While the Israel-based NSO Group made headlines for spying globally, there are many other companies that offer “surveillance services” or popularly known as hack-for-hire services across the globe that very few people know about. Now, Meta has publicly announced that it has removed seven “entities” for engaging in surveillance activities on Facebook. One of these entities is New Delhi-based BellTroX InfoTech Services. The report said that around 50,000 Facebook users were targets of spying.
Calling these companies “cyber mercenaries”, Meta said they claim that their services only target criminals and terrorists, however, the actual targets are journalists, dissidents, critics of authoritarian regimes, families of opposition members and human rights activists.
These companies targeted people in over 100 countries. Meta said that it had issued
“Cease and Desist warnings” and also alerted people who were targeted to better secure their accounts.
Here are the seven entities that Meta has removed:
Cobwebs Technologies
Meta is said to have removed about 200 accounts which were operated by Cobwebs and its customers worldwide. This firm was founded in Israel with offices in the United States and sells access to its platform that enables reconnaissance across the internet, including Facebook, Instagram, WhatsApp, Twitter, Flickr, public websites and “dark web” sites.
BellTroX
Meta removed about 400 Facebook accounts, the vast majority of which were inactive for years, linked to BellTroX and used for reconnaissance, social engineering and to send malicious links. BellTroX is based in New Delhi, India and sells what’s known as “hacking for hire” services.
“Its activity on our platform was limited and sporadic between 2013 to 2019, after which it paused. BellTroX operated fake accounts to impersonate a politician and pose as journalists and environmental activists in an attempt to social-engineer its targets to solicit information including their email addresses, likely for phishing attacks at a later stage,” said Meta.
This activity, based on the exact same playbook, re-started in 2021 with a small number of accounts impersonating journalists and media personalities to send phishing links and solicit the targets’ email addresses. Among those targeted were lawyers, doctors, activists, and members of the clergy in countries including Australia, Angola, Saudi Arabia, and Iceland, added the report.
Cytrox
Meta removed about 300 accounts on Facebook and Instagram linked to Cytrox. This North
Macedonian company develops exploits and sells surveillance tools and malware that enable its clients to compromise iOS and Android devices.
“Our team at Meta was able to find a vast domain infrastructure that we believe Cytrox used to spoof legitimate news entities in the countries of their interest and mimic legitimate URL-shortening and social media services,” said Meta.
Bluehawk CI
Around 100 Facebook accounts linked to Bluehawk, a firm based in Israel with offices in the UK and the US were removed. Bluehawk sells a wide range of surveillance-for-hire activities that included social engineering, gathering of litigation-related intelligence about people, and managing fake accounts to trick them into installing malware.
Black Cube
Around 300 Facebook and Instagram accounts linked to Black Cube, an Israeli-based firms with offices in the UK, Israel and Spain were removed. It provides surveillance services that include social engineering and intelligence gathering. Black Cube operated fictitious personas tailored for its targets: some of them posed as graduate students, NGO and human rights workers, and film and TV producers.
Cognyte
Meta removed about 100 accounts on Facebook and Instagram which were linked to Cognyte (formerly known as WebintPro) and its customers. This firm is based in Israel and sells access to its platform which enables managing fake accounts across social media platforms including Facebook, Instagram, Twitter, YouTube, and VKontakte (VK), and other websites to social-engineer people and collect data.
Unknown Chinese entity
Meta removed about 100 Facebook and Instagram accounts linked to an unidentified entity in China responsible for developing surveillanceware for Android, iOS, Windows, and also Linux, Mac OS X, and Solaris operating systems. It also engaged in reconnaissance and social engineering activity before delivering malicious payload to its targets.
Read all the Latest News, Breaking News and Coronavirus News here.
.