Meta boots hired threat actors allegedly spying on Aussie users

By on
Meta boots hired threat actors allegedly spying on Aussie users

New Zealand also named as a customer of 'webint' surveillance firm.

Meta Platforms, the company formed out of Facebook and organisations owned by it, says it has "disabled" accounts for entities that it alleges surveilled people across the internet, with Australians targeted with phishing attacks.

Seven firms, including an Indian "hacking for hire" service provider, BellTroX, were accused by Meta. Delhi-based BellTroX is said to have targeted Australians this year.

The Indian company allegedly repeated its prior tactics used against Citizen Lab and Reuters by setting up a small number of accounts impersonating journalists and media personalities.

This was followed up with phishing attacks and solicitation of email addresses against lawyers, doctors, activists and members of the clergy in Australia, and also Angola, Saudi Arabia and Iceland.

Meta did not say who it believed BellTroX was spying for.

Several Israeli firms, including Cobwebs Technologies which brands itself as "AI-powered WEBINT for law enforcement, national security, corporate security, and financial services" were also named by Meta.

Cobwebs has customers in New Zealand, as well as many other countries such Bangladesh, the United States, Saudi Arabia, Mexico, and Poland, Meta said.

Meta did not say what New Zealand hired Cobwebs specifically to do, but said the Israeli company's customers engaged in social engineering to join closed communities and forums to trick people into revealing personal information.

The company is alleged to have targeted users for law enforcement activities, but also to have spied on activists and opposition politicians in Hong Kong and Mexico.

Other Israeli firms named by Meta include Cognyte, Black Cube and Blue Hawk CI.

In its report [pdf], Meta made it clear that the surveiillance entities' claims that they were only chasing criminals and terrorists on the social network is false.

"While cyber mercenaries often claim that their services and surveillanceware are intended to focus on criminals and terrorists, our investigation found they in fact regularly targeted journalists, dissidents, critics of authoritarian regimes, families of opposition and human rights activists around the world," the report writers said.

An unknown Chinese entity that develops surveillance-ware for Google Android, Apple iOS, Linux, macOS and Oracle Solaris engaged in reconnaissance and social engineering, before delivering malicious payloads to targets.

Meta's investigation suggests domestic law enforcement are using the unknown Chinese entity, targeting minority groups throughout the Asia Pacific.

The group's malware framework was developed along with facial recognition software developed by a Beijing-based company.

"At the time of our investigation, access to this framework required not only a username and password but also a SafeNet SuperDog physical hardware key, likely to make sure that only authorised customers who were given the key could use it," Meta said.

Across the board, all entities identified by Meta had some 1400 accounts between them closed.

Account closures notwithstanding, Meta expects the entities to be persistent and to evolve their surveillance tactics on social networks and the internet.

Facebook set up an alert system in 2015, and said it was used to warn around 50,000 users of the seven now-banned entities spying on them.

Meta stated it has processes in places for handling law enforcement requests, and labelled the activities of "cyber mercenaries" as an abusive threat.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?