Around 50,000 Facebook users have been targeted by private surveillance companies, says Meta. It had alerted the users and provided granular details about the nature of targeting. This comes after Apple Inc filed a lawsuit against the Israeli firm NSO Group for providing governments and organizations across the world with Pegasus spyware to hack into iPhones.
David Agranovich, Director, Threat Disruption and Mike Dvilyanski, Head of Cyber Espionage Investigations, wrote a report titled ‘Taking Action Against the Surveillance-For-Hire Industry’ for Meta.
The report highlights the global surveillance-for-hire industry targeting people across the internet. This industry collects intelligence, manipulates users into revealing information and compromises their devices and accounts. “These companies are part of a sprawling industry that provides intrusive software tools and surveillance services indiscriminately to any customer,” its says. “This industry democratizes these threats, making them available to government and non-government groups that otherwise wouldn’t have these capabilities.”
The experts observed three phases of targeting activity – reconnaissance; engagement; and exploitation. Reconnaissance is the least visible to the targets, who are silently profiled by ‘cyber mercenaries’ on behalf of their clients. This is achieved through a software to automate data collection from across the internet. The engagement phase is most visible to targets and critical to spot to prevent compromise. This phase tries to establish contact with the targets or people close to them. In the third phase, that is exploitation, providers create phishing domains designed to trick people into giving away their credentials to sensitive accounts like email and social media etc.
The report believes that the threat can be tackled collectively, earlier in the surveillance chain. Doing so would help stop the harm before it gets to its final stage of compromising devices and accounts.
“The existence and proliferation of these services worldwide raise a number of important questions,” the experts said. They stated that for platforms like Facebook, there is no scalable way to discern the purpose or legitimacy of such targeting. “To support the work of law enforcement, we already have authorized channels where government agencies can submit lawful requests for information, rather than resorting to the surveillance-for-hire industry.”