Jump to content
Nytro

This Surveillance Tool Can Find You With Just Your Telephone Number

Recommended Posts

Posted

This Surveillance Tool Can Find You With Just Your Telephone Number — And These 25 Countries Bought It, Warn Researchers

Thomas Brewster
Forbes Staff
 
Associate editor at Forbes, covering cybercrime, privacy, security and surveillance.
 

A surveillance technology that can identify the location of a phone anywhere in the world in just seconds with only a telephone number has been sold to 25 countries, some with chequered records on human rights, according to research released Tuesday.

The tech was supplied by the Israeli business Circles, claimed Citizen Lab, a University of Toronto organization that has long tracked the activities of surveillance companies. Circles is a sister company of NSO Group, an iPhone and Android spyware developer that is currently being sued by Facebook over attacks on the WhatsApp accounts of 1,400 users and has been criticized for selling to nations who went on to spy on activists, journalists and other citizens.

 

According to Citizen Lab, the Circles tracking tool was detected in both Western, democratic countries, and nations with poor human rights records. The full list, according to Citizen Lab and neither confirmed nor denied by Circles, included:  Australia, Belgium, Botswana, Chile, Denmark, Ecuador, El Salvador, Estonia, Equatorial Guinea, Guatemala, Honduras, Indonesia, Israel, Kenya, Malaysia, Mexico, Morocco, Nigeria, Peru, Serbia, Thailand, the United Arab Emirates (U.A.E.), Vietnam, Zambia, and Zimbabwe.

Circles surveillance technology locates smartphones across the globe.

Technology made by Circles, an Israeli intelligence provider, can find a person's phone with just their number. As many as 25 countries use it, leading to concerns about ethics. 

GETTY

The technique used by the Circles snooping tech is known as Signaling System 7 (SS7) exploitation, a powerful yet difficult-to-detect tool in government spy arsenals. It’s named after the portion of the telecoms network that deals with cross-border functionality and billing. When, for instance, you travel to another country, the SS7 network is used to move your phone over to a partner telecoms provider and adjust billing accordingly. But should a surveillance vendor have access to SS7 networks, either via hacking or acquiring it, they can send commands to a subscriber’s “home network” falsely indicating the subscriber is roaming. That will, in turn, reveal their location, though only the coordinates of the cell tower closest to the phone. It may also be possible to intercept calls and texts through SS7 exploitation, though Circles technology is only for location detection, according to two industry sources. (According to trademark filings, it does have a technology called PixCell for “tapping into or intercepting targets' wireless, telephone, computer, and internet communications.”)

 

If such a significant number of countries have bought access to the Circles tool, it would indicate that all can locate a phone, and its owner, at rapid speed. Marczak noted that one of the main selling points of the Circles tool was that it didn’t need cooperation from a telecoms company. If used by countries with lax rule of law and human rights controls, it could help repressive government surveillance agencies track targets across borders, without the need for a warrant, Citizen Lab researcher Bill Marczak warned.

Many of the countries listed as likely Circles customers have a track record of using surveillance tools against dissidents and activists, Citizen Lab claimed. Forbes previously revealed Circles’ sales to Mexico, whilst others had reported on deals with the U.A.E., where it was alleged the company’s tools were used to carry out surveillance on the Emir of Qatar and the prime minister of Lebanon. The U.A.E., for instance, allegedly targeted the now imprisoned activist Ahmed Mansoor with malware from at least three different companies - NSO Group included - before arresting him in 2017. Mexico, meanwhile, “serially abused NSO Group’s Pegasus spyware” in targeting at least 25 reporters, human rights defenders, and the families of individuals killed or disappeared by cartels, according to previous Citizen Lab research. NSO has always stated that it works for legitimate government agencies on investigations into the worst kinds of crimes, and has an ethics committee that reviews contracts, though it cannot comment on the identity of its customers.

“Given Circles' affiliation with NSO Group, and repeated spyware abuse by NSO customers, it's disappointing to see Western governments patronizing the company,” added Marczak.

 

An NSO spokesperson gave Forbes a joint NSO and Circles response, stating: “NSO and Circles are separate companies within the same corporate family, both of which lead their industries in a commitment to ethical business and adhere to strict laws and regulations in every market in which they operate. As we have previously stated, Circles is involved in search and rescue and tactical geolocation technology.

“We cannot comment on a report we have not seen. Given Citizen Lab’s track record, we imagine this will once again be based on inaccurate assumptions and without a full command of the facts. As ever, we find ourselves being asked to comment on an unpublished report from an organization with a predetermined agenda.”

The spokesperson declined to comment on the countries listed by Citizen Lab as customers.

Citizen Lab said it tracked down Circles customers by looking for a unique “fingerprint” on servers across the globe that helped them identify where the spy tool was deployed. That fingerprint was built on numerous data points, most significantly a web domain that was linked to Circles business, according to the full technical report.

Spying in Circles

Circles was an independent intelligence agency vendor up until 2014, when it was acquired by private equity company Francisco Partners for $130 million and merged into a larger surveillance company. That umbrella organization also included NSO Group.

But Circles isn’t the only SS7 surveillance provider on the market. Cyprus-based Intellexa, set up by former Circles co-founder Tal Dilian, uses SS7 exploitation as one of its many tools to track a target. Israeli companies Verint, Rayzone and 1rstWAP offer similar services, according to one industry executive. Ability Inc., another Israeli firm, tried to take the tech global, but crashed out of the Nasdaq after failing to secure customers.

 

Those providers’ days should, in theory, be numbered, if they stick to solely doing SS7 attacks. The flaws that allow SS7 attacks to take place have long been fixable. The attacks are only possible because SS7, in its original form, doesn’t require any authentication to guarantee the legitimacy and safety of messages traversing the network. It would require some effort by global telecoms networks to address the flaws, but some efforts have been made to patch the vulnerabilities.  The U.K., for instance, recently proposed telecommunications security legislation that would grant a regulator the authority to ensure the nation’s networks are secure against SS7 attacks.

Nevertheless, whilst those gaping holes remain open across global networks, government spies can continue to track anyone, anywhere, with just their phone number.

 

Sursa: https://www.forbes.com/sites/thomasbrewster/2020/12/01/this-spy-tool-can-find-you-with-just-a-telephone-number-and-25-countries-own-it-warn-researchers/?sh=78620548331e

  • Upvote 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...