- Cobwebs Technologies, an Israeli company with offices and clients in the US, has shut down 200 accounts that were collecting information on targets and engaging in social engineering to reveal private information. The company is being used by law enforcement, according to investigators, as well as being used to target activists, opposition politicians, and government officials in Mexico and Hong Kong. Spider Web spokesperson Metal Levi Tal told the MIT Technology Review that the company was unaware of Meta’s findings and that it “only operates in accordance with the law and adheres to strict standards regarding privacy protection.”
- Israeli company Cognyte has lost 100 accounts allegedly involved in monitoring targets including journalists and politicians from around the world.
- Black Cube is an Israeli company linked to a massive list of scandals, including a history of spying on reporters. Facebook investigators say they have found the company gathering intelligence on a wide range of targets ranging from Palestinian activists to workers in the medical and energy industries to academics, particularly within Russia. Black Cube is said to have built fake characters including students, human rights workers and film producers. Investigators say the company typically authenticates a person and then makes phone calls to obtain the target’s email address, with the potential aim of implementing tactics such as phishing attacks. When reached for comment, the company denied any hacking had taken place and insisted that all “agent activities” are “fully compliant with local laws.”
- Another Israeli company, Bluehawk CI, is already known for being journalists and tricking targets into installing malware. Facebook said it had removed 100 accounts linked to the company that the company concluded were widely used against targets including political opponents of the United Arab Emirates government and businessmen across the Middle East.
- Indian company BellTroX has been in the monitoring industry for at least seven years. Facebook has removed 400 accounts linked to the company that investigators said were used to surface politicians and journalists and launch phishing attacks against victims including doctors, lawyers, activists and clerics in Angola, Argentina, Saudi Arabia and Iceland.
- Investigators said the North Macedonian company Cytrox was primarily engaged in hacking operations. The company targeted journalists and politicians around the world. Cytrox is part of the alliance of surveillance and intelligence companies known as Intellexa. Executives at another Intellexa company, Nexa Technologies, were indicted earlier this year for their alleged role in spying on and torturing opponents in Libya and Egypt.
- Finally, an unidentified organization in China has been linked to a widespread surveillance operation that involved using social engineering against targets and developing malware to spy on minorities in Xinjiang, China, as well as Myanmar and Hong Kong.
Facebook’s parent company, Meta, which sued Israeli hacking company NSO Group in 2019, is sending cease-and-desist letters to both companies today as well as sharing alerts with nearly 50,000 identified victims. The alerts tell victims that “a sophisticated actor may be targeting your Facebook account” and then recommend steps to better secure their account, including running a privacy check.
Investigators said the work’s ultimate goal is to spark a larger debate about the surveillance industry versus hiring. They said they recommend strengthening transparency and “know your customer” laws, deepening industrial cooperation to counter surveillance firms, and increasing accountability through new legislation and export control laws.
Investigators added that not all of the companies’ work appears to contravene well-known laws and ethical standards – and some of these companies are known to use Facebook and Instagram to carry out legal and intelligence work. But both systems have established channels for law enforcement to legally request data in a manner consistent with due process and transparency.
“The targeting that we’re seeing from these companies doesn’t look like that,” said Gleicher. “It is indiscriminate targeting across society. These companies are designed to hide their customers. If you are a foreign government that wants to make it difficult for defenders to find you, you hire a company like this to create a layer of confusion between you and the damage that is being done.”
In addition to letters of termination and widespread deletion of accounts, Gleicher has not ruled out future lawsuits against any of the offending companies. However, investigators said finding out about paid surveillance activities is likely to be an ongoing challenge.
“When we see networks engaging in this type of activity, we take a network approach,” said David Agranovich, director of threat disruption at Facebook. “We are removing all of their activity on the platform at the same time. Knowing that they are hostile networks, we will then work to keep them off our platform.”