Meta Platform Inc., Accuses Dozens Of Private Companies Spying On Thousands Of Accounts On Facebook

Meta Platform Inc, accuses many companies of spying. (photo; meta.inc)

JAKARTA - Facebook's owner, Meta Platforms Inc., has accused half a dozen private surveillance companies of hacking or other breaches. Meta accused them in a report published Thursday, December 16, of having collectively targeted around 50,000 people across its platforms.

Meta's fight with the spy firm comes amid a broader move by American tech firms, US lawmakers, and President Joe Biden's administration against suppliers of digital espionage services.

Notably the Israeli spyware company NSO Group, which was blacklisted earlier this month after weeks of disclosures about how its technology was applied to civil society.

Meta has sued NSO in US courts. Nathaniel Gleicher, Meta's head of security policy, told Reuters last Thursday's crackdown was meant to signal that "the surveillance industry is being hired far more than just one company."

The Meta report also said it had suspended around 1,500, mostly fake accounts run by seven organizations on Facebook, Instagram, and WhatsApp. Meta says the entity is targeting large numbers of people in more than 100 countries.

Meta did not provide a detailed description of how they identified the surveillance company. But they claim to operate some of the world's largest social and communications networks and regularly praise its ability to find and remove bad actors from its platforms.

Among those charged was Israeli company Black Cube, which rose to prominence for deploying its spies on behalf of Hollywood rapist Harvey Weinstein. Meta said that the intelligence company spread ghost accounts to chat with its targets online and collect their emails. "This is a possibility for a phishing attack at a later date," said Gleicher.

In a statement, Black Cube said it "does not engage in phishing or hacking" and said the company routinely ensures "all our agents' activities are fully compliant with local laws."

Another accused by Meta is BellTroX, a cyber mercenary company in India exposed by Reuters and internet watchdog Citizen Lab last year. Further allegations also surfaced against an Israeli company called Bluehawk CI, and a European company called Cytrox. All of them were accused by Meta of being hackers.

Cognyte, which split from security giant Verint Systems Inc in February and Israeli company Cobwebs Technologies, is accused of not hacking. However, it is suspected of using fake profiles to trick people into revealing personal data.

Cognyte, Verint, and Bluehawk did not immediately return a message requesting comment from Reuters.

In an email, a spokesperson for Cobwebs, Meital Levi Tal, said the company uses open sources and that its products are "non-intrusive in any way."

Messages sent to Ivo Malinovski – who until now identified himself as Cytrox's chief executive on LinkedIn – did not receive an immediate response. BellTroX founder Sumit Gupta has not replied to a Reuters reporter's message since his company came to light last year. He has previously denied any wrongdoing as alleged.

Gleicher declined to identify any of the targets by name but Citizen Lab, in a report published at the same time as Meta, said that one of the Cytrox victims was Egyptian opposition figure, Ayman Nour.

Nour blamed the Egyptian government for the spying, and told Reuters in an interview from Istanbul that he had long suspected he was under the watchful eye of officials there. "For the first time I have evidence," he said.

Egyptian authorities did not immediately respond to a request for comment from Reuters on this report.

Gleicher said other targets for spy companies include celebrities, politicians, journalists, lawyers, executives, and ordinary citizens. The target's friends and family were also swept up in the espionage campaign.

Cybersecurity meta official David Agranovich said he hoped last Thursday's announcement would "start the disruption of the surveillance-for-hire market." There were some signs that other social media companies were taking similar action, when Twitter announced the removal of 300 accounts hours after the Meta announcement.

Whether the takedowns dealing with the companies involved are a setback, it remains to be seen. Two of the companies, Black Cube and BellTroX, have bounced back after being embroiled in previous spy scandals.

Gleicher said that the targets of these spy companies would receive automatic alerts, but he said Facebook would stop identifying the specific companies involved or their clients.

That's despite the fact that Facebook says it has identified several customers of Cobwebs, Cognyte, Cytrox, and Black Cube, even among their customers including law firms.

Marta Pardavi, one of several human rights defenders in Hungary who said they were targeted by the Black Cube in 2017 and 2018, said she was grateful for the news of the Facebook report but wanted more information.

"They call the law firm," he said. "But law firms have clients. Who are the clients of this law firm?"