Facebook disrupts operations of seven surveillance-for-hire firms

Facebook has disrupted the operations of seven different spyware-making companies, blocking their Internet infrastructure, sending cease and desist letters, and banning them from its platform.

“As a result of our months-long investigation, we took action against seven different surveillance-for-hire entities to disrupt their ability to use their digital infrastructure to abuse social media platforms and enable surveillance of people across the internet,” said Director of Threat Disruption David Agranovich and Head of Cyber Espionage Investigations Mike Dvilyanski.

“These surveillance providers are based in China, Israel, India, and North Macedonia. They targeted people in over 100 countries around the world on behalf of their clients.”

Following this investigation, Facebook found that these seven companies’ services were used against and harmed vulnerable individuals such as activists, journalists, and minorities.

However, the surveillance companies claimed their products were only used to target criminals and terrorists.

The company alerted people targeted with their surveillance tools (roughly 50,000 individuals) and shared its findings with other platforms, security researchers, and policymakers to take appropriate measures.

According to the full threat report also published today by Facebook, the seven surveillance-for-hire entities whose activity was disrupted as a result of Facebook’s investigation and the particular stages of surveillance they’re specialized in are:

• Cobwebs Technologies (Surveillance chain phases: reconnaissance, engagement)
• Cognyte (Surveillance chain phases: reconnaissance, engagement)
• Black Cube (Surveillance chain phases: reconnaissance, engagement, exploitation)
• Bluehawk CI (Surveillance chain phases: reconnaissance, engagement, exploitation)
• BellTroX (Surveillance chain phases: reconnaissance, engagement, exploitation)
• Cytrox (Surveillance chain phases: primarily exploitation)
• An unknown entity in China (Surveillance chain phases: primarily reconnaissance, exploitation)

“Although public debate has mainly focused on the exploitation phase, it’s critical to disrupt the entire lifecycle of the attack because the earlier stages enable the later ones,” they added.

“If we can collectively tackle this threat earlier in the surveillance chain, it would help stop the harm before it gets to its final, most serious stage of compromising people’s devices and accounts.”

Similar action was also taken by Apple last month when it filed a lawsuit against spyware-maker NSO Group for targeting and spying on Apple users with surveillance tech.

As later revealed, Apple warned US Department of State employees unknown attackers hacked their iPhones to deploy NSO-developed Pegasus spyware.

Facebook also sued NSO Group two years ago for developing and selling a WhatsApp zero-day exploit that government-backed attackers used to compromise devices belonging to high-profile targets, including government officials, diplomats, and journalists.