‘Cyber-mercenaries’ spied on Facebook users
Meta has banned accounts linked to seven entities for conducting ‘surveillance-for-hire’ operations against some 50,000 users. One of the purged firms is the Israeli-run Black Cube, hired by disgraced producer Harvey Weinstein.
The seven entities are just part of a burgeoning “surveillance-for-hire” industry brought to life by the connectivity of social media, the company said. Such firms conduct “indiscriminate surveillance” on behalf of their clients, targeting dissidents, journalists, human rights activists and others, it said. Identified after a “months-long investigation,” the seven now-banned actors operated in over 100 countries and targeted around 50,000 people. Meta said it will alert people affected.
“To help disrupt these activities, we blocked related infrastructure, banned these entities from our platform and issued Cease and Desist warnings,” Meta said. “We also shared our findings with security researchers, other platforms, and policymakers so they too can take appropriate action.”
Six of the targets for Meta’s punitive action were identified as private security firms: Cobwebs Technologies, Cognyte, Black Cube, Bluehawk CI, BellTroX and Cytrox. Hundreds of accounts linked to each of them were blocked, the company said.
The Isreali-based Black Cube agency gained notoriety after being accused of going after victims of sexual harrassment at the hands of former Hollywood producer Harvey Weinstein. Black Cube rejected Meta’s claims of malicious activities.
As he was presenting Meta’s findings, security chief Nathaniel Gleicher also brought attention to a recent investigation by Citizen Lab, which accused the previously little-known North Macedonian firm Cytrox of infecting the phones of Egyptian dissidents with its Predator spyware.
13/ Important to call out the remarkable investigative work of @jsrailton and the entire team at @citizenlab, who are releasing a deep dive report into one of these cases today and shared information with us that enabled us to identify and share IOCs. https://t.co/WFbE8E7NKM— Nathaniel Gleicher (@ngleicher) December 16, 2021
Cytrox is reportedly part of an alliance of firms created to compete against Israel-based NSO Group, the producer of spyware tool Pegasus. NSO made headlines this year over its alleged unethical work for oppressive governments worldwide and was sanctioned by Washington in November.
Reporting about another banned entity was highlighted by Mike Dvilyanski, the head of cyberespionage investigations at Meta, who co-authored the report with Gleicher and David Agranovich, Facebook’s global threat disruption lead. Bluehawk CI, an Israeli firm, allegedly posed as a Fox News correspondent and a journalist working for Italian newspaper La Stampa to help the ruler of one of the UAE’s emirates in a litigation, according to a Daily Beast report.
Another of the firms targeted by Meta today, Israeli firm Bluehawk-CI, was first identified by The Daily Beast with help from FB security back in April when we found the company posing as Fox News and spying on critics of the UAE's Ras Al Khaimah Emirate. https://t.co/ycrzYik0g1— Adam Rawnsley (@arawnsley) December 16, 2021
The seventh target of Meta’s purge was described as an “unknown entity” that was accused of deploying “malware tools” against minority groups in China’s Xinjiang region and Hong Kong as well as Myanmar. The entity, according to Meta, was allegedly involved in “domestic law enforcement” in China.
Meta investigators expressed hope that the report will help people better understand “the harms this industry represents worldwide” and called on “democratic governments to take further steps to help protect people and impose oversight on the sellers of ubiquitous spyware.”
Gleicher specifically welcomed a recent joint statement from his former colleagues at the White House and America’s allies Australia, Denmark, and Norway, who decried electronic surveillance by “authoritarian governments.” Before joining Meta’s team, Gleicher worked at the US National Security Council, as did Agranovich. Dvilyanski, the third author of the report, is a former FBI cybersecurity agent.