BellTroX, a Delhi-based company, was among the seven entities cited in the report. The report also mentioned Cobwebs Technologies, founded in Israeli, and also three other Israeli based companies, Cognyte, Black Cube, and Bluehawk CI, as well as a North Macedonian company called Cytrox and an unknown Chinese entity.
According to a new threat report released by Meta (formerly Facebook) on surveillance for hire industry, the company deactivated seven entities from countries such as India, Israel, and China that targeted people across the internet in over a 100 countries. Meta stated that it shared its findings with security researchers, other platforms, and policymakers, issued cease-and-desist warnings, and alerted people it thought were being targeted to help them secure their accounts.
BellTroX, a Delhi-based company, was among the seven entities cited in the report. The report also mentioned Cobwebs Technologies, founded in Israeli, and also three other Israeli based companies, Cognyte, Black Cube, and Bluehawk CI, as well as a North Macedonian company called Cytrox and an unknown Chinese entity.
In an interview, Nathaniel Gleicher, Meta’s head of security policy and one of the co-authors of the report, said in an interaction that meta provided notices to almost 50,000 people in over a 100 countries who it believes were targeted by one or more of these companies. He stated that the team would not have a breakdown of people who were targeted by country.
He added “When we talk about the people who were targeted, we are seeing journalists, political figures, election officials, human rights activists, celebrities, and then we are seeing ordinary people such as anyone who might be party to a lawsuit. We are seeing this very wide targeting across society,”
Three phases of targeting activity by the commercial players that make up their surveillance chain was observed by the team. The first is reconnaissance, which involves silent profiling and is the least visible to the targets; the second is engagement, which involves making contact with the targets or people close to them and tricking them into clicking links and downloading files; and the third is exploitation, also known as hacking for hire.
While some of these entities specialise in one step of surveillance, others like BellTrox, Bluehawk CI, and Black Cube supported the entire chain from start to finish, according to the report.
The report disclosed that, Meta removed about 400 Facebook accounts linked to BellTroX that were used for reconnaissance, social engineering, and sending malicious links, the vast majority of which had been inactive for years.
The report stated “BellTroX is based in India and sells what’s known as hacking for hire services, which were reported on by researchers at the Citizen Lab and Reuters. Its activity on our platform was limited and sporadic between 2013 to 2019, after which it paused,”
It added “BellTroX operated fake accounts to impersonate a politician and pose as journalists and environmental activists in an attempt to social-engineer its targets to solicit information including their email addresses, likely for phishing attacks at a later stage,”