The Cybersecurity 202: Facebook is getting more public about taking on foreign spies

Most of the victims wound up at the malicious sites through ways other than Facebook links, Gleicher said. But the links led Facebook to investigate the tactics the spies used.”

The takedown is a rare glimpse at how Facebook’s intelligence mission has expanded beyond its platform. 

Gleicher wrote in a tweet that the company’s goal was “to expose these operations, draw attention to them, and to impose cost on the actors behind them.” 

“For ops like this where much of the behavior is off-Facebook, being public helps counter them beyond any single platform,” he wrote.

Yesterday’s disruption of the hackers is the third time the company has publicly taken on a cyber espionage campaign, Gleicher noted.

“Private sector platforms are both the means of attack and the front lines of defense,” Lindsay Gorman, a fellow at the Alliance for Security Democracy, wrote in an email. “There’s a unique responsibility of technology companies built in democracies to ensure their platforms do not become the ‘useful idiots’ for these campaigns.”

Facebook didn’t tie the activity to the Chinese government. but said that the hackers operated out of China. Other researchers tied the activity to the Chinese government.

“It’s absolutely a nation-state,” Steven Adair, founder and president of cybersecurity firm Volexity, told Ellen. Volexity first detected the group in 2019 and then again in 2020 targeting mobile phones. 

Ben Read, director of analysis at FireEye, also affirmed that the operation was conducted in support of the People’s Republic of China.

Facebook’s actions followed an announcement this week by the United States, Britain, Canada and the European Union that they would sanction Chinese officials for human rights violations against the Uyghur minority, Ellen notes. Fewer than 100 of the approximately 500 victims of the hack were located in the United States.

Facebook’s efforts to crackdown on hackers abusing its platform comes ahead of a high-profile hearing Thursday in which its CEO, Mark Zuckerberg, and other major platform CEOs will be on the hot seat, testifying in Congress to discuss their role in the January attack on the Capitol. Lawmakers have heavily criticized Facebook for its failures to crack down on election interference, misinformation and violent content. 

Facebook has also recently beefed up its efforts to find vulnerabilities in products the company uses, widening its cybersecurity footprint, Lily Hay Newman at Wired recently reported.

The exploitation of the American tech giant by Chinese hackers could also add to growing tensions between the United States and China over cyberattacks.

The Biden administration has been under pressure to respond to China’s hacking efforts after a recent campaign by Chinese hackers breached a popular Microsoft product, leaving thousands of users in the United States vulnerable.

A government watchdog said that the U.S. government has been slow to implement critical cybersecurity improvements. 

Nearly 23 percent of the more than 3,000 cybersecurity recommendations issued by the Government Accountability Office over the past decade have not been implemented, the watchdog said. The report raises alarm bells that the stagnation — in areas such as critical infrastructure, where more than half of its proposals haven’t been implemented — are leaving U.S. systems vulnerable.

“The federal government needs to move with greater urgency to improve the nation’s cybersecurity as the country faces grave and rapidly evolving threats,” the report says.

The National Security Council and Office of Management and Budget responded to the GAO report, with the latter saying it plans to evaluate how to work with states about data protection.

The watchdog also urges Congress to take up comprehensive Internet privacy legislation. Sen. Ron Wyden (D-Ore.) has said that he plans to reintroduce his data proposal in the coming weeks. 

The proposal, by Sen. Edward J. Markey (D-Mass.) and Rep. Ted Lieu (D-Calif.), would also set up an advisory committee made up of cybersecurity experts to design security benchmarks for the devices, the Hill’s Maggie Miller reports. The 2019 iteration of the bill did not get a vote in either chamber.

“For every smart refrigerator or WiFi-enabled baby monitor,” Lieu said in a statement, “there comes increased cybersecurity risks that make consumers vulnerable to hacking and invasions of privacy. As we connect more parts of our lives to the Internet, we have to make sure we’re doing it safely.”

The messaging app, which is heavily used by businesses, said its plans to allow users to send messages to people in other organizations was a “mistake,” Motherboard’s Lorenzo Franceschi-Bicchierai reports. 

In a statement, Slack Vice President of Communications and Policy Jonathan Prince  said that the company received “valuable feedback” from users about potential abuse after it made the announcement, and said that the company is “taking immediate steps to prevent this kind of abuse, beginning today with the removal of the ability to customize a message when a user invites someone” with the feature.

Security researchers immediately took notice of Slack’s announcement of the new feature. Researcher Ruben Boonen:

Rachel Tobac, the CEO of SocialProof Security:

• Cybersecurity firm FireEye has registered to lobby in-house. Stacy O’Mara is the sole registered lobbyist on the account, which was effective March 17. Law firm Akin Gump previously registered to lobby for the company.
• DLA Piper registered to lobby for BlueHalo, a defense company that is active in cyber, effective Jan. 3. Tony Samp, the founding director of the Senate Artificial Intelligence Caucus, is registered to lobby on the account along with two other registered lobbyists.
• Hettinger Strategy Group has registered to lobby for identity management software company Okta effective March 15. Michael Hettinger, a former senior vice president at TechAmerica, is the sole registered lobbyist on the account, and plans to lobby on issues including IT security in the Defense Department.

• The Cyber Initiatives Group hosts the final day of its conference today.
• Dmitri Alperovitch, the chairman of the Silverado Policy Accelerator who previously co-founded cybersecurity company CrowdStrike and worked as its chief technology officer, discusses Russian cyberattacks at an event hosted by the Center for Strategic and International Studies today at 9:30 a.m.
• Gen. Paul Nakasone, the commander of U.S. Cyber Command and director of the National Security Agency, testifies at a Senate Armed Services Committee hearing today at 9:30 a.m. 
• Philipp Amann, the head of strategy at the European Cybercrime Center, speaks at an event on hacks for ransom today at 2 p.m. The event is being hosted by the Institute for Security and Technology.