New Delhi: Meta (formerly Facebook) announced on Friday that it has disabled seven “surveillance companies,” including one from India, that have been targeting individuals such as politicians, election officials, human rights activists and celebrities in over 100 countries on behalf of their clients.
Surveillance-for-hire companies aim to gather information, tamper with and compromise their devices and accounts over the internet. These surveillance providers are based in China, Israel, India and North Macedonia.
The social media giant is sending alerts to nearly 50,000 people in more than 100 countries who it believes have been targeted by one or more of these companies.
The seven companies include BellTroX (India), Cytrox (North Macedonia), Cobwebs Technologies, Cognyte, Black Cube and Bluehawk CI (Israel) and an unknown company in China.
Meta Head of Security Policy Nathaniel Gleicher released his “Threat Report on the Surveillance-for-Hire Industry” and said the report was the result of a months-long investigation and the company had cracked down on seven different surveillance-for-hire companies for their ability interrupt using their digital infrastructure to abuse social media platforms and enable surveillance of individuals across the internet.
“…We see journalists being targeted, we see political figures, politicians, election officials, we see human rights defenders and activists, celebrities, and then we see ordinary people, anyone who might be a party to a lawsuit, for example. So we’re seeing this very broad bias across society,” he added.
In 2019, WhatsApp (part of Meta) had sued Israeli tech company NSO Group – which had developed software called Pegasus that was allegedly used to conduct cyber espionage against journalists, human rights activists and others.
On Friday, Meta said these seven organizations provided services in all three stages of the surveillance chain — intelligence, engagement, and exploitation — that were used to target people indiscriminately.
“In order to disrupt these activities, we have blocked associated infrastructure, banned these entities from our platform, and issued cease-and-desist warnings to alert them all that their human focus has no place on our platform and violates our community standards.” he said.
These findings have also been shared with security researchers, other platforms, and policymakers so they too can take appropriate action.
“We have also notified individuals we believe may have been targeted to help them take steps to strengthen the security of their accounts. The units behind these surveillance operations are persistent, and we expect them to evolve their tactics. Our detection systems and threat investigators, along with other teams in the broader security community, are constantly improving to make it harder for them to remain undetected,” noted Gleicher.
According to the report, Meta had removed about 400 Facebook accounts, the vast majority of which had been inactive for years, linked to BellTroX and used for reconnaissance, social engineering and sending malicious links.
BellTroX is based in India and sells so-called “Hacking for Hire” services, which have also been previously reported. His activity on Meta’s platform was limited and sporadic between 2013 and 2019, after which it was paused.
“BellTroX operated fake accounts to pose as politicians and impersonate journalists and environmental activists to manipulate its targets into collecting information including their email addresses, likely for later phishing attacks,” the statement reads Report.
This activity, based on the exact same playbook, was restarted in 2021, with a small number of accounts posing as journalists and media personalities to send phishing links and solicit targets’ email addresses, she added added.
Among the targets are lawyers, doctors, activists and members of the clergy in countries such as Australia, Angola, Saudi Arabia and Iceland, the report said.
“While cyber mercenaries often claim that their services and surveillance aim to target criminals and terrorists, our investigations have revealed that they do in fact regularly target journalists, dissidents, critics of authoritarian regimes, families of opposition figures and human rights activists around the world target,” the report said.
Explaining the three phases, the report states: Reconnaissance is the first stage of the surveillance chain, which is normally the least visible to targets.
Targets are secretly profiled by cyber mercenaries on behalf of their clients, often using software to automate data collection from the internet. Companies that sell these capabilities typically market themselves as “web intelligence services” to enable collection, retention, analysis, and searchability—both targeted and at scale.
These services typically collect and store data from public websites such as blogs, social media, knowledge management platforms, news media, forums and dark web sites. One of the main means of gathering information on social media is by using fake accounts.
Commitment – the second phase – is usually the most visible to the goals and most important to recognize to avoid compromise. It aims to establish contact with the targets or people close to them in order to build trust, gather information and get them to click links or download files (to enable the next “exploitation” stage).
Operators typically rely on social engineering tactics and use fictional personas to reach people via email, phone calls, text messages, or social media direct messages. These personas are usually tailored to each individual goal to appear believable and to avoid alerting people to malicious intent.
The final stage of the chain of surveillance, exploitation, manifests itself as what is commonly known as ‘hacking for hire’. Vendors can create phishing domains designed to trick targets into giving their credentials to sensitive accounts like email, social media, financial services and corporate networks, the report says.
This article was previously published on Source link