Meta (formerly Facebook) has removed seven rental surveillance systems that targeted users in 100 countries including journalists, activists, politicians, lawyers and doctors.
“The global surveillance for hire industry targets people online to gather intelligence and manipulate them to reveal information and put their devices and accounts at risk. These companies are part of a sprawling industry that provides malicious software tools and monitoring services indiscriminately to any customer — regardless of who they target or what human rights abuses they might have. empower them,” the social media pioneer said in a blog post
The industry, she added, “democratizes” these threats, making them available to governmental and non-governmental groups that would otherwise not have these capabilities.
These entities that Meta removed were located in China, Israel, India and North Macedonia and were linked to about 1,500 accounts on Facebook and Instagram.
It also alerted about 50,000 people the company believes have been targeted by these malicious activities worldwide, using an alert system it launched in 2015.
Among the seven companies was India-based BellTroX. Meta has removed about 400 Facebook accounts, “the vast majority of which have been inactive for years” linked to the company that were used for reconnaissance, social engineering and sending malicious links.
“BellTroX is based in India and sells what is known as “hacking-for-hire” services, which were reported by researchers at Citizen Lab and Reuters. Activity on our platform was limited and sporadic between 2013 and 2019, after which it was paused,” Meta explained.
“BellTroX has operated fake accounts to impersonate a politician and pose as journalists and environmental activists in an effort to engineer their social targets to obtain information including their email addresses, potentially for later-stage phishing attacks,” she added.
Among those targeted were lawyers, doctors, activists and religious leaders in countries such as Australia, Angola, Saudi Arabia and Iceland.
Apart from BellTroX, it has also removed 200 accounts operated by Cobwebs and its clients worldwide. Mira said the company was founded in Israel with offices in the US and sells access to its online survey platform, including Facebook, Instagram, WhatsApp, Twitter, Flickr, public sites and “dark web” sites.
Its investigation identified clients in Bangladesh, Hong Kong, the United States, New Zealand, Mexico, Saudi Arabia, Poland and other countries. Apart from targeting law enforcement activities, I have also noted the frequent targeting of activists, opposition politicians, and government officials in Hong Kong and Mexico.
Another entity removed is Cognyte, which is based in Israel. About 100 Facebook and Instagram accounts linked to the company (formerly known as WebintPro) and its clients have been removed.
“The company sells access to its platform that enables fake accounts to be managed across social media platforms including Facebook, Instagram, Twitter, YouTube, VKontakte (VK) and other websites to social engineers and data collectors,” Meta explained.
Clients have been identified in Israel, Serbia, Colombia, Kenya, Morocco, Mexico, Jordan, Thailand and Indonesia.
Their targets included journalists and politicians from all over the world.
About 300 Facebook and Instagram accounts linked to Black Cube, an Israel-based company with offices in the UK, Israel and Spain, have been removed.
“They provide surveillance services that include social engineering and intelligence gathering. Black Cube has operated fictional characters tailored to its goals: some of whom are portrayed as graduate students, NGOs and human rights workers, and film and television producers,” she said.
“Our investigation found a wide range of clients, including individuals, businesses, and law firms around the world,” she added.
Targets are found across industries, including the medical, mining, metals, and energy industries. It also included NGOs in Africa, Eastern Europe, and South America, as well as Palestinian activists. Meta said they also targeted people in Russia associated with universities, telecommunications, high-tech, consulting, the legal, financial, real estate development and media industries.
It has removed about 100 Facebook accounts linked to Bluehawk, a company based in Israel with offices in the United Kingdom and the United States. The company sells a wide range of surveillance-for-hire activities that have included social engineering, litigation-related intelligence gathering about people, and managing fake accounts to trick them into installing malware, according to the report.
“The individuals behind this company showed determination and kept trying to get back to our platform after we closed dozens of their accounts,” Meta said.
These fake accounts were portrayed as journalists working for established media organizations such as La Stampa in Italy and Fox News in the United States to trick their targets into an interview on camera.
She added that Bluehawk recently attempted to create accounts claiming to be based in Argentina.
About 300 Facebook and Instagram accounts linked to Cytrox, a North Macedonian, have been removed. The company develops monitoring and malware tools that enable its customers to hack and sell iOS and Android devices.
It had clients in Egypt, Armenia, Greece, Saudi Arabia, Oman, Colombia, Cote d’Ivoire, Vietnam, the Philippines and Germany. Cytrox’s targets and clients have included politicians and journalists from all over the world, including Egypt and Armenia.
“Our findings indicate that Cytrox likely provided services to another known threat actor in the security community by the name of Sphinx, which targeted people in Egypt and its neighboring countries,” she said.
Last on the list was an unknown entity in China where about 100 Facebook and Instagram accounts linked to the anonymous entity have been removed. She was responsible for developing monitoring tools for the Android, iOS, and Windows operating systems, as well as Linux, Mac OS X, and Solaris.
“It also carried out reconnaissance and social engineering activities before delivering a malicious payload to its targets,” she added.
“Our investigation found that malware tools were used to support surveillance against minorities across the Asia-Pacific region, including China’s Xinjiang, Myanmar and Hong Kong,” she added.
Monitor-for-hire entities have violated several Community Standards and Terms of Service.
“Due to the severity of their violations, we have banned them from our services. We recently updated it to provide people with more granular details about the types of targeting and the actor behind them so they can take steps to protect their accounts, depending on the stage in the chain of monitoring attacks we discover in each case.”