Meta has warned 50,000 Facebook users that they may have been spied on by surveillance-for-hire firms.
The social networking giant issued the chilling warning in a blog post on Thursday, by David Agranovich, director of threat disruption, and Mike Dvilyanski, head of cyber espionage investigations at Meta.
Meta said the global surveillance-for-hire industry targets people of interest, in order to collect intelligence, manipulate and compromise their devices and accounts across the internet.
“While these ‘cyber mercenaries’ often claim that their services only target criminals and terrorists, our months-long investigation concluded that targeting is in fact indiscriminate and includes journalists, dissidents, critics of authoritarian regimes, families of opposition and human rights activists,” blogged Meta.
It pointed to the Pegasus spyware scandal, which has seen NSO this week saying it is considering selling or closing down its Pegasus division.
NSO is currently being sued by Meta, after WhatsApp in 2019 alleged NSO was behind the cyberattack that infected devices with ‘advanced surveillance hacks.’
In its blog, Meta said that NSO is only one piece of a much broader global cyber mercenary industry.
“The global surveillance-for-hire industry targets people across the internet to collect intelligence, manipulate them into revealing information and compromise their devices and accounts,” said the blog. “These companies are part of a sprawling industry that provides intrusive software tools and surveillance services indiscriminately to any customer — regardless of who they target or the human rights abuses they might enable.”
Meta said that it had observed three phases of targeting activity by these commercial players that make up their “surveillance chain”: Reconnaissance, Engagement and Exploitation.
“Although public debate has mainly focused on the exploitation phase, it’s critical to disrupt the entire lifecycle of the attack because the earlier stages enable the later ones,” wrote Meta. “As a result of our months-long investigation, we took action against seven different surveillance-for-hire entities.”
“They provided services across all three phases of the surveillance chain to indiscriminately target people in over 100 countries on behalf of their clients,” wrote Meta. “These providers are based in China, Israel, India, and North Macedonia.”
Action was taken against Cobwebs Technologies, Cognyte, Black Cube, Blue Hawk CI, BellTroX, Cytrox and an unknown Chinese entity.
Four of them are located in Israel, one is in India, one is in North Macedonia, and the other is in China.
Meta said the “surveillance-for-hire” entities we removed violated multiple Community Standards and Terms of Service.
The companies targeted people including journalists and human rights activists in over 100 countries on behalf of their clients, Meta said, adding that they created fake accounts, befriended targets and used hacking methods to acquire information.
“Given the severity of their violations, we have banned them from our services,” said Meta. “To help disrupt these activities, we blocked related internet infrastructure and issued Cease and Desist letters, putting them on notice that their targeting of people has no place on our platform. We also shared our findings with security researchers, other platforms, and policymakers so they can take appropriate action.”
Meta said it has alerted around 50,000 people who it believes were targeted by these malicious activities worldwide, using the system it launched in 2015.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…