In a threat report, Meta (the parent company of Facebook and Instagram) recently announced their findings from an investigation into surveillance-for-hire groups. According to the report, Meta disabled and banned seven surveillance-for-hire groups. The threat report was written by Mike Dvilyanski, Head of Cyber Espionage Investigations; David Agranovich, Director of Threat Disruption; and Nathaniel Gleicher, Head of Security Policy for Meta.
Meta describes surveillance-for-hire groups as cyber mercenaries that seek out information through a combination of reconnaissance, engagement, and exploitation. Some specialize in just one of these “surveillance chain” activities, while others engage in all three. The key is that surveillance-for-hire groups are hired to obtain as much information on a target by any means necessary. These targets can be virtually anyone: activists, journalists, political rivals, terrorists, and many others. Basic business ethics can be ignored by these groups. The only thing that appears to matter is getting paid.
According to the report, the investigation revealed seven groups engaging in surveillance-for-hire:
1) Cobwebs Technologies: Described in the Meta report as an Israeli operation which, “… sells access to its platform that enables reconnaissance across the internet, including Facebook, Instagram, WhatsApp, Twitter, Flickr, public websites and ‘dark web’ sites.”
2) Cognyte: Israeli firm that, “… sells access to its platform which enables managing fake accounts across social media platforms including Facebook, Instagram, Twitter, YouTube, and VKontakte (VK), and other websites to social-engineer people and collect data.”
3) Black Cube: Another firm from Israel that specializes in phishing by tricking targets into giving up email addresses once a relationship is established.
4) Bluehawk CI: Israeli firm that primarily targets journalists with “… social engineering, gathering of litigation-related intelligence about people, and managing fake accounts to trick them into installing malware.”
5) Belltrox: India-based firm that went dormant in 2019, but started up again in 2021. It mostly impersonated journalists and attempted to gain phishing information through social media.
6) Cytrox: Headquartered in North Macedonia, Cytrox develops software with the express intent of exploiting, breaching, and then installing malware on target systems.
7) (Name unknown): Though this group had no given name, Meta investigators uncovered that they operated out of China. They were primarily hired to develop, “… surveillanceware for Android, iOS, Windows, and also Linux, Mac OS X, and Solaris operating systems.”
Combined, all of the mentioned surveillance-for-hire groups targeted individuals in more than 100 countries. Since banned from Meta-owned sites, some of the groups have attempted to circumnavigate the bans with little success. Meta also shared their findings with security researchers and policymakers, issued Cease and Desist warnings, and alerted targeted people and groups.
Featured image: Wikimedia Commons/