Facebook has alerted around 50,000 people who the company believes were targeted by “cyber mercenaries” – private companies often hired by authoritarian states to spy on individuals.
The victims included “journalists, dissidents, critics of authoritarian regimes, [and] families of opposition and human rights activists” the company warned in a threat report published on Thursday.
The mercenaries targeting these individuals were similar to NSO Group, the Israeli spyware firm recently sanctioned by the US government, but Meta said: “NSO is only one piece of a much broader global cyber mercenary industry.”
Alongside the alerts sent to victims, Meta said it had disabled seven entities that had been targeted people in over 100 countries as well as issued cease and desist letters.
The seven surveillance-for-hire groups are based in China, Israel, India and North Macedonia the company said, from where they “indiscriminately” targeted people in over 100 countries.
Meta said these organisations violated multiple community standards and terms of service rules and have been permanently banned.
Sky News did not immediately receive a response from the companies which Meta named.
“The existence and proliferation of these services worldwide raises a number of important questions,” wrote David Agranovich and Mile Dvilyanski, senior cyber security specialists at the firm with backgrounds working for the US government.
“While these cyber mercenaries often claim that their services and surveillanceware are meant to focus only on criminals and terrorists, our own investigation, independent researchers, our industry peers and governments have demonstrated that targeting is indeed indiscriminate.”
It follows the words of the head of the UK National Cyber Security Centre, Lindy Cameron, who earlier this year issued a warning about “the commercial market for sophisticated cyber exploitation products”.
“Those with lower capabilities are able to simply purchase techniques and tradecraft – and obviously these unregulated products can easily be put to use by those who don’t have a history of responsible use of these techniques.
“We need to avoid a marketplace for vulnerabilities and exploits developing that makes us all less safe,” Ms Cameron added.
Meta – which first sued NSO Group over a WhatsApp hack – said it was encouraged to see Microsoft and Apple, as well as the US Government, “begin to draw attention to this threat and take action against it”.
“For our collective response against abuse to be effective, it is imperative for technology platforms, civil society and democratic governments to raise the costs on this global industry and disincentivise these abusive surveillance-for-hire services.
“Our hope with this threat report is to contribute to this global effort and help shine the light on this industry,” the statement added.