Facebook owner Meta is calling out half a dozen private surveillance companies for hacking or other abuses, accusing them in a report published on Thursday of collectively affecting some 48,000 people across its platforms.
The company's fight with the spy firms comes amid a wider move by American tech companies, US politicians and President Joe Biden's administration against purveyors of digital espionage services, notably the Israeli spyware company NSO Group.
Meta is already suing NSO in the US. Nathaniel Gleicher, Meta's head of security policy, told Reuters that Thursday's crackdown was meant to signal that “the surveillance-for-hire industry is much broader than one company.”
The Meta report said the company was suspending about 1,500 mostly fake accounts run by seven organisations across Facebook, Instagram and WhatsApp. Meta said users in more than 100 countries were affected.
Meta did not provide a detailed explanation of how it identified the surveillance firms, but it operates some of the world's biggest social and communications networks and regularly touts its ability to find and remove malicious actors from its platforms.
Among them is Israeli intelligence firm Black Cube, which Meta said was building phantom personas to chat targets up online and gather their email addresses, “likely for later phishing attacks".
Others called out by Meta include BellTroX — an Indian cyber mercenary firm exposed by Reuters and the internet watchdog Citizen Lab last year — an Israeli company called Bluehawk CI and a European firm named Cytrox — all of whom Meta accused of hacking.
Cognyte, which spun off from security giant Verint Systems in February, and Israeli firms Cobwebs Technologies were accused not of hacking but of using fake profiles to trick people into revealing private data.
Mr Gleicher refused to identify any of the targets by name but Citizen Lab, in a report published at the same time as Meta's, said that one of Cytrox's victims was Egyptian opposition figure Ayman Nour.
Mr Nour blamed the Egyptian government for the spying, telling Reuters in an interview from Istanbul that he had long suspected he was under surveillance by officials there.
Egyptian authorities did not immediately respond to a request for comment.
Mr Gleicher said other targets of the spy firms included celebrities, politicians, journalists, lawyers, executives and regular citizens. Friends and family of the targets were also swept up in the espionage campaigns, he said.
Meta cybersecurity official David Agranovich said he hoped Thursday's announcement would “kick-start the disruption of the surveillance-for-hire market”, but whether it deals the companies involved more than a temporary setback remains to be seen.
The Meta head of security policy said that targets of the spy firms would receive automated warnings, but he said Facebook would stop short of identifying the specific firms involved or their clients — this is despite the fact that Facebook said it had identified several customers of Cobwebs, Cognyte, Cytrox and Black Cube — the latter of which includes law firms.