No eyebrows were raised in Quriums security operation center when the independent Philippine media outlet Bulatlat once again got DDoSed, as they are a frequent target of such digital attacks. However, when we noticed that the attack traffic came from valid users in Vietnam, we started to smell a rat…
During more than six months, Qurium (via Bulatlat) has been receiving malicious traffic from close to one million Facebook users, where access to thousands of these accounts have been compromised. The stolen accounts are systematically abused to increase Likes and Followers on demand as part of a well established fraud industry inside Facebook.
This report is the result of a six months’ long investigation that started to back trace a DDoS attack, but ended up finding and uncovering a large network of Vietnamese fraudsters using Facebook infrastructure and residential proxies to build and control a large farm of Facebook bots, that are used to monetize on Facebook services and carry out malicious activities.
Further technical details are included in the Qurium forensics report:
The tip of the iceberg – The algorithm fraud industry
About the author: Qurium Media Foundation is a Swedish non-profit digital security solutions provider, supporting independent media and human rights organizations in repressive regimes. Learn more at qurium.org or Twitter.
Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform
(SecurityAffairs – hacking, fraud)