A certificate of poverty for Israel from Facebook’s parent company: Meta publishes tonight (Thursday) an extensive report on a months-long investigation conducted by the company, and which mapped the activities of spy and surveillance companies on its platform.
Out of seven companies starring in the report, five are Israeli or have ties to Israel. In total, the seven companies in the report attacked about 50,000 people in one hundred different countries, including journalists, human rights activists and opponents of the regime. Meta announced that it has blocked membership in its platforms.
The companies that Meta identifies in the report operate from China, Israel, India and northern Macedonia, and conducted surveillance of people from more than 100 countries on behalf of their customers. We also shared the findings with security researchers, other platforms and decision makers. “We have informed people that we believe they have been attacked and have helped them strengthen the security of their accounts,” the company said.
A major means of gathering information is fake accounts
Meta divides the companies’ activities into three phases – Reconnaissance, Engagement and Exploitation, when not all companies are active in all three phases. The first step, intelligence gathering, involves creating a profile of the targets, usually using software that collects information from the web, such as blogs, social media, news sites, Wikipedia, forums and Dark Web sites. One of the main means of gathering information is fake accounts on social media.
The second stage, the activation stage, is the most visible for purposes. The goal is to contact the targets or people close to them, to build trust, extract information, and get them to click on links to download malicious files. “To do this, operators use social engineering and a fictional entity to reach people via email, phone calls, text messages or direct messages on social media,” it read. “These personalities are tailored to any purpose and seem credible.”
The exploitation phase, the last phase in the surveillance chain, is the domain of companies that manufacture loophole tools. “The sophistication of the tools varies, and includes purchased spyware that is easily detected by antivirus software up to one-click and zero-click attacks that are sent to targets. The ultimate goal is to enable device-level tracking. “Passwords, cookies, photos, videos, messages, contacts and secretly turn on the microphone, camera and location.”
Cognate, which was split from Verint, operates by meta-collection and activation, and the company has removed 100 of its and its customers’ accounts. It sells a tool that enables the management of fake accounts on social media. The company has customers in Israel, Serbia, Colombia, Kenya, Morocco, Mexico, Jordan, Thailand and Indonesia. Her goals have included journalists and politicians around the world.
Bluehawek CI, which operates in three phases, operates from Israel with offices in the United States and the United Kingdom. Of the company, including those used to attack regime opponents in the UAE, activists in Qatar, and politicians and businessmen in the Middle East.
“These companies are part of a broad industry that provides loopholes without diagnosing who the customer is.”
Cytrox, which has deep ties with Israel and Israelis, is at the center of a Citizen Love report that is being published tonight alongside the Meta report. The company removed 300 accounts linked to Citrooks, which were used to impersonate new organizations in various countries as part of phishing attacks. Meta has identified Citrox customers in Egypt, Armenia, Greece, Saudi Arabia, Oman, Colombia, Ivory Coast, Vietnam, the Philippines and Germany. The company’s goals include politicians and journalists from Egypt, America and other countries. Meta has also published a list of hundreds of sites that used Sitrox in its attacks.
“These companies are part of a broad industry that provides intrusion tools and tracking services without diagnosis to any customer, regardless of who their goals are or the potential human rights violations,” Meta concluded. “The ecosystem works to provide powerful capabilities to its customers against victims who in most cases do not even know they are being attacked. This industry makes these threats accessible to governments and non-governmental bodies, which otherwise would not have been able to cause harm.”
Meta also calls for broader action against such companies by increasing transparency and control, creating cross-platform collaboration and local and international regulation. “Until recently, these mercenaries were rarely forced to bear the consequences of their actions,” the report said. For our response to be effective, it is important that technology platforms, civil society organizations and democratic governments increase costs for this global industry, and hurt the incentives for the misuse of their services. “
The Black Cube company said in response: Black Cube does not engage in phishing or hacking and does not operate in the cyber worlds at all. Black Cube is an intelligence company that uses straightforward legal investigation methods to obtain evidence for litigation in court and arbitration. Black Cube works with the world’s leading law firms in proving bribery, exposing corruption, and restoring hundreds of millions in smuggled assets by court order. Black Cube operates under the legal advice it has received in each of the countries in which it operates in order to ensure that its activities are in accordance with local law.
.