facebook page affiliated with opposition hacked, again

On September 10, the Facebook page that belongs to an online news website bastainfo.com was hacked. Bastainfo.com is affiliated with the opposition party Musavat and is known for often running into problems with the authorities. Its editor was handed a five year suspended sentence in February 2019. The website bastainfo.com remains blocked for access in Azerbaijan. 

In January 2020, Azerbaijan Internet Watch reported how several Musavat party social media accounts were targeted. According to preliminary reports five Facebook pages, one Facebook group, and one website were targeted. 

Bastainfo.com page was targeted then as well. The page lost followers. During last week’s attack, bastainfo.com page lost some 5k followers, and content that was shared since 2017. 

Hacking and compromising Facebook, Instagram, and YouTube accounts (because these are popular platforms used by journalists and activists) is common in Azerbaijan and isn’t new. The online harassment of prominent accounts began several years ago at first, mostly on the level of government-sponsored trolls. Over the years, as the ruling government developed an interest in spyware technology, the types of attacks became more sophisticated while state-sponsored trolling and reliance on automated bots even though still used, became secondary. In each of these cases, finding the perpetrators have not been possible. And in cases when it was clear the attacker was an automated bot/state-sponsored troll the platform took no action. We finally know why. A former Facebook employee, Sophie Zhang, wrote a memo after getting fired from her job at the company revealing how the company dealt with fake accounts and bots. Among the countries, she has worked on and analyzed was Azerbaijan. “Ms. Zhang discovered that the ruling political party in Azerbaijan was also using false accounts to harass opposition figures. She flagged the activity over a year ago, she said, but Facebook’s investigation remains open and officials have not yet taken action over the accounts.” 

hacking alert: activists and journalists targeted online [ongoing, last update September 10]

Several activists and journalists had their Facebook accounts compromised in recent weeks in Azerbaijan. 

At the end of June, a veteran human rights lawyer, Intigam Aliyev, reported a break-in attempt into his Facebook profile. A few days later, an opposition group D18 reported their Facebook page was compromised. On July 2, journalist Aysel Umudova and activist Rustam Ismayilbeyli received messages from the Facebook platform informing them their passwords were reset. This happened despite the fact, that both users had 2FA enabled on their accounts. On July 6, journalist Fatima Movlamli’s Facebook profile was compromised. Yet again, despite 2FA and secure email service, the account was taken over by unknown users. Finally, on July 14, multiple social media users reported receiving password reset messages even though no such requests were made by the users.  

Targeting social media profiles, and pages, are common in Azerbaijan. In recent years, hacking of prominent accounts has led to mass content removal, loss of followers, and subscribers. On YouTube, account owners of popular channels report their videos are taken down by the platform due to copyright violation reports, have received strikes and in some cases, their accounts were deactivated by the platform. And yet, further investigations, indicate, that these copyright violations are indeed submitted by fake accounts and that the actual cause of the strike is nothing but a fluke.

This type of deliberate targeting limits the work of targeted account owners, whether they are human rights defenders, journalists, media platforms, or political activists. Responding to these digital attacks takes time, it also requires having the right contacts at platforms directly or vis-a-vis third parties. In addition, once the account is compromised the account owner, no longer has access to their platform for outreach, unable to share their work/updates, and face the reality of losing their audience.  

While there is some evidence pointing the attacks originate from the government-affiliated institutions, it’s been virtually impossible to prevent them from happening and keep the online community safe.

On September 10, Nigar Hezi, a political activist, said there was an attempt to compromise her Facebook account.  

Opposition activist, Instagram account hacked [updated]

May 9, Azerbaijani politician, Gultekin Hajibeyli’s Instagram account hacked and taken down. Instead, a fake profile impersonating Hajibeyli was set up, with her private mobile phone number shared publicly in the profile description. Hajibeyli, was targeted online previously.

Such attacks are common in Azerbaijan, where opposition politicians and independent activists are targeted online. Account “break-ins”, impersonations, blackmailing posts, content takedown requests on YouTube for alleged copyright violations are among some of the popular harassment tactics in practice.

Unlawfully obtained personal information of intimate nature, including photos, videos, and email exchanges are commonly used to target women activists. A most recent example is an online harassment campaign launched against political activist and former political prisoner Ilkin Rustamzade’s wife, Amina Rustamzade. Leaked personal pictures were shared on Facebook and Instagram by various accounts.

On May 12, the account impersonating Hajibeyli was successfully removed from Instagram.

On May 13, a new fake Instagram profile was created.