Facebook Disrupts a Phishing Spy Campaign

Written by Braden Murray, a Samford business school student:

Facebook is a social media platform, with more than one billion users (GCFGlobal.org). Facebook is also a data warehouse, and an analytics powerhouse. The company uses its technology to track user activity and obtain information on preferences. Information is used to update its newsfeed algorithm or sell advertising. Because Facebook monitors users, analysts know how many accounts are inactive or have suspicious activity. The WSJ reports a phishing attempt recently caught by Facebook.

Facebook has reported a security issue affecting the Uyghurs population. The social media company has just taken down multiple accounts connected to China being used online to “spy on journalists and dissidents in the overseas Uyghur Muslim community” (Horwitz). Facebook did not blame the Chinese government. It pinned the hacking on a network that used infected apps created by Chinese companies. Facebook also said the hacking activity happened outside of its social media platform, although the hackers did use Facebook accounts pretending to be members of the Uyghur community. They would send their victims links to the infected apps over Facebook, which is known as social media phishing. However, the only way the malware would download and corrupt the device is if it met the criteria of using Uyghur-language settings. 

Phishing is a crime committed on the internet that causes malware to corrupt a computer system and personal information to be stolen. It is usually conducted through email, text, or over the phone in some cases. A link is sent to the victim from a random source that seems like it could be reliable. If the link is clicked, the hack occurs and corrupts their technological device. The results of phishing include identity theft, financial fraud, and malware. The FBI said phishing was the most popular cybercrime of 2020 and doubled in cases from 114,702 to 241,324 (Tessian). Phishing is a very common occurrence that people need to be aware of in order to avoid consequences. 

Mike Dvilyanski is a Facebook employee who handles cyber threat intelligence. He said he “saw attackers injecting malicious code into the website pages” and how it would “then infect them with specific malware if they met criteria that attackers set up.” After noticing the hacking efforts, Dvilyanski and other coworkers would shut down the accounts. The hacker group was identified by a joint effort of several companies working along with Facebook. The Chinese hacker group called Earth Empuse or Evil Eye posed as journalists in the Uyghur community and other nearby places.

The effort was to shut down as many fraudulent accounts as possible to disrupt the network and decrease the number of successful phishing attacks. This is just one example of the security issues that Facebook encounters and combats using data analytics.

Note by Joy Buchanan: I encounter fraud and phishing attempts regularly on the internet, and usually it doesn’t faze me. Twice in the past year, I have gotten an email to my work address from someone pretending to be the dean of my school. I wasn’t tricked successfully either time, but I found those attacks to be particularly creepy.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s