The Mujahideen Hackers Who 'Clean Facebook'
Earlier this week, Mark Zuckerberg made a strange announcement on his Facebook fan page: His business would focus more on charity and less on profits. And French President Nicolas Sarkozy took to the site to say he would not seek reelection in 2012. Both status updates left people baffled. And both, it's now clear, were the work of hackers.
“A bug enabled status postings by unauthorized people on a handful of public pages,” a spokesperson for the Palo Alto-based company said in an email statement.Thursday. “The bug has been fixed."
But it isn't the first time a glitch in Facebook's Pages' code gave hackers a chance to sniff around the social network. Just weeks ago, The Daily Beast got word of a similar vulnerability—this one allegedly allowed a group of Palestinian-friendly hackers to wipe clean the pages of their Zionist opponents.
The groups are based in Pakistan and England and while most people were drinking in the New Year, they were hacking away.
As the clock ticked down the waning minutes of 2010, a 16-year-old kid named TriCk sat down at his computer in England, and pressed play on a track by the controversial rapper, Lowkey, whose lyrics include lines like, "Never worked for a Zionist, never been a Yes Man, my art is like Rembrandt painting pictures of death cams."
Four thousand miles away, in Pakistan, a small group of Islamic hackers undertook a similar routine.
Soon, a digital flier began to appear on the Facebook walls of groups and pages the hackers say are Zionist, right-wing, and anti-Islamic. Its message: "On the evening of the 31st of December 2010 (New Years Eve), TeaM P0isoN and ZCompany Hacking Crew will clean up Facebook.”
The social network, which now boasts more than 500 million active users, was not doing a sufficient enough job deleting these Pages, it read, "so therefore we are taking action."
Starting at midnight, the two hacker groups—they called themselves “sister groups”—began working in unison. They claimed to have found an exploit—a glitch in the code much like the one Facebook admitted to today. It was unleashed when Facebook updated to its new profiles and the hackers were using it to alter the offending pages so that they appeared blank.
Members of the targeted communities began to notice that something was not right. “Can’t see any posts,” wrote one confused user. “Your page/group has been hacked... It looks like it has been deleted," wrote another.
But strangely, Facebook found nothing on their end to suggest the attacks ever took place.
Their Facebook plan was hatched when they found thriving anti-Islamic user communities. That’s when, in Don’s words, “we decided to clean the Facebook."
Members of Facebook's security team said they investigated the backlog of the hundreds of Pages since first being contacted for comment by The Daily Beast, but found no evidence of malicious activity, no suspicious administrator accounts, and nothing to suggest the existence of any security vulnerabilities on the site—a total denial. “We take our statement of rights and responsibilities very seriously and react quickly to reports of inappropriate content and behavior,” a Facebook spokesperson said earlier this month.
But the hackers—and the hacked—seem to believe otherwise.
"If we didn't exploit their service," said TriCk, who shuffled through two accounts in five days, "why did everyone in ZHC & TeaMp0isoN and everyone affiliated get disabled?" He saw it as proof Facebook knows that they had successfully breached its servers.
The pages were hacked by means of a zero-day vulnerability found in the new Facebook profiles, the hackers claim. They slipped in through a crack in the back door.
"The vulnerability allowed us to stop walls from loading and newsfeeds going totally blank,” said TriCk, a founding member of TeaM P0isoN. “We didn’t get access to people’s account—we exploited Facebook."
"No software was used," adds Don ZHC, the24-year-old leader of the ZCompany Hacking Crew (ZHC). "We exploit servers day-by-day and during exploiting Facebook's server we saw an error and used it."
A spokeswoman for one of the targeted groups —the English Defense League—confirmed that several of their pages were indeed hacked across Facebook—including many regional divisions and an armed forces support page. “All the pages hacked were critical of Islam in some way,” she said, assuming they were targeted because of the EDL’s critical commentary of Islam and its increasing influence worldwide.
Her assumptions were spot on. That was the plan all along, and confirmed when the hackers released a list featuring over 130 Pages and groups that had been temporarily silenced. It was, by their own measure, a fraction of their total take. "ALLAH U AKBAR," they wrote. "Great start to 2011, hacked over 1000 Racist/Zionist Facebook Pages in 1 day."
"Groups like Allah is this and that, F Islam, Kick blacks out from the Europe, World without religious followers, and every page related to Israel and Zionist regimes" were all targeted, says Don, who preferred communicating over email due to security concerns. Members of the two groups, which claim members operating out of Pakistan, the United Arab Emirates, the U.K., and the disputed- geographical area of Kashmir, found additional targets throughout the alleged attack.
Some of the pages that made the hit list included “Islam is Evil,” “WOMEN OF THE WORLD UNITED AGAINST ISLAMIC MUSLIM SHARIA LAW,” and “A world without Islam would be a better place to live in.” Others were managed by politicians or governmental institutions with unfavorable foreign policies—the United States government included.
But curiously, scattered amongst the URLs were links for the official fan pages of celebrities like Ben Stiller, Madonna, Britney Spears, Jay-Z, Nicole Kidman, Tom Cruise, and Zach Braff. They had been listed too. Why take down the Material Girl and the beloved star of Scrubs?
"They support Zionism," says TriCk. "It's all public, Google it up."
Both groups are pro- Palestinian and pro-Kashmiri. ZHC is primarily Islamic. TeaMp0isoN is less-religiously oriented. But in their dreams for an Internet that exists free of religious intolerance, all say they would readily support Christians and Jews as well. In fact, they shun any hint of being labeled anti-Israeli.
ZHC started around 2008, when it was simply “Z Company,” a home for scholarly debaters on the Google-owned social networking site Orkut. Don, then 22, was an early member. He was inspired to take up the dark art when a group of Indian hackers who called themselves the guard of Hindustan (HMG) began a war of abuse and defacements against Islamic users on the site. With a counter-part, Hawk, Don branched off and laid the foundations for what would eventually become the ZCompany Hacking Unit. In 2010, they recruited TriCk, the 16-year-old hacker, who founded his own gang of digital troublemakers—TeaMp0isoN.
Their Facebook plan was hatched when ZHC went to the site late last year for a round of group promotions, and found a thriving ecosystem of anti-Islamic user communities. That’s when, in Don’s words, “we decided to clean the Facebook."
Looking ahead, the hackers are focused on websites managed by the Indian government. They’re also setting the Israeli government in their digital crosshairs—inspired by recent news that Israel kept Gaza's economy on the brink of collapse.
"We're planning on a massive attack on Israeli government sites," TriCk says, "protesting against the Gaza Siege."
One hour after he sent that last message, the account that was serving as his primary mode of communication was shut down—its name removed from the system and its avatar replaced with the ubiquitous, anonymous Facebook user icon. Silenced, that is, until he was back the following day operating an account with a similar name.
“Hey, it’s TriCk,” he says, in a message that popped up on my screen. “FB hate me.”
Brian Ries is tech and social media editor at The Daily Beast. He lives in Brooklyn.