Chinese censorship campaigns are rife on social media, and they are increasingly using the infamous ‘Tiktok’ app to gain control over young people. Users are banned from the app without warning and often get no explanation for their punishment. Moreover, Tiktok harvests data on children and teens to measure their market reach and political development and find the most effective methods of coercing them. As such, Tiktok is allowing China to control large segments of society.
OpsBedil
On April 11, 2022, pro-Palestinian group DragonForce Malaysia launched OpsBedilReloaded, a cyber attack campaign aimed at Israeli organizations. The campaign includes data leaks, defacements and denial-of-service attacks. According to Radware’s cyber threat intelligence division, the group represents a “clear and potent threat” to organizations with unprotected assets. Its activity usually peaks around Al Quds day and Jerusalem day and continues through July.
The group is a new generation of hacktivists that is using the TikTok app as a communication tool. By posting videos, threat actors are able to recruit a crowd and communicate details of operations. The videos also provide visual clues about the participants. The new wave of attacks is resembling the now-defunct OpIsrael operation by Anonymous, and is likely to continue through the summer.
The group has claimed responsibility for hacks targeting Israeli banks, the banking sector and several government agencies. Its members have released images of Israeli citizens in their homes. The group calls itself a “formation of the Malaysian people” and describes itself as a response to the ongoing crisis in the Israel-Palestine conflict.
The OpsBedil hacktivists began their operations in 2021. These hacktivists have ties with the pro-Palestinian hacker group DragonForce Malaysia. The group has been associated with a number of cyber attacks in recent years and is thought to be a reactionary response to Middle Eastern tensions. Its members have the resources to carry out moderate-level attacks against Israeli organizations.
TikTok
TikTok users have a choice in whether to enable notifications from the platform. By default, the service enables notifications by default, but you can turn them off from the settings menu. But you should be wary of third-party integration claims. These claims could be based on scraped information from public data sources. If you are concerned about your privacy, you should turn off notifications.
The popular short-form video sharing platform subsequently refuted these claims and said that the hacking group called ‘AgainstTheWest’ had “scraped” its database and stolen user data. The group had reportedly stolen more than 2 billion records and 790 GB of data. Hackers reportedly gained access to the database through a vulnerability in the TikTok app that allowed them to access user data.
In response to the accusations, TikTok’s security team has banned an account associated with AgainstTheWest. The group has also banned its Twitter account after the account was accused of fabricating its breach stories. AgainstTheWest also allegedly deleted the thread after multiple people asked for it back.
While this may not seem like a big deal, it does point to the fact that TikTok has been used by hactivists before. One recent example involves a TikToker who registered to attend a Trump rally. However, it did not attend the event. While TikTok may be an excellent way to spread information about a political rally, it’s not the best tool for long-term goals.
While the TikTok signup process is similar to that of other social media sites, the platform asks for certain information. These include an email address, a date of birth, and a phone number. Users must also be over the age of 13 to join the platform. However, users can opt out of these options if they wish.
Some of the world’s biggest tech companies are attempting to curb WeChat’s influence in China. However, the company has resisted such pressure and has not yet sold the service to any US bidder. Nonetheless, the government has begun a crackdown on the app and has warned that users may be punished by the government.
There is still no evidence that TikTok or WeChat’s systems were breached, but a group of hackers has claimed to have compromised a database hosted on Alibaba cloud. The database is said to contain 2 billion records, including user information and platform statistics. TikTok and WeChat have both denied the hacking claims.
Despite the denials, the hacker group has claimed to have obtained personal information of 1 billion users, including children. The hackers say they obtained the records from an unsecure cloud server. The Chinese social network is now facing a huge security breach. But there are some steps it can take to make sure its users’ data is not exposed to hackers.
First, users should stop receiving notifications. This is a common practice for social networks, including WeChat and Facebook. This can be turned off in the settings menu. Another way to prevent notifications is to turn off your notifications on the app. TikTok has also moved data to US servers.
The group BlueHornet, which is responsible for the hack, has posted screenshots and data samples to support its claims. It claims to have obtained internal WeChat data. According to security researcher Bob Diachenko, the breach is real. The cybersecurity company Cyberint calls the group an “interesting” advanced persistent threat group. The group is suspected of targeting major organizations including American, Chinese, and Iranian companies.
Android app
A vulnerability has been discovered in the TikTok Android app that allows hackers to post videos, send messages, and compromise the online presence of millions of Android users. The vulnerability has not been weaponized yet, but a hacker can use a specially crafted link to hijack any user’s account. Once inside an account, an attacker can view all the private videos stored within the account. This vulnerability affects all global variants of the TikTok app, which has a total of 1.5 billion downloads on the Google Play Store.
Researchers from Microsoft discovered a high-security vulnerability in the TikTok Android app that could allow hackers to access accounts and sensitive information. The vulnerability was identified in an earlier update and has been patched, but Microsoft has not yet identified any evidence that hackers have exploited the vulnerability.
The exploit would require access to a user’s VPN, ISP, and router. This campaign would be most effective in countries where the internet is limited and users’ data is not protected by a firewall or VPN. TikTok has faced a lot of criticism over its content censorship, but has never been accused of manipulating official feeds.
TikTok has a massive user base, which makes it a prime target for hackers and threat actors. In the past, the company’s in-app browser was vulnerable and able to track user input. Although TikTok removed the vulnerability, the parent company still has access to the data, so this security vulnerability will continue to affect users.
Database of tiktok hacktivists
A group of hacktivists has revealed pictures of TikTok’s database. They claim to have obtained data from the company’s server, which stores more than 2 billion records and 790 GB of data. The information includes user data, platform statistics, and even code. It appears that the hackers scraped the information on the public-facing part of the site, but there is a possibility that they’ve obtained information from other sources as well.
The data breach was discovered in February 2022, when Microsoft researchers discovered a high-level vulnerability in TikTok’s Android app. TikTok was notified of the security issue within a month. The hacker group reportedly targets countries opposed to Western interests, and has plans to target North Korea, Belarus, and Iran.
There is some doubt about the validity of the database, however. Many hackers have suggested that the information came from a third-party integration. However, TikTok has denied these claims that the data does not come from their own company. In the meantime, this case is a reminder of the need for more security on social media sites, like TikTok.
In the meantime, TikTok is taking steps to protect its users. The platform’s security team has launched an investigation into the WeChat data leak. They determined that the code in question came from a third-party source, and did not originate from the TikTok backend. The TikTok security team has stated that the code referred to was obtained via an unsecure cloud server.