Facebook says it has disrupted a long-running cyberespionage campaign run by Palestinian intelligence which features spies posing as journalists and the deployment of a booby-trapped app for submitting human rights stories.
In a report published Wednesday, Facebook (FB.O) accused what it said was the cyber wing of the Palestinian Preventive Security Service (PSS), which is loyal to President Mahmoud Abbas, of running rudimentary hacking operations that targeted Palestinian reporters, activists, and dissidents, as well as other groups in Syria and elsewhere in the Middle East.
PSS spokesman Ikrimah Thabet rejected Facebook’s accusations and said: “We respect the media, we work within the law that governs our work, and we work according to law and order. We respect freedoms, privacy and confidentiality of information.”
He said the service has good relationships with journalists and the Palestinian Journalists Syndicate.
Mike Dvilyanski, Facebook’s head of cyber espionage investigations, told Reuters ahead of the report’s publication that the campaign’s methods were crude, but “we do see them as persistent.”
The PSS had intensified its activities over the past six months or so, Dvilyanski said. He said Facebook believed that the organization had deployed some 300 fake or compromised accounts to target roughly 800 people overall.
None of the targets were identified by name. Facebook said it had issued individual warnings to the users concerned via its platform and removed the rogue accounts.
Attributing malicious activity online is notoriously tricky, but Dvilyanski said the world’s largest social network “had multiple data points that linked this cluster of activity to the PSS and our confidence in this attribution is quite high.”
According to the Facebook report, the techniques used by the PSS focused heavily on tricking users into downloading off-the-shelf spy software, for example by creating dummy Facebook accounts with pictures of attractive young women. Facebook said the hackers also posed as journalists and, in some cases, tried to get targets to download spyware masquerading as secure chat apps or an app to submit human rights-related stories for publication.
Some of their Facebook pages posted memes, for example criticizing Russian foreign policy in the Middle East, to lure particular followers.
Facebook also said it had taken action against another long-running campaign linked to a different hacking group, often dubbed ‘Arid Viper.’ It did not say who was behind the group.
Facebook said Arid Viper had operated fake Facebook and Instagram accounts and more than a hundred malicious websites, as well as expanding into iOS surveillanceware. The targets included Palestinian government officials and security forces, it said.