July 1, 2019
(Bloomberg)
-- In one of the largest malware campaigns to exploit Facebook Inc., a
suspected Libyan hacker lured tens of thousands of people into exposing
personal information and granting access to personal devices, Israeli
cyber security company Check Point Software Technologies Ltd. said.
A
Facebook page impersonating Khalifa Haftar, the head of a militia
fighting Libya’s internationally recognized government, was Check
Point’s first clue to an attack that had been going on for five years,
the company said. Repetitive spelling mistakes in Arabic that suggested
dyslexia helped researchers track other pages set up by the hacker, who
used an avatar called Dexter Ly, it added.
“Facebook
is not widely used to infect people with malware,” said Lotem
Finkelstein, Check Point’s head of research. “This is probably one of
the biggest malware campaigns using the platform.”
While
Facebook itself wasn’t breached, according to Check Point, the hack
highlighted how social media platforms can be abused to carry out
attacks. In all, about 50,000 users from North Africa, Europe and the
U.S. clicked on infected links that included alleged reports from Libyan
intelligence units exposing Qatar or Turkey as conspiring against
Libya, or bogus photos of a purportedly captured pilot who tried to bomb
Libya, Check Point said. Others were supposed to lead to mobile
recruitment sites for Haftar’s armed forces.
Facebook said it couldn’t confirm the figures.
Under Fire
Facebook
users have been previously hit by malware attackers, include a 2017
hack that used its Messenger feature to infect computers with malware
that mined cryptocurrency. Facebook and other social companies have also
come under assault for failing to curb fake news on their platforms.
Facebook has said it removed 2.2 billion fake accounts in the first
quarter alone.
The
suspected Libyan hacker has since shared sensitive information culled
through the attack, including secret Libyan government documents as well
as emails, phone numbers and pictures of passports belonging to
officials, Check Point said in a blog post. The secret documents
included policy updates and internal intelligence reports from foreign
embassies in Libya and Libyan embassies abroad.
Check Point started tracing the hacker after its research team discovered a file that looked suspicious and followed the trail.
”These
pages and accounts violated our policies and we took them down after
Check Point reported them to us,” Facebook said in an emailed statement.
“We are continuing to invest heavily in technology to keep malicious
activity off Facebook, and we encourage people to remain vigilant about
clicking on suspicious links or downloading untrusted software.”
Political Strife
Haftar’s
forces are battling fighters loyal to Libya’s internationally
recognized government. His troops were pushed out of a strategic city
south of the capital in late June, his biggest setback since he swept
the country’s south in early 2019 and launched an offensive in April to
seize Tripoli.
The
hacker, an Arabic-speaker, used his knowledge of Libya’s political
strife to draw Facebook users to more than 30 pages he either
commandeered or impersonated, Check Point said. The majority of the
pages offered news from cities including the capital, Tripoli, and
Benghazi, while others supported political campaigns or military
operations.
“This
was unique in its scope of actual and potential victims, as well as in
the length of the campaign,” Finkelstein said. “It was also
sophisticated in its use of phishing topics, topics that used credible
knowledge to lure people into following the Facebook pages and then
clicking on the links.”
To contact the reporter on this story: Gwen Ackerman in Jerusalem at gackerman@bloomberg.net
To contact the editors responsible for this story: Riad Hamade at rhamade@bloomberg.net, Amy Teibel,
Giles Turner
For more articles like this, please visit us at bloomberg.com
©2019 Bloomberg L.P.
No comments:
Post a Comment