A private surveillance firm that exploits mobile network vulnerabilities to spy on calls, texts and location data is doing business with at least 25 governments around the globe, including Zambia’s a report released this week has concluded.
The findings from the University of Toronto’s Citizen Lab scrutinize the work of the company Circles, which is a sister firm of the Israeli software surveillance broker NSO Group.
Human rights activists frequently criticize NSO Group for selling its equipment to repressive regimes, a charge it rejects, even as it is the subject of a lawsuit from Facebook, which alleges that attackers used NSO Group tech to spy on thousands of WhatsApp users.
The countries Citizen Lab identified as “likely” customers of Circles: Australia, Belgium, Botswana, Chile, Denmark, Ecuador, El Salvador, Estonia, Equatorial Guinea, Guatemala, Honduras, Indonesia, Israel, Kenya, Malaysia, Mexico, Morocco, Nigeria, Peru, Serbia, Thailand, the United Arab Emirates, Vietnam, Zambia and Zimbabwe.
In Zambia, the researchers said they had identified what appears to be a single Circles system in Zambia, operated by an unknown agency.
In 2019, Zambia reportedly arrested a group of bloggers who ran an opposition news site with the aid of “a cyber-surveillance unit in the offices of Zambia’s telecommunications regulator,” which “pinpointed the bloggers’ locations” and was “in constant contact with police units deployed to arrest them.”
While Circles’ solution allows governments to track phones, it is not clear if Zambia’s Circles system was used in this case.
“The authoritarian profile of some of Circles’ apparent government clients is troubling, but not surprising,” the Citizen Lab team wrote.
“Over the past decade, the explosion of the global surveillance industry has fueled a massive transfer of spy technology to problematic regimes and security services.”
Circles, which according to Citizen Lab says it only sells to nation-states, exploits weaknesses in Signalling System No. 7, a set of protocols used by telecommunications carriers to route calls.
Attackers connected to an SS7 network can send commands to a phone, which allows them to track its location, as well as to intercept voice calls and two-factor authentication texts, Citizen Lab said, although it noted SS7 is mainly used in 2G and 3G networks today.
NSO Group did not return messages seeking comment on the Citizen Lab report.