Meta removed seven “surveillance-for-hire” organizations that used Facebook to target at least 50,000 individuals across 100 countries for surveillance operations, some of which included the deployment of spyware, the company announced in a report Thursday.
The operation marked a major step in efforts by the social media company against a sprawling surveillance industry that Facebook security experts warn is becoming more “democratized” and easily accessible to spy on not just high-profile targets, but ordinary users. The company removed hundreds of accounts belonging to firms known as Israeli Cobwebs Technologies, Cognyte, Black Cube, Bluehawk CI, India-based BellTroX, Macedonia-based Cytrox, and an unknown entity in China. Of the seven firms, only Cobwebs and Cognyte did not engage in what it called “exploitation” phase activities, or actually delivering malware to hack victims.
Facebook sent cease and desist letters to the six named companies.
Facebook has clashed with the growing spyware market for years. Facebook sued notable spyware vendor NSO Group in 2019 for allegedly using its messaging app WhatsApp to deploy malware used for spying on 1,400 mobile devices. NSO Group has disputed the claims.
Nathaniel Gleicher, head of security policy at Meta, says the latest report aims to highlight how the surveillance industry goes well beyond Israeli-based NSO Group, which is the subject of ongoing scrutiny by the U.S. government, and starts much earlier than attackers deploying spyware onto a target’s phone.
“If we focus only on malware and exploits, then, by the time industry enforces, the government imposes control, by the time civil society exposes these actors — they will already be exploiting people’s phones and surveilling their most private conversations,” said Gleicher. “By moving earlier in the surveillance attack chain…we can hopefully stop this activity earlier, before those compromises occur.”
The surveillance companies named in the report all appeared to follow a similar playbook to target individuals including but not limited to journalists, dissidents and academics across Africa, Eastern Europe and South America. For instance, Meta removed 300 Facebook and Instagram accounts linked to Israeli-based Black Cube that operated as fictitious personas to set up calls with targets. The fictitious accounts would gather targets’ emails to later send phishing attacks.
Meta could not identify how many of the 50,000 possible victims were attacked with malware or other exploitation software.
Political tensions around spyware have risen in recent weeks as the U.S. has taken steps to rebuke the industry, including the November blacklisting of NSO Group and Candiru, another spyware vendor. In December, U.S. officials alongside counterparts from Australia, Denmark and Norway announced the “Export Controls ad Human Rights Initiative” to address the misuse of technologies to threaten human rights.
Still, lawmakers and advocates have pressed the Biden administration to do more. A group of Democratic lawmakers on Wednesday called on the Treasury Department to sanction NSO Group and three other surveillance firms. Meanwhile, the United Nations and human rights group Amnesty International have called for a full moratorium of sales on surveillance technologies until countries create rules around the technology that safeguard human rights.
The Facebook report also demonstrates that the spyware-for-hire market isn’t only a foreign problem for the U.S. An American division of Cobwebs Technologies, one of the firms removed by Facebook, currently boasts a five-year contract with the Department of Homeland Security.
David Agranovich, director of threat disruption at Meta, said the company welcomes “domestic and international efforts to raise accountability on the industry, in particular through legislation for export controls and other regulatory actions.”
Access Now, a human rights group that has denounced spyware, said it welcomed Facebook’s move.
“It’s really good to see these major platforms finally stepping up and recognizing they are attack vectors and are providing spaces that aren’t as secure as they could be,” said general counsel Peter Micek. “It’s important that companies look at their role in the cyber weaponry ecosystem and where they fall in the workflow of these malicious entities.”
He emphasized that there’s “no silver bullet” for Facebook or any other company alone to fully protect users.
Micek called the number of potential victims notified by Facebook significant and said that while Facebook’s actions are unlikely to deter a sophisticated operation against a high-value target, the company can do a lot to educate the public about how ubiquitous and accessible spyware has become.
The post Meta takes down 7 hacking-for-hire operations that targeted 50,000 users appeared first on CyberScoop.
– Read More – CyberScoop