While NSO Group was taking flak for hacking into the phones of journalists, activists and human rights defenders, an entire class of spyware makers and surveillance-for-hire outfits were operating as normal, largely unnoticed.
These private surveillance groups develop and deploy never-before-seen exploits that quietly hack into and steal the contents of a victim’s phone — call logs, text messages, emails, location data and more — often on behalf of authoritarian governments targeting their most vocal critics.
Now, following an investigation by researchers at Citizen Lab and Facebook’s new parent company, Meta, seven surveillance-for-hire groups have been banned from using the social media giant’s platforms to target other users.
Meta said Thursday that it has removed over 1,500 Facebook and Instagram accounts associated with the seven outfits, which the company said were used for reconnaissance, social engineering, and sending malicious links to thousands of victims in over 100 countries. Meta said it’s notified around 50,000 people it believes were targeted by the seven groups.
Although much of the recent focus of the surveillance industry has been on companies like NSO Group, both Citizen Lab and Meta warned that the wider surveillance-for-hire industry will continue to balloon if left unregulated. “It’s important to realize that NSO is only one piece of a much broader global cyber mercenary ecosystem,” according to a report of Meta’s investigation seen by TechCrunch before its publication.
One of the banned companies is Cytrox, a North Macedonia-based spyware maker. Meta said it found the company using a “vast” infrastructure of web domains mimicking legitimate news sites to target the iPhone and Android devices of its victims. Meta said it sent legal notices to Cytrox and blocked hundreds of domains associated with its infrastructure.
Meta was acting on findings by Citizen Lab, which also on Thursday released a forensic report into the hacking of phones belonging to two Egyptians living in exile — a former politician and the host of a popular news show who asked not to be named. Citizen Lab said the spyware that infected their phones in July 2021, dubbed Predator, was developed by Cytrox.
Citizen Lab first discovered the spyware on the iPhone belonging to Ayman Nour, an Egyptian politician and outspoken critic of the incumbent president, Abdel Fattah el-Sisi, who took over the country following a military coup in 2013. Nour, who lives in exile in Turkey, became suspicious when his phone was “running hot.” Citizen Lab found that Nour’s phone had been infected with Pegasus, the now-infamous spyware created by NSO Group. That led to the discovery that his phone had been …….