Facebook and Instagram’s parent company said it used its platform to spy on about 50,000 unsuspecting targets, including human rights activists, government critics, celebrities, journalists, and civilians in more than 100 countries. The seven companies mentioned have been banned.

These “employment monitoring” companies are linked to about 1,500 Facebook and Instagram accounts that allow companies to install spyware on their devices in an attempt to collect information about people and pass on sensitive personal information. I did it. In a report released Thursday by Meta, formerly known as Facebook.

“Each of these attackers relies on a network of fake accounts on the platform used to deceive and mislead users,” Meta’s Head of Security Policy, Nathaniel Gleicher, told NPR. .. Some companies used Meta’s WhatsApp to infect targeted phones with malware. Monitoring was also carried out on other internet services, from email and text messages to Twitter and YouTube.

According to Gleicher, the goal is “to spy people or snoop unknowingly.”

Meta: Spyware companies are “indiscriminate” about clients and targets

Spyware is an area of ​​increasing concern for major technology companies such as Meta, Apple, Google and Microsoft. Both Meta and Apple have sued Israel-based NSO Group. Its Pegasus software has been hacked and potentially monitored by thousands of people, including dissidents, activists, journalists, killed Saudi journalists, Jamal Khashoggi, and 14 national leaders, by a consortium of international media outlets. It is linked.

But the NSO is “just a small part of the much broader global mercenary ecosystem,” Meta said in its report. It’s a “huge” but gloomy industry that provides spies on demand to anyone who wants it, “regardless of who they target or the human rights abuses they may enable.” explained.

Gleicher’s team spent several months investigating surveillance activities before taking action against the seven companies for violating Meta’s community standards and terms of service. Four companies are based in Israel and the other three are based in China, India and North Macedonia.

They include the Israel-based intelligence group Black Cube, which Harvey Weinstein reportedly used to dig up the dirt of whistleblowers and journalists. According to Meta, BlackCube created fake accounts disguised as graduate students, human rights workers, film and television producers, and set up phones for a wide range of targets, from Palestinian activists to medicine, mining, and nonprofits. I tried to get an email address. An organization for people involved in the Russian technology, financial, real estate and media sectors.

“We don’t phish or hack, and it doesn’t work in the cyber world,” Black Cube said in a statement to NPR. Self-proclaimed as a “litigation support company” using legal investigation methods.

“BlackCube obtains legal advice in all jurisdictions in which we do business to ensure that the activities of all agents are in full compliance with local law.”

According to Meta, another Israeli company called Bluehawk CI masqueraded as a reporter for Fox News and Italy’s Rustampa in an attempt to deceive opponents of the United Arab Emirates government. Blue Hawk did not respond to NPR’s request for comment.

Meta also said it deleted accounts related to “China’s unidentified entity” and created tools that Chinese law enforcement agencies could use to spy on minority groups in Xinjiang, Myanmar and Hong Kong. ..

Meta has banned the company from the platform, removed the linked account, and sent a cease and desist warning. We notify about 50,000 people who are believed to have been targeted and share the results with security researchers, other tech companies and policy makers.

Gleicher said the company is “indiscriminate” about the target audience. “We meet politicians. We meet human rights activists. We meet lawyers, doctors, clergy, and in some cases the general public. Anyone who may be a party to a proceeding.” He said.

It is not clear who is hiring these companies. In some cases, Meta can determine that spyware companies are acting on behalf of governments, law firms, and individuals, Gracher said. But he added that customers go to surveillance companies to hide their activities, and the companies do not seem to be selective about their customers.

“Almost anyone can hire one of these companies,” he said. “Both of these companies democratize these threats and add a layer of deception to the worst actors.”

Egyptian opposition leaders were targeted through WhatsApp messages

This summer, Egyptian opposition leader Ayman Nour, a former presidential candidate in exile in Turkey, noticed something strange on his iPhone. It’s getting really hot.

Nour eventually connected with a security researcher at the Citizen Lab at the University of Toronto, a cybersecurity watchdog.

A Citizen Lab study, led by senior researcher Bill Marzac, found that Noor’s phone was infected with two separate spyware tools. NSO’s Pegasus and Predator are tools created by the North Macedonian company Cytrox.

Researchers tracked Predator malware to WhatsApp messages received by Noor, using images and links that appear to point to news articles. His phone was infected when he clicked on them.

“The government is selling the ability to turn people’s cell phones into spies in their pockets, digital snitches,” said John Scott-Railton, senior researcher at Citizen Lab.

Researchers warned Meta and Apple about their findings. On Thursday, Meta said Cytrox was one of the seven companies it banned. He said he removed about 300 Facebook and Instagram accounts linked to Cytrox and disguised legitimate news and social media sites to launch phishing attacks against politicians and journalists in countries such as Egypt and Armenia. Said. Cytrox did not respond to NPR’s request for comment.

NSO Group’s scandal sheds light on the gloomy spyware business

Companies that provide surveillance software and services are being scrutinized more and more this year, inspired by the uproar over NSO. Last month, the Biden administration blacklisted the NSO for purchasing US technology.

This week, a group of parliamentary Democrats said the NSO and three others under the Global Magnitzky Act, which allows the government to ban travel to the United States for those accused of freezing assets and allowing human rights violations. He called on the Treasury and State Departments to sanction two oversight companies. (However, this list does not include companies that have recently been banned from Facebook, Instagram, or WhatsApp.)

“Surveillance mercenaries are now giving the despots a full-service spy system,” Weiden told NPR. “We should separate these types of outfits like NSO from all US funding. [sanctions] Must be applied to additional espionage companies. “

The NSO states that it sells software to the government to combat terrorism and serious crimes and is not responsible for how it could be misused.

Increased attention to NSO has put the spotlight on spyware shadow providers, according to security experts, but the problem goes far beyond a few malicious individuals.

“The employment monitoring industry is broader than many people are aware of,” said Gracher. He said it was the reason for publicizing the actions taken by Meta and for seeking collective response from the tech sector, government and civil society groups.

This includes collaborating with other technology companies to share information, tightening regulations such as “knowing customers” requirements for companies selling spyware, and calling for government measures such as sanctions. increase.

“Almost every dictator and dictator in the world is pitching this kind of technology for surveillance,” said Scott Railton of Citizen Lab. “It’s really important to reach a place where there are big global norms and regulations around this kind of technology. Otherwise, it’s just an authoritarian fire gas.”

Editor’s Note: Meta pays NPR to license NPR content.

