Meta removes 1500 accounts from 7 NSO-like spy companies
Meta says it has removed seven surveillance-for-hire companies from the platform in recent months. These companies are similar to NSO and can be hired by individuals, companies and governments to spy on others.
The spy companies target people on the internet and try to obtain data. This can be collectible data from sources such as social media, blogs or Wikipedia. However, the companies can also manipulate victims to obtain data, or hack devices and accounts.
Meta says these companies offer tools and services to all kinds of customers, regardless of who their victims are and what the consequences of their investigations are. These companies ‘democratize’ espionage services, says Meta, because it makes them available to organizations or governments that don’t have the resources to do it themselves.
Research by Meta shows that there are seven spy companies that Facebook’s parent company has targeted. These are Israeli companies such as Cobwebs Technologies, Cognyte, formerly known as WebintPro, Black Cube and Bluehawk. Indian company BellTrox, an “unknown entity in China” and North Macedonian company Cytrox are named in the investigation. The latter came to light at Meta through an investigation by Citizen Lab.
According to Meta, these companies are involved in at least one, often several, phases within the ‘surveillance chain’. The first of those three phases is the research phase, in which the ‘cyber mercenaries’ create profiles of victims. They use automated data collection tools to collect data from social media and other sources.
In the second phase, which is the most visible to the victim, the attacker contacts the victim or an acquaintance. In doing so, the attacker tries to gain trust and obtain information. Malicious links and files can be sent here. These links and files play a major role in the final stage, where victims can be lured to phishing pages, or malware is installed on the victim’s device.
The seven companies mentioned had targets in more than 100 countries and violated several of Meta’s terms of use. The services and their accounts have therefore been banned from Meta’s platforms. Meta also says it has blocked ‘related internet infrastructure’ and has sent cease and desist letters. The company also shared the results of the investigation with security researchers, other platforms and policy makers, and warned 50,000 intended targets.
Meta now says it will go public with the investigation, to warn users that there are more spy companies than NSO, developers of, among other things, the Pegasus spyware. These companies also claim that they are only used to track down criminals and terrorists. Meta disputes this, and also points to other investigations into these spy companies. Journalists, dissidents, government critics, families of opposition leaders and activists have also been targeted by the companies. Meta therefore calls for more cooperation against these companies, and a greater role from governments to create better rules and to monitor these companies more.