Pierluigi Paganini
September 04, 2013
Security researcher Ian Malloy has been studying facebook.com for several years, watching as the company released product after product and used the hacker business model of ‘build fast and break things.’ Now, Mr. Malloy has found that Facebook has gone too far and open itself up to several hacking exploits and vulnerabilities. His research, stemming from work done by Eric Feinberg and Frank Angiolelli, revealed a high-level cyber criminal network operating through Facebook utilizing their graph API and circumventing their ‘Immunity System.’ At first it appeared that the Russian Business Network was spreading the Zues/Zbot through fraudulent ads, which other cyber security firms confirmed. It seemed they were operating out of China, but now Mr. Malloy has uncovered the true culprit, a newly developed and little known cyber unit operating out of Yemen, Syria and China that uses proxies and zombies similar to RBN IP addresses though no affiliation between the new cyber unit discovered, called ‘Al Assam Alaikum’ (AAA) is connected directly to the Russian Business Network.
The Al Assam AlaikumCyber Unit is very difficult to pinpoint, but an informant has stepped forward. This new revelation has shown a deep web acting, a new player in the cyber arena. Mr. Malloy spoke briefly with the Al Assam Alaikum Cyber Unit representative who was actually offended that they weren’t given the credit for their operations. While they may be operating through Facebook, not much more is known.
I decided to submit a couple of questions to Mr. Malloy to better understand its research and related results.
How did you discover the Al Assam Alaikum?
Mr. Malloy: I’ve been trying my best to find the actual culprits in who is defrauding Facebook users, and started to notice anomalies and patterns in the use of IP’s related to RBN. I gathered intelligence on the RBN through US Defense Security Intelligence Network and came to find the RBN is all but disbanded. This seemed odd to me since the IP’s apparently linked them to the Facebook crimes. My employee, “Jay” aka “whitehat” was a little trigger happy which resulted in poor analysis of the trends we were seeing. Jay infiltrated a Tor network chatroom and discovered an immense amount of talk about the Washington Post interview I gave. He then discovered a number of individuals claiming allegiance to AAACU who also claimed responsibility as they threatened to issue a ‘fatwa’ on all Malloy Labs employees in response to the lack of proper attribution. It quickly became clear that they were very interested in showcasing their muscle in cyberspace as well as in the kinetic field. Jay left the chat room with a clearer vision of who was responsible for the fraud on Facebook.
What intelligence have you gathered on the AAACU?
Not much at this point, they use high-level VPN’s and proxies but seek attention for their capabilities. They used IP’s provided to them through unknown, anonymous channels to create zombie farms of multiple IP addresses. It appears that they didn’t know the IP’s were attributable to RBN. They openly support the cyber group Anonymous and seek to destroy America and NATO countries.
(Security Affairs – Al Assam Alaikum , Russian Business Network, cybercrime)
