In May 2020, Netra News published an investigative report on state-sponsored cybercrime in Bangladesh.
Now, Facebook has issued a statement on its own investigation into two groups in Bangladesh – Don’s Team and CRAF – who “use their infrastructure to abuse our platform, distribute malware and hack people’s accounts across the internet.” The Facebook statement is authored by Nathaniel Gleicher, Head of Security Policy, and Mike Dvilyanski, Cyber Threat Intelligence Managers.
What these groups are alleged to have done is quite shocking. Facebook states that they:
“Collaborated to report people on Facebook for fictitious violations of our Community Standards, including alleged impersonation, intellectual property infringements, nudity and terrorism. They also hacked people’s accounts and pages, and used some of these compromised accounts for their own operational purposes, including to amplify their content. “
It says that to disrupt this activity, Facebook has removed the accounts and Pages behind this operation. The statement adds:
“The people behind these operations are persistent adversaries, and we expect them to evolve their tactics. However, our detection systems and threat investigators, as well as other teams in the security community, keep improving to make it harder for them to remain undetected.”
Below is the full statement made by Facebook on Bangladesh:
The Bangladesh-based group targeted local activists, journalists and religious minorities, including those living abroad, to compromise their accounts and have some of them disabled by Facebook for violating our Community Standards. Our investigation linked this activity to two non-profit organizations in Bangladesh: Don’s Team (also known as Defense of Nation) and the Crime Research and Analysis Foundation (CRAF). They appeared to be operating across a number of internet services.
Don’s Team and CRAF collaborated to report people on Facebook for fictitious violations of our Community Standards, including alleged impersonation, intellectual property infringements, nudity and terrorism. They also hacked people’s accounts and Pages, and used some of these compromised accounts for their own operational purposes, including to amplify their content. On at least one occasion, after a Page admin’s account was compromised, they removed the remaining admins to take over and disable the Page. Our investigation suggests that these targeted hacking attempts were likely carried out through a number of off-platform tactics including email and device compromise and abuse of our account recovery process.
To disrupt this activity, we removed the accounts and Pages behind this operation. We shared information about this group with our industry partners so they too can detect and stop this activity. We encourage people to remain vigilant and take steps to protect their accounts , avoid clicking on suspicious links and downloading software from untrusted sources that can compromise their devices and information stored on them.