Read on Twitter
We've got a neat new @citizenlab report out, looking at NSO Group affiliate company Circles, the we-spy-without-hacking-your-phone guys, who reportedly exploit flaws in mobile phone networks themselves. We ID'd a bunch of likely customers! https://citizenlab.ca/2020/12/running-in-circles-uncovering-the-clients-of-cyberespionage-firm-circles/
The essence of the report is simple. The firewalls of Circles systems are configured using a management server with the domain name "tracksystem[.]info." Thanks to some leaked documents filed in a lawsuit in Israel, we can see that this domain name is used by Circles for email
![The essence of the report is simple. The firewalls of Circles systems are configured using a management server with the domain name "tracksystem[.]info." Thanks to some leaked documents filed in a lawsuit in Israel, we can see that this domain name is used by Circles for email](https://pbs.twimg.com/media/EoLJ27-VEAAXJot.png "The essence of the report is simple. The firewalls of Circles systems are configured using a management server with the domain name \"tracksystem[.]info.\" Thanks to some leaked documents filed in a lawsuit in Israel, we can see that this domain name is used by Circles for email")
![The essence of the report is simple. The firewalls of Circles systems are configured using a management server with the domain name "tracksystem[.]info." Thanks to some leaked documents filed in a lawsuit in Israel, we can see that this domain name is used by Circles for email](https://pbs.twimg.com/media/EoLJ4iCVgAA5eJk.png "The essence of the report is simple. The firewalls of Circles systems are configured using a management server with the domain name \"tracksystem[.]info.\" Thanks to some leaked documents filed in a lawsuit in Israel, we can see that this domain name is used by Circles for email")
There's some dodgy customers, including spyware abuser UAE (apparently UAE Supreme Council for National Security, Sh. Tahnoon's Royal Group, and Dubai Police). The Royal group case is interesting, because there also seems to be a nexus with Mohammed Dahlan.
Interesting case in Peru as well. In 2016, @fbajak reported on Israeli co Verint's role in "Project Pisco" ( https://apnews.com/article/f799cfd080b04b93a34df61fc007b096) a National Intelligence Directorate (DINI) initiative to monitor comms. Our scans found a Circles system called "Porsche Pisco" operated by DINI.
Also nice overlap in Nigeria w/ @PremiumTimesng report that two governors used Circles to spy on political opponents ( https://www.premiumtimesng.com/investigationspecial-reports/204987-investigation-governors-dickson-okowa-spend-billions-high-tech-spying-opponents-others.html). We found Circles systems in Nigeria. One system appears to be operated by the same group as a FinFisher system we found in 2015.
Also nice overlap w/ investigation by @NuestroDiario ( https://nomada.gt/pais/la-corrupcion-no-es-normal/espionaje-ilegal-del-gobierno-aqui-esta-la-investigacion-de-nuestro-diario-parte-i/) looking at Guatemala's General Directorate of Civil Intelligence (DIGICI). DIGICI reportedly abused Circles to spy on journalists. Our scans found a Circles system in Guatemala operated by DIGICI!
