Tech Insight : What Is ‘Surveillance for Hire’?

Written by Pronetic

Pronetic is a leading provider of core IT support for ISO 27001, Cyber Essentials and Cyber Essentials Plus compliance.

December 21, 2021

After Meta (Facebook) recently reported alerting 50,000 people that it believed were being targeted by “surveillance-for-hire” entities, we take a look are who these entities are and what they do.

Meta’s Report

Following months of investigation, Meta recently informed 50,000 people that they were being targeted by seven “surveillance-for-hire” entities / “cyber mercenaries” who were targeting people in over 100 countries on behalf of their clients. It has been reported that Meta has issued cease-and-desist warnings against six of the seven entities it identified. The seventh is known to be in China but couldn’t be identified.

What Does “Surveillance-For-Hire” Mean?

The surveillance-for-hire industry consists of companies that use a combination of social engineering and technology to monitor and gather information about (and sometimes from) individuals for their clients. In the case of Meta’s investigation, these companies are described as entities that use “intrusive software tools and surveillance services indiscriminately to any customer — regardless of who they target, or the human rights abuses they might enable”. Surveillance-for-hire companies claim to use their surveillance services to tackle criminals and terrorists but, offer their services to many government and non-government groups that otherwise wouldn’t have these capabilities as well as private individuals, law firms, businesses, politicians and even law enforcement agencies. Meta’s investigation also claims that these surveillance companies also target journalists, dissidents, critics of authoritarian regimes, families of opposition and human rights activists.

Examples

Examples of surveillance-for-hire companies/cyber mercenaries include:

– Black Cube. Although it recently described itself as simply a “litigation support firm”, it is one of the companies identified recently by Meta. Black Cube was formed by former Israeli intelligence agency Mossad veterans. Meta suggested that Black Cube used fictitious personas to contact targets and obtain email addresses for phishing attacks (which Black Cube denies). Black Cube has previously made the news following reports by the New Yorker in 2017 that it was used by Harvey Weinstein to surveil reporters covering allegations about his assaults.

– NSO. Meta identified this company as being behind Pegasus spyware (software used to enable surveillance) that it sued in 2019 (and Apple has also sued).

– Cognyte. Based in Israel, Meta says that Cognyte sells access to its platform which enables managing fake accounts across social media platforms including Facebook, Instagram, Twitter, YouTube, and VKontakte (VK), and other websites to social-engineer people and collect data.

– Bluehawk CI. Based in Israel with offices in the UK and the US, Meta says that Bluehawk sells a range of surveillance-for-hire activities including social engineering, gathering of litigation-related intelligence about people, and managing fake accounts to trick them into installing malware. Meta alleges that the fake accounts pose as journalists working for media organizations like La Stampa (Italy) and Fox News (US) to trick targets into giving an on-camera interview.

– Cobwebs Technologies. Founded in Israel with offices in the United States, Meta says that Cobwebs Technologies sells access to its platform that enables reconnaissance across the internet, including Facebook, Instagram, WhatsApp, Twitter, Flickr, public websites and “dark web” sites. Meta also claims that the accounts used by Cobwebs customers also engage in social engineering to join closed communities and forums and trick people into revealing personal information.

Issues

Some of the issues raised by Meta’s recent investigation that has shone a light on the entities in the surveillance-for-hire industry include:

– Their services are indiscriminately sold to anyone willing to pay, including known bad actors.

– They work across many platforms and national boundaries.

– Their capabilities are used by both nation-states and private enterprises. This means that they lower the barrier to entry for anyone willing to pay.

– It is often impossible for targets to know they are being surveilled across the internet.

What Does This Mean For Your Business?

The scale of this industry identified in Meta’s report indicates that this dark surveillance is widespread. The fact that there are many different companies who sell their services indiscriminately operating in secrecy means that it is hard to trace activity back to the client. Also, with these entities working across multiple platforms and national boundaries, a collective effort from platforms, policymakers, and civil society, as well public discussion about the use of surveillance-for-hire technology, greater transparency and oversight are now needed to help protect people. Also, as suggested by Meta, industry collaboration as well as more governance and regulator-led conversations about the ethics of these companies could help top protect their targets.

You May Also Like…

0 Comments

Why Choose Pronetic

We Are ISO 27001 & Cyber Essentials Plus Certified

Be reassured that we have been externally audited. You can have complete peace of mind that the team managing your IT systems and safeguarding your data are independently vetted annually.

Seamless & Comprehensive IT Support

Our investment in people, tools and processes, continuously improved, ensures that we don’t just deliver exceptional I.T. support but include your compliance to Cyber Essentials or ISO 27001 “baked-in”. Yes, that means no more annual headaches and stress when your certification comes round.

Expert Support Money Back Guarantee

We're confident in the value we deliver. That's why we offer a 90-day, no-quibble money-back guarantee. If, for any reason, you're not completely satisfied with our IT support services, we'll provide a full refund and cancel your contract without any hassle.

Book Your Free IT Strategy Call Now!

Simply Fill In The Form Below To Receive Your Free IT Strategy Call:

By submitting this form, you consent to us using your personal information to contact you. For more information please see our privacy policy.