More than 50,000 Facebook users in more than 100 countries will be notified by the company itself that it may have been the target of hacking attempts by monitoring companies working for government agencies, or private clients.
The news is the result of many months of research by “Meta” —the parent company of Facebook— on what its high-ranking executives call “cyber-mercenaries”, who are involved in “monitoring for hire”. Facebook said it was taking action against seven tracking companies based in four countries, removing about 1,500 fake accounts, blocking malicious addresses and sending cessation and termination letters to companies.
“Meta” researchers have concluded that these companies used its subsidiaries, Facebook and Instagram, for surveillance activities, mainly to investigate and cultivate targets that could be infected by spyware. Each step was part of a broader targeting process that the researchers called a “surveillance chain”.
The final report of the investigation, entitled “Reporting Threats to the Leased Surveillance Industry”, refutes the industry’s claims that espionage software is only used against terrorists and serious criminals, such as drug dealers and pedophiles.
The “Meta” investigation found that surveillance companies regularly target politicians, human rights activists, journalists, dissidents and family members of opposition figures, while subject to minimal legal scrutiny, or other forms of accountability.
These findings echo those of the “Pegasus Project”; a global investigation of the monitoring company “NSO Group”, based in Israel, conducted by the “Washington Post” and 16 other news organizations, led by the journalistic, non-profit “Forbidden Stories”, based in Paris. However, “Meta” officials said that —while they had previously taken action against “NSO” and sued the company in 2019 for allegedly delivering “spyware” to users via “WhatsApp”— the problems created by private monitoring companies are wider.
“The surveillance industry is much bigger than just one company and certainly much bigger than malware for hire.”
said Nathaniel Gleicher, head of “Meta” security policy and co-author of the report, which was published on Thursday 16/12.
“The targeting we see does not discriminate. They target journalists. They target politicians. They target human rights defenders. They also target ordinary citizens.”
Among the companies sanctioned by “Meta” was a little-known monitoring company “Cytrox”, based in Northern Macedonia. “Meta”‘s report —which said it removed 300 Facebook and Instagram accounts the company used to engage and defraud targets— lists 10 countries where “Cytrox” has customers: These are Egypt, Armenia, Greece, Saudi Arabia, Oman, Colombia, Ivory Coast, Vietnam, the Philippines and Germany.
In total, the “Meta” report listed more than a dozen countries on six continents that used the monitoring services provided by the seven companies in the report. The victims were in more than 100 countries. The report included an example of the nearly 50,000 alerts that are due to start arriving on Thursday, saying:
“We believe that a sophisticated intruder could target your Facebook account. Be careful when accepting friendship requests and interacting with people you do not know.”
“Pegasus” and other “spyware” programs allow operators to remotely turn “smartphones” and computers into tracking devices capable of listening to and tracking users’ locations, as well as stealing photos, videos, contact lists and other files.
Advanced “spyware” can be installed without users knowing, or take any action, often via text message or chat app, and can then turn on cameras and microphones built into all “smartphones”.
The allegation that “Cytrox” was used by the Egyptian authorities is also supported by a separate report —also released Thursday— by the “Citizen Lab”, a research team at the University of Toronto that specializes in “spyware”. The team found that the “iPhone 12” of the Egyptian opposition MP Ayman Nour had been infected by both the “spyware Pegasus” of “NSO” and a similar one by “Cytrox”, named “Predator”, in the middle of June.
Source: Washington Post
(Συνολικές Επισκέψεις: / Total Visits: 5)
(Σημερινές Επισκέψεις: / Today's Visits: 1)