Meta bans ‘cyber-mercenaries’ that targeted 50,000 people

Facebook’s parent company deletes accounts linked to seven private surveillance companies that spied on dissidents and journalists across 100 countries.

The Facebook parent Meta
The Facebook parent Meta released a report calling out seven companies [File: Dado Ruvic/Reuters]

Meta, Facebook’s parent company, has banned several “cyber-mercenary” groups thought to have been offering surveillance services aimed at activists, dissidents and journalists worldwide.

The social media giant said on Thursday it had begun warning about 50,000 people it believed may have come under scrutiny across more than 100 nations.

“The surveillance-for-hire industry … looks like indiscriminate targeting on behalf of the highest bidder,” Nathaniel Gleicher, the head of security policy at Meta, told a press briefing.

In a report, Meta called out seven private surveillance companies for hacking and other abuses, suspending roughly 1,500 mostly fake accounts across Facebook, Instagram and WhatsApp.

The Facebook parent said it deleted accounts tied to Cobwebs Technologies, Cognyte, Black Cube and Bluehawk CI – all of which were based or founded in Israel, a leading player in the cyber-surveillance business.

India-based BellTroX, North Macedonian firm Cytrox and an unidentified entity in China also saw accounts linked to them removed from Meta platforms.

Meta cybersecurity official David Agranovich said he hoped Thursday’s announcement would “kick-start the disruption of the surveillance-for-hire market”.

While “cyber-mercenaries” claim their services only focus on criminals and “terrorists”, Meta’s months-long investigation concluded that targeting is indiscriminate and includes journalists, dissidents, critics of authoritarian governments, families of opposition and human rights activists.

Services offered by these companies ranged from scooping up public information online to using fake personas to build trust with targets or digital snooping via hack attacks.

One tactic includes tricking the person into clicking on a booby-trapped link or file that installs software that can then steal information from whatever device they use to go online.

With that kind of access, the mercenary can steal data from a target’s phone or computer, as well as silently activate microphones, cameras and tracking, according to the Meta team.

There were some signs that other social media firms were taking similar action, with Twitter announcing the removal of 300 accounts a few hours after Meta’s announcement.

The Israeli spyware company NSO Group has recently come under the spotlight for the way its technology is used against civil society, including Palestinian activists, and United States officials. It was blacklisted last month in the US following weeks of revelations.

Source: Al Jazeera and news agencies