Facebook bombshell report on tracking via… | Reporter Cyprus
A year ago on Facebook after an investigation, which he had done and made public, he had pointed out that their cyberattack and cybersurveillance researchers had identified the Cytrox company based in North Macedonia that had created and installed illegal surveillance software.
Cytrox was then bought by Tal Dilian’s Intellexa and operated in Greece with Predator, receiving, as revealed by the New York Times, a software export license.
READ HERE: A New York Time investigation on surveillance implicates Cyprus with the black van
The action of Predator in Greece is publicly known from December 2021
According to the list published by Facebook (Meta) after cooperation with Citizen Lab in Canada on December 16, 2021 – detected by the monitoring of journalist Th. Koukakis – there are 310 fake addresses with infected software.
The most interesting thing is that the addresses of Greek news websites have been falsified with the aim of getting prospective surveillance victims to open the “tainted addresses”. In other words, before 2021 the Predator was monitoring Greek citizens and officials from North Macedonia.
Of the 310 addresses, they are located by reading the directory of addresses of information sites, car companies, Social Media, applications for shortening electronic addresses.
Were they infecting mobile phones through Facebook & Instagram as well?
According to the report Meta (Facebook) removed approximately 300 Facebook and Instagram accounts linked to Cytrox.
At the same time, he informed the users with a special message.
The wording related to Facebook officials is not entirely clear if there have been any such infections through Social Media, but it is inferred from the research, its release, and the message the Social Networking platform sends to users Just as mobiles were also infected through addresses. which were sent via Facebook and Instagram.
The information so far about the Predator states that the victim of the surveillance received sms and not through any other means.
They falsified addresses of Greek information websites
“Our team at Meta was able to find a massive infrastructure of domains that we believe Cytrox used to spoof legitimate news entities in their countries of interest and impersonate legitimate URL-shortcuts and social media services. They used these domains as part of efforts to infect mobile phones,” the Facebook investigation says.
News, political, financial, military, lifestyle sites have been included, probably based on user habits and status.
Among them, the falsified address of the website tovima.gr.
Specifically, the addresses of the information sites that have been falsified according to the report amount to 21:
alsandiri[.]news, addn[.]online, enikos[.]news, ereportaz[.]news, espressonews[.]gr[.]com, fimes[.]gr[.com, hellasjournal[.]com, hellasjournal[.]company, hellasjournal[.]website, confidential[.]gr[.]com, Daily[.]news, helmet[.]gr[.]com, nassosblog[.]gr[.]com, newsbeast[.]gr[.]com, paok-24[.]com, pronews[.]gr[.]com, protothema[.]live, sportsnews[.]site, on the island[.]news, tovima[.]live, jungle[.]gr[.]com, zougla[.]News.
See below in the photos all the suspicious addresses and special ones concerning Greece, from the appendix of the Facebook report.
Absent from these addresses is edolio5, which infected the mobile phones of Thanasis Koukakis, Theod. Karipides and tried to trap N. Androulakis.
The question is whether a parallel system was also operating since this hyperlink was created in March 2021 and the report was published in December 2021.
According to the investigation of the inside story and other publications of Documento, Intellexa had created other addresses in its activity in Greece, from earlier.
The “smart” monitoring system
According to the research, if the infected link did not “pass” the mobile’s security system, then the user did not understand anything after he was directed normally to the website for which the fake infected hyperlink was published.
“Cytrox and its customers took steps to tailor attacks to specific targets, infecting individuals with malware only when they passed certain settings and technical checks, including IP address and device type. If the checks failed, users could be redirected to the actual news or other sites,” he points out in his Meta report.
Greece among Predator’s action countries
“Our research identified customers in Egypt, Armenia, Greece, Saudi Arabia and Oman, Colombia, Ivory Coast, Vietnam, the Philippines and Germany. The targets of Cytrox and its clients included politicians and journalists around the world, including in Egypt and Armenia,” the report said.
That is, at least, those dealing with cyber security in the country, EYP, experts, and other services know because it is their job from the publicly published report of Meta the existence and action of Predator in the country aimed at politicians and journalists and no one cares!
Source: In