Meta, formerly known as Facebook, said Thursday that it banned seven companies that sell software and services that have been used to spy on journalists, human rights activists, politicians and others in more than 100 countries.
The firms included Israeli-based Cobwebs Technologies, Cognyte, Black Cube and Bluehawk CI. Meta also took action against an Indian company called BellTroX, the North Macedonian firm Cytrox and an unknown entity in China, according to a report released by Meta's cybersecurity team.
The companies say their services and software are meant to help catch criminals and terrorists, but Meta said that after a months-long investigation the social media giant determined the products were also used to target people outside that group. Some of the tactics included creating fake accounts to search and view people's social media profiles and their list of friends, engaging with people using fictitious personas and tricking users into giving away their account information by getting them to click on malicious links.
"The 'surveillance-for-hire' entities we removed and described in this report violated multiple Community Standards and Terms of Service. Given the severity of their violations, we have banned them from our services," the report said. Meta didn't list the customers of the firms but said they included private individuals, law firms and businesses.
The move is an example of how tech giants are taking action against companies that sell software and services used for surveillance. In November, phones of journalists, human rights workers, executives and government workers including at least nine US State Department employees., an Israel-based firm that developed spyware known as Pegasus found on the
Meta pulled down about 1,500 accounts on Facebook and its photo service Instagram tied to the seven surveillance-for-hire groups and also issued cease-and-desist warnings. The social media company said it alerted roughly 50,000 people it believes were targeted. The alert says Facebook believes a "sophisticated attacker" may be targeting the person's account and warns users about accepting friend requests from people they don't know or chatting with strangers. Facebook then recommends that users go through their privacy and security settings to make sure their accounts are secure.
Facebook has rules against people misrepresenting themselves on the social network to deceive other people, including through fake accounts. The company said law enforcement groups can submit lawful requests for information from the platform.
CNET reached out to the companies cited in the report. Black Cube, which called itself a "litigation support firm," said in a statement it "does not undertake any phishing or hacking and does not operate in the cyber world." CobWebs Technologies said in a statement it "operates only according to the law and adheres to strict standards in respect of privacy protection."
Citizen Lab, a cybersecurity watchdog organization in Canada, released research Thursday that said Ayman Nour, former Egyptian presidential candidate and Egyptian opposition leader, and an Egyptian exiled journalist who wishes to remain anonymous were hacked with Predator spyware created and sold by Cytrox. An email to Cytrox bounced back.