“The global surveillance-for-hire industry targets people across the internet to collect intelligence, manipulate them into revealing information and compromise their devices and accounts,” explained Meta. “These companies are part of a sprawling industry that provides intrusive software tools and surveillance services indiscriminately to any customer — regardless of who they target or the human rights abuses they might enable.”
Meta banned offending companies from their platforms, and issued Cease and Desist warnings, “putting each of them on notice that their targeting of people has no place on the platform and is against our Community Standards.”
The companies targeted included the Israeli organization Black Cube, which gained notoriety for their targeting of accusers of Harvey Weinstein during his sexual harrassment scandal.
We removed about 300 Facebook and Instagram accounts linked to Black Cube,” Meta said in their threat report. “Black Cube operated fictitious personas tailored for its targets: some of them posed as graduate students, NGO and human rights workers, and film and TV producers. They would then attempt to set up calls and obtain the target’s personal email address, likely for later phishing attacks.”
Meta’s seven-month investigation found that Black Cube’s customers included everything from private individuals to law firms and businesses in industries ranging from medicine to mining, minerals and energy.
“Targeting by Black Cube on behalf of its customers was also widespread geographically,” Meta said. “It also included NGOs in Africa, Eastern Europe, and South America, as well as Palestinian activists. They also targeted people in Russia associated with universities, the telecom, high tech, consulting, legal, and financial industries, real estate development and media.”
Also included was another Israel-based intelligence firms, Cognyte, Cobwebs Technologies and BlueHawk CI, India-based BellTrox, Cytrox, a North Macedonian company, and an unnamed entity based out of China.
Though not included, Meta mentioned the infamous NSO Group responsible for the Pegasus spyware in their statement, and pointed out that they had sued the company in 2019, a case which is still ongoing.
“Recently, there has been an increased focus on NSO, the company behind the Pegasus spyware,” Meta said. “However, NSO is only one piece of a much broader global cyber mercenary industry.”