In a report released Thursday, Facebook owner Meta Platforms Inc accused a half-dozen private monitoring companies of hacking or other crimes, alleging that they together targeted around 50,000 people across its platforms.
The company’s battle with the spy firms comes amid a broader push by American businesses, lawmakers, and President Joe Biden’s administration to blacklist providers of digital espionage services, including the Israeli spyware firm NSO Group, which was blacklisted earlier this month after weeks of revelations about how its technology was being used against civil society.
Meta has already filed a lawsuit against NSO in a US court. According to Reuters, Meta’s head of security policy Nathaniel Gleicher said the action on Thursday was aimed to show that “the surveillance-for-hire market is considerably bigger than one company.”
According to Meta’s report, it has suspended over 1,500 accounts across Facebook, Instagram, and WhatsApp, the majority of which are false. The entities, according to Meta, targeted people in over 100 countries. Meta did not provide a full explanation of how it found the monitoring corporations, but it runs some of the world’s largest social and communications networks and boasts about its capacity to identify and remove harmful actors from its platforms.
Israel’s Black Cube is one of them, having made a name for itself by deploying spies on behalf of Hollywood rapist Harvey Weinstein. “Likely for later phishing assaults,” Meta said the intelligence firm was using phantom personas to chat up its targets online and acquire their emails.
Black Cube said in a statement that it “does not engage in any phishing or hacking,” and that it regularly ensures that “all our agents’ activities are totally compatible with local laws.” BellTroX, an Indian cyber mercenary firm uncovered by Reuters and the internet watchdog Citizen Lab last year, an Israeli firm called Bluehawk CI, and a European firm called Cytrox – all of whom Meta accused of hacking – are among those mentioned by Meta.
Cognyte, which was spun off from security firm Verint Systems Inc in February, and Israeli firm Cobwebs Technologies were accused of using fake profiles to dupe people into revealing personal information rather than hacking.
Cognyte, Verint, and Bluehawk didn’t respond to requests for comment right away. Cobwebs spokesperson Meital Levi Tal said in an email that the company used open sources and that its products “are not intrusive in any way.”
Ivo Malinovski, who previously identified himself on LinkedIn as Cytrox’s chief executive, did not respond to messages sent to him. Since his company was exposed last year, Sumit Gupta, the founder of BellTroX, has not responded to Reuters’ messages. Prior to this, he had denied any wrongdoing.