Spy Software: Meta (Facebook) Warns 50,000 People Against Government Surveillance

Meta also warns when Facebook or Instagram accounts are attacked by state spies or people are being spied on. But how much responsibility do companies have?

In the past hours and days, 50,000 people in more than 100 countries around the world have received news that they have become the victims of government surveillance attempts. 

The Latest Update

Meta, the company to which Facebook and Instagram belong, is currently warning its users when secret services or police authorities try to spy on their accounts and thus their mobile devices. Apple recently did the same and notified iPhone customers around the world of espionage attempts. However, unlike Meta, Apple didn't publish any numbers on how many people were affected.

On another point, too, Facebook goes a considerable step further. In a 17-page report on the "job surveillance industry," the company explicitly mentions the NSO Group, which sells the criticized Pegasus spy software . The names of six other companies that help government agencies with espionage are also mentioned. Meta wants to prevent the activities of the named companies in its networks in the future.

The report also lists the addresses of several hundred Internet sites that were used in surveillance attempts to distribute espionage programs. 

Log4j Vulnerability

And he names the customers of these companies, the countries that use such secret surveillance programs as far as Meta knows. 

Abuse of "Pegasus" exposed

The background to this is the affair surrounding the Israeli company NSO and its espionage software Pegasus. The program can be smuggled into cell phones around the world without the owner being aware of it. Once installed, it collects every information and every communication that takes place on the mobile phone, thus turning the device into a tracking bug that is active at all times. There is hardly any resistance to this, as those affected do not notice it. Only states are allowed to buy Pegasus, and the secret services and police authorities of many statesuse the surveillance system. Officially, the espionage program only serves to find terrorists and criminals.

However, a consortium of international media and journalists, was able to prove that Pegasus is being abused by many countries such as Morocco or Hungary to monitor political opponents, human rights activists, journalists and activists. The basis of the research was a list of 50,000 cell phone numbers of potential destinations around the world. The Pegasus project was able to uncover hundreds of such cases of abuse in collaboration with the human rights organization Amnesty International and the research group Forbidden Stories. In France, for example, this led to a state affair; ministers were also spied on there with Pegasus.

The Target Of Pegasus Espionage

As a result, several large technology companies announced that they would do something against this form of espionage. Amazon had banned NSO from using its cloud services, Microsoft publicly criticized it and Apple warned its customers. This is now also followed by Meta, although it is not the first time that the group has taken action against NSO. At that time under the name Facebook, a lawsuit against NSO had been filed in the USA in 2019. The spy company misused the Facebook messenger platform WhatsApp to infect users, according to the allegation. At that time, there were 1,400 victims who Facebook had identified in its systems.

Surveillance industry

The threat report that has now been published not only directed against NSO, because the company is not alone in the market. It is just the best-known part of what has long been a much larger industry. According to Meta, "action was taken against seven different providers of surveillance services in order to prevent them from using their digital infrastructure to abuse social media platforms and to enable people to be monitored on the Internet." These are the companies Cobwebs Technologies, Cognyte, Black Cube and Bluehawk CI from Israel, BellTroX from India and Cytrox from North Macedonia. In addition, a supplier from China who is not known by name is also mentioned.

A total of 1,500 accounts from all these monitoring providers were discovered and deactivated in their own systems and platforms. In addition, the approximately 50,000 affected by the surveillance by these companies were informed. These include doctors, activists, lawyers, journalists, politicians, dissidents, employees of various non-governmental organizations and members of ethnic minorities.

The Target Of Pegasus Espionage

Meta supports law enforcement officers through a variety of channels through which they can make legitimate requests for information, the report said. "Using the surveillance industry, which is indiscriminately selling these services to anyone willing to pay for them," is the wrong approach. After all, they also include malicious actors.

Who is monitoring the supervisors?

Behind this, however, lies a hitherto unresolved ethical question: How much responsibility do private companies like NSO have for the consequences of state surveillance? The authors of the Meta Threat Report call the company a "cyber mercenary" and write about a worldwide "contract surveillance industry" that gathers information about people and infects their devices. It is not just about NSO, but about a global ecosystem of such rental hackers.

These companies would always claim that their services are only directed against criminals and terrorists, write the three authors. "But our month-long investigation concluded that they were in fact indiscriminately targeting journalists, dissidents, critics of authoritarian regimes, families of oppositionists and human rights activists." With which the report also confirms the research of the Pegasus project. With the report, Facebook not only wants to pay more attention to the problem, but also calls on other companies to act.

At the same time, the question arises for Meta, Apple, Amazon and others how much responsibility they have. Because with their warnings to those affected, they expose state surveillance measures, which can also be justified. The companies actually have to examine the individual cases and decide whether the respective surveillance measure is lawful or not - which means that they also take on tasks that are reserved for democratic courts and investigative authorities. Meta writes that corresponding tests were carried out during his research. According to what criteria? That goes unmentioned.

But it is not only companies like NSO, Apple or Meta that can solve this question - a point that the authors also point out. Quote: The aim is to contribute to a better understanding of the damage that this industry is causing worldwide. And they want to call on the democratic governments worldwide to "take further steps to protect the people and to control the providers of these ubiquitous espionage programs".

The Target Of Pegasus Espionage

However, many countries have a great interest in secret surveillance. For example, although NSO has been controversial for years and there has been loud criticism of its product, both the Federal Criminal Police Office and the Federal Intelligence Service have bought it and are using it.

If you have received such a warning from Facebook and want to report it to us, you can contact us here via our anonymous mailbox or write an email to the author. 

Do You Know What We Have Posted on

Twitter Facebook Instagram Reddit tumblr

Post a Comment