Comments left on Britney Spears’ photos on Instagram and Facebook are secretly announcing the location of command and control servers for Russian hackers when the old servers are shut down.
According to a report from Slovakian security firm ESET, hackers at Turla, group believed to have ties to Moscow, are using these public locations to deliver instructions, Vox wrote Thursday. Turla has been reportedly targeting governments, government officials and diplomats online for years.
The comment that appears from Instagram user asmith2155 reads “#2hot make loved to her, uupss #Hot #X.”
Once the hackers take over a new server they send out these messages to tell other hackers where it is. The message above, decoded, is the actual internet address to a new server.
Experts allege that Turla is linked to the Russian government because the malware is “linked to other Russian exploits” and “uses encryption and targets western governments,” former US foreign service officer Jim Lewis told Reuters. “It has Russian paw prints all over it.”
The hackers aren’t targeting a pop star’s Instagram for hacking, rather they’re simply using it as a placeholder for information amid one of the most frequently talked about topics: celebrities. Spears boasts 16.9 million Instagram followers, so thousands of people engage on each post.
Instagram also allows those who post comments to delete it, so hackers can remove any trace of their coded messages. They can follow up with another comment with another code.
Vox noted that it begs the question where else hackers are hiding in plain sight and using social media pages to distribute their instructions.