Meta Warns That 50,000 of Its Users May Have Been Targeted by Private Spies

Meta says it has banned six "surveillance-for-hire" firms from its platforms. The firms may have spied on tens of thousands of Instagram and Facebook users.

We may earn a commission from links on this page.
Image for article titled Meta Warns That 50,000 of Its Users May Have Been Targeted by Private Spies
Photo: Kelly Sullivan (Getty Images)

A purge of creeps from some of the web’s most widely used social media platforms has just taken place—a welcome turn-of-events for some 50,000 people who may have been targeted by them, not to mention the rest of us.

Meta, parent company of Facebook and Instagram, said in an announcement Thursday that it had recently ejected six private surveillance firms from its platforms, along with a network of fake profiles being leveraged by an “unknown entity.” Meta says the companies violated its Community Standards and Terms of Service, and “given the severity of their violations,” have now been banned from ever using its platforms again. In a report published alongside the announcement, Meta officials provided details about the lengths it had gone to rid itself of the creepy companies.

“We disabled seven entities who targeted people across the internet in over 100 countries; shared our findings with security researchers, other platforms and policymakers; issued Cease and Desist warnings; and also alerted people who we believe were targeted to help them strengthen the security of their accounts,” Meta said of its efforts to kick out the snoops.

Advertisement

The spy firms largely leveraged networks of fake profiles, which they used to engage with certain users, ingratiate themselves into various “closed” communities, and otherwise keep tabs on certain people—largely journalists and activists, the report states.

In total, Meta said, it has alerted “around 50,000 people who we believe were targeted by these malicious activities worldwide.” The company sent out notifications to the users it believed to have been affected by the surveillance.

Advertisement

Several of the companies named in the report have been involved in visible privacy scandals. One of the firms, the India-based BelltroX, was previously caught up in allegations of “hack-for-hire” schemes deployed against journalists, environmental activists, politicians, and bankers. Another company, Cytrox, is a spyware manufacturer based in North Macedonia. On Thursday, researchers at Citizen Lab published a study detailing the company’s commercial malware, dubbed “Predator,” that is allegedly able to infiltrate phones in ways similar to the notorious NSO Group’s “Pegasus” spyware.

NBC reports that the rest of the companies on Meta’s shitlist—CobWebs Technologies, Bluehawk CI, Cognyte, and Black Cube—are all based in Israel, which is known as a hub for high-tech surveillance services.

Advertisement

Out of this bunch, Black Cube is probably the most notorious. The shadowy firm, staffed by former members of the Mossad and other Israeli intelligence elements, was infamously hired by Harvey Weinstein back in 2016 to spy on his sexual abuse victims, as well as journalists investigating claims made against the movie mogul. According to reporting by the New Yorker, these operatives were tasked with helping to “collect information ... on dozens of individuals, and compile psychological profiles that sometimes focused on their personal or sexual histories.”

Meta says that it also disabled an “unknown entity” based in China—a network of some 100 fake accounts on Facebook and Instagram that appeared to have been engaged in “reconnaissance and social engineering activity before delivering malicious payload to its targets.” The network was likely being used by “domestic law enforcement in China,” the report claims.

Advertisement

Meta’s creep-purge comes at a time when both private industry and the U.S. government appear to be cracking down on the surveillance industry. This is a welcome turn of events since, in recent years, there’s been no shortage of evidence that such companies, while claiming to support legitimate law enforcement action, are often being hired out by wealthy and politically connected individuals as a means of targeting journalists, human rights activists, and pretty much anybody else they want to keep an eye on.

“While cyber mercenaries often claim that their services and surveillanceware are meant to focus only on criminals and terrorists, our own investigation, independent researchers, our industry peers and governments have demonstrated that targeting is indeed indiscriminate and includes journalists, dissidents, critics of authoritarian regimes, families of opposition and human rights activists. In fact, for platforms like ours, there is no scalable way to discern the purpose or legitimacy of such targeting,” the report concludes.

Advertisement

UPDATE December 17th, 2021. 

Black Cube reached out to Gizmodo with a response to Meta’s recent report. It reads as follows:

“Black Cube does not undertake any phishing or hacking and does not operate in the cyber world. Black Cube is a litigation support firm which uses legal Humint investigation methods to obtain information for litigations and arbitrations. Black Cube works with the world’s leading lawfirms in proving bribery, uncovering corruption, and recovering hundreds of millions in stolen assets. Black Cube obtains legal advice in every jurisdiction in which we operate in order to ensure that all our agents’ activities are fully compliant with local laws.”