Meta (formerly Facebook) on Friday said it has disabled seven ‘surveillance-for-hire’ entities, including one from India, that targeted individuals including politicians, election officials, human rights activists and celebrities in over 100 countries on behalf of their clients.
Surveillance-for-hire companies target people to collect intelligence, manipulate and compromise their devices and accounts across the internet. These surveillance providers are based in China, Israel, India, and North Macedonia.
The social media giant is sending alerts to almost 50,000 people across more than 100 countries who it believes were targeted by one or more of these entities. The seven entities include BellTroX (India), Cytrox (North Macedonia), Cobwebs Technologies, Cognyte, Black Cube and Bluehawk CI (Israel) and an unknown entity in China.
Releasing its ‘Threat Report on the Surveillance-for-Hire Industry’, Meta Head of Security Policy Nathaniel Gleicher said the report is a result of a months-long investigation, and the company took action against seven different surveillance-for-hire entities to disrupt their ability to use their digital infrastructure to abuse social media platforms and enable surveillance of people across the internet.
“… We’re seeing journalists who are targeted, we’re seeing political figures, politicians, election officials, we’re seeing human rights defenders and activists, celebrities, and then we’re seeing ordinary everyday people, anyone who might be party to a lawsuit for example. So, we’re seeing this very wide targeting across society,” he added. In 2019, WhatsApp (part of Meta) had sued Israeli technology firm NSO Group – which had developed a software called Pegasus, that was allegedly used to conduct cyberespionage on journalists, human rights activists and others.
On Friday, Meta said these seven organisations provided services across all three phases of the surveillance chain – Reconnaissance, Engagement, and Exploitation – that were used to indiscriminately target people. “To help disrupt these activities, we blocked related infrastructure, banned these entities from our platform and issued Cease and Desist warnings, putting each of them on notice that their targeting of people has no place on our platform and is against our Community Standards,” he said.
The report said Meta had removed about 400 Facebook accounts, the vast majority of which were inactive for years, linked to BellTroX and used for reconnaissance, social engineering and to send malicious links.
BellTroX is based in India and sells what’s known as “hacking for hire” services, which were reported previously as well. Its activity on Meta’s platform was limited and sporadic between 2013 to 2019, after which it paused. “BellTroX operated fake accounts to impersonate a politician and pose as journalists and environmental activists in an attempt to social-engineer its targets to solicit information including their email addresses, likely for phishing attacks at a later stage,” the report said.
This activity, based on the exact same playbook, re-started in 2021, with a small number of accounts impersonating journalists and media personalities to send phishing links and solicit the targets’ email addresses, it added. Among those targeted were lawyers, doctors, activists, and members of the clergy in countries including Australia, Angola, Saudi Arabia, and Iceland, the report pointed out.
