On Thursday, Meta, the parent company of Facebook, blocked several “cyber mercenary” firms and began notifying 50,000 people who were probably targeted by the firms suspected of spying on activists, dissidents, and journalists worldwide.
Meta has taken down 1,500 Facebook and Instagram profiles related to groups that offer services ranging from acquiring public information online to using fake personas to garner trust from targets to digital monitoring surveillance through hacking attempts.
Furthermore, the social media giant has begun notifying roughly 50,000 people in over 100 countries who it believes have been targeted by organizations, many of which are based in Israel, a prominent player in the cyber-surveillance sector.
“The surveillance-for-hire industry looks like indiscriminate targeting on behalf of the highest bidder,” Nathaniel Gleicher, head of security policy at Meta, said at a press release.
Meta said that it removed accounts associated with Cobwebs Technologies, Cognyte, Black Cube, and Bluehawk CI, all of which were based or founded in Israel.
Accounts associated with India-based BellTroX, North Macedonian enterprise Cytrox and an unidentified entity in China were also banned from Meta platforms. On Thursday, researchers at the Canadian cybersecurity nonprofit Citizen Lab accused Cytrox of producing and selling malware used to hack Egyptian opposition activist Ayman Nour’s phone.
“These cyber mercenaries often claim that their services only target criminals and terrorists,” Meta stated.
“Targeting is in fact indiscriminate and includes journalists, dissidents, critics of authoritarian regimes, families of opposition members, and human rights activists,” it added. “We have banned them from our services.”
In a statement, Black Cube denied any wrongdoing or even working in the “cyber world.”
“Black Cube works with the world’s leading law firms in proving bribery, uncovering corruption, and recovering hundreds of millions in stolen assets,” it said, adding the firm ensures it complies with local laws.
Firms offering “web intelligence services” begin the surveillance process by gathering information from publicly available internet sites such as news articles and Wikipedia. According to Meta investigators, cyber mercenaries then create up fake accounts on social media platforms to extract information from people’s profiles and even join groups or conversations to learn more.
Another strategy is to gain a target’s trust on a social network and then deceive them into clicking on a link or file that installs malware that can collect information from whatever device they use to access the internet. With that kind of access, the mercenary can steal data from a target’s phone or computer, as well as silently activate microphones, cameras, and tracking, according to the Meta team.
According to the Meta report, Bluehawk, one of the targeted companies, offers an extensive range of surveillance services, including managing fake accounts to install malware codes.
According to Meta, some bogus accounts associated with Bluehawk pretended to be journalists from media organizations such as Fox News in the United States and La Stampa in Italy.
While Meta was unable to determine who was in charge of the unnamed Chinese operation, it linked “command and control” of the surveillance tool involved to servers that appeared to be used by Chinese law enforcement authorities.