(San Francisco) Meta said Thursday it has closed some 1,500 Facebook and Instagram accounts linked to “cyber mercenaries” who have used them to spy on up to 50,000 activists, dissidents and journalists on behalf of clients around the world.
The accounts in question were connected to seven companies offering services ranging from collecting public information online to using fake identities to connect with targets to digital espionage via hacking.
Meta claims to have alerted some 50,000 people who may have been targeted.
“These cyber-mercenaries often claim that their services only target criminals and terrorists,” said Meta in a report.
“Their targeting is in fact indiscriminate and includes journalists, dissidents, critics of authoritarian regimes, families of opposition members and human rights activists,” the company adds.
Four of the companies involved are based in Israel, a country renowned in the cybersurveillance sector: Cobwebs Technologies, Cognyte, Black Cube and Bluehawk CI.
The other three are India-based BellTroX, North Macedonia-based Cytrox, and an unidentified China-based company.
These companies “seem ready to target anyone on behalf of the highest bidder,” said Nathaniel Gleicher, head of security, during a briefing with the press.
They generally present themselves as “internet intelligence services”, specializing in the collection and analysis of information retrieved from sites, blogs, discussion forums, media pages, etc.
Cyber mercenaries sometimes create fake social media accounts to glean even more personal items, even joining the groups or conversations these people participate in.
Companies also sometimes try to gain the trust of their target before deceiving them by sending them trapped links or attachments and thus fraudulently gain access to their phones or computers.
They can then recover sensitive data like passwords, phone numbers, photos, videos and messages, the report said. They can also activate microphones, cameras or geolocation functions to better spy.
Meta could not determine who ran the company operating from China, but found that some of the servers used for espionage also appeared to be used by law enforcement officers.
“Our investigation revealed that malicious tools were being used to monitor minority groups throughout the Asia-Pacific region, including the Xinjiang region of China, Burma and Hong Kong,” the report said.