I just wish there was a phone service where it cost a lot of money to make my phone ring — if a legitimate phonecall then I can choose to refund it (whether on-phone or in-person).
Spammers have ruined the free access modern US phone/text allows. So I am one of those minorities not carrying a phone daily.
It is about a company, First Wap, that makes it possible to track individuals. Their USP is a piece of software that operates at phone network level and uses the fact that phone companies still support an old protocol, Signalling System 7:
> Phone networks need to know where users are in order to route text messages and phone calls. Operators exchange signalling messages to request, and respond with, user location information. The existence of these signalling messages is not in itself a vulnerability. The issue is rather that networks process commands, such as location requests, from other networks, without being able to verify who is actually sending them and for what purpose.
> These signalling messages are never seen on a user’s phone. They are sent and received by “Global Titles” (GTs), phone numbers that represent nodes in a network but are not assigned to subscribers.
> We found Netflix producer Adam Ciralsky, Blackwater founder Erik Prince, Nobel Peace Prize nominee Benny Wenda, Austropop star Wolfgang Ambros, Tel Aviv district prosecutor Liat Ben Ari and Ali Nur Yasin, a senior editor at our Indonesian partner Tempo.
Political figures being there I somewhat understand, but a Netflix producer? Why would anyone need to track a Netflix producer?
Insider trading is my best guess, but they deal with the day-to-day and there isn't a major way to tell if they are working on a flop or a success - much less if it was significant.
It's fascinating how these secrets are turning up in the press now. The article is (probably intentionally) vague about it's sources: they only say "Lighthouse found a vast archive of data on the deep web". But reading between the lines - does that imply that this surveillance company kept records on thousands of targets, and then left them in an open S3 bucket? Not the first time - the TM_Signal leak of upper-echelon U.S. government communications was also facilitated by an open S3 bucket that contained the message archives of everything that, say, the Secretary of Defense was messaging to the POTUS.
But it is highly ironic that these companies specialize in surveillance, tracking, and security, and then have a tendency to leave the data that they steal from others open to the Internet in a very amateurish security lapse that in turn leads to everyone stealing from them.
the group:
- dragged its feet on resolving SS7 security vulnerabilities
- repeatedly ignored input from DHS technical experts
- [identified] best practices.. using different filtering systems
- [but] pushed.. to rely on voluntary compliance
Did I miss something? This was not surprising. I figured all this would have been possible (and commonplace) decades ago. I was expecting this to be about government eyes and ears in my toilet or something.
I wish journalists would explore why the technical methods & information sharing that enable this surveillance are allowed to exist. Highlighting instances of abuse and the quasi-legal nature of the industry doesn’t really get at the interesting part, which is _what motivates our leaders to allow surveillance in the first place_.
I recently completed Barack Obama’s A Promised Land (a partial account of his presidency), and he mentions in his book that although he wanted to reform mass surveillance, it looked a little different once he was actually responsible for people’s safety. I often think about this when I drive past Flock cameras or walk into grocery stores; our leaders seem more enticed by the power of this technology than they are afraid of vague abuses happening in _not here_. It seems like no one sees a cost to just not addressing the issue.
By analogy, I feel that reporting on the dangers of fire isn’t really as effective as reporting on why we don’t have arson laws and fire alarms and social norms that make our society more robust to abuse of a useful capability. People who like cooked food aren’t going to engage with anti-fire positions if they just talk about people occasionally burning each other alive. We need to know more about what can be done to protect the average person from downsides of fire, as well as who is responsible for regulating fire and what their agenda for addressing it is. I’d love to see an article identifying who is responsible for installing these Flock cameras in my area, why they did so, and how we can achieve the positive outcomes desired from them (e.g. find car thieves) without the negatives (profiling, stalking, tracking non-criminals, etc).
> This investigation began with an archive of data. [...] It contains 1.5 million records, more than 14,000 unique phone numbers, and people surveilled in over 160 countries.
Why not HIBP (Have I Been Pwned) style site to check against the database if your number is in?
I think the world is not ready for the level of surveillance that exists in the wild.
For example, this post could have been a product of just probing a particular group of people to understand if they are interested in the subject and what they have to say about it.
That can be done indirectly, by suggesting someone (offering a link or planting an idea) that is already known to be interested in surveillance and prone to share interesting discoveries (in other words, the poster might not even be aware he could be an asset).
Think about the many ways someone could know your interests and how prone you are to react to something and how that could be used. If you are in tech, think about all the silly ways that kind of information can leak publicly.
People often disregard the possibility that they could be an active part of a surveillance network (as an unkowingly asset), instead focusing on more fantastical ideas such as technological hacks or coding wizardry.
Reads like they’re doing one of several way to get mobile device IDs, and then x-ref those against anon’d adtech datasets that anchor on the mobile ID.
If your device privacy is a mess, mobile ID links you to all the good and bad things you do on a phone.
Had no idea this was part of the tool options, but backbone cell network makes sense.
Other TTPs I’d read about was variations on geo-fenced adserving to phish a mobile ID basically via user interaction or scroll past the ad. Small enough geofence and do it a few times, one could safely figure out the user being the ID. Googling “RTB surveillance” or “DSP surveillance” are ways into the topic.
Scary stuff! Pair that with this tech has been working for years, and is international. Frames a bit differently every action by a public figure - also at risk via the same threat model.
Also long have wondered what data analysis like this is done on technical forums… ran by a VC firm… with a lot of insider context (product market fit?) in the comments.
Stallman was a firebrand and jerk, but he was right. When it comes to devices that have the potential to invade our privacy and make us easy targets for authoritarian governments, every last line of code and every transistor should be open.
SS7 telcom vulns still seem to be prevelant in 2025:
Femtocells and Fake Base Stations
Attackers deploy femtocells — small cellular base stations — or fake base stations, commonly known as IMSI catchers, to intercept SS7 traffic. A modified femtocell can act as a man-in-the-middle, capturing signaling messages between a phone and the network.
Fake base stations mimic legitimate cell towers, tricking devices into connecting and relaying SS7 messages to the attacker’s system.
IMSI catchers exploit a known security vulnerability in the GSM specification, which requires the handset to authenticate to the network but does not require the network to authenticate to the handset. They broadcast a stronger signal than legitimate cell towers to lure mobile phones into connecting. Once connected, an IMSI catcher can force the transmission of the International Mobile Subscriber Identity (IMSI) and compel the connected mobile station to use no encryption or easily breakable encryption.
For 3G and LTE networks, sophisticated IMSI catcher attacks may involve downgrading the connection to less secure non-LTE network services to bypass enhanced security features. For example, a hacker might deploy a fake base station near a target to capture their IMSI and initiate SS7 queries.
One small note - Czech Republic still allows for anonymous SIM cards. You can walk into any tobacco shop, pay around 4€ and get a pre-paid SIM which can be charged in cash.
Privacy isn't just about hiding, it's about having the freedom to grow and change without constant watching. We need more leaders who understand this simple truth.
35 comments
[ 1.2 ms ] story [ 58.3 ms ] threadThere is mention of fake antenna but I don't think they cover entire country with that, how do they do?
Spammers have ruined the free access modern US phone/text allows. So I am one of those minorities not carrying a phone daily.
https://www.lighthousereports.com/methodology/surveillance-s...
> Phone networks need to know where users are in order to route text messages and phone calls. Operators exchange signalling messages to request, and respond with, user location information. The existence of these signalling messages is not in itself a vulnerability. The issue is rather that networks process commands, such as location requests, from other networks, without being able to verify who is actually sending them and for what purpose.
> These signalling messages are never seen on a user’s phone. They are sent and received by “Global Titles” (GTs), phone numbers that represent nodes in a network but are not assigned to subscribers.
Political figures being there I somewhat understand, but a Netflix producer? Why would anyone need to track a Netflix producer?
But it is highly ironic that these companies specialize in surveillance, tracking, and security, and then have a tendency to leave the data that they steal from others open to the Internet in a very amateurish security lapse that in turn leads to everyone stealing from them.
I recently completed Barack Obama’s A Promised Land (a partial account of his presidency), and he mentions in his book that although he wanted to reform mass surveillance, it looked a little different once he was actually responsible for people’s safety. I often think about this when I drive past Flock cameras or walk into grocery stores; our leaders seem more enticed by the power of this technology than they are afraid of vague abuses happening in _not here_. It seems like no one sees a cost to just not addressing the issue.
By analogy, I feel that reporting on the dangers of fire isn’t really as effective as reporting on why we don’t have arson laws and fire alarms and social norms that make our society more robust to abuse of a useful capability. People who like cooked food aren’t going to engage with anti-fire positions if they just talk about people occasionally burning each other alive. We need to know more about what can be done to protect the average person from downsides of fire, as well as who is responsible for regulating fire and what their agenda for addressing it is. I’d love to see an article identifying who is responsible for installing these Flock cameras in my area, why they did so, and how we can achieve the positive outcomes desired from them (e.g. find car thieves) without the negatives (profiling, stalking, tracking non-criminals, etc).
Why not HIBP (Have I Been Pwned) style site to check against the database if your number is in?
SS7: Locate. Track. Manipulate. [2014] https://media.ccc.de/v/31c3_-_6249_-_en_-_saal_1_-_201412271...
For example, this post could have been a product of just probing a particular group of people to understand if they are interested in the subject and what they have to say about it.
That can be done indirectly, by suggesting someone (offering a link or planting an idea) that is already known to be interested in surveillance and prone to share interesting discoveries (in other words, the poster might not even be aware he could be an asset).
Think about the many ways someone could know your interests and how prone you are to react to something and how that could be used. If you are in tech, think about all the silly ways that kind of information can leak publicly.
People often disregard the possibility that they could be an active part of a surveillance network (as an unkowingly asset), instead focusing on more fantastical ideas such as technological hacks or coding wizardry.
https://www.giosec.uk/specialist-services---geo-location.htm...
If your device privacy is a mess, mobile ID links you to all the good and bad things you do on a phone.
Had no idea this was part of the tool options, but backbone cell network makes sense.
Other TTPs I’d read about was variations on geo-fenced adserving to phish a mobile ID basically via user interaction or scroll past the ad. Small enough geofence and do it a few times, one could safely figure out the user being the ID. Googling “RTB surveillance” or “DSP surveillance” are ways into the topic.
Scary stuff! Pair that with this tech has been working for years, and is international. Frames a bit differently every action by a public figure - also at risk via the same threat model.
Also long have wondered what data analysis like this is done on technical forums… ran by a VC firm… with a lot of insider context (product market fit?) in the comments.
Femtocells and Fake Base Stations Attackers deploy femtocells — small cellular base stations — or fake base stations, commonly known as IMSI catchers, to intercept SS7 traffic. A modified femtocell can act as a man-in-the-middle, capturing signaling messages between a phone and the network.
Fake base stations mimic legitimate cell towers, tricking devices into connecting and relaying SS7 messages to the attacker’s system.
IMSI catchers exploit a known security vulnerability in the GSM specification, which requires the handset to authenticate to the network but does not require the network to authenticate to the handset. They broadcast a stronger signal than legitimate cell towers to lure mobile phones into connecting. Once connected, an IMSI catcher can force the transmission of the International Mobile Subscriber Identity (IMSI) and compel the connected mobile station to use no encryption or easily breakable encryption.
For 3G and LTE networks, sophisticated IMSI catcher attacks may involve downgrading the connection to less secure non-LTE network services to bypass enhanced security features. For example, a hacker might deploy a fake base station near a target to capture their IMSI and initiate SS7 queries.
https://www.how2lab.com/tech/mobile-communication/ss7-vulner...
As for article, imagine, at those times and for thousands years after in most places humans were still hunting-gathering..
- Almost everyone has a phone.
- Almost everyone takes their phone wherever they go.
- All SIM-cards have been forcefully (by law) linked to people's identities.
- Almost all people are therefore being tracked.