Meta disrupts 7 ‘surveillance-for-hire’ networks and alerts 50,000 users

These groups targeted, surveilled and attempted to exploit Facebook and Instagram users in 100 countries.

Computer setup in a room

Surveillance groups targeted, spied on and at times attempted to exploit users in 100 countries.

Photo: Kaur Kristjan/Unsplash

Meta will start notifying around 50,000 Facebook and Instagram users on Thursday that they were the targets of “surveillance for hire” campaigns, carried out by seven different international organizations. These surveillance groups targeted, spied on and at times attempted to exploit users in 100 countries and were hired by customers all over the world, including in the United States.

Meta uncovered the groups as part of an internal investigation, the results of which it published Thursday. Some of the activity has been reported on in the past, but the new report sheds light on the full scope of these operations.

“While these ‘cyber mercenaries’ often claim that their services only target criminals and terrorists, our months-long investigation concluded that targeting is in fact indiscriminate and includes journalists, dissidents, critics of authoritarian regimes, families of opposition members and human rights activists,” the report reads.

Meta said it has removed the networks, has informed law enforcement and other tech companies of its findings and is sending cease-and-desist letters to the perpetrators. The report was written by Nathaniel Gleicher, Meta’s head of Security Policy; David Agranovich, director of Global Threat Disruption; and Mike Dvilyanski, head of Cyber Espionage Investigations.

These new findings follow ongoing reporting on the Israeli firm NSO Group, whose Pegasus spyware has been used by authoritarian regimes to spy on journalists, activists and other private citizens. Facebook sued NSO Group in 2019 for exploiting a vulnerability in WhatsApp’s video-calling feature. Last month, Apple announced it was also suing the group over its ForcedEntry exploit, which took advantage of a now-patched vulnerability to remotely break into people’s phones.

Meta’s latest report shows that NSO Group is far from alone in the world of companies that sell surveillance and hacking services. “Surveillance for hire is broader than any one company, and it’s broader than, I think, much of the public debate has been focused on in the last month and years,” Gleicher said on a call with reporters Thursday.

Over the course of its investigation, Meta discovered networks of accounts linked to Indian firm BellTroX, North Macedonian firm Cytrox, an unknown entity operating out of China and four separate firms run out of Israel: Cobwebs Technologies, Cognyte, Black Cube and Bluehawk CI. “These companies are democratizing access to these types of techniques,” Gleicher said.

All in, Meta removed 1,500 Facebook and Instagram accounts linked to these operations, as well as activity on WhatsApp. The companies used those accounts to conduct reconnaissance on targets, engage with them using social engineering tactics and, in some cases, exploit them through phishing campaigns and other techniques that allowed the companies to access or take control of their targets’ devices.

Gleicher stressed that while much of the public concern recently has focused on “hacking-for-hire,” or the actual delivery of malware, it’s just as important to disrupt companies in the earlier phases of these schemes, including their surveillance and social engineering operations. Once these companies have moved on to actually exploiting their targets, Gleicher said, the damage is already done.

While Meta was unable to determine exactly who the companies were working on behalf of, some past clients are already well-known. Harvey Weinstein famously hired Black Cube to try to stifle reporting in The New York Times about allegations of sexual misconduct against him. Meta’s report found instances of Black Cube accounts posing as TV and film producers to trick potential targets.

Meta also got a boost in its digging from other reporting and research. Earlier this year, The Daily Beast reported on an operation, run by Bluehawk CI, that involved a private investigator posing as a Fox News reporter in order to dig up dirt for a legal case in the United Arab Emirates. The Daily Beast’s findings led Facebook to uncover the broader Bluehawk network. Another 2020 report, out of Citizen Lab and Reuters, documented the work of India’s BellTroX. Meta said the company was active between 2013 and 2019, as covered by Reuters, but resumed its work in 2021, following a similar playbook of impersonating journalists to phish targets.

The report also sheds more light on ongoing surveillance efforts by Beijing, which Meta has discussed in the past and which Facebook whistleblower Frances Haugen recently described to Congress. In this new report, Meta said it found about 100 accounts that were used to “deliver malicious payloads” to targets as part of ongoing surveillance of minority groups throughout Asia.

The report makes clear that Facebook and Instagram are not the only platforms these groups have exploited. Many of them also market services that involve Twitter, YouTube and other social media sites. In its report, Meta urged the private sector to work together to thwart these networks. It’s unclear, however, what exactly other companies have done with the information Meta provided to them, and Gleicher didn’t answer Protocol’s question about that.

Meta is also calling on lawmakers and regulators to increase scrutiny surrounding this industry by imposing new laws and regulations on the use of this technology.


How 'Dan from HR' became TikTok’s favorite career coach

You can get a lot of advice about corporate America on TikTok. ‘Dan from HR’ wants to make sure you’re getting the right instruction.

'Dan from HR' has posted hundreds of videos on his TikTok account about everything from cover letters to compensation.

Image: Dan Space

Daniel Space downloaded TikTok for the same reason most of us did. He was bored.

At the beginning of the COVID-19 pandemic, Space wanted to connect with his younger cousin, who uses TikTok, so he thought he’d get on the platform and try it out (although he refused to do any of the dances). Eventually, the algorithm figured out that Space is a longtime HR professional and fed him a post with resume tips — the only issue was that the advice was “really horrible,” he said.

Keep Reading Show less
Sarah Roach

Sarah Roach is a reporter and producer at Protocol (@sarahroach_) where she contributes to Source Code, Protocol's daily newsletter. She is a recent graduate of George Washington University, where she studied journalism and mass communication and criminal justice. She previously worked for two years as editor in chief of her school's independent newspaper, The GW Hatchet.

Sponsored Content

A CCO’s viewpoint on top enterprise priorities in 2022

The 2022 non-predictions guide to what your enterprise is working on starting this week

As Honeywell’s global chief commercial officer, I am privileged to have the vantage point of seeing the demands, challenges and dynamics that customers across the many sectors we cater to are experiencing and sharing.

This past year has brought upon all businesses and enterprises an unparalleled change and challenge. This was the case at Honeywell, for example, a company with a legacy in innovation and technology for over a century. When I joined the company just months before the pandemic hit we were already in the midst of an intense transformation under the leadership of CEO Darius Adamczyk. This transformation spanned our portfolio and business units. We were already actively working on products and solutions in advanced phases of rollouts that the world has shown a need and demand for pre-pandemic. Those included solutions in edge intelligence, remote operations, quantum computing, warehouse automation, building technologies, safety and health monitoring and of course ESG and climate tech which was based on our exceptional success over the previous decade.

Keep Reading Show less
Jeff Kimbell
Jeff Kimbell is Senior Vice President and Chief Commercial Officer at Honeywell. In this role, he has broad responsibilities to drive organic growth by enhancing global sales and marketing capabilities. Jeff has nearly three decades of leadership experience. Prior to joining Honeywell in 2019, Jeff served as a Partner in the Transformation Practice at McKinsey & Company, where he worked with companies facing operational and financial challenges and undergoing “good to great” transformations. Before that, he was an Operating Partner at Silver Lake Partners, a global leader in technology and held a similar position at Cerberus Capital LP. Jeff started his career as a Manufacturing Team Manager and Engineering Project Manager at Procter & Gamble before becoming a strategy consultant at Bain & Company and holding executive roles at Dell EMC and Transamerica Corporation. Jeff earned a B.S. in electrical engineering at Kansas State University and an M.B.A. at Dartmouth College.

1Password's CEO is ready for a password-free future

Fresh off a $620 million raise, 1Password CEO Jeff Shiner talks about the future of passwords.

1Password is a password manager, but it has plans to be even more.

Business is booming for 1Password. The company just announced it has raised $620 million, at a valuation of $6.8 billion, from a roster of A-list celebrities and well-known venture capitalists.

But what does a password manager need with $620 million? Jeff Shiner, 1Password’s CEO, has some plans. He’s building the team fast — 1Password has tripled in size in the last two years, up to 500 employees, and plans to double again this year — while also expanding the vision of what a password manager can do. 1Password has long been a consumer-first product, but the biggest opportunity lies in bringing the company’s knowhow, its user experience, and its security chops into the business world. 1Password already has more than 100,000 business customers, and it plans to expand fast.

Keep Reading Show less
David Pierce

David Pierce ( @pierce) is Protocol's editorial director. Prior to joining Protocol, he was a columnist at The Wall Street Journal, a senior writer with Wired, and deputy editor at The Verge. He owns all the phones.

Boost 2

Can Matt Mullenweg save the internet?

He's turning Automattic into a different kind of tech giant. But can he take on the trillion-dollar walled gardens and give the internet back to the people?

Matt Mullenweg, CEO of Automattic and founder of WordPress, poses for Protocol at his home in Houston, Texas.
Photo: Arturo Olmos for Protocol

In the early days of the pandemic, Matt Mullenweg didn't move to a compound in Hawaii, bug out to a bunker in New Zealand or head to Miami and start shilling for crypto. No, in the early days of the pandemic, Mullenweg bought an RV. He drove it all over the country, bouncing between Houston and San Francisco and Jackson Hole with plenty of stops in national parks. In between, he started doing some tinkering.

The tinkering is a part-time gig: Most of Mullenweg’s time is spent as CEO of Automattic, one of the web’s largest platforms. It’s best known as the company that runs WordPress.com, the hosted version of the blogging platform that powers about 43% of the websites on the internet. Since WordPress is open-source software, no company technically owns it, but Automattic provides tools and services and oversees most of the WordPress-powered internet. It’s also the owner of the booming ecommerce platform WooCommerce, Day One, the analytics tool Parse.ly and the podcast app Pocket Casts. Oh, and Tumblr. And Simplenote. And many others. That makes Mullenweg one of the most powerful CEOs in tech, and one of the most important voices in the debate over the future of the internet.

Keep Reading Show less
David Pierce

David Pierce ( @pierce) is Protocol's editorial director. Prior to joining Protocol, he was a columnist at The Wall Street Journal, a senior writer with Wired, and deputy editor at The Verge. He owns all the phones.


Biden wants to digitize the government. Can these techies deliver?

A December executive order requires federal agencies to overhaul clunky systems. Meet the team trying to make that happen.

The dramatic uptick in people relying on government services, combined with the move to remote work, rendered inconvenient government processes downright painful.

Photo: Joe Daniel Price/Getty Images

Early last year, top White House officials embarked on a fact-finding mission with technical leaders inside government agencies. They wanted to know the answer to a specific question: If there was anything federal agencies could do to improve the average American’s experience interacting with the government, what would it be?

The list, of course, was a long one.

Keep Reading Show less
Issie Lapowsky

Issie Lapowsky ( @issielapowsky) is Protocol's chief correspondent, covering the intersection of technology, politics, and national affairs. She also oversees Protocol's fellowship program. Previously, she was a senior writer at Wired, where she covered the 2016 election and the Facebook beat in its aftermath. Prior to that, Issie worked as a staff writer for Inc. magazine, writing about small business and entrepreneurship. She has also worked as an on-air contributor for CBS News and taught a graduate-level course at New York University's Center for Publishing on how tech giants have affected publishing.


5 takeaways from Microsoft's Activision Blizzard acquisition

Microsoft just bought one of the world’s largest third-party game publishers. What now?

The nearly $70 billion acquisition gives Microsoft access to some of the most valuable brands in gaming.

Image: Microsoft Gaming

Just one week after Take-Two took the crown for biggest-ever industry acquisition, Microsoft strolled in Tuesday morning and dropped arguably the most monumental gaming news bombshell in years with its purchase of Activision Blizzard. The deal, at nearly $70 billion in all cash, dwarfs Take-Two’s purchase of Zynga, and it stands to reshape gaming as we know it.

The deal raises a number of pressing questions about the future of Activision Blizzard’s workplace culture issues, exclusivity in the game industry and whether such massive consolidation may trigger a regulatory response. None of these may be easily answered anytime soon, as the deal could take up to 18 months to close. But the question marks hanging over Activision Blizzard will loom large in the industry for the foreseeable future as Microsoft navigates its new role as one of the three largest game makers on the planet.

Keep Reading Show less
Nick Statt
Nick Statt is Protocol's video game reporter. Prior to joining Protocol, he was news editor at The Verge covering the gaming industry, mobile apps and antitrust out of San Francisco, in addition to managing coverage of Silicon Valley tech giants and startups. He now resides in Rochester, New York, home of the garbage plate and, completely coincidentally, the World Video Game Hall of Fame. He can be reached at nstatt@protocol.com.
Latest Stories