Facebook, based on months of investigation, has banned seven cyber entities from their platform for manipulating and engaging in surveillance activity.
Facebook revealed that the surveillance services were indiscriminately targeting human rights activists, critics of authoritarian regimes, journalists, opposition parties, and dissidents.
“Today, as part of a separate effort, we are sharing our findings about seven entities that we removed from our platform for engaging in surveillance activity and we will continue to take action against others as we find them,” Facebook said.
Meta is calling out half a dozen private surveillance companies for hacking or other abuses, accusing them of collectively targeting about 50,000 people across Facebook, Instagram and WhatsApp https://t.co/ZNakqrOBc8 pic.twitter.com/anVCy704aL
— Reuters (@Reuters) December 17, 2021
Measures Taken
Facebook identified seven different surveillance-for-hire entities that provided services across all three phases of the surveillance chain — Reconnaissance, Engagement, and Exploitation — to indiscriminately target people in over 100 countries on behalf of their clients. These providers are supposedly based in China, Israel, India, and North Macedonia; the entities are Cobwebs Technologies, Cognyte, Black Cube, Bluehawk CI, BellTroX, Cytrox, and an unknown entity in China.
To put a reign on their services, Facebook has banned related internet infrastructure and issued Cease and Desist letters.
“Putting them on notice that their targeting of people has no place on our platform, we also shared our findings with security researchers, other platforms, and policymakers so they can take appropriate action. We alerted around 50,000 people who we believe were targeted by these malicious activities worldwide, using the system we launched in 2015. We recently updated it to provide people with more granular details about the nature of targeting we detect, in line with the surveillance chain phases framework,” shared Facebook.
Surveillance-For-Hire
Facebook explains that a global industry operates surveillance-for-hire. They target people on the digital platform to collect intelligence, manipulate them to share information and compromise their devices and accounts. This industry is burgeoning with companies that provide intrusive software tools and surveillance services indiscriminately to any customer without verifying for whom the service is being used. There is no accountability of who is being targeted and if any human rights issues are being violated. According to Facebook, the industry has banned these cyber entities, democratized these threats and made them available to government and non-government groups that mostly do not have these capabilities.
There has been an evident uproar against these so-called “mercenary spyware firms” as they have been identified to facilitate the world’s worst human rights abuses. Israel-based NSO Group, known for its surveillance software Pegasus, is only a part of the bigger cyber mercenary industry. In October 2019, Facebook sued the NSO Group for violating the Computer Fraud and Abuse Act. Recently, Apple also filed a lawsuit against the NSO Group to hold it accountable for the surveillance and targeting of Apple users.
An increasing number of tech giants are coming out in support of each other to fight against the violation by surveillance tools and software. Constant exploitation of vulnerabilities on popular platforms and brands has been a rising concern, and active collaboration amongst the giants will have a positive impact in curbing the targeted and state-sponsored attacks.
