50,000 Instagram & Facebook users were targeted by ‘Surveillance-for-Hire’ companies | TechTree.com

50,000 Instagram & Facebook users were targeted by ‘Surveillance-for-Hire’ companies

Targeted users included journalists and human rights activists from more than 100 countries


Meta alerted 50,000 Facebook and Instagram users that their accounts were spied on by “surveillance-for-hire” operations around the world.

The users were targeted by seven entities from the same countries as their targets were based in.

Targets included journalists, critics of authoritarian regimes, dissidents, and human rights activists. 

What cyber mercenaries did were set up fake social media accounts to glean information from people's profiles, and join groups and conversations to learn more about their targets.

The surveillance was uncovered by Meta in a months long investigation. After the spying groups were identified they were removed from both Facebook and Instagram.

“These companies are part of a sprawling industry that provides intrusive software tools and surveillance services indiscriminately to any customer — regardless of who they target or the human rights abuses they might enable,” wrote Meta’s director of threat disruption, David Agranovich, and head of cyber espionage investigations, Mike Dvilyanski. “This industry ‘democratizes’ these threats, making them available to government and non-government groups that otherwise wouldn’t have these capabilities.”

A more detailed threat report released by Meta named six out of the seven entities, and listed one as unknown. Four of the seven —Cognyte, Cobwebs Technologies, Black Cube, and Bluehawk CI — are based in Israel, with the other three in India, China and North Macedonia.

The report also mentioned Israeli spyware company NSO Group, which last month was sued by Apple and Meta for selling spyware used to compromise WhatsApp and iPhone messages. 

Google researchers recently published details of a ‘zero click’ exploit developed by NSO Group to hack targets’ phones by sending a message — which is essentially a military level of offensive capability.

If this malicious ‘zero click’ message is successful, hackers can steal data from the target's computer or phone, including passwords, videos, photos and messages, as well as silently activate cameras, microphones and geo-location tracking.

TAGS: Facebook, instagram, NSO Group, zero click, Surveillance-for-Hire