Facebook Blocks 7 Malware Purveyors, Deletes 100's Of Accounts, Notifies 50,000 Potential Hacking

As a result of our months-long investigation, we took action against seven different surveillance-for-hire entities to disrupt their ability to use their digital infrastructure to abuse social media platforms and enable surveillance of people across the internet," said Director of Threat Disruption David Agranovich and Head of Cyber Espionage Investigations Mike Dvilyanski.
"These surveillance providers are based in China, Israel, India, and North Macedonia. They targeted people in over 100 countries around the world on behalf of their clients."

The full report [PDF] from Meta lists the companies ejected in this surveillance-for-hire purge. And there's a common strain running through the list, one that's going to cause even more problems for a government already dealing with blowback for running interference for a company selling spy tools to a long list of human rights violators.

We removed about 200 accounts which were operated by Cobwebs [Technologies] and its customers worldwide. This firm was founded in Israel with offices in the United States and sells access to its platform that enables reconnaissance across the internet, including Facebook, Instagram, WhatsApp, Twitter, Flickr, public websites and “dark web” sites.
[...]
We removed about 100 accounts on Facebook and Instagram which were linked to Cognyte (formerly known as WebintPro) and its customers. This firm is based in Israel and sells access to its platform which enables managing fake accounts across social media platforms including Facebook, Instagram, Twitter, YouTube, and VKontakte (VK), and other websites to social-engineer people and collect data.
[...]
We removed about 300 Facebook and Instagram accounts linked to Black Cube, an Israeli-based firm with offices in the UK, Israel and Spain. It provides surveillance services that include social engineering and intelligence gathering.
[...]
We removed about 100 Facebook accounts linked to Bluehawk, a firm based in Israel with offices in the UK and the US. We collaborated on this investigation with The Daily Beast who had identified a subset of this activity leading us to uncover the full cluster and who’s behind it earlier this year.
[...]
We removed about 400 Facebook accounts, the vast majority of which were inactive for years, linked to BellTroX and used for reconnaissance, social engineering and to send malicious links. BellTroX is based in India and sells what’s known as “hacking for hire” services…
[...]
We removed about 300 accounts on Facebook and Instagram linked to Cytrox. This North Macedonian company develops exploits and sells surveillance tools and malware that enable its clients to compromise iOS and Android devices…
[...]
We removed about 100 Facebook and Instagram accounts linked to an unidentified entity in China responsible for developing surveillanceware for Android, iOS, Windows, and also Linux, Mac OS X, and Solaris operating systems. It also engaged in reconnaissance and social engineering activity before delivering malicious payload to its targets.

Four of the seven entities identified and blocked call Israel home. Cytrox also has links to Israel as both Citizen Lab and the Times of Israel have reported. Cytrox is now part of a spyware conglomerate that has been criminally charged for human rights violations.

Israel has a malware problem. And the government can't claim it was unaware of these companies and their selling of tools to authoritarians and human rights violators. The government was actively involved in brokering some of these deals.

We also alerted around 50,000 people who we believe were targeted by these malicious activities worldwide, using the alert system we launched in 2015. We recently updated it to provide people with more granular details about the types of targeting and the actor behind it so they can take steps to protect their accounts, depending on the phase of the surveillance attack chain we detect in each case.

That's a lot of disrupted surveillance efforts. State actors are paying good money for these exploits, and now they're facing more resistance than ever from the private sector being used to transport malware to targets. That's a lot of money and a lot of surveillance being undone. Governments buying exploits won't be happy but so what. There's no reason to assume that just because it's a government agency doing the targeting there's any legitimacy to the hacking efforts. This is the way it should be -- platforms and device makers protecting customers and users against hacking attempts, no matter the origin of the attacks. The world needs more of this because authoritarians and human rights abusers deserve to have their oppressive efforts thwarted.

https://www.techdirt.com/articles/20211219/10423048147/facebook-blocks-seven-malware-purveyors-deletes-hundreds-accounts-notifies-50000-potential-hacking-targets.shtml?fbclid=IwAR3DgoXQ4tfOmzySGEqAGWQ2kHhiPesGpuwJkmnsHHSWD-eRXsXoefSHD3g