Monday, February 28, 2022

CYBERWAR

Russian Hackers target Ukrainian military, journalists on Facebook

 Facebook is encouraging Ukrainians to protect their accounts

Facebook 's parent company Meta said late Sunday that hackers are increasingly targeting Ukrainian military officials and journalists to spread disinformation. Hackers tied to an operation known as "Ghostwriter" compromised some Ukrainian Facebook accounts, but Meta said it wasn't naming the victims to protect their privacy.

© Provided by. Graphic by Pixabay/Illustration by CNET

Queenie Wong 
CNET 

"We detected attempts to target people on Facebook and post YouTube videos portraying Ukrainian troops as weak and surrendering to Russia," said David Agranovich, director of global threat disruption at Meta, at a virtual press conference.

The threats underscores the variety of challenges social media companies face as they try to combat false claims about Russia's invasion of Ukraine. Meta added features in Ukraine meant to keep users safe such as the ability to lock their Facebook profile and remove the ability to view and search friends lists. The company, like Twitter, is encouraging users to enable two-factor authentication, an extra layer of security that makes it tougher for hackers to break into accounts.

Ghostwriter typically targets people through email first through tactics such as trying to trick people into clicking on a malicious link to steal their login credentials, Agranovich said. After compromising a target's email, they will then break into people's social media accounts and use those accounts to post disinformation.

Nathaniel Gleicher, who heads Meta's security policy, said as social media users take steps to protect their accounts, they should also think about how their information could get compromised on other apps and devices. Gleicher said Ghostwriter targeted a "small number" of Facebook users but the group is going after valuable targets such as public figures.

Mandiant Threat Intelligence, which has done research on Ghostwriter, said in a report published last year it found evidence that suggests the operation has ties to a suspected state-sponsored cyber espionage actor called UNC1151. In November, Mandiant Threat Intelligence linked UNC1151 to the Belarusian government.

"We cannot rule out Russian contributions to either UNC1151 or Ghostwriter. However, at this time, we have not uncovered direct evidence of such contributions," Mandiant Threat Intelligence said in a blog post.

The European Union said in a press release in September that some EU member states have associated Ghostwriter with the Russian state.


Fake social media accounts


Meta also pulled down a network of about 40 fake accounts, Pages and Groups on Facebook and Instagram from Russia and Ukraine. The accounts targeted Ukrainians across multiple social networks including on Twitter, YouTube, Telegram, Odnoklassniki and VK. These fake accounts pretended to be news editors, a former aviation engineer and an author of a scientific publication on hydrography (the science of mapping water). They ran fake news websites and published stories that included "claims about the West betraying Ukraine and Ukraine being a failed state," Meta said.

The company said the network of fake accounts didn't have a wide reach. Fewer than 4,000 Facebook accounts followed one of more of these Pages and fewer than 500 accounts followed one or more of the Instagram accounts.

The social media giant shared information about the operation with other tech platforms, researchers and governments.

Social media sites such as Facebook, Twitter, YouTube and TikTok are being flooded with misinformation and disinformation, including misleading videos that use old footage to create a false image of what's happening in real-time.

Meta said it's expanding its third-party fact checking capacity in Russia and Ukrainian, labeling state-controlled media publishers and barring ads from Russia state media. The company, which owns Facebook, Instagram, Messenger and WhatsApp, said it created a special operations center with experts who speak Ukrainian and Russian to help monitor its platform.

Russia has partly restricted access to Facebook after the social network refused to stop fact-checking and label content posted on Facebook by four Russian state-owned media organizations. Russia's telecommunications regulator Roskomnadzor alleges Facebook violated "fundamental human rights" by restricting the country's state-controlled media.

Gleicher said he doesn't have any more information about what restrictions Russia put into place but Meta's teams continue to monitor the situation and "do believe that we're still accessible in [the] country."

On Sunday, Meta said it restricted some accounts, including several run by Russia state media, because the Ukrainian government requested the company do so. The company is reviewing other government requests to do the same in their countries.

Ukraine launches 'IT army,' takes aim at Russian cyberspace

By James Pearson

© Reuters/DADO RUVIC Illustration shows displayed CYBER SECURITY words and binary code

LONDON (Reuters) - Ukraine will create an "IT army" to fight against Russia's digital intrusions, Vice Prime Minister Mykhailo Fedorov said on Saturday.

Ukraine has called its hacker underground to help protect critical infrastructure and conduct cyber spying missions against Russian troops, Reuters exclusively reported last week.

"We are creating an IT army," Fedorov wrote in a Tweet that linked to a channel on the Telegram messaging app which published a list of prominent Russian websites.

"There will be tasks for everyone. We continue to fight on the cyber front. The first task is on the channel for cyber specialists,"

The Telegram channel listed the websites of 31 major Russian businesses and state organisations including energy giant Gazprom, Russia's second-largest oil producer Lukoil, three banks and a handful of government websites.

Kremlin.ru, the official website of the Kremlin and the office of Russian President Vladimir Putin, was taken offline on Saturday in an apparent distributed denial of service (DDoS) attack.

Malicious data-wiping software was discovered circulating in Ukraine last week, hitting hundreds of computers, according to researchers at the cybersecurity firm ESET.

Suspicion fell on Russia, which has repeatedly been accused of hacks against Ukraine and other countries. The victims included government agencies and a financial institution.

Britain and the United States said Russian military hackers were behind a spate of DDoS attacks last week that briefly knocked Ukrainian banking and government websites offline before the Russian invasion.

Russia has denied the allegations.

(Reporting by James Pearson; Editing by Cynthia Osterman)

In the battle of official Twitter accounts, score this one for Ukraine

Courtney Greenberg 

The official Twitter account for Ukraine shared a series of posts on Thursday, one of which showed Nazi leader Adolph Hitler lovingly caressing Russian President Vladimir Putin’s cheek

.
© Provided by National Post A post by Ukraine's official Twitter account showing Hitler caressing Putin has been retweeted more than 290,000 times on Friday morning.

The post was retweeted more than 290,000 times and had more than one million likes by Friday morning. It sparked conversations online about the Russian invasion and attack of Ukraine, capturing the attention of social media users and garnering their support.

Hours later, the account tweeted: “This is not a ‘meme’, [sic] but our and your reality right now.”

In another post on Thursday, the account asked Twitter to remove “@Russia” from the platform, saying there was “no place for an aggressor” on Western social media platforms.

“They should not be allowed to use these platforms to promote their image while brutally killing the Ukrainian people,” they wrote.

Another tweet, in a call to action, asked Twitter users to “Tag @Russia and tell them what you think about them.”

The posts from Ukraine were in stark contrast to the posts coming from Russia’s official Twitter account, which had not published any tweets on Feb. 24. A video pinned to the top of the latter’s Twitter page shows a promotional video about the country with snapshots of its cuisine and culture, from its many landscapes to its traditional food and the colourful St. Basil’s Cathedral in Moscow.

However, many other Russian social media accounts were still spreading misinformation backed by the Kremlin and the country’s top five, state-backed media outlets, Politico reported.

“We see that there are many, many attempts to blame Ukraine for killing civilians, saying that the Ukrainian army is trying to attack,” Liubov Tsybulska, founder of Ukraine’s Center for Strategic Communication, told Politico.

Leading social media platforms Twitter, YouTube, Facebook and TikTok say they have been trying to combat the misinformation.

Falsehoods currently being spread include claims that “Ukrainian troops infiltrated Russian territory” (with equipment they do not have) and that the “Ukrainian army shelled a kindergarten located in their own territory,” according to a EUvsDisinfo article.

EUvsDisinfo is a publication dedicated to exposing disinformation originating in pro-Kremlin media that is spread across the EU and Eastern Partnership countries. It said it has reviewed six months’ worth of Ukraine-related rhetoric from Russian state media outlets, pro-Kremlin outlets linked to the Russian state, and Russian official diplomatic accounts on Twitter.

“Pro-Kremlin outlets have consistently portrayed Ukraine as a ‘Nazi’ state to vilify Ukrainians, particularly in the eyes of domestic Russian audiences, and thus to justify Kremlin aggression,” it said.

It is this framework, EUvsDisinfo added, that has enabled those outlets “and now-sanctioned politicians to make gruesome and completely fabricated allegations of genocide in Donbas and to spin wild conspiracy theories about Ukraine using chemical and other prohibited weapons.”


No comments: