Meta Platforms Inc. announced today that it has banned seven surveillance companies from its platforms for possibly targeting about 50,000 users.

In a report, Meta said those 50,000 users will soon receive warnings that surveillance-for-hire companies may have focused their “malicious activities” on them. These companies, Meta said, often create fake accounts and scrape information from targets, some of whom are journalists and activists.

“The global surveillance-for-hire industry targets people to collect intelligence, manipulate and compromise their devices and accounts across the internet,” said Meta. “While these ‘cyber mercenaries’ often claim that their services only target criminals and terrorists, our months-long investigation concluded that targeting is in fact indiscriminate and includes journalists, dissidents, critics of authoritarian regimes, families of opposition, and human rights activists.”

The investigation revealed that the platforms include Facebook, Instagram and WhatsApp, and the users who were targets of the companies lived in as many as 100 countries. “The surveillance industry is much bigger than just one company, and it’s much bigger than just malware-for-hire,” said Nathaniel Gleicher, head of security policy for Meta.

Meta said there are usually three kinds of attacks when people are targeted. The first one is “reconnaissance,” when a person is chosen by an entity and the cyber mercenary collects as much information as possible on that person — often hard-to-find personal data.

The second is “engagement,” which involves trying to befriend the person on social media after creating a fake identity. The third is “exploitation,” when hacking methods such as phishing are used to collect data from the victim. Meta said some companies specialize in all these methods, while others concentrate their efforts on one line of attack.

Meta named seven of the companies, listing one only as an “unknown” entity based in China. The six companies mentioned were Cobwebs Technologies, Cognyte, BellTroX, Cytrox, Black Cube and Bluehawk CI. They hail from Israel, China, India and North Macedonia.

“We will continue to investigate and enforce against anyone abusing our apps,” Meta said. “However, these cyber mercenaries work across many platforms and national boundaries. Their capabilities are used by both nation-states and private enterprises and effectively lower the barrier to entry for anyone willing to pay. For their targets, it is often impossible to know they are being surveilled across the internet.”

Photo: Dima Solomin/Unsplash