Tens of thousands of Facebook users have been lured into divulging their personal details to a hacker, an Israeli cyber security firm claims.

According to Tel-Aviv-based Check Point Software Technologies Ltd, a hacker who is thought to be Libyan, used malware to obtain account holders’ confidential data and gain access to users’ smart devices.

Check Point recently uncovered a fraudulent Facebook page, apparently belonging Khalifa Haftar, the chief of a militia currently fighting the Libyan government. Spelling and other language mistakes in the page’s content were consistent with errors made by sufferers of dyslexia; the clue enabled researchers to trace the hacker’s identity through his avatar, Dexter Ly.

Check Point discovered that the page was part of a hacking campaign that had been going on for five years.

Head of research at Check Point, Lotem Finkelstein, said:

“Facebook is not widely used to infect people with malware. This is probably one of the biggest malware campaigns using the platform.”

Check Point says that Facebook itself was not breached, but that the hack showed how social networks can be hijacked to execute cyber-attacks. Around 50,000 users from Europe, the US and North Africa were caught out in the malware campaign.

Some infected links contained apparently real reports from Libyan intelligence groups highlighting how Qatar or Turkey were plotting against Libya. Further links held false photographs of “captured” pilots who had purportedly attempted to drop bombs on Libya, while other links showed sites for “Khalifa Haftar’s” mobile recruitment sites.

While not confirming the number of potential victims, Facebook stated:

“These pages and accounts violated our policies and we took them down after Check Point reported them to us. We are continuing to invest heavily in technology to keep malicious activity off Facebook, and we encourage people to remain vigilant about clicking on suspicious links or downloading untrusted software.”

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

GDPR Summit Series is a global series of GDPR events which will help marketers to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond. Further information and conference details are available at http://www.gdprsummit.london/

comments powered by Disqus