Tech conglomerate Meta, formerly known as Facebook, Inc., has notified 50,000 users of platforms Facebook and Instagram that they may have been targeted by at least seven “surveillance-for-hire” companies that are based outside the U.S.
“The global surveillance-for-hire industry targets people across the internet to collect intelligence, manipulate them into revealing information and compromise their devices and accounts,” Meta Director of Threat Disruption David Agranovich, along with Head of Cyber Espionage Investigations Mike Dvilyanski, both said in a blog post on Thursday.
“They provided services across all three phases of the surveillance chain to indiscriminately target people in over 100 countries on behalf of their clients.”
Fox Business adds: “The firms, which are based in Israel, India, North Macedonia and China, include Cobwebs Technologies, Cognyte, Black Cube, Blue Hawk CI, BellTroX, Cytrox and an unknown Chinese entity.”
In all, the network added, some 1,500 accounts tied to the various firms and their customers engaged in a combination of engagement, reconnaissance, and exploitation, to include posing as graduate students, film and TV producers, non-profit and human rights staffers, journalists and politicians in order to trick users into giving up personal info or installing malware, Meta’s threat report said.
Besides banning the companies from its platforms after a slew of violations regarding community guidelines, Meta also blocked related internet infrastructure, sent cease-and-desist letters to the firms, and shared findings with policymakers, other platforms, and cybersecurity researchers, Fox Business reported.
“Protecting people against cyber mercenaries operating across many platforms and national boundaries requires a collective effort from platforms, policymakers and civil society to counter the underlying market and its incentive structure,” Agranovich and Dvilyanski wrote.
“We believe a public discussion about the use of surveillance-for-hire technology is urgently needed to deter the abuse of these capabilities both among those who sell them and those who buy them.”
The network noted further:
The latest surveillance effort comes after Meta took legal action in 2019 against NSO Group, an Israeli firm that allegedly used Pegasus “spyware” to target journalists and world leaders via WhatsApp. Last month, NSO Group was blacklisted by the U.S. government.
“Each of these actors rely on networks of fake accounts on our platforms that are used to deceive users and mislead them,” Nathaniel Gleicher, Meta’s head of security policy, noted in an interview with NPR. The objective, Gleicher continued, is to “spy on people or snoop on them without them knowing about it.”
Black Cube told NPR in a statement that it “does not undertake any phishing or hacking and does not operate in the cyber world,” describing itself as a “litigation support firm” using legal investigation techniques.
“Black Cube obtains legal advice in every jurisdiction in which we operate in order to ensure that all our agents’ activities are fully compliant with local laws,” the statement said.
We have no tolerance for comments containing violence, racism, profanity, vulgarity, doxing, or discourteous behavior. If a comment is spam, instead of replying to it please click the ∨ icon below and to the right of that comment. Thank you for partnering with us to maintain fruitful conversation.