- The global surveillance-for-hire industry targets people to collect intelligence, manipulate and compromise their devices and accounts across the internet.
- While these “cyber mercenaries” often claim that their services only target criminals and terrorists, our months-long investigation concluded that targeting is in fact indiscriminate and includes journalists, dissidents, critics of authoritarian regimes, families of opposition and human rights activists.
- We disabled seven entities who targeted people across the internet in over 100 countries; shared our findings with security researchers, other platforms and policymakers; issued Cease and Desist warnings; and also alerted people who we believe were targeted to help them strengthen the security of their accounts.
Recently, there has been an increased focus on NSO, the company behind the Pegasus spyware (software used to enable surveillance) that we enforced against and sued in 2019. However, NSO is only one piece of a much broader global cyber mercenary industry. Today, as part of a separate effort, we are sharing our findings about seven entities that we removed from our platform for engaging in surveillance activity and we will continue to take action against others as we find them.
What Is Surveillance-For-Hire?
The global surveillance-for-hire industry targets people across the internet to collect intelligence, manipulate them into revealing information and compromise their devices and accounts. These companies are part of a sprawling industry that provides intrusive software tools and surveillance services indiscriminately to any customer — regardless of who they target or the human rights abuses they might enable. This industry “democratizes” these threats, making them available to government and non-government groups that otherwise wouldn’t have these capabilities.
We observed three phases of targeting activity by these commercial players that make up their “surveillance chain”: Reconnaissance, Engagement and Exploitation. Each phase informs the next. While some of these entities specialize in one particular stage of surveillance, others support the entire attack chain.
- Reconnaissance: This stage is typically the least visible to the targets, who are silently profiled by cyber mercenaries on behalf of their clients, often using software to automate data collection from across the internet. These providers pull information from all available online records such as blogs, social media, knowledge management platforms like Wikipedia and Wikidata, news media, forums and “dark web” sites.
- Engagement: This phase is typically the most visible to its targets and critical to spot to prevent compromise. It is aimed at establishing contact with the targets or people close to them in an effort to build trust, solicit information and trick them into clicking on malicious links or files.
- Exploitation: The final stage manifests as what’s commonly known as “hacking for hire.” Providers may create phishing domains designed to trick people into giving away their credentials to sensitive accounts like email, social media, financial services, and corporate networks or click on malicious links to compromise people’s devices.
Although public debate has mainly focused on the exploitation phase, it’s critical to disrupt the entire lifecycle of the attack because the earlier stages enable the later ones. If we can collectively tackle this threat earlier in the surveillance chain, it would help stop the harm before it gets to its final, most serious stage of compromising people’s devices and accounts. See more details on these stages of surveillance attacks in the Threat Report.
Our Enforcement Actions
As a result of our months-long investigation, we took action against seven different surveillance-for-hire entities. They provided services across all three phases of the surveillance chain to indiscriminately target people in over 100 countries on behalf of their clients. These providers are based in China, Israel, India, and North Macedonia. See a full list of entities we took down in the Threat Report.
The “surveillance-for-hire” entities we removed violated multiple Community Standards and Terms of Service. Given the severity of their violations, we have banned them from our services. To help disrupt these activities, we blocked related internet infrastructure and issued Cease and Desist letters, putting them on notice that their targeting of people has no place on our platform. We also shared our findings with security researchers, other platforms, and policymakers so they can take appropriate action.
We alerted around 50,000 people who we believe were targeted by these malicious activities worldwide, using the system we launched in 2015. We recently updated it to provide people with more granular details about the nature of targeting we detect, in line with the surveillance chain phases framework we shared above.
Broader Response to Abuse by Surveillance-For-Hire Groups
The existence and proliferation of these services worldwide raises a number of important questions. While cyber mercenaries often claim that their services and surveillanceware are meant to focus only on criminals and terrorists, our own investigation, independent researchers, our industry peers and governments have demonstrated that targeting is indeed indiscriminate and includes journalists, dissidents, critics of authoritarian regimes, families of opposition and human rights activists. In fact, for platforms like ours, there is no scalable way to discern the purpose or legitimacy of such targeting. This is why we focus on enforcing against this behavior, regardless of who’s behind it or who the target might be.
To support the work of law enforcement, we already have authorized channels where government agencies can submit lawful requests for information, rather than resorting to the surveillance-for-hire industry. These channels are designed to safeguard due process and we report the number and the origin of these requests publicly.
Protecting people against cyber mercenaries operating across many platforms and national boundaries requires a collective effort from platforms, policymakers and civil society to counter the underlying market and its incentive structure. We believe a public discussion about the use of surveillance-for-hire technology is urgently needed to deter the abuse of these capabilities both among those who sell them and those who buy them, anchored in the following principles:
- Greater transparency and oversight: There is a need for a robust international oversight that establishes transparency and “know your customer” standards for this market and holds surveillance-for-hire entities to these norms.
- Industry collaboration: Surveillance efforts manifest differently on various tech platforms, making industry collaboration critical if we want to fully understand and mitigate adversarial surveillance efforts.
- Governance and ethics: We welcome domestic and international efforts to raise accountability through legislation, export controls and regulatory actions. We also encourage broader conversations about the ethics of using these surveillance technologies by law enforcement and private companies, as well as creating effective victim protection regimes.
We’re encouraged to see our peers and governments begin to draw attention to this threat and take action against it. For our collective response against abuse to be effective, it is imperative for technology platforms, civil society and democratic governments to raise the costs on this global industry and disincentivize these abusive surveillance-for-hire services. Our hope with this threat report is to contribute to this global effort and help shine the light on this industry.
See the full Threat Report for more information about our findings and recommendations.
Customers share their stories on migrating to Dynamics 365
At some point, we’ve all experienced regret over not doing something. Opportunity passes us due to our over analysis, indecision, and uncertainty. Even though we’ve all done this, we rarely seek the advice of others, thinking our situation is somehow unique or different. This rationale is common among the on-premises organizations we speak to. They…
At some point, we’ve all experienced regret over not doing something.
Opportunity passes us due to our over analysis, indecision, and uncertainty. Even though we’ve all done this, we rarely seek the advice of others, thinking our situation is somehow unique or different.
This rationale is common among the on-premises organizations we speak to. They understand the benefits for moving to the cloud but chose to focus on all the reasons not to—aging infrastructure, manual processes, and siloed data notwithstanding.
Hearing how others are approaching this critical technological evolution can be invaluable. Not to mention relatable. Here are a few customer stories we’ve collected; perhaps you might recognize yourself or the circumstances?
A small company with sizeable goals
Sonee Sports, is a small 28-year-old, family-run retail chain in the Maldives. The company moved its Microsoft Dynamics AX to Dynamics 365 in the cloud to streamline its resource planning, point of sale, and relationship management activities. Sonee Sports has grown from a single desk in a hardware store to 10 stores across the Maldives however, this growth didn’t come without challenges, particularly when it came to technology.
Maumoon Abdullah, Sonee Sports’s co-founder, has long advocated for using technology to understand, retain, and engage new customers. “In 2016, we had a customer churn rate of 10 percent—not good. We knew that technology was key to keeping our business afloat,” Abdullah said. However, their previous enterprise resource planning (ERP) took hours to generate reports, the data was inaccurate, so decision makers stopped using it. In time, Sonee Sports realized it had to move its entire business to the cloud.
With help from Mumbai-based CloudFronts, a Microsoft Partner Network partner, Sonee Sports upgraded to Microsoft Dynamics 365, deployed Microsoft Power BI for analytics, and rolled out a cloud-based e-commerce system. “We needed an all-around ERP system that was reliable, easy to use, and mobile-friendly and that offered a host of options for accessing information. Dynamics 365 Retail fits these criteria very well.” Abdullah says.
With this setup, Sonee Sports has cut its IT maintenance costs by 38 percent and improved customer retention by over 8 percent.
“With Dynamics 365, we finally have the data we need to understand our customers.” Abdullah says. “The value of this is priceless.”
Read more about Sonee Sport’s migration to Dynamics 365.
A growing city with changing needs
It can be easy to forget that cities are a lot like corporations—they provide services to their “customers,” often relying on technology to deliver the goods.
Bristol is a diverse city in southwest England, with more than 90 languages spoken and a population of just over 463,000. Bristol City Council is the unitary authority and is responsible for a wide range of services including taxation, waste management, education, etc. Like many struggling municipalities, Bristol City Council felt it could no longer rely on its IT system to meet day-to-day demands of the city. Its systems weren’t agile or mobile-friendly and lacked a unified platform to support collaboration or leverage data insights.
“The council was historically, deeply dissatisfied with its IT systems and processes.” says Simon Oliver, Director of Digital Transformation at Bristol City Council.
Bristol City Council realized the only way forward was to modernize its Dynamics CRM 2016 instance to Dynamics 365, which would improve efficiency and collaboration. Moving, however, was a significant undertaking, involving migrating 54 workloads and orchestrating nearly 500 ecosystem partners, and staff.
Built on Microsoft Azure, with Microsoft Power Platform and Office 365, Bristol City Council deployed Dynamics 365 alongside toolsets to increase productivity. “Working with Microsoft has given us an opportunity to look at our entire approach to delivering IT services, to reshape our way of thinking and the culture of the IT department,” explains Oliver.
Read more about the Bristol City Council transformation.
An industry leader looking to drive purpose
Peet Limited, a leader in Australia’s property industry, believes in helping people gain peace of mind through property ownership. And their commitment to IT innovation has enabled them to remain competitive through market disruptions.
As part of its ongoing mission to offer quality service, the company partnered with Microsoft to upgrade its IT systems and move critical line-of-business applications to the cloud. Justyn Bridge, IT Manager at Peet Limited, explained, “Microsoft 365 is a complete, intelligent solution…it empowers Peet employees to be creative and work together.” Peet Limited had confidence in Microsoft because the organization was already using both Dynamics CRM and Dynamics AX, for its customer relationship management (CRM) and ERP, respectively.
Peet Limited designed its cloud strategy around security with the goal of end-to-end protection in mind; for them, security promoted value. Bridge explains that one of the best benefits of using Microsoft 365 is having a “single pane of glass” to view Peet Limited’s security landscape. Using Microsoft’s Advanced Threat Analytics, Peet Limited had a succinct, real-time view of an attack timeline with the ability to analyze and identify normal versus suspicious user or device behavior.
Considering the project, Bridge notes, “We sought better end-to-end protection, and Microsoft 365 gave us that. Our business has gained security in both protection and mindset.”
Read more about Peet Limited’s story.
When you’re ready to migrate, Microsoft is here to help
We all have stories that define us. Organizations are no different. Whether you’re looking to grow your footprint, improve services, or modernize your underlying technology, the Microsoft Cloud can meet your changing needs. While migrating to the cloud should be a business priority, the experiences above illustrate the importance of planning. When you’re ready to migrate your on-premises solution to the cloud, Microsoft is here to support your journey.
Learn from the other Dynamics AX and Dynamics CRM migration stories in our library. Visit the Dynamics 365 Migration Community to access partner discovery resources and other assets to help you migrate with confidence.
Facebook: Our Largest Ever Climate Survey Can Inform Policies, Research and Campaigns Around the World
Today, Meta and researchers at Yale University are publishing the results of our biggest ever global survey about public views towards climate change. In March and April this year, a sample of more than 100,000 Facebook users from nearly 200 countries and territories were asked about their knowledge of, and attitudes and behavior towards, climate change…
Today, Meta and researchers at Yale University are publishing the results of our biggest ever global survey about public views towards climate change. In March and April this year, a sample of more than 100,000 Facebook users from nearly 200 countries and territories were asked about their knowledge of, and attitudes and behavior towards, climate change issues and what should be done to address them. The results paint a picture of deep concern around the world and the desire of a significant majority of people to see governments and others take meaningful action.
The survey is a collaboration between Meta and the Yale Program on Climate Change Communication, as part of Meta’s Data for Good program. It is hoped its findings can be used to inform policy decisions and priorities for governments, especially in many countries where surveys of this sort have not taken place before. The findings should also be valuable for researchers around the world, as well as a resource to inform public information or awareness raising campaigns by activists and NGOs, and help journalists with nationally-relevant data. For example, the Social Progress Imperative is using data from this survey to develop a new Climate Perception Index, which will serve as a tool to better understand the societal implications of climate change and will provide insights for policy makers on where to focus most in order to deliver tangible societal outcomes to their citizens.
The survey found:
- The majority of people in nearly all countries surveyed say they are somewhat or very worried about climate change, including more than 9 in 10 respondents in many countries in Central and South America. In almost every country, majorities saw climate change as a threat to their country or territory over the next two decades.
- A majority in two-thirds of the countries and territories surveyed think climate change will harm future generations a great deal.
- Majorities in nearly all countries think climate change is caused at least partially by human activity. Europeans were most likely to correctly answer that climate change is caused by human activities, led by Spain (65%) and Sweden (61%).
- In most countries, a majority say they don’t hear about climate change at least once a week in their daily lives. Europeans are more likely to say they hear about climate change at least once a week compared to other regions.
- Most people say their country should reduce pollution causing climate change, either on their own or if other countries also do so. However, people have different views on who is primarily responsible for reducing pollution — majorities in 43 countries said their government is responsible, 42 countries said individual people and 25 said businesses.
- People everywhere think climate change should be a high priority for their government. Majorities in most countries in North and South America say it should be a “very high” priority.
- A majority in almost all areas surveyed think action to reduce climate change will either improve or have no negative impact on the economy.
- People support using more renewable energy and less fossil fuels. About 9 in 10 people in Hungary, Portugal and Spain think their country should use somewhat or much more renewable energy.
The Data for Good program is an unprecedented collaboration between technology companies, the public sector, universities, nonprofits and others using privacy-protected datasets for social good, including disaster relief and recovery. Many of our humanitarian partners operate in some of the most challenging environments in the world. By sharing free tools that provide fast insights, Meta data has made decision-making on the ground easier, cheaper and more effective. In recent years, this collaboration has informed policies governing things like the delivery of vaccines and aid to Ukrainian refugees, and been utilized for environmental campaigns in the US, Germany, Belgium, Croatia and the UK.
Alongside the survey, Meta has also published its annual Sustainability Report, detailing the solid progress we’re making in minimizing the environmental impact of our business, supply chain and wider community. This includes:
- Setting an ambitious goal to be water positive by 2030, meaning we will restore more water than our global operations consume. In 2021, Meta helped restore more than 2.3 million cubic meters of water through investments in water restoration projects.
- Progress towards our goal of reaching net zero emissions across our value chain, and maintaining 100% renewable energy for our global operations.
- Expanding our Climate Science Center to more than 150 countries.
- Supporting key policies to advance sustainable policies and climate action, such as joining the European Climate Pact and participating in organizations advocating for clean energy policies in the United States.
Facebook: Uplifting Tribal Communities in India Through Digital Entrepreneurship
Inspired by the rich culture and talent represented by the tribal and indigenous communities of India, we are extending our collaboration with the Ministry of Tribal Affairs to launch the second phase of the Going Online As Leaders (GOAL) program. GOAL 2.0 will look to digitally upskill, connect and empower 10 lakh youth and women…
Inspired by the rich culture and talent represented by the tribal and indigenous communities of India, we are extending our collaboration with the Ministry of Tribal Affairs to launch the second phase of the Going Online As Leaders (GOAL) program. GOAL 2.0 will look to digitally upskill, connect and empower 10 lakh youth and women from the tribal communities of the country and will act as a bridge for the socially marginalized youth with a vast canvas of opportunities using technology that they otherwise may not have access to.
Through this program, the identified GOAL participants will have access to Meta Business Coach — a WhatsApp based learning bot — that will give the participants an opportunity to learn skills on how to build and grow their business using Facebook, Instagram and WhatsApp. To empower the participants to play an active role in the digital economy, the program will also include Facebook Live sessions in nine languages by master trainers on topics like Anti Scamming education, staying safe online, how to combat misinformation and being a good digital citizen.
Sh. Arjun Munda, Hon’ble Minister of Tribal Affairs launched the second phase of the GOAL program.
Speaking on the occasion, Sh. Munda said:
“Honorable Prime Minister, Shri Narendra Modi has always spoken about bridging the digital divide. Digitally empowering India’s tribal communities would contribute significantly to the socio-economic development of the country and an important step towards creating a flourishing community of tribal leaders. The first phase of GOAL has seen changing the lives of tribal youth through the digital mentorship program. In the second phase, we will reach out to 10 lakh women and youth entrepreneurs and will also create a platform for more than 50,000 self-help groups and 10 lakh families associated with TRIFED to take their products global.”
Sharing his views on the importance of digital empowerment for the tribal communities, Ajit Mohan, Vice President & Managing Director, Facebook India (Meta) said:
“India’s massive digital transformation can be complete when even the most vulnerable communities of our society are digitally empowered. We are deeply inspired by the stories of some of the Tribal leaders who benefitted from the first phase of GOAL that we kicked off in 2020. We recognize the wide canvas of opportunity that gets unlocked when these tribal communities have access to digital tools and technologies, and that is why we are excited to launch the next phase of this program. In collaboration with the Ministry of Tribal Affairs, GOAL 2.0 will upskill and empower 10 lakh women and youth across tribal communities to harness the full potential of digital platforms and tools.”
Tribal population constitutes about 8.6% of the total population in India. Digitally empowering India’s tribal communities could contribute significantly to the socioeconomic development of the country and an important step towards creating a flourishing community of tribal leaders. The first phase of GOAL included inspiring, connecting and upskilling tribal youth from across the country. As a result of GOAL, 75% of the participants from the tribal community admitted to being able to better articulate their thoughts to words and saw an improvement in their interpersonal skills. About 69% were able to leverage digital commerce for increased reach and about 63% said that it helped them understand how to set up their business.
The program is aimed at empowering youth and women from tribal and indigenous communities to harness the full potential of digital platforms and enhancing their leadership skills for driving community development. Along with digital inclusion, the program aims to actively contribute to the economy by continuing to support the most vulnerable communities in tribal districts with a focus on tribal youth and on businesses led by tribal women in rural areas.
Where can I charge my car?
A milestone for King’s Cross: a local innovation hub
Protecting people’s privacy on health topics
Build a cold start time series forecasting engine using AutoGluon
Heads Up – AWS News Blog RSS Feed Change
AWS Local Zones Are Now Open in Las Vegas, New York City, and Portland
Amazon4 months ago
Build a cold start time series forecasting engine using AutoGluon
Amazon1 year ago
Heads Up – AWS News Blog RSS Feed Change
Amazon8 months ago
AWS Local Zones Are Now Open in Las Vegas, New York City, and Portland
Amazon6 months ago
Use deep learning frameworks natively in Amazon SageMaker Processing