Happy Nice Mall

• Cobwebs Technologies, an Israeli firm with offices and customers in the US, has shut down 200 accounts that gather information about targets and perform social engineering to reveal proprietary information. The company is used by law enforcement and is also used to target activists, opposition politicians and government officials in Mexico and Hong Kong, according to investigators. Spiderwebs spokesperson Meital Levi Tal told MIT Technology Review that the company was unaware of Meta’s findings and that it “only operates within the law and adheres to strict standards of privacy protection.”

• The Israeli firm Cognyte has lost 100 accounts around the world that are reportedly busy tracking targets, including journalists and politicians.

• Black Cube is an Israeli company associated with a large list of scandals, including a history of spying on journalists. Facebook researchers say the company collects intelligence on a wide range of targets, from Palestinian activists to people in the medical and energy sectors, and academics in Russia in particular. Black Cube has reportedly created fakes, including students, human rights workers, and filmmakers. Investigators say the company will usually befriend a person and then make phone calls to get the target’s email address with the goal of carrying out tactics such as phishing attacks. When reached for comment, the company refused to take on any hacking operations and insisted that all “agents’ activities are in full compliance with local laws”.

• Another Israeli firm, Bluehawk CI, is already well known for tricking targets into disguised as journalists and installing malware. Facebook said the company removed 100 accounts linked to the firm, which it concluded were widely used against targets, including political opponents of the United Arab Emirates government and businessmen in the Middle East.

• The Indian company BellTroX has been operating in the surveillance industry for at least seven years. Facebook has removed 400 accounts associated with the firm, which researchers in Angola, Argentina, Saudi Arabia and Iceland say are used to pose as politicians and journalists and to organize phishing attacks against victims, including doctors, lawyers, activists and clergy.

• Investigators said the North Macedonian firm Cytrox was primarily involved in hacking. The company has targeted journalists and politicians around the world. Cytrox is part of an alliance of surveillance and intelligence firms known as Intellexa. Executives of another Intellexa firm, Nexa Technologies, were indicted earlier this year for allegations of spying on and torturing dissidents in Libya and Egypt.

• Finally, an unidentified organization in China was linked to a large surveillance operation that included the use of social engineering against targets and the development of malware to spy on minority groups in Xinjiang, China, Myanmar and Hong Kong.

Facebook’s parent company Meta, which sued Israeli hacking firm NSO Group in 2019, is sending cease-and-desist letters to each firm today, as well as sharing warnings about the nearly 50,000 victims it has identified. The alerts tell victims that “a sophisticated actor may be targeting your Facebook account” and then suggest steps to better secure their accounts, including running a privacy check.

Investigators said the ultimate goal of the study was to spark a larger discussion about the rental surveillance industry. They said they propose to strengthen transparency and “know your customer” laws, deepen industry collaboration to counter surveillance firms, and increase accountability through new legislation and export control laws.

Investigators added that not all of the firms’ work appears to violate known laws and ethical standards – some of these companies are known to use Facebook and Instagram to conduct legal law enforcement and intelligence work. However, both platforms have created channels for law enforcement to legally request data in accordance with legal process and transparency.

“The targeting we see from these companies doesn’t seem like that,” Gleicher said. “It is targeting indiscriminately in society. These companies are designed to hide who their customers are. If you’re a foreign government that wants to make it harder for defenders to find you, you hire such a company to create a layer of confusion between you and the damage done.”

Beyond the cease and desist letters and the widespread removal of accounts, Gleicher did not rule out future lawsuits against any of the offending firms. Still, investigators said putting together rental surveillance activities will likely be an ongoing challenge.

“When we see networks engaging in this type of activity, we take a networking approach,” said David Agranovich, director of threat disruption at Facebook. “We are removing all their activities on the platform at the same time. And knowing that they are networks of enemies, we will work to keep them off our platform.”