Fisher Ames Profile picture
Feb 2 37 tweets 7 min read
1 Feb 2022

A whistleblower has alleged an exec at NSO Group offered a US mobile security Co. [Mobileum] cash for access to a global signalling network used to track individuals through their mobile phone, according to a complaint that was made to the DoJ

theguardian.com/news/2022/feb/…
The allegation, which dates back to 2017 and was made by a former mobile security executive named Gary Miller, was disclosed to federal authorities and to the US congressman Ted Lieu, who said he conducted his own due diligence on the claim and found it “highly disturbing”.
Details of the allegation by Miller were then sent in a letter by Lieu to the DoJ

“The privacy implications to Americans and national security implications to America of NSO Group accessing mobile operator signalling networks are vast and alarming,” Lieu wrote in his letter.
NSO is the subject of an active criminal investigation by the DoJ. The investigation, they claim, is focused on allegations of unauthorised intrusions into networks and mobile devices.
In 2017, Gary Miller – the whistleblower was working for Mobileum, which developed and sold software to protect the decades-old SS7 network, a global messaging system used for legitimate purposes by mobile phone Co's, but can also be used to track mobile users’ physical location
Miller was asked to lead a web voice call that he alleged in records provided to authorities was attended by NSO executives Shalev Hulio and Omri Lavie, two of the group’s co-founders.
NSO was interested in learning more about Mobileum’s access to hundreds of mobile networks around the world. Specifically the NSO executives wanted to discuss how gaining access to the mobile networks would allow NSO to “enhance the capabilities of their surveillance software”
As the meeting progressed, Miller alleged, a member of his own company’s leadership at Mobileum asked what NSO believed the “business model” was of working with Mobileum, since Mobileum did not sell access to the global signalling networks as a product.
According to Miller, and a written disclosure he later made to federal authorities, the response allegedly made by Lavie was “we drop bags of cash at your office”.

Miller said the meeting ended soon thereafter.
A few months later, Miller said he submitted an anonymous “tip” to the FBI in which he reported some details of the August 2017 conversation but did not hear back from authorities.
Lavie’s spokesperson said: “No business was undertaken with Mobileum. Mr Lavie has no recollection of using the phrase ‘bags of cash’, and believes he did not do so. However, if those words were used they will have been entirely in jest.”
Eran Gorev, who was a managing partner at Francisco Partners, that had an interest in NSO in August 2017, and Miller says attended the meeting, said he had not been involved in NSO for more than three years and had “no recollection” of ever meeting with or speaking with Mobileum
He said if such a meeting did take place, he would “absolutely never make a comment like this” and that if someone else did, “it would “clearly have been made in jest and a colloquial expression/cultural misunderstanding”.
Gorev also said that during the time he was “involved” with NSO, the company complied with all applicable laws with “strict oversight by the Israeli government” and had instituted a business ethics committee.
31 Jan 2022

Mobileum Receives a Strategic Investment from H.I.G. Technology Partners

Mobileum is a leading global software provider of mission-critical solutions that allow communications service providers to manage increasingly complex networks.

markets.businessinsider.com/news/stocks/mo…
Mobileum serves a blue-chip customer base, including 35 of 36 global Tier 1 telcos and 70% of Tier 2 telcos in over 190 countries.

Kirkland & Ellis served as legal advisor to HIG
Jefferies served as financial advisor
Kirkland & Ellis served as legal advisor to Mobileum
Headquartered in Silicon Valley, Mobileum has global offices in Australia, Argentina, Belgium, Brazil, Egypt, Germany, Greece, India, Indonesia, Malaysia, Mexico, Portugal, Singapore, Spain United Arab Emirates, and the UK.

Bobby Srinivasan, CEO of Mobileum
1 June 2015 Triangle Holdings (Luxembourg) General Meeting

Osy Holdings (Cayman) became major shareholder with 48,038,800 shares.

Note other shareholders names assoc w/NSO:
Omrie Lavie
Shalev Holy
Eddy Shalev
Eran Gorev
Alexei Voronovitsky

16 Dec 2020

Israeli Rayzone Group appears to have had access to the global telco network via a telco in the Channel Islands in the first half of 2018, potentially enabling its clients to track locations of mobile phones across the world

H/T @mopeng

theguardian.com/world/2020/dec…
Invoices suggest Rayzone, a corporate spy agency that provides its government clients with “geolocation tools”, used an intermediary in 2018 to lease an access point into the telecoms network via Sure Guernsey, a mobile operator in the Channel Islands.
Access points, aka “global titles”, provide a route into a decades-old global messaging system known as SS7, which allows mobile operators to connect users around the world. It is not uncommon for mobile companies to lease out such access

[NSO same MO]
However, doing so potentially allows third parties to exploit signalling messages – commands that are sent through a telecoms operator across the global network, unbeknownst to a mobile phone user.
Used legitimately, such commands allow operators and others with access to the network to locate mobile phones, connect mobile phone users to one another, and assess roaming charges.
But entities with access to mobile phone networks are also known to use signalling messages for questionable purposes, such as monitoring locations for the purpose of surveillance or even intercepting communications.
Rayzone describes itself as providing “boutique intelligence-based solutions” for fighting terrorism and crime for national law enforcement agencies. It says its geolocation tools are for use by governmental authorities only.
Sure Guernsey said in a statement it leased access to global titles to a “small number” of specialist providers who provide “legitimate services” such as anti-fraud detection for banks and other services.
Telecoms networks in the Channel Islands fall outside the UK’s regulatory jurisdiction even though they use the same +44 country code.
Industry insiders who have access to sensitive communications information suggest private intelligence firms regard small mobile operators, often based on tiny islands in offshore jurisdictions, as weak spots to exploit in the telecoms network.
Spy companies regard telecoms firms in both Guernsey and Jersey as potentially soft routes into UK phone networks, said industry and security experts.
Sources say there is recent evidence of a steady stream of suspicious signalling messages directed via the Channel Islands to networks worldwide w/ 100's of messages routed via Sure Guernsey and Jersey Airtel, to phone networks in North America, Europe and Africa in August.
Gary Miller, a mobile security researcher at Exigent Media who has studied sensitive messaging signals, said he found evidence suggesting a US mobile phone user was closely tracked while on a trip to Bangladesh in August 2020.

[Gary Miller the Mobileum whistleblower?]
Miller said the attack, which could pinpoint the person’s location or intercept comms, appeared to have been routed through Sure Guernsey. It is not known who directed the messages to be sent or if Sure Guernsey would have been aware of the alleged attack.
British officials have privately expressed concerns about security issues around the SS7 network, particularly in connection to the Channel Islands, and have said smaller mobile operators there have not plugged well-known vulnerabilities.
A Whitehall source described the SS7 protocol as “toxic, horrendous – yet one the world relies on”, adding “it can be abused to geolocate people” but is complex to make secure because “if you get it wrong, you disconnect yourself from the rest of the world”.
British telecoms regulators and the security services have almost no powers to enforce against operators in the Channel Islands, beyond what is described as a “nuclear option” to remove their access to the +44 UK country code.
Ron Wyden, the US Democratic senator from Oregon, said in a statement: “Access into US telephone networks is a privilege. Foreign telecom regulators need to police their domestic industry to ensure that SS7 access isn’t abused to spy on Americans”

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Fisher Ames

Fisher Ames Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @nimkef

Feb 2
10 Sept 2002

Within hours of the attacks on New York and Washington, Russian President Vladimir Putin was on the phone to George W. Bush -- the first international leader to call the U.S. president on September 11.

web.archive.org/web/2002110510…
"Russia knows directly what terrorism means," Putin said later in a televised address.

"And because of this we, more than anyone, understand the feelings of the American people. In the name of Russia, I want to say to the American people -- we are with you."
Months later, Putin revealed he had a premonition about terrorists and September 11.

"I told my American colleague, 'This really worries me. I have the feeling something is going to happen, that they are apparently preparing something,'" Putin said.
Read 14 tweets
Feb 1
27 Jan 2022

In their first-ever summit [25 Jan], India, Tajikistan, Kazakhstan, Uzbekistan, Turkmenistan and Kyrgyz Republic have decided to form a joint working group on Afghanistan, while agreeing to a “common approach” when dealing with the Taliban

msn.com/en-in/news/oth…
It was decided at the meeting to focus on connectivity and trade amongst the nations and to resume talks for the proposed Turkmenistan-Afghanistan-Pakistan-India (TAPI) pipeline project.
According to Reenat Sandhu, secretary, Ministry of External Affairs, the president of Uzbekistan proposed the resumption of talks for the proposed Turkmenistan-Afghanistan-Pakistan-India (TAPI) pipeline project, underlining its importance.
Read 8 tweets
Jan 31
23 April 1998

SLOWLY Afghanistan has crept up the list of places that something should be done about. 17 April, Bill Richardson, America's chief delegate to the United Nations, arrived in Kabul for what he described as “tough discussions”.

web.archive.org/web/2022013119…
No American official of Mr Richardson's seniority has set foot in Afghanistan for well over 20 years. The last top gun may have been Henry Kissinger. After the Russians invaded the country in 1979, the Americans stayed clear of it, except to arm Afghan guerrillas.
In his book “Diplomacy”, Mr Kissinger says that the United States had nothing in common with the guerrillas. “Yet they shared a common enemy, and in the world of national interest, that made them allies.”
Read 26 tweets
Jan 30
The birth of Neustar

24 May 1997

Instead of unlisted phone numbers, maybe now they'll offer stealth phone numbers.

Defense industry colossus Lockheed Martin Corp. is poised to take over as administrator of the nation's telephone numbering system.

web.archive.org/web/2021062216…
An advisory panel [North American Numbering Council. NANC] to the Federal Communications Commission [FCC] has selected the Bethesda-based company as the North American Numbering Plan administrator. The FCC will make a final decision after July 3.
Put simply, the job involves coordinating what phone numbers go where. It's a bit like being the Geneva of the phone company wars, making detached and emotionless decisions on disputes involving area codes and dialing exchanges.
Read 11 tweets
Jan 29
7 Feb 2005

As part of it pursuit for more homeland security business and it efforts to grow its portfolio of third-party trusted services to communications providers, NeuStar acquired Herndon, Va.-based law enforcement compliance company, Fiducianet

web.archive.org/web/2014082210…
Fiducianet was founded by 29-year FBI veteran Mike Warren in January 2002 and began operations in May of that year with the industry's first service bureau for Communications Assistance for Law Enforcement Act (CALEA) compliance.
"He is a giant in the law enforcement community," said Jeffrey Ganek, chairman and CEO of NeuStar. "He will be an important addition to the NeuStar management team."
Read 15 tweets
Jan 29
25 June 2019

Hackers broke into the systems of 12+ global telecom firms and stole huge amounts of data in a seven-year spying campaign, researchers from a cyber security company said, identifying links to previous Chinese cyber-espionage activities.

reuters.com/article/us-cyb…
Investigators at US-Israeli cyber firm Cybereason said the attackers compromised companies in 30+ countries and aimed to gather information on individuals in government, law-enforcement and politics.
The hackers also used tools linked to other attacks attributed to Beijing by the US & its Western allies, said Lior Div, CEO of Cybereason

“For this level of sophistication it’s not a criminal group. It is a government that has capabilities that can do this kind of attack”
Read 14 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

:(