Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Tracking & Law Enforcement

Meta Targets ‘Cyber Mercenaries’ Using Facebook to Spy

Facebook parent Meta announced Thursday the shutdown of some 1,500 accounts tied to “cyber mercenary” companies accused of spying on activists, dissidents and journalists worldwide on behalf of paying clients.

Facebook parent Meta announced Thursday the shutdown of some 1,500 accounts tied to “cyber mercenary” companies accused of spying on activists, dissidents and journalists worldwide on behalf of paying clients.

The Facebook and Instagram pages were linked to seven firms, with services allegedly ranging from scooping up public information online to using fake personas to build trust with targets or digital snooping via hack attacks.

Meta unveiled plans to alert about 50,000 people it believes may have been targeted in over 100 nations by firms that include several based or founded in Israel, which is a leading player in the cybersurveillance industry.

“The surveillance-for-hire industry… looks like indiscriminate targeting on behalf of the highest bidder,” Nathaniel Gleicher, head of security policy at Facebook, told a press briefing.

The leading social media network said it deleted accounts tied to Cobwebs Technologies, Cognyte, Black Cube and Bluehawk CI — all of which were based or founded in Israel.

India-based BellTroX, North Macedononian firm Cytrox and an unidentified entity in China also saw accounts linked to them removed from Meta platforms.

“These cyber mercenaries often claim that their services only target criminals and terrorists,” said a Meta statement.

“Targeting is in fact indiscriminate and includes journalists, dissidents, critics of authoritarian regimes, families of opposition members and human rights activists,” it added. 

Unnamed Chinese operation

Firms selling “web intelligence services” start the surveillance process by gathering information from publicly available online sources like news reports and Wikipedia.

Cyber mercenaries then set up fake accounts at social media sites to glean information from people’s profiles and even join groups or conversations to learn more, Meta investigators said.

Another tactic is to win a target’s trust at a social network, then trick the person into clicking on a booby-trapped link or file that installs software that can then steal information from whatever device they use to go online.

With that kind of access, the mercenary can steal data from a target’s phone or computer, including passwords, photos, videos, and messages, as well as silently activate microphones, cameras and geo-location tracking, according to the Meta team.

Bluehawk, one the targeted firms, sells a wide range of surveillance activities, including managing fake accounts to install malicious code, the Meta report said.

Some fake accounts linked to Bluehawk posed as journalists from media outlets such as Fox News in the United States and La Stampa in Italy, according to Meta.

While Meta was not able to pinpoint who was running the unnamed Chinese operation, it did trace “command and control” of the surveillance tool involved to servers that appeared to be used by law enforcement officials in China.

“In some instances, we found this group’s malware framework deployed along with facial recognition software developed by a Beijing based company,” the Meta report said.

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...

Cybercrime

Spanish Court agreed to extradite Joseph James O’Connor to he U.S., who allegedly took part in the July 2020 hacking of Twitter accounts of...

Cybercrime

A hacker who reportedly posed as the CEO of a financial institution claims to have obtained access to the more than 80,000-member database of...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Cybercrime

Russian Vladislav Klyushin made tens of millions of dollars by hacking into U.S. computer networks to steal insider information.