Meta announced Thursday that it has removed seven surveillance-for-hire entities from Facebook and Instagram that targeted nearly 50,000 users following a monthslong investigation.
In a statement, the company said the surveillance-for-hire entities—which target people across the internet to collect intelligence, manipulate them into revealing information and compromise their devices and accounts—had indiscriminately gone after users in 100 countries on behalf of their clients.
“These companies are part of a sprawling industry that provides intrusive software tools and surveillance services indiscriminately to any customer—regardless of who they target or the human rights abuses they might enable,” the company wrote in a blog post. “This industry ‘democratizes’ these threats, making them available to government and non-government groups that otherwise wouldn’t have these capabilities.”
The surveillance providers are based in China, Israel, India, and North Macedonia, Meta said, and violated multiple Community Standards and Terms of Service.
Meta has banned the surveillance entities from their services and “blocked related internet infrastructure.” They have also issued Cease and Desist letters, “putting them on notice that their targeting of people has no place on our platform.”
The company’s findings have also been shared with security researchers, other platforms, and policymakers so that “they can take appropriate action.”
As per Meta’s investigation, the surveillance entities targeted journalists, dissidents, critics of authoritarian regimes, families of opposition, and human rights activists, among others.
“We alerted around 50,000 people who we believe were targeted by these malicious activities worldwide, using the system we launched in 2015,” the company said. “We recently updated it to provide people with more granular details about the nature of targeting we detect, in line with the surveillance chain phases framework we shared above.”
Meta, the parent company of Facebook, said the surveillance-for-hire entities work in three stages: reconnaissance, whereby they silently profile targets and collect data; engagement, where they establish contact with the target and attempt to build trust; and exploitation, the final stage when they trick the targets into giving away their credentials and sensitive information.
The company said it will continue to take action against other surveillance-for-hire entities as it finds them. but noted that their operations are “persistent” and that it expects them to “evolve their tactics.”
Six companies that Meta said were involved in the surveillance-for-hire work are Cobwebs Technologies, Cognyte, Black Cube, Bluehawk CI, BellTroX, and Cytrox.
A seventh company, which Meta called an “unknown entity” was used by domestic law enforcement in China. The unknown entity deployed 100 Facebook and Instagram accounts that engaged in “reconnaissance and social engineering activity before delivering malicious payload to its targets.”
Meta said the tools were being used to spy on minority groups in Myanmar, Hong Kong, and the Xinjiang region of China.
Israeli-based firm Black Cube said in a statement to NBC that it doesn’t operate in the cyber world or undertake any phishing or hacking.
“Black Cube is a litigation support firm which uses legal Humint [human intelligence] investigation methods to obtain information for litigations and arbitrations. Black Cube works with the world’s leading law firms in proving bribery, uncovering corruption, and recovering hundreds of millions in stolen assets,” the company said. “Black Cube obtains legal advice in every jurisdiction in which we operate in order to ensure that all our agents’ activities are fully compliant with local laws.”
A spokesperson for CobWebs told the publication, “We have not been contacted by Facebook (Meta) and are unaware of any claims it has allegedly made about our services. CobWebs operates only according to the law and adheres to strict standards in respect of privacy protection.”
The Epoch Times has contacted representatives for BellTrox, Cytrox, Cognyte, and Bluehawk CI for comment.