06/28/2022

Meta bans seven surveillance-for-hire groups for spying on internet users

December 17, 2021 — A new report by Meta (previously Facebook Inc.) reveals that the company has banned seven surveillance-for-hire firms from its platforms after a months-long investigation into their practices of abusing social media platforms and spying on internet users in over 100 countries.

Meta, on Thursday, said in its report that it has removed over 1500 Facebook and Instagram accounts known to be associated with these surveillance firms, and has alerted around 50,000 Facebook users about the potential breach of their account by a “sophisticated attacker”.

Kristen Han, a Singapore-based activist and journalist, received the notification on her Facebook account alerting about the attack. – Twitter @kixes 

The new report sheds light on the growing industry of surveillance technology and its mainstream use against opponents and dissidents around the world. While the attention and criticism directed towards the surveillance industry has so far been focused on the notorious Israeli NSO Group, the new Meta report states, “NSO is only one piece of a much broader global cyber mercenary industry.” The company has banned seven surveillance-for-hire entities that target “people across the internet to collect intelligence, manipulate them into revealing information and compromise their devices and accounts,” from its platforms, including 4 from Israel, 2 unknown entities from China, 1 from North Macedonia, and 1 from India.

The list of now-blocked surveillance firms include, Cobweb Technologies, Cognyte, Black Cube, and Bluehawk CI based in Israel; BellTrox based in India; Cytrox based in North Macedonia, and two unidentified Chinese firms, that sell their services to anyone who is willing to pay for them. According to Meta’s investigation, the customers of these companies included the United States, Mexico, Saudi Arabia, China, Bangladesh, Hong Kong, Israel, Morocco, Egypt, Greece and others. Collectively, these companies targeted around 50,000 users including political dissidents, opposition members, activists, journalists, lawyers, and others in over 100 countries.

One of the identified and blocked Israeli entities, Black Cube, was also involved in the attempt to surveil on the researchers at the Citizen Lab during their investigation into the NSO Group’s perpetual link with human rights violations through its many programs including Pegasus which was found to have been used to potentially target 50,000 phone numbers of individuals including heads of states, cabinet ministers, activists, journalists, lawyers and others around the world. The investigation led to the NSO Group being blacklisted in the United States.

Black Cube, however, is part of the larger industry of surveillance technology used in advancing human rights violations and silencing dissent, not just political, but personal as well. In 2019, it was also revealed to have been appointed by Harvey Weinstein in 2017 to suppress allegations of sexual assault against him that led to the #MeToo movement in the US. 

Additionally, Meta is not the only one highlighting the vast surveillance industry, in fact, Citizen Lab also published its new report on the same day revealing the use of this tech by the governments. The research was based on the analysis of the compromised phones of the exiled Egyptian political opposition member Ayman Nour, and an anonymous Egyptian exiled journalist. It found that the phones were infected with a program of another one of the firms blocked by Meta, Cytrox. Both of the phones were hacked with Cytrox’s program Predator in June 2021 along with NSO Group’s Pegasus. The program by Cytrox, which is based in North Macedonia and has a corporate presence in Israel and Hungary, is a single-click attack sent to the targets through a WhatsApp message, and that is how the two Egyptian victims were targeted.

Meta, in its report, states, “[…] our team at Meta was able to find a vast domain infrastructure that we believe Cytrox used to spoof legitimate news entities in the countries of their interest and mimic legitimate URL-shortening and social media services […]. They used these domains as part of their phishing and compromise campaigns. Cytrox and its customers took steps to tailor their attacks for particular targets by only infecting people with malware when they passed certain technical checks, including IP address and device type. If the checks failed, people could be redirected to legitimate news or other websites.”

Whereas, the Citizen Lab research revealed that both the targets of Predator owned by Cytrox were sent the same link on WhatsApp that led to it being installed in their phones. “A Predator link sent to Nour on WhatsApp was opened in Safari at 14:33 GMT on the same day and Predator was installed on the device two minutes later at 14:35 GMT,” the analysis states.

Predator, when installed, enables the hacker to access the phone’s camera, microphone and other data on the device. As earlier mentioned, Predator requires the target to click on the link in order for the hacker to access the device’s components, which makes it unlike NSO’s Pegasus which is a zero-click spyware that infiltrates the phone without any action or knowledge of the target.

Where Pegasus has been notoriously known for its use by repressive governments, it is evident that there are many lesser known actors in the industry that offer their services to these governments in order to enable surveillance on dissidents and opponents in the country. The implications of such surveillance tools and mechanisms are dire on the targets, often leading to threats to their physical safety. For example, it was found that those close to the slain Saudi journalist Jamal Khashoggi were targeted with Pegasus before and after his murder in Turkey. His wife Android phone was attempted to be hacked six months before his murder, whereas, his fiancée’s iPhone was infected days after he was killed. Whereas, two Turkish officials involved in the investigation of his homicide were also targeted with Pegasus.

NSO Group that has repeatedly denied involvement of its products in human rights violations by its clients, has found to have been at the center of the said abuses at the hands of authoritarian regimes around the world. However, the recent reports by Citizen Lab and Meta reveal that NSO Group is, in fact, just a small part of the growing industry that has affluent clients willing to pay the price of their products.

Meta states in its report, “We believe a public discussion about the use of surveillance-for-hire technology is urgently needed to deter the abuse of these capabilities both among those who sell them and those who buy them.”

Hija is the Senior Programs Manager at Media Matters for Democracy. She leads digital rights and internet governance advocacy at MMfD. Tweets at @hijakamran

No comments

Sorry, the comment form is closed at this time.