Facebook’s parent company, Meta Platforms Inc., has announced a sweeping crackdown on surveillance companies it says have used its social media websites to spy on people in more than 100 countries.
In a report released Thursday, Meta identified six companies from Israel, India and North Macedonia, in addition to an unknown entity in China, which it said carried out “indiscriminate” surveillance targeting thousands of people. people.
Meta said it blocked the infrastructure associated with the companies, issued cease-and-desist warnings and banned around 1,500 of their accounts from Facebook and Instagram, which had been secretly used for reconnaissance. , launch hacking campaigns and trick people into providing personal information. information.
Those targeted for corporate surveillance included journalists, dissidents, critics of authoritarian regimes and families of opponents and human rights activists, according to Meta. More than 48,000 people suspected of having been targeted by surveillance companies have been alerted by Meta.
“The goal of today’s app is not just to delete their accounts, but to disrupt their business in the most costly way possible, blow up their operations and bring transparency to the business. ‘industry, ”said David Agranovich, Meta’s director of threats. disturbance.
The revelations come amid scrutiny of companies that supply governments with surveillance technology. Companies, such as Israel’s NSO Group Ltd, claim they provide the tools to help intelligence and law enforcement agencies tackle serious crime and terrorism. But there have been repeated instances in recent years where governments allegedly used technology to spy on dissidents, human rights activists and journalists.
On Tuesday, a group of 18 US lawmakers wrote to the US Treasury Department and the State Department, urging them to use Global Magnitsky’s sanctions to punish NSO Group and other surveillance companies they accused of allowing human rights violations. The struggling NSO Group is now reportedly exploring options that include shutting down its controversial Pegasus spyware unit and selling the entire company, Bloomberg News reported.
Meta says its report aims to show “that NSO is just one part of a much larger global cyber-centennial ecosystem.” He cites four other Israeli companies as having been involved in providing “on-demand monitoring” services – Cobwebs Technologies, Cognyte, Black Cube and Bluehawk CI – in addition to BellTrox in India, Cytrox in North Macedonia and an unknown entity in China. Most companies did not respond to requests for comment.
A spokesperson for Black Cube said the company operates under local laws and “does not engage in phishing or hacking and does not operate in the cyber world.” The company “is working with the world’s largest law firms to prove corruption, uncover corruption and recover hundreds of millions of stolen assets,” the spokesperson added.
Meital Levi Tal, spokesperson for Cobwebs Technologies, said the company had not “been contacted by Facebook (Meta) and was not aware of any allegations it made about our services.” Cobwebs only operates in accordance with the law and adheres to strict privacy standards.
John Scott-Railton, principal investigator at Citizen Lab, a University of Toronto research group that focuses on the abuse of surveillance technology, said that “stroke law enforcement action “Meta’s brain” would send out “a very clear signal of how this is going to treat other offensive players in the future.
“This is important because it shows that it is not the problem of a single company or a handful of companies. It’s an industry-wide problem.
Meta accused Cobwebs of exploiting hundreds of fake accounts used to collect information on their targets, which included activists, politicians and government officials in Hong Kong and Mexico. Bluehawk CI allegedly used fake accounts masquerading as journalists to trick people into installing malware on their computers, targeting politicians and businessmen in the Middle East. Black Cube has been accused of exploiting fake personalities to gather information about people in the medical, mining, mining and energy industries, as well as Palestinian activists and people in Russia involved in finance and real estate development.
BellTroX in India allegedly exploited fake accounts used in alleged attempts to hack phones or computers; the company targeted lawyers, doctors, activists and members of the clergy in countries such as Australia, Angola, Saudi Arabia and Iceland. Meta discovered a “vast domain infrastructure” associated with Cytrox, which it claims was likely used in hacking campaigns targeting politicians and journalists, notably in Egypt and Armenia. Additionally, Meta linked the unknown entity in China to national law enforcement agencies in the country and observed that it supports surveillance campaigns focused on minority groups in Asia-Pacific, including the Xinjiang region in China, Myanmar and Hong Kong.
Separately on Thursday, Citizen Lab released a report linking Cytrox to hacks targeting two prominent critics of the Egyptian government.
The company has developed spyware called Predator that can penetrate iOS and Android mobile devices to secretly record conversations and steal data, Citizen Lab has discovered.
In June, Cytrox spy technology compromised a phone belonging to Ayman Nour, the exiled president of the Union of Egyptian National Forces, an opposition political group. The spyware was also found on the phone of an exiled Egyptian journalist who hosts a popular news program, according to the Citizen Lab report, which does not name the journalist.
Citizen Lab’s digital analysis identified several servers associated with the delivery of Cytrox spyware, in countries such as Armenia, Egypt, Greece, Indonesia, Madagascar, Oman, Saudi Arabia and Serbia. The governments of these countries are likely among Cytrox’s customers, according to Citizen Lab.
“What the public is learning this year is that there is a big cyber insecurity industry that sells these offensive tools,” said Scott-Railton, senior researcher at Citizen Lab. “And as long as there is no serious surveillance, the offensive tools will be used in the same way: to target dissidents, journalists and others. Until systematic and serious efforts are made to address this issue, the horrors will continue to unfold. “
Cytrox has a limited online footprint and has received little media coverage. The company was originally a startup in Macedonia, but was later bought by Tal Dilian, a veteran of the Israeli intelligence services, in a deal worth around $ 5 million, reported Forbes in 2019. A representative for Dilian did not respond to a request for comment.
According to Citizen Lab, Cytrox is involved in a surveillance industry alliance called Intellexa, which was founded by Dilian and says it provides law enforcement and intelligence agencies with “technology platforms to pointe ”that protect communities from criminal activity.
Cytrox has impersonated popular companies and websites, including Apple, Fox News, Instagram, LinkedIn, Tesla, Twitter and YouTube, in order to trick hack targets by clicking on malicious links, the researchers found. Citizen Lab.
The two Egyptians who were hacked earlier this year received messages on WhatsApp that attempted to trick them into clicking on what appeared to be legitimate news websites, but were in fact malicious domains configured to distribute spyware. from Cytrox, Citizen Lab reported.
In Nour’s case, he became suspicious that his phone had been infected after it started to overheat. Citizen Lab researchers examined him forensic and found that he had been successfully infected with two variants of spyware: Cytrox’s Predator and NSO Group’s Pegasus.
Citizen Lab informed Meta, the parent company of WhatsApp, of its findings, prompting the company to launch its own investigation. According to the Meta report released on Thursday, it identified and deleted around 300 Facebook and Instagram accounts linked to Cytrox’s espionage efforts.
Companies like Cytrox are “democratizing access” to spy techniques, said Nathaniel Gleicher, Meta’s chief security officer. “They’re creating tools to manage fake accounts, to target and monitor people, to allow malware to spread. And they provide them to all of the most interested customers – the customers who are willing to pay.”
