30 November 2021
Meta, the parent company of Facebook and Instagram, has revealed that it has banned seven surveillance-for-hire companies for engaging in surveillance activities and violating its policies. It has alerted more than 50,000 users from over 110 countries that it believes to be targets of these attacks. The affected users are mostly journalists, dissidents, critics of authoritarian regimes, families of opposition, and human rights activists.
It has further released a Threat Report that details the whole research and investigation process as well as names the guilty entities. These include Cobwebs Technologies, Cognyte, Black Cube, and Bluehawk CI (all from Israel), BelltroX from India, Cytrox from North Macedonia, and an unknown entity from China. The team found and removed over 1,500 fake profiles on Facebook and Instagram that were used for attacking the victims.
The report reveals that these spying attacks usually take place in three phases: Reconnaissance, Engagement, and Exploitation. The first phase is all about creating a profile of the target by collecting information available in the public domain and on "dark web" websites. The next step is to get in touch with the target or someone who knows the target to gain trust and trick them into revealing more information. Lastly, these entities try to fool the target into giving personal and sensitive details like email accounts and financial transactions.
We have seen a lot of reporting around the Israel-based NSO Group and its spyware tool Pegasus. The group was sued by Meta in 2019 and most recently, Apple also sued it just last month. Meta says while the focus is on NSO Group, the broader surveillance industry is also a major issue of concern.
"The global surveillance-for-hire industry targets people across the internet to collect intelligence, manipulate them into revealing information, and compromise their devices and accounts. These companies are part of a sprawling industry that provides intrusive software tools and surveillance services indiscriminately to any customer — regardless of who they target or the human rights abuses they might enable. This industry “democratizes” these threats, making them available to government and non-government groups that otherwise wouldn’t have these capabilities."