Illustration by Alex Castro / The Verge
Facebook’s parent company Meta has alerted 50,000 users of Facebook and Instagram that their accounts were spied on by commercial “surveillance-for-hire” schemes around the globe.
The users were targeted by seven entities and located in more than 100 countries, according to an update posted on Meta’s news page today.
Targets included journalists, dissidents, critics of authoritarian regimes, families of opposition, and human rights activists, the post said. The surveillance was uncovered in a monthslong investigation in which Meta identified spying groups and removed them from the platform.
“These companies are part of a sprawling industry that provides intrusive software tools and surveillance services indiscriminately to any customer — regardless of who they target or the human rights abuses they might enable,” wrote Meta’s director of threat disruption, David Agranovich, and head of cyber espionage investigations, Mike Dvilyanski. “This industry ‘democratizes’ these threats, making them available to government and non-government groups that otherwise wouldn’t have these capabilities.”
A more detailed threat report released by Meta named six out of the seven companies, and listed one of the entities as unknown. Four of the seven — Cobwebs Technologies, Cognyte, Black Cube, and Bluehawk CI — are based in Israel, with the other three in China, India, and North Macedonia.
In a statement provided to NPR, Black Cube described itself as a “litigation support firm” that used investigation methods compliant with local laws in every jurisdiction in which it operated. Black Cube was previously employed by Harvey Weinstein to try to block publication of a New York Times article that sparked the #MeToo movement.
“The disclosure by Facebook of actions it has taken to disrupt and remove seven private firms selling surveillance services to regimes that abuse human rights, makes it abundantly clear that more must be done to stop this mercenary marketplace,” said Congressman Adam Schiff (D-CA) in a statement. “By enabling indiscriminate surveillance against journalists and political dissidents, among others, these companies pose a clear threat to human rights.”
Meta’s report also referenced the Israeli spyware company NSO Group, which last month was sued by both Apple and Meta for selling spyware used to compromise iPhone and WhatsApp messages. Yesterday, Google researchers published details of a “zero click” exploit developed by NSO Group to hack targets’ phones just by sending a message — a level of offensive capability described by the researchers as comparable to that possessed by nation state actors.
The company has already been blacklisted by the US government for selling software used to spy on journalists around the world. A group of lawmakers including Adam Schiff recently called for the imposition of stricter sanctions on a group of surveillance companies, including NSO Group, that would freeze company bank accounts and bar employees from traveling to the United States.