Surveillance-for-hire companies have utilized Facebook, Instagram, & WhatsApp as a major opportunity to target Individuals in over 100 countries for decades. Recently, Meta eliminated 7 of them from its platforms and notified over 50,000 people that the activities might as well have affected them. Many are journalists, human rights activists, dissidents, political opposition leaders, and clergy, according to Meta, while others are ordinary people, such as those involved in a lawsuit.
As part of the attack, Meta removed numerous accounts and disassembled other infrastructure on its platforms, blacklisted the groups, and sent cease and desist notices. According to the corporation, it is also publicly disclosing its findings and indications of infiltration so that other platforms and security companies may better spot similar conduct. The findings highlight the magnitude of the targeted surveillance industry as well as the huge scope of tailoring it facilitates globally.
“Cyber mercenaries often claim that their services and their surveillance-ware are meant to focus on tracking criminals and terrorists, but our investigations and similar investigations by independent researchers, our industry peers, and governments have demonstrated that the targeting is, in fact, indiscriminate,” Nathaniel Gleicher, Meta's head of security policy, said to the reporters.
“These companies … are building tools to manage fake accounts, to target and surveil people, to enable the delivery of malware, and then they’re providing them to any most interested clients—the clients who are willing to pay. This means that there are far more threat actors able to use these tools than there would be without this industry.”
Cobwebs Technologies, an Israeli web intelligence company with offices in the United States, Cognyte, an Israeli firm previously recognized as WebintPro, Black Cube, an Israeli company with an existence in the United Kingdom and Spain, Bluehawk CI, which itself is rooted in Israel and has offices in the United States and the United Kingdom, BellTroX, a North Macedonian firm, Cytrox, a North Macedonian firm, and an unidentified organization based in China.
Meta highlights that the surveillance-for-hire industry as a whole operates in three areas. One can conceive of it as several stages of a monitoring chain, with different firms specializing in different aspects of that superstructure.
The very first stage is "reconnaissance," in which corporations gather comprehensive data concerning targets, frequently via automated, bulk gathering on the public internet and darknet. The second stage is "engagement," wherein operators seek out targets in an attempt to form a connection and gain their trust. Surveillance firms create bogus profiles and personalities, posing as, for example, graduate students or journalists, to reach out to targets. Hackers may also spread fake content and misinformation to establish rapport. The third stage is "exploitation," sometimes known as "hacking for hire," in which actors might use this trust to persuade targets to disclose information, click a malicious link, download a malicious file, or perform some other action.
Every stage might take place on a variety of platforms and services. For instance, Meta's WhatsApp is a popular platform for disseminating malicious links to victims. Furthermore, Facebook and Instagram serve as natural breeding places for phony personalities. The eliminated entities, according to the social media giant, breached its Community Standards and Terms of Service.
“Given the severity of their violations, we have banned them from our services. To help disrupt these activities, we blocked related internet infrastructure and issued cease and desist letters, putting them on notice that their targeting of people has no place on our platform,” the firm added.
“We also shared our findings with security researchers, other platforms, and policymakers so they can take appropriate action.”