JERUSALEM – Facebook said Wednesday it has broken up a hacker network used by Palestinian President Mahmoud Abbas' intelligence service in an attempt to keep tabs on journalists, human rights activists and government critics.
The report by the social networking giant threatened to deal another embarrassing blow to Abbas' Fatah party weeks ahead of parliamentary elections. Fatah, plagued by infighting and public malaise, already appears poised to lose power and influence if the vote takes place next month.
In its report, Facebook said that elements linked to the Preventive Security Service “used fake and compromised accounts to create fictitious personas.” Posing as young women, journalists and political activists, they then sought "to build trust with people they targeted and trick them into installing malicious software.”
The malware, disguised as chat applications, would give the security agency access to targets' phones, including contacts, text messages, locations and even keystrokes, Facebook said.
It said the ring, based in the West Bank, targeted people in the Palestinian territories and Syria, and to a lesser extent in Turkey, Iraq, Lebanon and Libya.
“This persistent threat actor focused on a wide range of targets, including journalists, people opposing the Fatah-led government, human rights activists and military groups including the Syrian opposition and Iraqi military,” it said.
Mike Dvilyanski, Facebook's head of cyber espionage investigations, said the company had used “technical signals and infrastructure” to link the network to Preventive Security. He said Facebook had “high confidence” in its findings, but declined to elaborate.
In all, he said nearly 800 people were targeted. The company said it was impossible to say how many had downloaded the malware or determine what the security agency had done with the information. It said, however, that it believed the effort spread across other online platforms, indicating that there may have been additional targets as well.
Officials with the security agency were not immediately available for comment.
Facebook also announced the detection of a second, unrelated network in the Palestinian territories connected to a group known as “Arid Viper.” It was unclear who was behind the group or what exactly it sought to do with the information it gathered.
It targeted a smaller group of people but used slightly more sophisticated techniques that allowed it to gain access to people's cameras and microphones, Facebook said.
Dvilyanski described both networks as “low sophistication” but “quite persistent.” He said the Preventive Security Service's activities had been detected as early as 2018 and gained intensity in the past six months.
That would coincide with Abbas' plans, announced publicly in January, to hold the first Palestinian elections in 15 years.
Abbas' Fatah movement, locked in a tight race with the rival Islamic militant group Hamas, has been hurt by the formation of rival offshoot parties. Palestinian officials have hinted that Abbas may use a dispute with Israel over voting in contested east Jerusalem as a pretext to call off the election.
Human rights groups have long accused both Abbas and Hamas rivals of stifling dissent and even jailing people who criticize them on social media platforms.
“Hacking the phones of hundreds of Palestinian civil society actors is yet another brazen attempt by Palestinian security services to police and silence critics and opponents,” said Omar Shakir, Israel and Palestine director for Human Rights Watch. “Talk of elections fool no one when the muzzling of dissent continues unabated.”
Facebook said the Arid Viper group's activity originated in “Palestine” and focused on domestic targets, including government officials, members of Fatah, student groups and security forces. Arid Viper used more than 100 web sites, including those that hosted iOS and Android malware, and attempted to steal people's credentials through phishing and other tactics.
Facebook is among the social media platforms under intense pressure to crack down on hackers and false information.
In March, Facebook said hackers in China used fake accounts and impostor websites to try to break into the computers and smartphones of Uyghur Muslims.
The company said the sophisticated, covert operation targeted Uyghur activists, journalists and dissidents from China’s Xinjiang region, as well as individuals living in Turkey, Kazakhstan, the U.S., Syria, Australia, Canada and other nations.
David Agranovich, Facebook's director for threat disruption, said the company had canceled accounts associated with the hacking networks, notified targets and shared the findings with other tech companies in a shared effort to prevent further disruptions.
“This announcement is just our latest effort against these campaigns to distribute malware on and off the platform and compromise accounts across the Internet," Agranovich said. “The people behind these operations are persistent. We expect them to evolve their tactics and to try and come back."
Ron Moritz, a venture partner and cybersecurity expert at OurCrowd, an Israeli investment firm, said the tactics used in both hacking rings were not especially sophisticated. He said the announcement was “good storytelling” by Facebook that makes it look like it is policing the internet.
The tactics attributed to Preventive Security are frequently seen in societies where free speech is stifled and made sense as elections approach, he said.
“Knowing what the chatter is is probably pretty important,” he said. "It's generally thought that it’s a good thing to keep track of who your enemies are.”
Associated Press writer Laurie Kellman in Jerusalem contributed to this report.