Meta: Surveillance-for-Hire Firms Hit 50,000 Victims

Meta has removed seven “surveillance-for-hire” companies from its platform to target blameless victims in over 100 countries around the world.

Facebook’s parent company revealed in a report published yesterday that the seven companies are based in China, Israel, India and North Macedonia. Their services are said to have targeted an estimated 50,000 victims, including journalists, dissidents, critics of authoritarian regimes, families of opposition and human rights activists.

Four entities are based in Israel: Cobwebs Technologies, Cognyte, Black Cube and Bluehawk CI. The country has a significant stake in the global surveillance market, notably through the work of controversial firm NSO Group, which WhatsApp launched a legal case against in 2019.

Meta said the organizations operate across the three phases of targeting activity: “reconnaissance” via automated software; “engagement,” in a bid to build trust with the individual; and “exploitation” via phishing emails and messages.

“Although public debate has mainly focused on the exploitation phase, it’s critical to disrupt the entire lifecycle of the attack because the earlier stages enable the later ones,” said Meta. “If we can collectively tackle this threat earlier in the surveillance chain, it would help stop the harm before it gets to its final, most serious stage of compromising people’s devices and accounts.”

The social media giant said the removed entities violated its Community Standards and Terms of Service.

“Given the severity of their violations, we have banned them from our services. To help disrupt these activities, we blocked related internet infrastructure and issued cease and desist letters, putting them on notice that their targeting of people has no place on our platform,” the firm added.

“We also shared our findings with security researchers, other platforms, and policymakers so they can take appropriate action.”

There are signs that the US government is now taking the activities of surveillance companies like these seriously.

In November, the Treasury added NSO Group to its entity list, making it harder for the firm to buy components from US companies

What’s Hot on Infosecurity Magazine?