Facebook bans seven ‘cyber mercenary’ companies from its platforms
Facebook owner Meta Platforms Inc is calling out half a
dozen private surveillance companies for hacking or other abuses, accusing them
in a report published Thursday of collectively targeting some 48,000 people
across its platforms.
The company’s fight with the spy firms comes amid a wider
move by American tech companies, U.S. lawmakers and President Joe Biden’s
administration against purveyors of digital espionage services, notably the
Israeli spyware company NSO Group, which was blacklisted earlier this month
following weeks of revelations about how its technology was being deployed
against civil society.
Meta is already suing NSO in U.S. court. Nathaniel Gleicher,
Meta’s head of security policy, told Reuters that Thursday’s crackdown was
meant to signal that “the surveillance-for-hire industry is much broader than
one company.”
Meta’s report said it was suspending roughly 1,500, mostly
fake accounts run by seven organizations across Facebook, Instagram and
WhatsApp. Meta said users in more than 100 countries were targeted.
Meta did not provide a detailed explanation of how it
identified the surveillance firms, but it operates some of the world’s biggest
social and communications networks and regularly touts its ability to find and
remove malicious actors from its platforms.
Among them is Israel’s Black Cube, which became notorious
for deploying its spies on behalf of Hollywood rapist Harvey Weinstein. Meta
said the intelligence firm was deploying phantom personas to chat its targets
up online and gather their emails, “likely for later phishing attacks.”
In a statement, Black Cube said it “does not undertake any
phishing or hacking” and said the firm routinely ensured “all our agents’
activities are fully compliant with local laws.”
Others called out by Meta include BellTroX, an Indian cyber
mercenary firm exposed by Reuters and the internet watchdog Citizen Lab last
year, an Israeli company called Bluehawk CI, and a European firm named Cytrox –
all of whom Meta accused of hacking.
Cognyte, which was spun off from security giant Verint
Systems Inc in February, and Israeli firms Cobwebs Technologies were accused
not of hacking but of using fake profiles to trick people into revealing
private data.
Cognyte, Verint and Bluehawk did not immediately return
messages seeking comment.
In an email, Cobwebs spokesperson Meital Levi Tal said the
company drew on open sources and that its products “are not intrusive by any
means.” Messages left with Ivo Malinovski – who until recently identified
himself as Cytrox’s chief executive on LinkedIn – received no immediate
response. BellTroX founder Sumit Gupta has not returned Reuters reporters’
messages since his firm was exposed last year. He had previously denied
wrongdoing.
Gleicher refused to identify any of the targets by name but
Citizen Lab, in a report published at the same time as Meta’s, said that one of
Cytrox’s victims was Egyptian opposition figure Ayman Nour.
Nour blamed the Egyptian government for the spying, telling
Reuters in an interview from Istanbul that he had long suspected he was under
surveillance by officials there.
“For the first time I have evidence,” he said.
Egyptian authorities did not immediately respond to a
request for comment.
Gleicher said other targets of the spy firms included
celebrities, politicians, journalists, lawyers, executives and regular
citizens. Friends and family of the targets were also swept up in the espionage
campaigns, he said.
Meta cybersecurity official David Agranovich said he hoped
Thursday’s announcement would “kickstart the disruption of the
surveillance-for-hire market,” but whether it deals the companies involved more
than a temporary setback remains to be seen. Two of the companies, Black Cube
and BellTroX, have bounced back after being embroiled in previous spy scandals.
Gleicher said that targets of the spy firms would receive
automated warnings, but he said Facebook would stop short of identifying the
specific firms involved or their clients. That’s despite the fact that Facebook
said it had identified several customers of Cobwebs, Cognyte, Cytrox, and Black
Cube – the latter of which includes law firms.
Marta Pardavi, one of several Hungarian human rights
defenders who say they were targeted by Black Cube in 2017 and 2018, said she
was gratified by the news of Facebook’s report but wanted more information.
“They name law firms,” she said. “But law firms have
clients. Who are the clients for these law firms?”
Comments
Post a Comment