These companies work for governments, companies or private clients to track, manipulate and/or hack devices and accounts online. According to Facebook’s parent company Meta, these companies are not very careful about choosing their customers and making their tools and services available to the highest bidder. These cyber mercenaries don’t seem to care who their targets are or what the consequences of their investigation are.
Cyber mercenaries around the world
The seven companies come from Israel, India, North Macedonia and China. But it seems that even more companies are active. Facebook has taken action against the following companies:
|BUSINESS||NUMBER OF ACCOUNTS DELETED|
|Cobweb Technologies (Israel)||200|
|Black Cube (Israel)||300|
|Cytrox (North Macedonia)||300|
|Unknown entity (China)||100|
According to the research, the companies used Facebook as part of the so-called Surveillance Chain , which consists of three phases: Research ( Reconnaissance ), Approach ( Engagement ) and Exploitation ( Exploitation ). The companies and their services are focused on one, more or all parts of the process.
Working method Cyberspies
In the first phase, investigation, the digital mercenaries use automated processes to collect data about the victim from all corners of the internet. For example, they create fake profiles on Facebook. They use this to map the victim’s network. For example, they join the same Facebook groups and follow the victim’s accounts, likes and pages.
In the second phase, approach, they actually make contact with the victim and their environment. The purpose of this is to build trust, extract even more information and get them to click on infected links or attachments.
This process employs many of the social engineering tactics that we see in cyber criminals and scammers. They build different fake personas with their own background, story and accounts. They eventually use social media, chat, e-mail and text messages to contact the victim. These personas and the story around them are often well substantiated. As a result, with little research, a victim cannot simply see that the person does not actually exist.
In the final stage, exploitation, the organizations actually turn to phishing, hacking and other techniques to penetrate a victim’s accounts and devices. To do this, they use malware, spoofing and other sophisticated attacks. This gives them access to all files and data, as well as passwords, address books and the geolocation of the devices. With access to the victim’s microphone, camera and chats, it is possible to follow someone closely.
Surveillance on demand
Meta, therefore, calls for more cooperation against this kind of abuse. They argue for a greater role from governments to monitor more closely. They are also going public with the research to make people aware of the existence of these kinds of NSO-like companies. These types of companies make it affordable for small-scale malicious parties to conduct advanced surveillance campaigns, where this was previously only possible for governments and the largest organizations.
Catch up on more articles here
Follow us on Twitter here