A number of private surveillance companies have been called out by Facebook for hacking or doing illegal things to some 50,000 people.
Purveyors of digital espionage services are now totally frowned upon by the current US government administration as the number of spying organizations continues to increase – one of which is NSO Group that was recently blacklisted.
Meta, Facebook’s parent is now suing NSO in a US court and the crackdown on other spyware organizations is to signal that the “surveillance-for-hire industry is much broader than one company.” says Nathaniel Gleicher, Meta’s head of security policy.
Meta also stated it would be suspending about 1,500, mostly-fake accounts that are run by seven organizations across its platforms – Facebook, Instagram, and WhatsApp.
Meta said the entities targeted people in more than 100 countries.
Asked how it identified the surveillance firms, Meta didn’t provide an adequate explanation about how it did it but it operates some of the biggest social and communication services with a lot of experts sitting behind their computers trying to fish out malicious accounts.
Black Cube is another notorious Israeli spyware company that is known for deploying spies on behalf of Hollywood super terror, Harvey Weinstein.
Meta said the intelligence firm was deploying phantom personas to chat its targets up online and gather their emails, “likely for later phishing attacks.”
In a statement, Black Cube said it “does not undertake any phishing or hacking” and said the firm routinely ensured “all our agents’ activities are fully compliant with local laws.”
Other organizations called out by Meta include BetllTroX, an Indian cyber mercenary firm that was exposed by Reuters and the internet watchdog Citizen Lab last year, an Israeli company called Bluehawk CI, and a European firm named Cytrox – all of whom Meta accused of hacking.
Cognyte was spun off from security company Verint System back in February, and Israeli firms Cobwebs Technologies – both of which were accused of using fake profiles to trick people into revealing private data.
Cognyte, Verint, and Bluehawk did not immediately return messages seeking comment.
In an email, Cobwebs spokesperson Meital Levi Tal said the company drew on open sources and that its products “are not intrusive by any means.” Messages left with Ivo Malinovski – who until recently identified himself as Cytrox’s chief executive on LinkedIn – received no immediate response. BellTroX founder Sumit Gupta has not returned Reuters reporters’ messages since his firm was exposed last year. He had previously denied wrongdoing.
Gleicher refused to identify any of the targets by name but Citizen Lab, in a report published at the same time as Meta’s, said that one of Cytrox’s victims was Egyptian opposition figure, Ayman Nour.
Nour blamed the Egyptian government for the spying, telling Reuters in an interview from Istanbul that he had long suspected he was under surveillance by officials there.
“For the first time I have evidence,” he said.
Egyptian authorities did not immediately respond to a request for comment.
According to Gleicher, other targets of these spy firms included the likes of celebrities, politicians, journalists, lawyers, executives, and regular citizens.
Friends and family of the targets were also swept up in the espionage campaigns, he said.
Meta cybersecurity official David Agranovich said he hoped Thursday’s announcement would “kickstart the disruption of the surveillance-for-hire market.”
Meta isn’t the only social media firm taking such a stance as the report has it that Twitter also announced the removal of some 300 accounts a few hours after Meta made its own announcement.
Automated warning messages will be sent over to targets according to Gleicher but said the company will stop short of identifying the specific firms involved or their clients.
That’s despite the fact that Facebook said it had identified several customers of Cobwebs, Cognyte, Cytrox, and Black Cube – the latter of which includes law firms.
Marta Pardavi, one of several Hungarian human rights defenders who say they were targeted by Black Cube in 2017 and 2018, said she was gratified by the news of Facebook’s report but wanted more information.
“They name law firms,” she said. “But law firms have clients. Who are the clients for these law firms?”