200 accounts were shut down by Cobwebs Technologies, an Israeli firm with offices and customers in the US, because they were engaging in social engineering to reveal private information. According to investigators, the company is used by law enforcement in Mexico and Hong Kong to target activists, opposition politicians and government officials. Meital Levi Tal told MIT Technology Review that the company was unaware of Meta's findings and that it "operated only according to the law and adhere to strict standards in respect of privacy protection."
The firm lost 100 accounts that were used to monitor targets, including journalists and politicians.
Black Cube is an Israeli company that has a history of espionage. Facebook investigators say they found the firm gathering intelligence on a wide range of targets, from Palestinians to academics in Russia. Students, human rights workers, and film producers are some of the people Black Cube built fake personas for. According to investigators, the company would befriend a person and then set up phone calls to get the target's email address, with the goal of carrying out tactics like phish attacks. The company denied doing any hacking operations and insisted that their activities are in line with local laws.
Bluehawk CI is well known for posing as journalists and tricking people into installing malicious software. The company said it removed 100 accounts because they were being used to target political opponents and businessmen in the Middle East.
BellTroX has been in the industry for seven years. 400 accounts associated with the firm were removed from Facebook because investigators said they were used to pose as politicians and journalists and to stage attacks against victims.
The firm Cytrox is engaged in hacking. The company targeted politicians and journalists. Cytrox is a part of an alliance. Executives at another Intellexa firm were indicted earlier this year for their alleged role in torturing dissidents in Libya and Egypt.
An organization in China was linked to a vast surveillance operation that included the use of social engineering against targets and the development of malware to spy on minority groups in China, as well as Hong Kong.
Meta, the parent company of Facebook, is sending cease-and-desist letters to each of the firms today as well as sharing alert to the approximately 50,000 victims it has identified. The alert tells victims that a sophisticated actor may be targeting their Facebook account and that they should take steps to better secure their account.
The investigators said that the goal of the work is to prompt a bigger discussion about the industry. They said they recommend that new legislation and export control laws be enacted.
The investigators said that some of the work done by the firms appears to be in line with ethical standards, and that some of the work is done on social media. Both platforms have established channels for law enforcement to legally request data in a way that complies with due process and transparency.
Gleicher said that the targeting from these companies doesn't look like that. It is indiscriminate targeting across society. These companies are designed to hide who their clients are. If you are a foreign government that wants to make it hard for defenders to find you, you should hire a company like this to create a layer of obfuscation between you and the harm that occurs.
Gleicher did not rule out future lawsuits against any of the offending firms. It is likely that ferreting out for-hire activities is going to be a challenge.
David Agranovich, director of threat disruption at Facebook, said that when networks engage in this type of activity, they take a network approach. All of their activity is taken down at the same time. We will try to keep them off of our platform because they are a bad network.