Facebook parent accuses six groups of ‘surveillance-for-hire’

Meta has issued cease-and-desist warnings against six companies, including controversial Israeli intelligence firm Black Cube, which it claims spied on about 50,000 of its users around the world as part of the growing “surveillance-for-hire” industry.

The social media network formerly known as Facebook said on Thursday that a “months-long investigation” had uncovered groups of “cyber mercenaries” providing surveillance services for customers, which it said included private individuals, law firms, businesses, politicians and law enforcement.

Meta said that the six firms, which it also banned from its platforms, typically claim to use their technology to surveil criminals and terrorists, but instead were found to “indiscriminately” target about 50,000 of its users, including journalists, politicians, human rights activists and critics of authoritarian regimes. These users, across more than 100 countries, will be notified by Meta.

A seventh company conducting similar activities could not be identified but was believed to be based in China, Meta said.

The report focuses on the freewheeling cyber surveillance industry, which researchers say uses a combination of social engineering and sophisticated technology to monitor — and in some cases hack — adversaries on behalf of clients.

Meta said it had taken down about 1,500 pages on Facebook and Instagram created by the companies, either to collect information on targets, or to befriend them in order to trick them into sharing personal information.

“The goal of this enforcement is not just to take down their accounts but to disrupt their activity in the most costly way possible, to blow the cover on their operations and bring transparency to this industry,” said David Agranovich, director of threat disruption at Meta.

Black Cube, founded in 2011 by veterans of Israeli intelligence agency Mossad, targeted people in the medical, mining, minerals and energy industries, at NGOs in Africa and South America, and across sectors in Russia, Meta said. While Meta did not accuse it of hacking, it said the company created fictitious personas in order to make contact with targets and obtain email addresses “likely for later phishing attacks”.

Black Cube came under the spotlight in 2017 after the New Yorker reported that it had been hired by disgraced movie mogul Harvey Weinstein to surveil reporters covering allegations of sexual assault against him and to spy on one of his victims.

Black Cube said in a statement to the Financial Times that it obtained legal advice in every jurisdiction in which it operated to ensure its work was “fully compliant with local laws” and said that it “does not undertake any phishing”. It added that it was a “litigation support firm which uses legal human intelligence investigation methods to obtain information for litigations and arbitrations”.

Among the other companies named by Meta on Thursday were three other Israeli groups: Cognyte, Bluehawk CI and Cobwebs Technologies. In 2020, Cobwebs won a five-year contract with the US Department of Homeland Security for an intelligence tool. Meta said the company had a US client targeting its users but that it was unable to identify them more precisely.

Meta also said it was banning Indian group BellTroX, North Macedonian group Cytrox and an unknown entity in China, and accused these three companies of also trying to infiltrate targets’ devices by encouraging users to click on malicious software, known as spyware.

The Chinese entity appeared to be being used by domestic law enforcement in China to surveil minority groups in the Xinjiang region of China, Myanmar and Hong Kong, Meta said.

Research group Citizen Lab on Thursday published a detailed analysis that found that Cytrox had developed spyware called Predator, which was found on the phone of exiled Egyptian journalist Ayman Nour.

Of the companies named by Meta, Black Cube was the only one to respond to requests for comment. In an email to Reuters, Cobwebs spokesperson Meital Levi Tal said the company drew on open sources and that its products “are not intrusive by any means”. The spokesperson also told Bloomberg: “Cobwebs operates only according to the law and adheres to strict standards in respect of privacy protection.” 

The news comes as both Meta and Apple are suing Israeli cyber group NSO after its spyware, known as Pegasus, was allegedly used to target journalists and dissidents. NSO claims its technology is used to fight crime. Earlier this week, it emerged that the company, which was recently blacklisted by the US Department of Commerce, is weighing a sale of the company or a shutdown of its Pegasus unit.