- Oops!Something went wrong.Please try again later.
The groups aimed to collect intelligence, manipulate users into revealing information, and compromise their devices, Meta, the parent company of Facebook and Instagram, said.
“These companies are part of a sprawling industry that provides intrusive software tools and surveillance services indiscriminately to any customer — regardless of who they target or the human rights abuses they might enable”, they wrote.
“This industry ‘democratizes’ these threats, making them available to government and non-government groups that otherwise wouldn’t have these capabilities.”
What did the groups do?
There are three phases the groups go through to collect information, Meta says: reconnaissance, engagement, and exploitation.
The first stage involves gathering information from blogs, social media, Wikipedia, and “dark web” sites. The second is the most visible to targets, establishing contact with them in to get them to click on malicious links or files.
The final stage is “hacking for hire” which includes practices like phishing. The hackers will create domains in an attempt to make people hand over information without their knowledge. They could mask themselves as social media, financial services, or corporate networks.
Which companies are responsible?
The companies are located in Israel, India, North Macedonia, and China. According to Meta, they include: Cobwebs Technologies, Cognyte, Black Cube, Bluehawk, BellTroX, Cytrox, and an unknown entity in China.
Cobwebs Technologies, Cognyte, Black Cube, and Bluehawk did not immediately respond to a request for comment from The Independent.
BellTrox and Cytrox was not immediately available for comment. It is unclear who the companies were working for.
“We often cannot tell who these firms’ clients are—this concealment seems to be a service they offer. That’s why we enforce consistently against this deceptive, violating behaviour, regardless of the firm behind it or who hired them,” Nathaniel Gleicher, head of security policy at Facebook, said.
7/ We often cannot tell who these firms' clients are — this concealment seems to be a service they offer. That’s why we enforce consistently against this deceptive, violating behavior (using fake accounts, sending malware, etc), regardless of the firm behind it or who hired them.
— Nathaniel Gleicher (@ngleicher) December 16, 2021
Meta compares the companies to NSO, which was behind the Pegasus spyware and which Meta sued in 2019.
“The ‘surveillance-for-hire’ entities we removed and described in this report violated multiple Community Standards and Terms of Service. Given the severity of their violations, we have banned them from our services,” Meta said.
“The entities behind these surveillance operations are persistent, and we expect them to evolve their tactics. However, our detection systems and threat investigators, as well as other teams in the broader security community keep improving to make it harder for them to remain undetected”
Who has been affected?
While these companies claimed that they only target criminals and terrorists, Meta found that they also “targeted journalists, dissidents, critics of authoritarian regimes, families of opposition and human rights activists around the world.”
Meta says that it “blocked related infrastructure, banned these entities from our platform and issued Cease and Desist warnings, putting each of them on notice that their targeting of people has no place on our platform and is against our Community Standards” to disrupt their activities. The findings were shared with security researchers, other social media platforms, and policymakers.
How to know if you are affected
Meta has sent users notifications if their accounts were compromised.
“We believe that a sophisticated attacker may be targeting your Facebook account. Be cautious when accepting friend requests and interacting with people you don’t know”, the message reads.