Skip to content

Illustration by Security Management

Meta Takes Action Against Surveillance-For-Hire Firms, Notifies 50,000 Potential Targets

Meta notified 50,000 people in more than 100 countries that surveillance-for-hire firms were targeting their accounts for intelligence, manipulation, or compromise, the parent company of Facebook announced Thursday.

The surveillance-for-hire industry, sometimes called cyber mercenaries, typically say their services are used to target criminals and terrorists. Meta, however, found that some of these firms were using their abilities to target journalists, dissidents, critics of authoritarian regimes, and families of opposition and human rights activists.

“These companies are part of a sprawling industry that provides intrusive software tools and surveillance services indiscriminately to any customer—regardless of who they target or the human rights abuses they might enable,” wrote David Agranovich, director, threat disruption at Meta, and Mike Dvilyanski, head of cyber espionage investigations at Meta, in a post on the announcement. “This industry ‘democratizes’ these threats, making them available to government and non-government groups that otherwise wouldn’t have these capabilities.” 

Meta confirmed that it had disabled access accounts associated with seven companies based in China, India, Israel, and North Macedonia that targeted individuals in more than 100 countries: Cobwebs Technologies, Cognyte, Black Cube, Bluehawk CI, BellTroX, Cytrox, and an unknown entity in China.

“To help disrupt these activities, we blocked related infrastructure, banned these entities from our platform, and issued Cease and Desist warnings, putting each of them on notice that their targeting of people has no place on our platform and is against our Community Standards,” Meta said. “We also shared our findings with security researchers, other platforms, and policymakers so they too can take appropriate action. We also notified people who we believe were targeted to help them take steps to strengthen the security of their accounts.” 

Agranovich and Dvilyanski clarified that the activity these firms were engaging in is not the same as that conducted by law enforcement utilizing Meta’s services.

“To support the work of law enforcement, we already have authorized channels where government agencies can submit lawful requests for information, rather than resorting to the surveillance-for-hire industry,” Meta said. “These channels are designed to safeguard due process and we report the number and the origin of these requests publicly.”

Meta previously sued Israeli firm NSO Group in 2019 after attributing an intrusion on WhatsApp—Meta’s popular messaging service—that targeted human rights activists, journalists, and other members of civil society. 

NSO Group has been back in the headlines this fall after the U.S. Commerce Department placed the company on its Entity List and Apple sued it for compromising its systems with its Pegasus spyware. New research from Google’s Project Zero—released this week—took a deep dive into NSO Group’s zero-click iMessage exploit, FORCEDENTRY.

“Based on our research and findings, we assess this to be one of the most technically sophisticated exploits we’ve ever seen, further demonstrating that the capabilities NSO provides rival those previously thought to be accessible to only a handful of nation states,” Project Zero’s Ian Beer and Samuel Groß wrote. 

As Meta’s report and other research show, however, NSO Group is not the only actor engaging in these activities. Citizen Lab, an Internet security watchdog from the University of Toronto, released a report Thursday saying Cytrox—one of the firms named by Meta—and NSO Group surveillance technology was used to compromise the phone of Ayman Nour, a critic of Egypt’s President Abdel Fattah al-Sisi who lives in exile.

"I believe that in 40 years of public and political work, as a member of parliament, as a presidential candidate, there were hundreds of signs of some kind of monitoring or breaches of privacy," Nour told Reuters in an interview. "For the first time, I have evidence." 

In response to this activity, several members of the U.S. Congress have called for Global Magnitsky sanctions against four surveillance-for-hire firms: DarkMatter, Nexa Technologies, NSO Group, and Trovicor. These types of sanctions are used to punish individuals responsible for gross violations of internationally recognized human rights and were created in 2016. An executive order built on those capabilities to allow sanctions against individuals who provide technological support to enable human rights abuses. 

“Their developers are located overseas, and they can certainly find foreign sources for the hardware and software on which they rely to develop and sell their products,” the lawmakers wrote in a letter to U.S. Treasury Secretary Janet Yellen. “However, these surveillance companies do depend on the U.S. financial system and U.S.-based investors, particularly when they eventually wish to raise billions by listing on the stock market. To meaningfully punish them and send a clear signal to the surveillance technology industry, the U.S. government should deploy financial sanctions.”