Meta says 50,000 Facebook users may have been spied on by private surveillance firms
A worker picks up trash in front of a new logo and the name ‘Meta’ on the sign in front of Facebook headquarters on October 28, 2021 in Menlo Park, California.
Justin Sullivan | Getty Images
Meta has said that around 50,000 Facebook users have been targeted by private surveillance companies.
Meta, which also owns and operates Instagram, WhatsApp and Messenger, said in a blogpost Thursday that it has alerted the people who it believes were targeted by the malicious activities.
Seven “surveillance-for-hire” companies have also been banned from Meta’s platforms, the company said. Action was taken against Cobwebs Technologies, Cognyte, Black Cube, Blue Hawk CI, BellTroX, Cytrox and an unknown Chinese entity. Four of them are located in Israel, one is in India, one is in North Macedonia, and the other is in China. None of the firms immediately responded to a CNBC request for comment.
Meta said the seven firms carried out a combination of reconnaissance, engagement and exploitation. Some carried out all three, while others focused on one or two. The company, led by CEO Mark Zuckerberg, said around 1,500 accounts linked to the seven firms have been removed from its platforms.
The companies targeted people including journalists and human rights activists in over 100 countries on behalf of their clients, Meta said, adding that they created fake accounts, befriended targets and used hacking methods to acquire information.
“The global surveillance-for-hire industry targets people across the internet to collect intelligence, manipulate them into revealing information and compromise their devices and accounts,” wrote Meta’s David Agranovich, director of threat disruption, and Mike Dvilyanski, head of cyber espionage investigations.
“These companies are part of a sprawling industry that provides intrusive software tools and surveillance services indiscriminately to any customer — regardless of who they target or the human rights abuses they might enable,” they added.
Jake Moore, the former head of digital forensics at a U.K. police force who is now the global cybersecurity advisor at ESET, said in a statement that it is absolutely necessary to remove such accounts.
“Although it is extremely difficult for Facebook to remove fake accounts and it has previously struggled with spotting the fakes as some will inevitably still slip through the algorithm,” he said. “It does, however, highlight that Facebook is a tool used in social engineering and even spying on people so users must be reminded to limit the amount of information they post on public social media.”
This isn’t the first big surveillance scandal of the year. In July, it emerged Pegasus “spyware” developed by Israel’s NSO Group had been used to target thousands of people including world leaders and journalists.
Meta is taking legal action against NSO Group over the alleged spreading of Pegasus software via WhatsApp, while the U.S. government blacklisted the company last month.