Facebook ‘surveillance-for-hire’ groups: what happened and how to know if your account was affected?

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

Nearly 50,000 people across 100 countries have had their Facebook and Instagram accounts compromised by seven “surveillance-for-hire” groups.

The groups aimed to collect intelligence, manipulate users into revealing information, and compromise their devices, Meta, the parent company of Facebook and Instagram, said.

“These companies are part of a sprawling industry that provides intrusive software tools and surveillance services indiscriminately to any customer — regardless of who they target or the human rights abuses they might enable”, they wrote.

“This industry ‘democratizes’ these threats, making them available to government and non-government groups that otherwise wouldn’t have these capabilities.”

There are three phases the groups go through to collect information, Meta says: reconnaissance, engagement, and exploitation.

The first stage involves gathering information from blogs, social media, Wikipedia, and “dark web” sites. The second is the most visible to targets, establishing contact with them in to get them to click on malicious links or files.

The final stage is “hacking for hire” which includes practices like phishing. The hackers will create domains in an attempt to make people hand over information without their knowledge. They could mask themselves as social media, financial services, or corporate networks.

The companies are located in Israel, India, North Macedonia, and China. According to Meta, they include: Cobwebs Technologies, Cognyte, Black Cube, Bluehawk, BellTroX, Cytrox, and an unknown entity in China.

Cobwebs Technologies, Cognyte, Black Cube, and Bluehawk did not immediately respond to a request for comment from The Independent.

BellTrox and Cytrox was not immediately available for comment. It is unclear who the companies were working for.

“We often cannot tell who these firms’ clients are—this concealment seems to be a service they offer. That’s why we enforce consistently against this deceptive, violating behaviour, regardless of the firm behind it or who hired them,” Nathaniel Gleicher, head of security policy at Facebook, said.

Meta compares the companies to NSO, which was behind the Pegasus spyware and which Meta sued in 2019.

“The ‘surveillance-for-hire’ entities we removed and described in this report violated multiple Community Standards and Terms of Service. Given the severity of their violations, we have banned them from our services,” Meta said.

“The entities behind these surveillance operations are persistent, and we expect them to evolve their tactics. However, our detection systems and threat investigators, as well as other teams in the broader security community keep improving to make it harder for them to remain undetected”

While these companies claimed that they only target criminals and terrorists, Meta found that they also “targeted journalists, dissidents, critics of authoritarian regimes, families of opposition and human rights activists around the world.”

Meta says that it “blocked related infrastructure, banned these entities from our platform and issued Cease and Desist warnings, putting each of them on notice that their targeting of people has no place on our platform and is against our Community Standards” to disrupt their activities. The findings were shared with security researchers, other social media platforms, and policymakers.

Meta has sent users notifications if their accounts were compromised.

“We believe that a sophisticated attacker may be targeting your Facebook account. Be cautious when accepting friend requests and interacting with people you don’t know”, the message reads.