Czech spy agency says it neutralized Hezbollah cyberespionage network

Czech Security Information ServiceOfficials in the Czech Republic have announced that the country’s spy agency headed an operation in several countries, aimed at neutralizing a cyberespionage network operated by the Lebanese militant group Hezbollah. Early last week, the Security Information Service (BIS), the primary domestic national intelligence agency of the Czech Republic, issued a short statement saying that it “played a big part in helping to identify and disconnect Hezbollah servers in the Czech Republic, other EU member states and the US”. But it did not elaborate. On Tuesday, however, ZDNet’s Zero Day security blog published more information from the Czechs about the BIS operation.

According to the BIS, its cyber security force discovered a number of servers located on Czech soil, which were “almost certainly” used by Hezbollah, the Shiite militant group that controls large swathes of territory in Lebanon. The servers were allegedly used in a wide-range cyberespionage operation that began in 2017 by a group of Hezbollah hackers based in Lebanon. It was there, said the BIS, where the command-and-control facilities of the operation were located. The servers located on Czech soil were used to download phone apps that contained malicious software. The hackers targeted individual phone users located mainly in the Middle East, according to the BIS, but other targets were in eastern and central Europe. It is believed that the majority of targets were Israeli citizens. Invariably, targeted individuals were approached online, mostly through fake Facebook profiles. Most of the targets were men, and the fake Facebook profiles featured pictures of attractive young women. After initial messages were exchanged via Facebook, the targets were convinced to download phone applications that would allow them to continue communicating with the ‘women’. These applications would install spyware on their phones, thus allowing Hezbollah hackers to capture the content of messages and calls made on the phones. The latter could also be used as eavesdropping devices.

According to BIS Director Michal Koudelka, the spy agency “played a significant role in identifying and uncovering the hackers’ system. We identified the victims and traced the attack to its source facilities. Hacker servers have been shut down”, he said. Koudelka added that some of the servers used by Hezbollah were located in other European Union countries and in the United States. These were shut down following a joint cyber operation by BIS and “partners”, said Koudelka, though he did not identify them.

Author: Joseph Fitsanakis | Date: 17 October 2018 | Permalink

Advertisements

Facebook says efforts to subvert upcoming US elections resemble ‘new arms race’

FacebookFacebook has said it is involved in an “arms race” against “bad actors” as it announced on Tuesday the removal of accounts that allegedly tried to subvert the upcoming mid-term elections in the United States. The social-media giant said its security division had identified 32 profiles and pages that were set up for the sole purpose of disrupting, subverting or otherwise influencing the American political process. At least seven more accounts were shut down on the Instagram platform –which is also owned by Facebook– for the same reasons. In the past 14 months, the suspect accounts generated nearly 10,000 posts and were liked or followed by over 290,000 users, said Facebook.

In addition to producing memes that aimed to stir existing racial, political and religious tensions in American society, the suspect accounts are also believed to have generated approximately 150 paid advertisements, spending around $11,000 for that purpose. Moreover, close to 30 public events were organized, advertised and hosted by the suspect pages throughout the US in the past 14 months. One such event was subscribed to by 4,700 users, with another 1,400 users stating that they would attend.

In a preliminary report posted on its online newsroom, Facebook said it was too early in the investigation to identify the party or parties behind the alleged effort to influence the US mid-term elections. Its security team had detected “one instance” of a connection between this latest operation and the Russian-based Internet Research Agency (IRA), which Facebook identified as being one of the main sources behind efforts to influence the 2016 US presidential elections. But the report cautioned that the instigators of this latest attempt to influence the US political process had gone to great pains to hide their identities, affiliations and geographical coordinates. For instance, they routinely employed virtual private networks in order to disguise their internet protocol addresses. They also used third parties to purchase advertisements on Facebook and Instagram. These and many other tactics severely limited the ability of security technicians to attribute these efforts to specific countries, governments or companies, said Facebook.

Using unusually strong language to describe its ongoing probe, Facebook said that the exploitation of its platform for sinister political purposes resembled “an arms race” and that constantly changing tactics were needed to combat it. In addition to removing the suspect accounts, Facebook said it was working closer with law enforcement and leading online security firms in order to analyze and eliminate threats from what it described as “bad actors”. It added that it was “investing heavily” in more people and better technology in order to eliminate those who were trying to weaponize its communication platform for sinister goals.

Author: Joseph Fitsanakis | Date: 01 August 2018 | Permalink

Facebook shared user data with Chinese firm despite warnings by US intelligence

HuaweiThe online social media company Facebook shares data about its users with a Chinese telecommunications company that has been flagged in United States government reports as a threat to security. The New York Times revealed on Tuesday that Facebook has been routinely giving access to the private data of its users to four Chinese companies since at least 2010. The paper said that the data-sharing agreement with Lenovo, Oppo, TCL, and Huawei Technologies, has its roots in 2007. That was the year when Facebook began an effort to entice cell phone hardware and software manufacturers to include Facebook-friendly apps and features in their products. As part of the agreement, Facebook gave cell phone manufacturers access to its users’ private data, including “religious and political leanings, work and education history and relationship status”, said the Times.

However, several sources in the United States, United Kingdom, Australia and other governments, have repeatedly flagged Huawei as a company that is uncomfortably close to the Chinese government and its intelligence agencies. In 2011, the US Open Source Center, which acts as the open-source intelligence arm of the Office of the Director of National Intelligence, became the first US government agency to openly link Huawei with the Chinese intelligence establishment. It said that Huawei relied on a series of formal and informal contacts with the Chinese People’s Liberation Army and the Ministry of State Security, which oversee and administer China’s military and civilian intelligence apparatus. In 2013, the British government launched an official review of Huawei’s involvement in the UK Cyber Security Evaluations Centre in Oxfordshire, England, following a British Parliament report that raised strong concerns about the Chinese company’s links with the government in Beijing. And last year the Australian government expressed concern about Huawei’s plan to provide high-speed Internet to the Solomon Islands, a small Pacific island nation with which Australia shares Internet resources.

In a statement, Facebook said that all data shared with Huawei remained stored on users’ phones and was not downloaded on the Chinese’ company’s private servers. It also said that it would “phase out” the data-sharing agreement with Huawei by the middle of June. The Times noted on Tuesday that Facebook has been officially banned in China since 2009. However, the social media company has been trying to make a comeback in the Chinese market, by cultivating close links with Chinese Communist Party officials. Facebook founder Mark Zuckerberg visited China in October of last year, and met with Chinese Premier Xi Jinping and other senior officials.

Author: Joseph Fitsanakis | Date: 06 June 2018 | Permalink

India arrests commando instructor who fell for Pakistani honey trap on Facebook

Garud Commando ForceIndian authorities have arrested an Indian Air Force officer for allegedly giving classified documents to two Pakistani spies on Facebook, who posed as women interested in him. The officer has been named as Arun Marwaha, a wing commander stationed at the Indian Air Force headquarters in Delhi. Marwaha, 51, is a para-jumping instructor who trains members of India’s Garud Commando Force —the Special Forces unit of the Indian Air Force. He was reportedly due to retire in 2019.

According to Indian government investigators, several months ago Marwaha was befriended by two Facebook users who claimed to be Indian women. He began chatting regularly with them on Facebook and eventually on the popular cell phone messenger service WhatsApp. Within weeks, Marwaha’s WhatsApp exchanges with the women had become intimate in nature. Before long, the Indian Air Force instructor was providing the women with classified documents in return for intimate photos of themselves. Media reports state that the classified documents related to special operations, some involving cyberwarfare, and space reconnaissance. Government investigators claim that Marwaha’s Facebook contacts were in fact male officers of Pakistan’s Inter-Services Intelligence (ISI), who targeted Marwaha in a carefully planned honey trap operation.

According to reports, the breach caused by Marwaha was discovered last month, at which time the internal security branch of the Indian Air Force launched an investigation. Marwaha was questioned for over a week before turning over his case to Delhi Police, who arrested him on Thursday. He has reportedly been charged under India’s Official Secrets Act and is facing a jail sentence of up to 14 years. Meanwhile, the Indian Air Force is investigating whether other officers have fallen victims to similar honey trap operations by Pakistan’s ISI on Facebook.

Author: Ian Allen | Date: 09 January 2018 | Permalink

Israeli military says Hamas lured its soldiers using online profiles of women

Cellular telephoneThe Israel Defense Forces told a press conference on Wednesday that hackers belonging to the Palestinian militant group Hamas lured Israeli soldiers by posing as young women online. Wednesday’s press conference was led by an IDF spokesman who requested to remain anonymous, as is often the case with the Israeli military. He told reporters that the hackers used carefully crafted online profiles of real Israeli women, whose personal details and photographs were expropriated from their publicly available social media profiles. The hackers then made contact with members of the IDF and struck conversations with them that in many cases became intimate over time. At various times in the process, the hackers would send the Israeli soldiers photographs of the women, which were copied from the women’s online public profiles.

The anonymous IDF spokesman said that, if the soldiers continued to show interest, they were eventually asked by the hackers posing as women to download an application on their mobile telephones that would allow them to converse using video. Once the soldiers downloaded the application, the ‘women’ would find excuses to delay using the application, or the relationships would abruptly end. But the soldiers would leave the application on their telephones. It would then be used by the Hamas hackers to take control of the camera and microphones on the soldiers’ mobile devices. According to the IDF spokesman, dozens of Israeli soldiers were lured by the Hamas scam. No precise number was given.

Media reports suggest that the Hamas hackers were primarily interested in finding out information about IDF maneuvers around the Gaza Strip, the narrow plot of densely inhabited territory that is controlled by the Palestinian militant group. They were also interested in collecting information about the size and weaponry of the Israeli forces around Gaza. Media representatives were told on Wednesday that the operation “had potential for great damage”. But the IDF claims that the harm to its operations was “minimal”, because it primarily targeted low-ranking soldiers. Consequently, according to the Israeli military, the hackers were not able to acquire highly sensitive information.

In 2009, dozens of members of Sweden’s armed forces serving with NATO’s International Security Assistance Force in Afghanistan were found to have been approached via Facebook, and asked to provide details on NATO’s military presence in the country. The Afghan Taliban are believed to have carried out the operation.

Hamas has not commented on the allegations by the IDF.

Author: Joseph Fitsanakis | Date: 12 January 2017 | Permalink

Belgian intelligence employees ‘outed themselves’ on LinkedIn

LinkedIn logoBy JOSEPH FITSANAKIS | intelNews.org |
Several alleged employees of Belgian security and intelligence agencies have revealed their identities on social networking sites, it has been reported. Belgian newspaper De Standaard, which made the revelation in a leading article on Tuesday, said that many LinkedIn and Facebook users appear to list their employer as Belgium’s State Security Agency (Sûreté de l’État or SE/SV) or the Coordinating Body for Threat Analysis (OCAM/OCAD). The SE is Belgium’s foremost civilian intelligence agency, operating under the country’s Ministry of Justice. OCAM is one of Belgium’s several anti-terrorist intelligence collection and analysis agencies, which operates under the joint supervision of the Justice and Interior Ministries. De Standaard contacted the two agencies, which refused to comment on whether the social networking profiles are authentic. But the paper spoke with an unnamed Belgian senior intelligence official, who said that this was potentially a very serious issue for Belgian national security. “Russian and Chinese intelligence services employ thousands of people”, said the official, “and have the resources and time to manually search for such profiles and then exploit the information they provide. Our people could, by their very presence on such sites, become the target of hostilities”. De Standaard also spoke to Belgian Senator Dirk Claes, who is a member of the country’s Parliamentary Committee on Intelligence. He told the paper that his colleagues in the Committee would be up in arms if the profiles turned out to be authentic. “These individuals have security clearances and are obligated to stay in the background, as much as possible. I will be raising this issue in the [Intelligence] Committee”, Claes told De Standaard. Read more of this post

Did US spies hack French government computers using Facebook?

The Palais de l'ÉlyséeBy JOSEPH FITSANAKIS | intelNews.org |
A sophisticated computer virus discovered at the center of the French government’s secure computer network was planted there by the United States, according to unnamed sources inside France’s intelligence community. Paris-based magazine L’Express, France’s version of Time magazine, says in its current issue that the alleged American cyberattack took place shortly before last April’s Presidential elections in France. It resulted in the infection of the entire computer system in the Palais de l’Élysée, which is the official residence of the President of France. The French magazine cites unnamed sources inside the French Network and Information Security Agency (ANSSI), which is responsible for cybersecurity throughout France. The sources claim that the snooping virus allowed its handlers to gain access to the computers of most senior French Presidential aides and advisers during the final weeks of the administration of French President Nicolas Sarkozy, including his Chief of Staff, Xavier Musca. The article claims that the virus used a source code nearly identical to that of Flame, a super-sophisticated version of Stuxnet, the virus unleashed a few years ago against the computer infrastructure of the Iranian nuclear energy program. Many cybersecurity analysts believe that the US and Israel were instrumental in designing both Stuxnet and Flame. IntelNews understands that the alleged virus was initially directed at employees of the Palais de l’Élysée through Facebook. The targets were allegedly befriended by fake Facebook profile accounts handled by the team that operated the virus. The targets were then sent phishing emails that contained links to phony copies of the login page for the Palais de l’Élysée intranet website. Read more of this post