Meta, the parent company of Facebook, on Thursday banned a series of “cyber mercenary” groups spying on activists, dissidents and journalists, and began alerting tens of thousands of people who were likely to have been targeted.
The social media group took down 1,500 Facebook and Instagram pages linked to groups with services allegedly ranging from scooping up public information online to using fake profiles to build trust with targets or digital snooping via hack attacks.
“The surveillance-for-hire industry… looks like indiscriminate targeting on behalf of the highest bidder,” Nathaniel Gleicher, head of security policy at Meta, told a press briefing.
The Facebook parent said it deleted accounts tied to India-based BellTroX, founded by Sumit Gupta in Delhi, and an unnamed Chinese group.
While Meta was not able to pinpoint who was running the unnamed Chinese operation, it did trace “command and control” of the surveillance tool involved to servers that appeared to be used by law enforcement officials in China.
“In some instances, we found this group’s malware framework deployed along with facial recognition software developed by a Beijing based company,” the Meta report said.
Others banned include Cobwebs Technologies, Cognyte, Black Cube and Bluehawk CI – all of which were based or founded in Israel and North Macedonian firm Cytrox. Black Cube denied any wrongdoing.
Banned from Services
“These cyber mercenaries often claim that their services only target criminals and terrorists,” a Meta statement said. “We have banned them from our services.
“Targeting is in fact indiscriminate and includes journalists, dissidents, critics of authoritarian regimes, families of opposition members and human rights activists,” it added.
Cyber mercenaries set up fake accounts on social media sites to glean information from people’s profiles and even join groups or conversations to learn more, Meta investigators said.
Another tactic is to win a target’s trust at a social network and then trick the person into clicking on a booby-trapped link or file that installs software that can then steal information from whatever device they use to go online.
Bluehawk, one the targeted firms, sells a wide range of surveillance activities, including managing fake accounts to install malicious code, the Meta report said.
Some fake accounts linked to Bluehawk posed as journalists from media outlets such as Fox News in the US and La Stampa in Italy, according to Meta.
- AFP, with George Russell