used Facebook accounts and cloud file-sharing platforms such as Dropbox and Google Drive to set up the malware command-and-control servers to help hide the malicious code in plain sight. Cybereason has contacted the companies to report the abuse.
The Cybereason researchers note that the current Molerats campaign starts with the hackers sending phishing emails with political themes, typically about current events involving the Middle East region, to victims. These messages usually contain attached malicious documents, such as PDF files, that have links that lead to the Facebook pages or cloud services controlled by the group.
The Facebook pages and cloud services then act as command-and-control servers for the hackers, which then can deliver malware to the intended victim. The Cybereason researchers found two new backdoors, dubbed SharpStage and DropBook, along with a malware downloader called MoleNet.
"Molerats created fake Facebook accounts specifically for this campaign and those accounts are being used by the group for command-and-control purposes, by sending instructions to the malware using a Facebook post," according to the Nocturnus Team researcher. "This is a clever way of hiding in plain sight, abusing the trust given to a legitimate platform such as Facebook and helping the group to remain under the radar."
The account holder summarized the group's intentions in a Twitter post last week, which stated: "Anonymous has ongoing operations to keep .ru government website offline, and to push information to the Russian people so they can be free of Putin's state censorship machine. We also have ongoing operations to keep the Ukrainian people online as best we can."
An article on RT published on Feb. 28 confirmed that its own website, as well as that of the Kremlin, had in fact been shuttered by Anonymous last Friday. The article also stated the group had targeted other Russian and Belarusian media outlets on Monday, replacing their main pages with the message "Stop the war."
Anonymous has targeted other high-profile entities in the past, including the governments of the United States and China, the Church of Scientology and the Islamic State group, while expressing support for uprisings such as the Arab Spring and Occupy Wall Street.
Indeed, what is most striking when you talk to growth hackers like Johns is how successful these creative techniques have been to increase user acquisition rates, drive customers to purchase a product, or reduce the friction of using a product. Growth hacking can be applied to nearly any digital goal that involves persuading people to click, purchase, sign up, or read.
According to Johns, the principal objective of growth hacking is to create a user acquisition coefficient that is higher than one. For example, a company should aim to have more people using their product over time than it loses from attrition. By experimenting with different growth hacking methods, companies can determine the optimal means to increase that coefficient dramatically.
So how did they do it? Johns was reserved but did discuss three growth hacks that really moved the needle. The first hack involved giving users embeddable Facebook badges or profile widgets to post on their websites and blogs. Johns told me that these widgets served billions of impressions per month, which led to hundreds of millions of clicks and consequently millions of signups. By extending Facebook through the user base, Facebook was able to generate a massive number of sign ups.
The third hack involved the acquisition of people who had not yet signed up for Facebook, and were highly desirable targets for strategic reasons. This involved some creative but inexpensive advertising techniques that Johns could not elaborate on. This campaign was so successful that the advertising network Facebook was using asked Facebook to modify its method.
A second hack involved persuading new users to follow at least 10 people on Twitter. Once they did, the odds of that user returning increased dramatically. So Johns and the growth team introduced the top people to follow feature after users signed up and the user retention rate went up significantly.
Calling TA410 an umbrella group comprised of three teams dubbed FlowingFrog, LookingFrog, and JollyFrog, Slovak cybersecurity firm ESET assessed that "these subgroups operate somewhat independently, but that they may share intelligence requirements, an access team that runs their spear-phishing campaigns, and also the team that deploys network infrastructure."
Other identified victims of the hacker collective include a manufacturing company in Japan, a mining business in India, and a charity in Israel, in addition to unnamed victims in the education and military verticals. 2ff7e9595c
Comments