The notorious hacker group SN Blackmeta has allegedly claimed responsibility for a cyberattack on Snapchat's infrastructure. The Snapchat cyberattack has reportedly led to disruptions in service in specific regions and the disabling of login and account creation features within the app.  In a post attributed to SN Blackmeta, the threat actor outlined their motives for the cyberattack on Snapchat, citing reasons such as their opposition to the content promoted by the social media platform, which they claim includes pornography and undermines moral values.  Additionally, the group accuses the application of supporting Israel while opposing efforts in support of Palestine. These grievances, according to SN Blackmeta, prompted them to target Snapchat as a means to "test their strength."

Decoding the Snapchat Cyberattack by SN Blackmeta 

[caption id="attachment_76796" align="alignnone" width="379"] Source: X[/caption] The claimed Snapchat cyberattack has allegedly resulted in service disruptions in certain countries and the temporary incapacitation of key features within the Snapchat application. Despite SN Blackmeta's claims, Snapchat has not yet released an official statement about the incident, leaving the details of the cyberattack unconfirmed. The Cyber Express has reached out to the company, and we are currently awaiting their response.  [caption id="attachment_76798" align="alignnone" width="372"] Source: X[/caption] Interestingly, this isn't the first time SN Blackmeta has made headlines for their cyber activities. In the past few days alone, the group has launched attacks on various targets, including the Social Security Administration (SSA) website and Microsoft's OneDrive. These attacks aim to disrupt services and hinder user access, demonstrating the group's proficiency in executing cyber warfare. The recent surge in cyberattacks by SN Blackmeta comes amidst a backdrop of escalating tensions in the digital world. Other hacktivist groups have also been active, targeting prominent organizations and government entities with coordinated attacks.

Previous Cybersecurity Challenges

The current Snapchat cyberattack is not the first time that the Snap INC-owned platform has faced cybersecurity challenges. The most recent controversy with Snapchat was reported by Vice in May 2019 wherein researchers discovered that Snapchat employees were misusing their access privileges to spy on users. This breach of trust raised concerns about user privacy and data security within the platform. Between January 2014 and February 2018, Snapchat faced a series of cybersecurity challenges. In July 2017, a phishing attack compromised over 55,000 accounts by luring users to a fake login page. The attackers then published stolen credentials, granting unauthorized access.  In February 2016, a phishing scam targeted Snapchat employees, resulting in the disclosure of payroll information. The October 2014 incident involved a third-party app hack, leaking 200,000 explicit images. Though Snapchat denied system compromise, blame was placed on the app providers.  In January 2014, a security vulnerability led to the exposure of 4.6 million user details, despite Snapchat's claim of addressing the issue promptly. As for the current Snapchat cyberattack claim, this is an ongoing story and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on the alleged cyberattack on the social media platform or any official confirmation from Snap INC.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Social media giant Facebook snooped on Snapchat users’ network traffic, engaged in anticompetitive behavior and exploited user data through deceptive practices. That’s according to a court document filed March 23, 2024.

The document mentions Facebook’s so-called In-App Action Panel (IAAP) program, which existed between June 2016 and approximately May 2019. The IAAP program, used an adversary-in-the-middle method called to intercept and decrypt Snapchat’s—and later YouTube’s and Amazon’s—SSL-protected analytics traffic to provide information for Facebook’s competitive decision making. Secure Sockets Layer (SSL) is a standard security technology for establishing an encrypted link between a server and a client.

On June 9, 2016, Facebook CEO Mark Zuckerberg complained about the lack of analytics about competitor Snapchat.

“Whenever someone asks a question about Snapchat, the answer is usually that because their traffic is encrypted we have no analytics about them. . . .

Given how quickly they’re growing, it seems important to figure out a new way to get reliable analytics about them. Perhaps we need to do panels or write custom software. You should figure out how to do this.”

So, as part of the IAAP program, the company started Project Ghostbusters by using Onavo. Onavo was a VPN-like research tool that Facebook acquired in 2013. In 2019, Facebook shut down Onavo after a TechCrunch investigation revealed that Facebook had been secretly paying teenagers to use Onavo so the company could access all of their web activity.

The Project Ghostbusters technique relied on technology known as a server-side SSL bump performed on Facebook’s Onavo servers. SSL bumping, also known as SSL interception, involves intercepting and decrypting SSL/TLS traffic, inspecting it for malicious content or policy violations, and then re-encrypting and forwarding it to the intended destination.

To gain access to the data about their competitor, Facebook incentivized users to install “kits” on both Android and iOS devices that impersonated official servers and decrypted traffic that Facebook had no right to access.

These kits allowed Facebook to intercept traffic for specific sub-domains, allowing them to read what would otherwise be encrypted traffic and to measure in-app usage of their competitor’s apps. The users were clueless about what the kits did exactly, but it allowed the operators to view and analyze the traffic before it got encrypted.

According to the court documents, advertisers suing Meta claim that Facebook later expanded the program to Amazon and YouTube. This practice is likely in violation of wiretapping laws and “potentially criminal.” Facebook’s secret program likely violated the Wiretap Act, because it prohibits intentionally intercepting electronic communications with no applicable exception and the use of such intercepted communications.

We’ll keep you updated on how this develops.

---

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.