A surveillance technology that can identify the location of a phone anywhere in the world in just seconds with only a telephone number has been detected in 25 countries. Spyware companies claim to sell their wares only to governments fighting crime and terrorism but it is all too easy for these tools to be used by repressive regimes to attack human rights.
NSO Group’s advanced Pegasus spyware was identified on phones of at least 36 journalists and media executives in July and August 2020, according to the University of Toronto-based Citizen Lab, which said the surveillance product was installed via a vulnerability in the iPhone messaging application. Most targets were affiliated with the Qatar-headquartered Al-Jazeera media network, according to Al-Jazeera English; Citizen Lab said a journalist at London-based Al-Araby TV was also targeted.
The tech was supplied by the Israeli business Circles, claimed Citizen Lab, a University of Toronto organization that has long tracked the activities of surveillance companies. Circles is a sister company of NSO Group, an iPhone and Android spyware developer that is currently being sued by Facebook over attacks on the WhatsApp accounts of 1,400 users and has been criticized for selling to nations who went on to spy on activists, journalists and other.
According to Citizen Lab, the Circles tracking tool was detected in both Western, democratic countries, and nations with poor human rights records. The full list, according to Citizen Lab and neither confirmed nor denied by Circles, included: Australia, Belgium, Botswana, Chile, Denmark, Ecuador, El Salvador, Estonia, Equatorial Guinea, Guatemala, Honduras, Indonesia, Israel, Kenya, Malaysia, Mexico, Morocco, Nigeria, Peru, Serbia, Thailand, the United Arab Emirates (U.A.E.), Vietnam, Zambia, and Zimbabwe.
“Citizen Lab presents mounting evidence that for clients in the Middle East, the ability to spy on journalists and other critics is a feature, rather than a side benefit, of NSO Group’s surveillance products,” said CPJ Middle East and North Africa Program Coordinator Sherif Mansour. “Advanced surveillance tools should not be sold without regulation to governments with a long history of abusing the press.”CPJ requested comment from the NSO Group by email. Via an intermediary, the company declined to provide a statement that could be attributed to a named spokesperson. In a statement published by the The Guardian newspaper, NSO Group said: “As we have repeatedly stated we do not have access to any information with respect to the identities of individuals our system is used to conduct surveillance on. However, where we receive credible evidence of misuse, combined with the basic identifiers of the alleged targets and timeframes, we take all necessary steps in accordance with our product misuse investigation procedure to review the allegations.”
Spying in Circles
Circles was an independent intelligence agency vendor up until 2014, when it was acquired by private equity company Francisco Partners for $130 million and merged into a larger surveillance company. That umbrella organization also included NSO Group.
But Circles isn’t the only SS7 surveillance provider on the market. Cyprus-based Intellexa, set up by former Circles co-founder Tal Dilian, uses SS7 exploitation as one of its many tools to track a target. Israeli companies Verint, Rayzone and 1rstWAP offer similar services, according to one industry executive. Ability Inc., another Israeli firm, tried to take the tech global, but crashed out of the Nasdaq after failing to secure customers.
Those providers’ days should, in theory, be numbered, if they stick to solely doing SS7 attacks. The flaws that allow SS7 attacks to take place have long been fixable. The attacks are only possible because SS7, in its original form, doesn’t require any authentication to guarantee the legitimacy and safety of messages traversing the network. It would require some effort by global telecoms networks to address the flaws, but some efforts have been made to patch the vulnerabilities. The U.K., for instance, recently proposed telecommunications security legislation that would grant a regulator the authority to ensure the nation’s networks are secure against SS7 attacks.
Cyprus is a hotbed for surveillance companies that sometimes set up shop in the country and then sell their technology from the region.
Controversial phone hacking company NSO Group has closed the Cyprus office of Circles, a surveillance firm that previously merged with NSO, and fired a number of staff, according to two former NSO employees.
Forbes reports back on 2019 that on a wildflower-lined gravel track off a quiet thoroughfare in Larnaca, Cyprus, Tal Dillian is ensconced in a blacked-out truck. It’s a converted GMC ambulance, pimped out with millions of dollars of surveillance kit, antennas on top reaching out to learn what it can from any smartphone within a 1-kilometer radius and, at the click of a button, empty them of all the content within. WhatsApp messages, Facebook chats, texts, calls, contacts? Everything? “Exactly,” says Dilian, a 24-year Israeli intelligence veteran and multimillionaire spy-tech dealer, though he doesn’t look it; imagine a shabbier, more hirsute George Clooney. Less Hollywood style, more avuncular chic.
He claims such tools are designed to snoop on terrorists, drug cartels and the world’s most egregious criminals. But that’s not always the case. Politicians, human rights activists and journalists have been targeted too. Most infamously, associates of Khashoggi and other Saudi Arabian activists were allegedly targeted by stealth iPhone spyware called Pegasus in the lead-up to his torture and slaughter in Istanbul. The mythically themed malware was coded by NSO Group, a company Dilian is closely associated with: His first surveillance business, Circles, merged with NSO in 2014, when U.S. private equity firm took control of both for a total of $250 million. NSO has since strenuously denied having anything to do with Khashoggi’s death.
- Forbes, Thomas Brewster. This Surveillance Tool Can Find You With Just Your Telephone Number — Did These 25 Countries Buy It, Dec 1, 2020
- CPJ.org, Committee to Protect Journalists, Dozens of journalists newly identified as NSO Group spyware targets, Dec 21, 2020
- Forbes, Thomas Brewster :A Multimillionaire Surveillance Dealer Steps Out Of The Shadows . . . And His $9 Million WhatsApp Hacking Van, Aug 5 ,2019