Facebook's parent company Meta recently banned New Delhi-based company BellTroX, along with six other surveillance-for-hire firms, for social engineering, spying and sending malacious links to users.
"The global surveillance-for-hire industry targets people across the internet to collect intelligence, manipulate them into revealing information and compromise their devices and accounts," the company wrote in a report published on Thursday.
In the report, David Agranovich, Meta's Director, Threat Disruption and Mike Dvilyanski, Head of Cyber Espionage Investigations, wrote about how the company identified the seven entities working from around the world to target a wide range of individuals, from lawyers, journalists, activisits to casino owners and investors.
These surveillance firms, like NSO Group who owns the Pegasus spyware, claim to provide their services to target criminals and terrorists. Meta's report, however, concluded that their targets include " journalists, dissidents, critics of authoritarian regimes, families of opposition and human rights activists".
The company claims to have disabled these seven firms from functioning on Facebook and Instagram, and shared the findings of their investigations with security researchers, policymakers, and other platforms. It also mentioned having issued Cease and Desist warnings to the firms, while alerting those who they believe were targetted.
Who Is BellTrox?
One of the names to appear in the list of the seven banned firms was BellTroX - a New Delhi-based firm.
Last year, University of Toronto's internet watchdog group Citizen Lab did an exposé on the firm, accusing it of running "one of the largest spy-for-hire operations ever exposed".
Run by an individual named Sumit Gupta, the firm described itself on its now-defunct website as a transcription and digital dictation provider for numerous "hospitals, clinics, expert witnesses, independent practitioners and commercial organisations".
Reuters interviewed three former employees, outside researchers, and followed trail of online evidence, to find that BellTroX had offered hacking services spy on more than 10,000 email accounts over seven years.
The targets include a wide range of indivuduals and entities - European government officials, gambling tycoons in the Bahamas, judges in South Africa, politicians in Mexico, lawyers in France, environmental groups in the United States, and well-known US investors, along with private equity firm KKR, and short seller Muddy Waters.
Following the exposé, the company took down it's website.
"BellTroX operated fake accounts to impersonate a politician and pose as journalists and environmental activists in an attempt to social-engineer its targets to solicit information including their email addresses, likely for phishing attacks at a later stage," read Meta's threat report.
Meta claims to have removed about 400 Facebook accounts linked to BellTrox, most of which were inactive for years.
It also mentioned that BellTroX's activities were paused after 2019, but "re-started in 2021 with a small number of accounts impersonating journalists and media personalities to send phishing links and solicit the targets' email addresses".
BOOM sent several emails to the the addresses provided by BellTroX - but none of them were found to be active. Our attempts at contacting them through telephone calls were also unsuccessful.
Also Read: Did Jamie Oliver Prove McDonald's Food As Unfit For Human Consumption?
Who Else Were Banned By Meta?
The other entities banned by Meta were Israel-based Cobwebs Technologies, Norway-based Cognyte, Israel-based Black Cube, North Macedonia-based Cytrox, Israel-based Bluehawk CI, and an unknown entity in China.
Meta, in it's report, mentioned three phases of targetting activities by these entities, that are part of it's surveillance chain - reconnaissance, engagement and exploitation.
The surveillance-for-hire firms banned by the company are involved in one or more phases of this surveillance chain, the company's report said.
The report recommended greater transparency and oversight, industry collaboration, and governance and ethics as the principles of deterrence of such surveillance methods.
"Protecting people against cyber mercenaries operating across many platforms and national boundaries requires a collective effort from platforms, policymakers and civil society to counter the underlying market and its incentive structure. We believe a public discussion about the use of surveillance-for-hire technology is urgently needed to deter the abuse of these capabilities both among those who sell them and those who buy them," read the Meta report.