icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm
17 Dec, 2021 08:47

‘Cyber-mercenaries’ spied on Facebook users

‘Cyber-mercenaries’ spied on Facebook users

Meta has banned accounts linked to seven entities for conducting ‘surveillance-for-hire’ operations against some 50,000 users. One of the purged firms is the Israeli-run Black Cube, hired by disgraced producer Harvey Weinstein.

The US tech giant that owns Facebook and Instagram, among other services, says it has busted massive surveillance operations that violated its terms of use. They used Meta platforms to passively spy on users, engage them directly to trick them into revealing sensitive information, and plant malware on their devices, the company reported on Thursday.

The seven entities are just part of a burgeoning “surveillance-for-hire” industry brought to life by the connectivity of social media, the company said. Such firms conduct “indiscriminate surveillance” on behalf of their clients, targeting dissidents, journalists, human rights activists and others, it said. Identified after a “months-long investigation,” the seven now-banned actors operated in over 100 countries and targeted around 50,000 people. Meta said it will alert people affected.

“To help disrupt these activities, we blocked related infrastructure, banned these entities from our platform and issued Cease and Desist warnings,” Meta said. “We also shared our findings with security researchers, other platforms, and policymakers so they too can take appropriate action.”

Six of the targets for Meta’s punitive action were identified as private security firms: Cobwebs Technologies, Cognyte, Black Cube, Bluehawk CI, BellTroX and Cytrox. Hundreds of accounts linked to each of them were blocked, the company said.

The Isreali-based Black Cube agency gained notoriety after being accused of going after victims of sexual harrassment at the hands of former Hollywood producer Harvey Weinstein. Black Cube rejected Meta’s claims of malicious activities.

As he was presenting Meta’s findings, security chief Nathaniel Gleicher also brought attention to a recent investigation by Citizen Lab, which accused the previously little-known North Macedonian firm Cytrox of infecting the phones of Egyptian dissidents with its Predator spyware.

Cytrox is reportedly part of an alliance of firms created to compete against Israel-based NSO Group, the producer of spyware tool Pegasus. NSO made headlines this year over its alleged unethical work for oppressive governments worldwide and was sanctioned by Washington in November.

Reporting about another banned entity was highlighted by Mike Dvilyanski, the head of cyberespionage investigations at Meta, who co-authored the report with Gleicher and David Agranovich, Facebook’s global threat disruption lead. Bluehawk CI, an Israeli firm, allegedly posed as a Fox News correspondent and a journalist working for Italian newspaper La Stampa to help the ruler of one of the UAE’s emirates in a litigation, according to a Daily Beast report.

The seventh target of Meta’s purge was described as an “unknown entity” that was accused of deploying “malware tools” against minority groups in China’s Xinjiang region and Hong Kong as well as Myanmar. The entity, according to Meta, was allegedly involved in “domestic law enforcement” in China.

Meta investigators expressed hope that the report will help people better understand “the harms this industry represents worldwide” and called on “democratic governments to take further steps to help protect people and impose oversight on the sellers of ubiquitous spyware.”

Gleicher specifically welcomed a recent joint statement from his former colleagues at the White House and America’s allies Australia, Denmark, and Norway, who decried electronic surveillance by “authoritarian governments.” Before joining Meta’s team, Gleicher worked at the US National Security Council, as did Agranovich. Dvilyanski, the third author of the report, is a former FBI cybersecurity agent.