Facebook reports that 50,000 users were killed by cyber-mercenary firms in 2021.
- Cobwebs Technologies, an Israeli firm with offices and clients in the United States, closed 200 accounts that collected target information and socially engineered private information. Investigators say the company is being used by law enforcement agencies, as well as harassment of activists, opposition politicians and government officials in Mexico and Hong Kong. Cobwebs spokesman Meital Levi Tal told MIT Technology Review that the company was unaware of Meta’s findings and that it “operates only in accordance with the law and adheres to strict privacy standards.”
- Israeli firm Cognyte has lost 100 accounts reportedly monitoring targets, including journalists and politicians around the world.
- Black Cube is an Israeli company associated with a huge list of scandals, including a history of spying on reporters. Facebook researchers say they have found that the firm collects information on a wide range of purposes, ranging from Palestinian activists to people in the medical and energy industries and scientists, especially within Russia. Black Cube has reportedly created fake characters, including students, human rights activists, and film producers. Investigators say the company usually befriends the person and then sets up phone calls to obtain the victim’s email address, with the likely goal of conducting tactics like phishing attacks. When we were contacted for comment, the company denied any hacking operations and insisted that all “agent activities are in full compliance with local laws.”
- Another Israeli firm, Bluehawk CI, is already well known for posing as journalists and forcing victims to install malware. Facebook said it removed 100 accounts associated with the firm, which the company concluded were widely used against targets, including political opponents of the United Arab Emirates government and businessmen in the Middle East.
- The Indian company BellTroX has been in the video surveillance industry for at least seven years. Facebook removed 400 accounts associated with the firm, which investigators said were used to impersonate politicians and journalists and launch phishing attacks on victims, including doctors, lawyers, activists and clergy in Angola, Argentina, Saudi Arabia and Iceland.
- Investigators say the North Macedonian firm Cytrox is mainly engaged in hacker attacks. The company targets journalists and politicians around the world. Cytrox is part of an alliance of surveillance and intelligence companies known as Intellexa. The executives of another Intellexa firm, Nexa Technologies, were charged earlier this year with alleged involvement in espionage and torture of dissidents in Libya and Egypt.
- Finally, an unidentified organization in China has been linked to an extensive surveillance operation that involved the use of social engineering against targets and the development of malware to spy on minority groups in Xinjiang, China, as well as Myanmar and Hong Kong.
Facebook’s parent company, Meta, which sued Israeli hacker company NSO Group in 2019, is now sending out termination letters to each of the companies, as well as providing alerts to the roughly 50,000 victims it has identified. Alerts inform victims that “an experienced subject could target your Facebook account,” and then recommend measures to improve the security of their account, including performing a privacy check.
The ultimate goal of the work is to spark a broader discussion about the surveillance industry for hire, the researchers said. They said they recommend strengthening transparency and know-your-customer laws, deepening industry collaboration to discourage surveillance companies, and increasing accountability through new legislation and export control laws.
Investigators added that not all of the firms’ work appears to be in conflict with known laws and ethical standards – some of these companies are known to use Facebook and Instagram to carry out legitimate law enforcement and intelligence operations. But both platforms have established channels for law enforcement to legally solicit data with due process and transparency.
“The intention we’re seeing from these companies is not like that,” Gleicher said. “These are indiscriminate attacks on society. These companies are created to hide their customers. If you are a foreign government that wants to make it difficult for defenders to find you, you hire such a company to create a layer of confusion between you and the harm. ”
Aside from cessation letters and widespread account deletions, Gleicher did not rule out future lawsuits against any of the offending firms. However, investigators said finding hired surveillance jobs is likely to be an ongoing problem.
“When we see networks engaging in this type of activity, we take a networked approach,” said David Agranovich, director of threat elimination at Facebook. “We block all their activity on the platform at the same time. And knowing that these are hostile networks, we will work to keep them out of our platform. ”