Yesterday @tbij published an investigation into links between mobile phone operators and surveillance firms, enabling clients of such firms to track people of interest to them around the world, and potentially also to intercept call and message content https://www.thebureauinvestigates.com/stories/2020-12-16/spy-companies-using-channel-islands-to-track-phones-around-the-world
A few notes around the reporting on this. Mobile security experts I spoke to were quite pessimistic about the overall situation, with several saying that despite major revelations of signalling abuses years ago the situation has deteriorated further.
As explained in our parallel piece, the availability of network "global titles" underpins an extended ecosystem of stuff including not just cheap phone calls and data, innovative roaming deals, but also 2FA sms services and the like https://www.thebureauinvestigates.com/stories/2020-12-16/the-rapid-rise-of-phone-surveillance-firms
i.e. third-party network access is the backbone of a lot of commonplace and essential internet activity. If network access points weren’t available on the market none of that would function so easily.
But it’s led to a situation where’s there’s seemingly a thorough penetration of networks that can be used in surveillance ops
If you’re a country with specific surveillance needs, and you don’t have the infrastructure of the NSA or GCHQ to fulfil these needs, then there’s a solution for you - go to the private sector for some commercial surveillance-as-a-service
(this would be ... most countries?)
We found evidence of surveillance ops leveraging multiple networks around the world at high speed in order to target a single individual - one example is in the piece but I came across plenty of others
The piece focuses on the Channel Islands because they came up again and again during the reporting. Guernsey’s regulator said this was the first time the issue had been brought to their attention, however.
Amnesty's @botherder has done a great context piece around our findings https://nex.sx/blog/2020/12/16/mobile-networks-are-a-trash-fire.html
I'd particularly flag a couple of things he says. 1. human rights defenders face heightened risks from this wholesale network penetration
and 2. mobile network operators are no longer “just” carriers of phone conversations - they are also gatekeepers to our digital identities
As such, it's easy to see why there's concern about signalling abuses. But as @skirchy showed in a companion piece on Tues, industry is not keen to talk about this much https://www.theguardian.com/us-news/2020/dec/15/revealed-china-suspected-of-spying-on-americans-via-caribbean-phone-networks
@TBIJ's story was a result of a joint reporting project with The Guardian. You can read their version here https://www.theguardian.com/world/2020/dec/16/israeli-spy-firm-suspected-accessing-global-telecoms-channel-islands