Facebook ‘surveillance-for-hire’ groups: what happened and how to know if your account was affected?
Nearly 50,000 people across 100 countries had their Facebook and Instagram accounts compromised by ‘surveillance-for-hire’ groups
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Nearly 50,000 people across 100 countries have had their Facebook and Instagram accounts compromised by seven “surveillance-for-hire” groups.
The groups aimed to collect intelligence, manipulate users into revealing information, and compromise their devices, Meta, the parent company of Facebook and Instagram, said.
“These companies are part of a sprawling industry that provides intrusive software tools and surveillance services indiscriminately to any customer — regardless of who they target or the human rights abuses they might enable”, they wrote.
“This industry ‘democratizes’ these threats, making them available to government and non-government groups that otherwise wouldn’t have these capabilities.”
What did the groups do?
There are three phases the groups go through to collect information, Meta says: reconnaissance, engagement, and exploitation.
The first stage involves gathering information from blogs, social media, Wikipedia, and “dark web” sites. The second is the most visible to targets, establishing contact with them in to get them to click on malicious links or files.
The final stage is “hacking for hire” which includes practices like phishing. The hackers will create domains in an attempt to make people hand over information without their knowledge. They could mask themselves as social media, financial services, or corporate networks.
Which companies are responsible?
The companies are located in Israel, India, North Macedonia, and China. According to Meta, they include: Cobwebs Technologies, Cognyte, Black Cube, Bluehawk, BellTroX, Cytrox, and an unknown entity in China.
Cobwebs Technologies, Cognyte, Black Cube, and Bluehawk did not immediately respond to a request for comment from The Independent.
BellTrox and Cytrox was not immediately available for comment. It is unclear who the companies were working for.
“We often cannot tell who these firms’ clients are—this concealment seems to be a service they offer. That’s why we enforce consistently against this deceptive, violating behaviour, regardless of the firm behind it or who hired them,” Nathaniel Gleicher, head of security policy at Facebook, said.
Meta compares the companies to NSO, which was behind the Pegasus spyware and which Meta sued in 2019.
“The ‘surveillance-for-hire’ entities we removed and described in this report violated multiple Community Standards and Terms of Service. Given the severity of their violations, we have banned them from our services,” Meta said.
“The entities behind these surveillance operations are persistent, and we expect them to evolve their tactics. However, our detection systems and threat investigators, as well as other teams in the broader security community keep improving to make it harder for them to remain undetected”
Who has been affected?
While these companies claimed that they only target criminals and terrorists, Meta found that they also “targeted journalists, dissidents, critics of authoritarian regimes, families of opposition and human rights activists around the world.”
Meta says that it “blocked related infrastructure, banned these entities from our platform and issued Cease and Desist warnings, putting each of them on notice that their targeting of people has no place on our platform and is against our Community Standards” to disrupt their activities. The findings were shared with security researchers, other social media platforms, and policymakers.
How to know if you are affected
Meta has sent users notifications if their accounts were compromised.
“We believe that a sophisticated attacker may be targeting your Facebook account. Be cautious when accepting friend requests and interacting with people you don’t know”, the message reads.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments