Facebook has banned seven “hire surveillance” companies from its platforms and will send warnings to 48,000 people the company says have been targeted with malicious activity, following a months-long investigation into the industry of “cybermercenaires”.
The social media company said Thursday that its investigation revealed new details of how surveillance companies allow their clients to “indiscriminately” target people on the Internet to collect intelligence about them, manipulate them – and ultimately compromising their devices.
Some of the surveillance companies that Facebook named in its investigation and banned from its platforms include:
Black Cube, an Israeli company that gained notoriety after it emerged that disgraced media mogul and convicted sex offender Harvey Weinstein hired them to target women who accused him of abuse. Black Cube has rejected Facebook’s claims about its activities.
Cobwebs, another Israeli company that Facebook says has allowed customers to use public websites and dark websites to trick targets into revealing personal information. The company would also work for American clients, including a local police department in Hartford, Connecticut.
Cytrox, a North Macedonian company that Facebook says has allowed customers to infect targets with malware as a result of phishing campaigns.
Facebook’s investigation comes as the company itself comes under scrutiny in Washington and around the world following accusations by whistleblower Frances Haugen that it allowed the spread hate speech and disinformation.
Facebook’s investigation is important, however, as it reveals new details about how parts of the surveillance industry are using social media – from Facebook to Instagram – to create fake accounts in order to deceive their targets and conceal their own activities.
While many companies claim to be hired to target criminals and terrorists, Facebook said the industry “regularly” allows its clients to target journalists, dissidents, critics of authoritarian regimes and human rights activists and their families.
“Our hope is to contribute to a better understanding of the damage this industry represents to the world and to call on democratic governments to take further action to help protect people and impose surveillance on ubiquitous spyware vendors,” he said. declared the company. He added that he not only removed fake company accounts from their platforms, but also issued cease and desist orders and that he would ensure that companies did not seek to opt out. re-engage on their platforms.
Facebook said the 48,000 people who would be alerted had not all been hacked, although the company said they were the subject of “malicious activity.”
He also pointed to the recent and intense media attention on NSO Group, the Israeli spyware maker that was at the heart of Project Pegasus, investigated by the Guardian and other media, and was recently blacklisted by the ‘Biden administration. WhatsApp, which is owned by Facebook’s parent company Meta, sued NSO in 2019 and has been a major critic of the company. NSO was not among the businesses banned on Thursday.
âIt’s important to realize that NSO is just one part of a much larger global cyber-marketing ecosystem,â Facebook said.
As Facebook announced its investigation, lead researchers at the University of Toronto’s Citizen Lab published a new report which focused on an entity – Cytrox – whose spyware, called Predator, was allegedly used by an unknown client to hack the devices of two individuals.
One, Ayman Nour, is an exiled Egyptian politician who, according to Citizen Lab, was simultaneously hacked by two different nation states, one using Predator and the other using Pegasus. Nour, who is based in Turkey, is the chairman of an Egyptian political opposition group called the Union of Egyptian National Forces and was a former presidential candidate who ran against former President Hosni Mubarak.
He was jailed for four years after crushing allegations – believed to be politically motivated – of forging signatures on petitions. He was released following international pressure. He was also an associate of Jamal Khashoggi, the Washington Post columnist who was assassinated by Saudi agents at the Saudi consulate in 2018.
In an interview with the Guardian, Nour said it was painful to hear that he had been hacked.
âThere was a negative psychological impact on me. My kids live in UK and US, and I live in a third country Turkey, so being sure I was being spied on, I stopped communicating with my sons because I’m scared for them “, did he declare.
Nour said he held a Zoom meeting with Egyptians, Saudis and Emirates as part of a discussion on the use of the death penalty in Arab countries on the day researchers later learned that ‘it had been hacked.
A second target, who remains anonymous, has been described by Citizen Lab as a journalist in exile and a vocal critic of Abdel Fatah al-Sisi’s regime.
Cytrox did not immediately respond to a request for comment.
Citizen Lab’s internal analyzes found potential Predator customers in Armenia, Egypt, Greece, Indonesia, Madagascar, Oman, Saudi Arabia and Serbia.
Cytrox is said to be part of Intellexa, the spyware “Star Alliance” which was formed to compete with NSO and describes itself on its website as being EU-based and regulated. Intellexa did not respond to a request for comment.
An NSO spokesperson said he had not seen the Citizen Lab report, but said the claims were “technologically and contractually illogical” because Egypt was on NSO’s “no-sell” list. and was not a customer and “never will be.”
âThe use of cyber tools to monitor dissidents, activists and journalists is a serious misuse of any technology and runs counter to the desired use of these critical tools. The international community should have a zero tolerance policy towards such acts, therefore global regulation is needed. NSO has proven zero tolerance for these types of abuse in the past by terminating contracts, âthe spokesperson said.
Earlier reports from Project Pegasus have shown that NSO previously retained some customers, including the United Arab Emirates, despite allegations of abuse. The company said it had severed ties with some customers, including Saudi Arabia and the United Arab Emirates over allegations of abuse.
Citizen Lab said Cytrox would have started as a North Macedonian startup and have a presence in Israel and Hungary.
In its report, Facebook said it deleted 300 Facebook and Instagram accounts linked to Cytrox. He said investigations with Citizen Lab found a “vast domain infrastructure” that he believed Cytrox was using to spoof legitimate news entities in their countries of interest.
In his Threat Report, he described three steps that customers of most of the companies he investigated use to target individuals. First, the recognition stage, which involves âmonitoring from a distanceâ to discern an individual’s interests. The second is what Facebook calls an “engagement stage,” where business customers then make contact with targets and seek to build trust and solicit information, and then “get” them to click. on links and download files.
Finally, Facebook said the final step involves âpay hacking,â in which individuals are hacked or otherwise targeted by malware. The company said it was important to focus and disrupt the first two stages of invasive surveillance, which received less media attention.
In the case of Black Cube, Facebook said it deleted 300 Facebook and Instagram accounts linked to the company.
“Black Cube exploited fictional characters suited to its targets: some of them posed as graduate students, NGOs and human rights defenders, and film and television producers,” Facebook said. .
In a statement, Black Cube – who has publicly apologized for his work for Weinstein – said, âBlack Cube does not engage in any phishing or hacking and does not operate in the cyber world. Black Cube is a litigation assistance firm that uses Humint legal investigative methods to obtain information for litigation and arbitration. Black Cube works with the world’s largest law firms to prove corruption, uncover corruption and recover hundreds of millions of stolen assets. Black Cube obtains legal advice in each jurisdiction in which we operate to ensure that all activities of our agents fully comply with local laws.
Other entities banned by Facebook include: Cognyte, Bluehawk CI, BellTroX and what has been described as an âunknown entityâ in China, which it claims was responsible for malicious targeting and appears to have been used for the enforcement of the national law in China. The malware deployed by the group has been used against minority groups in Xinjiang, Myanmar and Hong Kong.
BellTroX could not be reached for comment. A Cobwebs spokesperson told Reuters the company relies on open sources and its products “are not intrusive in any way.”
Other entities named by Facebook did not respond to requests for comment.