Meta, the company formerly known as Facebook, announced today that it had identified 50,000 Facebook accounts that had been attacked by at least seven companies engaged in spying-for-hire. This is a Hebrew report for Israeli readers. Among the companies was the Israeli Black Cube, which was implicated in the Rose McGowan case against Harvey Weinstein. Four other Israeli companies, Citrox, Cognyte, Bluehawk CI, and Cobwebs Technologies, were also named:
The surveillance companies named in the report all appeared to follow a similar playbook to target individuals including but not limited to journalists, dissidents and academics across Africa, Eastern Europe and South America. For instance, Meta removed 300 Facebook and Instagram accounts linked to Israeli-based Black Cube that operated as fictitious personas to set up calls with targets. The fictitious accounts would gather targets’ emails to later send phishing attacks.
I am honored to tell you that mine was one of the 50,000 accounts attacked by one of these companies. When I opened my Facebook app on my cell phone, a security warning popped up (see screenshot) warning me that someone had mounted a “sophisticated attack” on my account. It urged me to be on the alert and not to Friend anyone I didn’t know nor engage with anyone I didn’t know on Facebook.
There were a few odd things about the alert which concerned me. First, it asked me to click “OK” in order to review my Facebook security settings. But instead of opening them, it opened my Facebook home page. For some time, I was concerned that I had actually been phished by a one-click attack. But I consulted with a staff member at Access Now who told me about the Facebook announcement and indicated it was likely related to it.
Of course, there are many individuals, companies and groups which might have reason to attack my account. I have made a number of enemies and been threatened repeatedly. The client in this particular case may have hired Black Cube. In fact, one of my most intense and ongoing reporting has been on NSO Group. And we already know that Black Cube has engaged in spying on behalf of the cyber-malware company.
But I find it hard to understand what they would hope to find. I suppose discovering my password would potentially be of benefit. And if they had access to my account they could access my private messages. Perhaps they could also hack into the devices I use to access Facebook. But they would hardly reveal anything useful to them.
Since other accounts of mine including this site have been attacked by pro-Israel interests in the past, I’m conscious of security issues. My Facebook account uses as many of them as are available. So it would be difficult (though nothing is impossible in this particular game) but unlikely they could break in.
My one criticism of Facebook is that aside from the generic security alert, they told me nothing about the actual attack. They didn’t tell me which company is associated with it, how they tried to hack me, or when. I’ve approached Access Now’s security helpline in the hope they can offer me further forensic help.
Returning to Black Cube, apparently all Israeli companies engaged in cyber-predator activities read from the same playbook when caught red-handed. Because when Cyber scoop approached Black Cube about its ban, the company flat out denied that it engaged in any such hacking:
Black Cube does not undertake any phishing or hacking and does not operate in the cyber world,” the firm said in a email statement. “Black Cube is a litigation support firm which uses legal … methods to obtain information for litigations and arbitrations.”
The same MO as NSO Group, when faced with incontrovertible evidence that its clients used Pegasus to track, torture, arrest, and kill their victims/targets. Their operative response is always categorical denial. In the face of ironclad evidence of serial and repeated wrongdoing.
Now, I hope to bring this to the attention of members of Congress, who have been instrumental in bringing NSO to heel, with its blacklisting by the Commerce Department. We now need to add these seven companies to the list of those operating outside the bounds of permissible business practices. They must be punished and driven out of this especially nefarious commercial niche.
J. Hamburger says
Very good. Making a case of shared common interest out of your private experience. Thanks for that.,
Steve Brown says
Phones seem to be particularly vulnerable to attacks and harder to protect. I have a firewall + AV on my phone, yet neither seem as effective as on a desktop. And here we are being encouraged to use our phones for everything — including banking! Not good. Thanks again for your work.