Rendered at 16:48:42 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
DrewADesign 2 days ago [-]
I was training to be a 911 dispatcher a while ago. When they told us about getting someone’s location from the cell company outside of what was available automatically from e911 or whatever— which required them to be on the phone with you, so not useful if you get a text saying they just drove off a cliff in the middle of nowhere, or something— you had to sign an affidavit testifying that there were exigent circumstances, fax it to them, and then wait, sometimes for hours, until their legal department approved it. And you always risked being dragged to court if you made the wrong call. That’s the price of privacy, and the potential for abuse is rife, so it makes sense.
Yet these jackholes can just snag it whenever because, ya know, profit. That is obviously insane. Our corporate culture has driven our society insane with normalized greed. The unholy alliance of tech and marketing is largely to blame.
ItsClo688 2 days ago [-]
the affidavit + fax + wait for legal approval process you described is exactly how it should work, like friction as a feature, not a bug. the fact that these vendors bypassed all of that through SS7 ghost operators isn't just a policy failure, it's an architectural one. the telco ecosystem was never designed with the assumption that "legitimate" network participants would be adversarial.
DrewADesign 2 days ago [-]
Yeah I acknowledged that. The circumvention is the problem.
jbxntuehineoh 2 days ago [-]
> then wait, sometimes for hours
that just sounds pointless, won't they be dead by that point anyways?
pocksuppet 2 days ago [-]
IOW: We must end this "privacy" thing - think of people who might be dying!
It's all about power, anyway. The NSA doesn't need a warrant at all. When the police want to get an alleged criminal they can get a warrant in minutes. But when it's your life in danger, it takes hours. The purpose of a system is what it does.
DrewADesign 2 days ago [-]
FWIW: At 911, we were the police, organizationally. Actual sworn cops didn’t have special access to phone companies that dispatchers didn’t— we’d probably be the ones making the request for them if it was that urgent. (In some places dispatchers are cops, but is very uncommon, and the distinction isn’t important in this respect.) Phone companies aren’t going to hire a bunch of specialized workers to comply with legal orders instantly instead of soon enough. And there surely needs to be a ticket made and such… it’s not like CS reps have that info.
The NSA doesn’t need warrants in many cases because they can get the information they need from the government’s own databases. I’m not an expert, but as far as I know, if they need someone’s location from a phone company they do need a warrant or to prove there were exigent circumstances, which is why they just get shit from data brokers. Some politicians want to close that loop hole but most either don’t, or don’t care enough. Some, shockingly, even want to reform FISA.
whatshisface 2 days ago [-]
The NSA doesn't need warrants because breaking federal law is easier to get away with when you have one of secrecy, some relation to security, presence in the meetings where you'd be discussed, and largeness (which provokes acceptance), and they have all four.
DrewADesign 2 days ago [-]
Those are the forces at play, but you’re just guessing how that manifests itself in the real world. I’ll bet it’s all a lot more bureaucratic than you think it is— secret FISA courts wouldn’t exist if it was just a free-for-all the second it was out of sight.
That’s why these agencies buy data from brokers: sidestepping the mechanisms in place to stop them from getting it straight from the source for free.
whatshisface 2 days ago [-]
We read their internal papers, that was what the Snowen documents were about. No guessing required since 2013. No warrants required since 2002-ish.
DrewADesign 2 days ago [-]
For mass aggregation of call metadata, all sorts of over-the-wire communication data, etc etc etc… yeah. For on-demand mobile phone location tracking? That’s a different animal.
rdevilla 2 days ago [-]
Israel doesn't need warrants because it's not an American government agency conducting homeland security.
2 days ago [-]
rdevilla 2 days ago [-]
In 2026, it's Israel. The NSA is so last decade, and isn't even mentioned in this article.
Silicon Valley and global communications infrastructure has been compromised by Israel. Quoting TFA:
> This analysis identified 4G infrastructure associated with operator networks based in Israel, the United Kingdom, and the Channel Islands. Notably, in prior public reporting these same countries have been linked to CSVs targeting mobile users.
> Israel has long been a focal point in the global surveillance industry, with multiple companies developing and exporting advanced spyware, cellular communications interception, and monitoring technologies.
underlipton 2 days ago [-]
I mean, it might genuinely be a good idea to start thinking about how to live in and administer justice in a society where privacy is dead and unsavory details about other people's lives are likely to find their way out into the open, and where you just kind of have to deal and go on with life. It's tough because that would force us to have to separate out crimes that do actual real damage (what's "real damage"?) from "crimes" that just make people uncomfortable, and behavior that's actually disqualifying from behavior that's, "Oh, you're into that, huh...? How interesting.".
In a sense, where already there, funhouse mirror-like - consider the sentence for selling a pound of coke vs that for a literal ton of Percocets; people will still want to hang out with you after you've laid off 1,000 employees, but god forbid you, I dunno, watch cartoons - but I guess it would still be a sea-change in the approach.
DrewADesign 2 days ago [-]
It depends on the situation. If someone is on fire, yes, it’s pointless. If someone is lost without good reception, no. If someone is suffering from dementia and wandering aimlessly, no. If someone has been abducted and can’t use their phone but still has it with them, no. These things do happen.
lostlogin 2 days ago [-]
Most of us want to recover the dead.
You’d be wild if lawyers had prevented saving a life though.
red-iron-pine 2 days ago [-]
> Our corporate culture has driven our society insane with normalized greed. The unholy alliance of tech and marketing is largely to blame.
bro your posting on HN, what do you think the response to this will be
Toast_ 2 days ago [-]
>ya know, profit.
Pretty sure Israel does it for the love of the game.
gruez 2 days ago [-]
>Yet these jackholes can just snag it whenever because, ya know, profit. That is obviously insane. Our corporate culture has driven our society insane with normalized greed. The unholy alliance of tech and marketing is largely to blame.
Nothing in the article suggests the cause of this is "greed". The protocols are vulnerable and various shady companies have been set up to exploit it, but that has nothing to do with "greed", any more than the fact that there are shady hosters for spammers[1] are caused by "corporate culture has driven our society insane with normalized greed"
One of the biggest lies about the surveillance state is that it'll be professional.
NSA employees have used multi-billion dollar American surveillance assets to spy on women they're infatuated with. There's even a cute term for it, LOVEINT.
In another instance, a foreign woman who was employed by the U.S. government suspected that her lover, an NSA civilian employee, was listening to her phone calls. She shared her suspicion with another government employee, who reported it. An investigation found the man abused NSA databases from 1998 to 2003 to snoop on nine phone numbers of foreign women and twice collected communications of an American, according to the inspector general's report.
People aren't able to imagine the ramifications of pervasive surveillance because there never has been such pervasive surveillance in human history. And humans are terrible at predicting how this is going to change things. Especially, with LLMs in the mix.
Unless a very strict line is maintained for privacy across the board; the world that's coming will be many, many custom, tailor-made hells co-existing as tumors off of the back of state and corporate surveillance infrastructure.
1a527dd5 2 days ago [-]
> She shared her suspicion with another government employee, who reported it.
And what pray tell do you do if you don't have anyone to report it to inside the government? Reports like that can easily get blackholed.
nielsbot 1 days ago [-]
i’m surprised it went anywhere even inside the government. and imagine all the cases we don’t know about.
not only that but
- someone in the Senate (Wyden?) recently said it’s worse than anyone thinks and people would be outraged
- a judge from the FISA court, said FISA should be revised
Looks like the judge I'm referring to is Collyer. Not quite a call for reform, but she did say the FBI is abusing the court.
> Consequently, in an extraordinary public order on Tuesday, the secret court’s presiding judge, Rosemary Collyer, directed the Justice Department and the FBI to conduct a thorough review of all submissions the bureau has made to the FISC. They have about three weeks (until Jan. 10, 2020) to explain what steps have been taken to assure the candor of each submission.
> Unless a very strict line is maintained for privacy across the board; the world that's coming will be many, many custom, tailor-made hells co-existing as tumors off of the back of state and corporate surveillance infrastructure.
The future black markets are going to be filled with all sorts of illegal "private comms" devices to give us our privacy back. I am sure there are sci-fi novels with this theme.
pixl97 2 days ago [-]
Maybe, but they may very well stand out as the only 'unapproved' encryption on the wire and bring you more attention.
MisterTea 2 days ago [-]
Who said anything about "wires"?
cedws 2 days ago [-]
IIRC Snowden said the same in his biography - that the NSA had a bro culture and they abused their powers to obtain compromising images and texts (often sexual) and share them around.
If you're going to use technology to illegally spy on millions people, at least do it with some professionalism and restraint. Bastards.
ikrenji 2 days ago [-]
all this techno surveillance should just be straight out banned by law. the little extra security it might offer is not worth the huge costs in privacy and other unforeseen impacts
intended 2 days ago [-]
> Unless a very strict line is maintained for privacy across the board;
> many, many custom, tailor-made hells co-existing as tumors off of the back of state and corporate surveillance infrastructure.
We already live in this world. Most of the conversations here on HN are naturally America centric, and the situation with the rest of the humans on the planet is secondary. The more distant, the less interest.
For most of that world, please for help are sent via stomach churning amounts of appeals on via WhatsApp. The hope is that someone knows someone at a platform to get them help.
Something like being having your non-consensual intimate imagery shared, means you are pretty much done. Since a majority of people live in nations with more conservative mores (on average) than the west, this means an absurd number of lives ruined.
Fraud, pig butchering scams, are examples of outright crimes. Tech isn’t much better when it comes to customer support. You want to recover your account, or reach a human? Good luck.
I’d love to hear a counter argument for this position: Tech platforms are as valuable as they are, because they do not pay the support costs they incur.
aetherspawn 2 days ago [-]
Yeah, a friend of mine was tracked by a stalker ex boyfriend who worked at a Telco.
It was irritatingly difficult to avoid because it seemed he could look up her SIM card by name and then get her location no matter what (new SIM, new phone)
Anyone who reports this kind of thing to the police just sounds irrational and crazy and gets ignored.
pigggg 2 days ago [-]
It's literally a known thing at telcos in various roles they find people looking up folks dox regularly. If someone registers a complaint that someone access their data they'll look it up and deal with them.
I once asked someone on the security /investigations side if you are logging what everyone is doing can't you easily find when folks are looking up stuff unrelated to their job? Their answer: we'd have to fire over half the people here - everyone is constantly looking up people's PII - celebrities, friends, enemies, etc. it's almost considered a unofficial perk of the job. This was from one of the largest US Telco carriers circa 2010. Maybe things have changed, hopefully.
pocksuppet 2 days ago [-]
In Western Europe they would get fired and go to jail. That's why Western Europe doxx information is considered the most expensive in the world. It wasn't complicated to create that situation. They can just fire a few, drag one to court, and rely on the chilling effect.
dboreham 2 days ago [-]
Calling BS on that story. You don't need to fire anyone. You just rate limit access to lookups where the customer didn't initiate a support call themselves, and require supervisor approval and audit of said approvals on a regular basis. I've also worked on systems where accounts could be marked as sensitive (e.g. the celebrities) and those needed additional sign off to be accessed.
lostlogin 2 days ago [-]
I’ve worked in systems like that too.
I can tell you exactly how much privacy the celebrities got. There is no record of the sharing or the breaches.
therobots927 2 days ago [-]
Assuming he had access to a database with (lat, long, SIM) data, if she got a new phone he could just use the known (lat, long pairs) from the old sim and lookup to get the new sim. Then bam, you can get all of the new lat longs.
It’s impossible to avoid unless you simultaneously move to a new house / apartment when you get your new phone, and never bring the new phone to any previous low-traffic location you brought the old phone to.
justinclift 2 days ago [-]
If the person was deep enough into the system to have access to location data, then they'd probably be able to just directly look up customer details (likely easier).
hocuspocus 2 days ago [-]
Absolutely not. I have access to geo-located network telemetry. CRM data is completely off limit to anyone on my team.
kakacik 2 days ago [-]
Well maybe it wasn't such a well secured company and also this seems story from the past.
hocuspocus 2 days ago [-]
Built-in positioning of network traces is relatively recent in mobile network equipment and dedicated probes.
If that happened more than 5-6 years ago, it would sound even less likely. Most telcos never bothered doing the processing needed to position raw events based on timing advances. They'd simply offload that to third party companies. These solution providers aren't crazy, they don't touch data that isn't already anonymized. It's even less probable that a random employee would have access to the multiple datasets needed to piece someone's personal data together.
justinclift 2 days ago [-]
Are you in a small company where most people wear lots of hats, or in a big company that has siloed off groups? Am guessing it's more of the big company approach that silos things off?
hocuspocus 2 days ago [-]
As far as telcos go, I work at a pretty small one. We have fewer subscribers than say, a single Chinese operator would have in a second tier city.
calvinmorrison 2 days ago [-]
it's impossible for your precise location to be tracked by anybody... wow thats crazy
kenjackson 2 days ago [-]
What does this mean?
Padriac 2 days ago [-]
Sounds like something worth reporting as it is an offence in Australia at least. The police would certainly investigate such an allegation and charges could be laid if there was sufficient evidence and a conviction was possible.
joshstrange 2 days ago [-]
> The police would certainly investigate such an allegation and charges could be laid if there was sufficient evidence and a conviction was possible.
I'll let you know when I finish laughing.
This is 100% false. You can serve up all the evidence on a silver platter the the police will ignore it. I know, I've tried, specifically in a stalking case. They don't care.
Padriac 2 days ago [-]
Maybe where things are different where you live.
close04 2 days ago [-]
After being stalked myself, for years, across borders, I can tell you the police doesn't care unless you can prove real, imminent danger. I have no idea how to prove that short of a written confession. A message from the stalker with a picture of them holding a knife at the door of my building, and the text I came to "visit" you but you had guests/witnesses for example didn't reach the bar of imminent danger.
The police is made of people who want to do the job but are swamped with bigger problems, and people who don't want to do any real job.
pocksuppet 2 days ago [-]
It's true in Australia, true in the US, true broadly in the UK and Europe. Where do you live where it's not the case? I once got mugged, had the perpetrator's ID and a video recording of them doing it, and they got a slap on the wrist.
estimator7292 2 days ago [-]
Things are very different in the US. Police do not exist to uphold the law or protect civilians from anything. There are specific rulings in our legal code that flatly state police are not obligated to protect anyone.
Police in the US exist mainly to suck up tax money and harass and murder civilians and escalate peaceful protests into riots to justify suppression and murder. They're merely an instrument of an increasingly authoritarian government.
Yeah, if you gave police here a complaint with all the evidence in the world, there is absolutely no obligation for them to investigate or take any action. And there's really no recourse.
Be glad you live in a functional society.
trinsic2 2 days ago [-]
Maybe you're being Naive? Just because there are laws doesn't mean there going to be enforced. Especially with what's going on right now with governments becomming authoritarian.
jimbo808 2 days ago [-]
Ha. That's what everyone thinks before they've needed the police.
ImPostingOnHN 2 days ago [-]
You're referring to the police, who are also abusing these surveillance systems to stalk their exes?
Or maybe federal law enforcement, who are also abusing these surveillance systems to stalk their exes?
Or perhaps intelligence agencies, who are also abusing these surveillance systems to stalk their exes?
Did I mention they're all friends with each other and usually help each other and cover for each other?
2 days ago [-]
aetherspawn 2 days ago [-]
Yeah it was reported, but the telcos systems were such a load of slop there wasn’t any specific evidence recorded (logs etc), and besides nobody knew what to ask for, so it couldn’t be taken seriously.
I don’t remember the exact circumstances of how they got a confession years later, I think bragging, but he did get convicted and the Telco eventually fired him, which stopped the stalking.
boringg 2 days ago [-]
What no log files of who's accessing records? That seems super sketch.
aetherspawn 2 days ago [-]
I’m spitballing here but it seemed like his job was a kind of ITS/technician job in the core infrastructure, and it seemed like he didn’t need to go through normal channels to get the information he wanted, ie he could just like pcap a tower with a filter or whatever in a routine kind of way that I guess didn’t create any specific logs. If there were any relevant logs they would have had to give them to the police. And I know that at a high level Telcos are heavily regulated, so there should have been logs.
mr_toad 2 days ago [-]
Doesn’t surprise me at all. I signed up for an internet plan with a provider once, but they never let me login to pay the bills. After they started threatening me with collections and several phone calls layer it turned out they were billing someone in a completely different city. Complete shambles.
cucumber3732842 2 days ago [-]
I have a comparable dispute with an old ISP from an old apartment. Their system had me as still receiving services there for many months after I cancelled and moved. Every year they send me a final warning saying it'll go to collections (the fact that it hasn't actually gone to collections more or less tells me I'm right, lol). Every year I'm grateful it's "just" an ISP and not the government because the government would've escalated the fine to a bajillion dollars and issued a bench warrant by now.
pocksuppet 2 days ago [-]
On the other hand, at least with a bench warrant you get to go to court and tell the judge "look, I cancelled this service years ago and I don't live there any more, and they confirmed the cancellation" and the judge would tell the opposing party to go cry about it.
wil421 2 days ago [-]
Bad actors will buy data from people and places where they don’t care.
I've seen people getting fired in BigTech for using the platform to stalk their ex-es. It's usually an alert that goes off when employees access internal dashboards for a certain profile, too many times.
throwawaysleep 2 days ago [-]
BigTech is far more competent than a Telco though.
red-iron-pine 2 days ago [-]
having worked and consulted at both... debatable.
level competency is higher at BigTech but laziness, vanity, selfishness, ego, and learned-helplessness happens plenty too.
e.g. for all of the BigTech brilliance plenty of them fall for mildly complex phishing efforts or bribes, etc.
Zigurd 2 days ago [-]
Some systems, like lawful intercept, are designed to be hidden even from telco network management systems. The LI console that set up a wire tap might log activity at that particular console at that particular law-enforcement agency. But if you don't know where to look exactly, good luck.
This is why the Chinese picked lawful intercept as a hacking target for the salt typhoon exploit. It's almost impossible to know whether that exploit is continuing or when exactly it began.
ogurechny 2 days ago [-]
Someone else was targeting it long before the Chinese.
2 days ago [-]
throwawaysleep 2 days ago [-]
Cops are too dumb to comprehend that. They would proclaim it impossible and order more donuts.
Most simple criminals get away with their crimes. Anyone with any level of sophistication does as well.
wil421 2 days ago [-]
Scammy telcos in poorer countries sell SS7 data for a small fee. It will give you all the location data you need.
pocksuppet 2 days ago [-]
SS7 access - you still have to hack the system to acquire the data yourself, and I believe it creates a log that you roamed to that country, and briefly disconnects your cellphone from the network? It's far from invisible.
tamimio 2 days ago [-]
Well, my privacy-o-meter made me have my phone with no sim card and always airplane mode, and the sim card is in a dumb phone in my house, that I also barely turn on unless needed. Not perfect, but still far better than being tracked with telecoms.
hocuspocus 2 days ago [-]
I'm sorry but this sounds like bullshit. As someone who has access to such data at a telco:
- Very few people have legit business cases requiring access to enriched network telemetry, at least non aggregated.
- Of which, only a handful have any reason to see the MSISDN in clear.
- Of which, none can get access to clear CRM data.
- Lawful interception and emergency services use completely separate paths, exposed via user interfaces that aren't available to employees.
And obviously, a simple email to the data governance and privacy office would be taken extremely seriously.
Also why not simply switch to a different phone operator?
aetherspawn 2 days ago [-]
So what you’re saying is if you were secretly a psycho and wanted to stalk your ex-girlfriend, you work at a Telco and basically have access to the tools to do it?
So putting aside the fact you’re a reasonable person, anyone who works themselves up to a similar seniority and job description in a Telco as you, could in fact do exactly what the article is saying is an issue for the victims.
hnthrow0287345 2 days ago [-]
I'm sure every single telco in the world is perfectly in line with this
lostlogin 2 days ago [-]
Stalker terrorises woman, she reports it, nothing happens, stalker kills her. Queue hand wringing.
It’s played out a lot of times, in a lot of places, I don’t know why everyone here is so cynical.
hocuspocus 2 days ago [-]
Even in pretty dysfunctional countries, or pro-business ones like the US, where nothing like the GDPR exists, telcos management have a strong interest in not letting just any rank and file employee spy on subscribers.
throwawaysleep 2 days ago [-]
Most breaches are not in the interests of management, but they happen anyway as management wants to save money or doesn't understand how it could happen.
throwawaysleep 2 days ago [-]
> And obviously, a simple email to the data governance and privacy office would be taken extremely seriously.
What is this based on? I used to work for a data governance and privacy vendor that supplied data for audits. Tons and tons of customers asked us to fudge their data.
This is after the Delve scandal, where the hottest tech compliance company was completely fraudulent and numerous other hot tech companies also had completely fraudulent audits.
This is not a reasonable assumption.
mtve 2 days ago [-]
50M+ subs operator, at least 10 employees can have both location and CRM data, I guess it's pretty typical.
> As someone who has access to such data at a telco
so you do have access :)
> - Lawful interception and emergency services use completely separate paths, exposed via user interfaces that aren't available to employees.
correct for LI, not for emergency.
> Also why not simply switch to a different phone operator?
yes, the only solution.
hocuspocus 2 days ago [-]
> 50M+ subs operator, at least 10 employees can have both location and CRM data, I guess it's pretty typical.
This shouldn't be the case anywhere in Europe or regions with similar laws. And we have a lot less than 50M subscribers.
Anyway, there's really nothing that justifies having access to both. If you work on network quality and need enriched traces, personal data is completely useless. Most business cases don't even need stable, let alone clear IMSI. Very few people will need to look at a clear MSISDN for troubleshooting, and if you do things properly they shouldn't get blanket access to terabytes of daily telemetry.
Aggregated CRM data can be useful to more high-level business cases, nothing that can be used to identify someone personally. Our data governance office doesn't even let us correlate anonymized and GDPR compliant data that we buy from third parties when the IDs are too stable, as it'd be fairly easy to match raw network traces.
> so you do have access :)
No I don't. Sometimes people move to different teams you know, and access to datasets I had in the past is mutually exclusive with some that I do have now.
> correct for LI, not for emergency.
If people that can see E112 payloads with GNSS locations exist, then I don't know they are, but I'm sure they can't have access to stuff relevant to the discussion here. On the network telemetry side, our job is monitoring and quality assurance. Anyway this kind of data is too sparse to be abused by a stalker.
mistrial9 2 days ago [-]
you are close to a system in a way that those guardrails are clear and present; the story is from the point of view of a victim, and it is possible that they were indeed a victim. Therefore the means of the stalking is not known at all via this story, but somehow, something did occur. It is not surprising on either side, and they do not necessarily contradict each other IMHO
hocuspocus 2 days ago [-]
I'm specifically talking about the technical aspect. Even with non-existent separation of concerns, and abysmal practices related to data governance which would be breaking the law in most of the developed world, the story sounds like bullshit. Extracting points of interest and reconstructing paths from raw network telemetry isn't trivial.
The likelihood a random employee could run a quick SQL join to stalk someone based on their name is zero.
subscribed 2 days ago [-]
I'm glad to hear that your random telco's governance and influence has spread around the entire world to every other telco.
FYI: from the fact it's hard (not impossible) to see the data mentioned and it's possible (not guaranteed) that the caught offender would be punished is a VERY long way to "you lie".
Theirs was anecdata, yours is anecdata but you're additionally rude.
NitpickLawyer 2 days ago [-]
Ah, I remember back in the day when "trust me I work in a telco and this is just dumb" people were really really silent after the room 641a stuff got leaked.
hocuspocus 2 days ago [-]
So now the random ex-boyfriend has access to the same tools as 3 letter agencies, got it.
If you live in a country where you cannot trust law enforcement then there isn't much your telco can do. But specifically, these surveillance tools are not available to us.
Anonyneko 2 days ago [-]
This is just par for the course in Russia. Government has telcos track people, and that data ends up available on the black market for anyone to purchase, for a fairly modest fee. The government has been recently trying (with uncertain degree of success) to crack down on the latter, as this was frequently used by the opposition journalists and investigators to uncover the details of the government's own nefarious plots.
The data is cross-referenced with other telcos, other SIM cards, Wi-Fi hotspots (anonymous public hotspots are outlawed), street cams, and many other databases, so it's basically impossible to avoid being tracked.
Probably inevitable to become the norm everywhere in the world.
aa-jv 2 days ago [-]
It is par for the course in the UK and Israel, too. Oh, also Australia.
betaby 2 days ago [-]
> Government has telcos track people
Yes
> and that data ends up available on the black market for anyone to purchase, for a fairly modest fee
Probably not. Those DBs are fake most ( all ? ) the time.
Anonyneko 2 days ago [-]
The Russian leaked ones have proven to be legit many times over by investigative journalists cross-referencing those with other databases (e.g. flight tracking or leaked food delivery databases).
kikimora 2 days ago [-]
In Russia case no, they are not fake. Navalny tracked his killers by analyzing flight and train travel data identifying people who always travel with him. They used data sold in the black market.
bell-cot 2 days ago [-]
> ... as this was frequently used by the opposition journalists and investigators to uncover the details ...
Seems like Ukrainians assassins targeting Russian VIP's would be the most compelling motive for a crackdown.
Or perhaps Mr. Putin provides a feed of "currently in favor" VIP's to the black market folks, who know better than to sell intel on anyone on that list?
Anonyneko 2 days ago [-]
Yeah, that of course is a bigger concern for the government right now. I sometimes forget that it's neither 2019 nor even 2021 anymore.
jbxntuehineoh 2 days ago [-]
time to take the tedpill and leave your phone at home
znort_ 2 days ago [-]
> This is just par for the course in Russia
nice deflection there, ofc bad russia! you did surely notice that this article is about the uk? oh, and (big surprise!) israeli cell and surveillance companies ...
Anonyneko 2 days ago [-]
All I wanted to say is that things can get even worse if left uncontrolled.
znort_ 2 days ago [-]
it's ok, the occasion offered an interesting glimpse on the crowd in here.
btw, that was another deflection right there, just saying ;-)
worse how? are you aware of the real sorry state of privacy, freedom of information and civil rights all around the globe today, and very specially in our shiny western democracies? that's getting considerably worse, i recommend you pay a bit more close attention instead of chasing tired clichés and ghosts abroad.
mentalgear 2 days ago [-]
> Gary Miller, one of the researchers who investigated these attacks, told TechCrunch that some clues point to an “Israeli-based commercial geo-intelligence provider with specialized telecom capabilities,” but did not name the surveillance provider. Several Israeli companies are known to offer similar services, such as Circles (later acquired by spyware maker NSO Group), Cognyte, and Rayzone.
why are they good at these kind of things - security, hacks, surveillance, 0-days?
bakugo 2 days ago [-]
When your goal is to covertly subvert and take control of foreign nations, these sorts of skills tend to come in handy.
red-iron-pine 2 days ago [-]
may not even be the deliberate goal. just that the 100% conscription rate + backs-to-the-wall attitude means that the IDF has a lot of well trained signals intelligence guys who need to make money somehow.
morellt 2 days ago [-]
No clue why this is getting downvoted, this is literally the purpose.
2 days ago [-]
jeroenhd 2 days ago [-]
They are a country surrounded by countries that either dislike them or want them wiped from the face of the earth. It only makes sense that they have a significant intelligence and spying industry.
The genocide they're undertaking does place that industry in a whole new light, of course.
goolz 2 days ago [-]
Worth note their leaders and allies are bereft of morality.
subscribed 2 days ago [-]
We might run their history in a slow motion since the year of inception, and then see who is trying to do all the wiping.
pjc50 2 days ago [-]
They run a mass surveillance operation so they can target individual people with exploding pagers. It's just another aspect of the longstanding war between Israel and Iran (via Hezbollah etc).
contingencies 2 days ago [-]
Combination of state support and US intelligence sharing arrangements. This is a smaller operation. Larger operation is AMDOCS which runs billing for most global carriers = access to every billable activity. EU should get rid of them IMHO.
Rob_Polding 2 days ago [-]
In my country 95% of people don't mind Meta tracking their location with WhatsApp, so I think the days of people caring about tracking are long gone!
I am the exception and believe in privacy, and I've not used a Meta app since I tested Facebook/WhatsApp back in 2010 and soon uninstalled them as I don't want a digital portfolio to be developed on me for advertisers. Same with Google, they can whistle for my personal information, but they won't get it!
I'm sure surveillance companies have an even easier time buying data from Meta/WhatsApp so that's even more worrying as people use different ISPs so 95% of people won't be traced by any one ISP, but Meta and Google have the location information of anyone gullible enough to use their services.
gruez 2 days ago [-]
>In my country 95% of people don't mind Meta tracking their location with WhatsApp
Source? Seems unlikely given that both android and ios has location permissions and keeps track of whether it's used. Non-consensual (ie. you're not specifically using some location sharing feature or whatever) is very likely to be caught and cause a publicity shitstorm.
woadwarrior01 2 days ago [-]
One of the first bits of infosec advice I give to my non-technical friends and family, when they ask for it, is to turn off background location access for all apps on their phones.
Needless to say, I know plenty of technical people who don't care about it.
forlorn_mammoth 2 days ago [-]
because someone made background location access a "necessary" part of the the bluetooth stack?
The cost of opting out is very high.
"Mark of the beast"-- you want to participate in society, you need it.
everdrive 2 days ago [-]
Modern people seem to be incredibly weak and dependent. "I can't protect my freedom if it means giving up bluetooth!" It almost reads as satire.
vinay_ys 2 days ago [-]
Even if you are on modern 5G network, and set your phone to never connect to 2G/3G network, your location is still compromised because the overall network is still backward compatible to support someone who might be trying to reach you from a 2G or 3G network which run on the insecure SS7 protocol. This enables protocol downgrade attacks. Only way to insulate yourself from this while still being on mobile networks is to use a "data-only" sim and stick to purely Internet based secure messaging and calling apps and not use the phone number for anything.
The way mobile radio/phone networks have evolved (trusted walled garden with backward compatibility) vs Internet has evolved (untrusted with end to end security) is in stark contrast to each other.
sigbottle 2 days ago [-]
Super interesting stuff, got reading on this?
dfc 2 days ago [-]
I get a 404 when I try and view the CitizenLab report:
thanks for sahding, and i feel like the SS7 thing is such a classic "known unfixed" problem. everyone in telecom knows it's broken, has known for decades. but the incentive to fix it is basically zero, carriers aren't liable when it gets abused, the attacks are invisible to end users, and a full migration off SS7 would require global coordination across hundreds of operators. so nothing happens.
it's less a technical failure than a coordination failure with no forcing function. Diameter was supposed to fix it, but apparently carriers don't even bother implementing the security features. which kind of proves the point. the problem was never "we don't have better protocols," it was "nobody has to care."
Barbing 2 days ago [-]
Help our security if you can!—
“Contact Us
Do you have more information about surveillance vendors that exploit cellphone networks? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email[]”
Fokamul 2 days ago [-]
I like I live in country where SIMs can be bought without any verification.
Cops and agencies trying to change this, (buuhuuu someone bought anonymous SIMs in bulk and sold them on darknet)
Surprisingly, there was major public pushback, pretty unlucky for cops.
rurban 2 days ago [-]
They do have the death penalty now in Israel. So it might get interesting for those bosses
pprotas 2 days ago [-]
The death penalty was intended for Palestinians, not Israeli bosses
Muromec 2 days ago [-]
It doesn't always go as intended.
rurban 2 days ago [-]
sure, but when the tide switches to a far-left government they might use it against them.
tovej 2 days ago [-]
I do believe the law was specifically carved out so it could only be used against Palestinian prisoners. And there is no far-left in Israel, at least no far-left party that could ever be in government.
2 days ago [-]
dewey 2 days ago [-]
You forgot one important detail there.
srameshc 2 days ago [-]
I was reading news this morning about Lebanese journalist killed in airstrike. I was thinking very likely she was tracked wherever she was taking shelter. These kind of surveillance probably helps track such people on large scale and we most of the time meh at such reports and think what have I to loose. But it is affecting everyone now, not some ambigious high profile targets, they are the people amongst us.
aa-jv 2 days ago [-]
Tracking wasn't necessary in her case, she was already talking to Israeli forces prior to being murdered. They knew where she was by direct personal observation, which was then used to target her.
therobots927 2 days ago [-]
Coming soon to a city near you.
The goal is dominance and control of the poor by the rich.
walrus01 2 days ago [-]
Why is the citizen lab report URL suddenly a 404?
Danox 2 days ago [-]
Of course they are what could go wrong?
faxuss 2 days ago [-]
Everyone does it, they just got caught.
therobots927 2 days ago [-]
Oh would you look at that: “Israeli-based commercial geo-intelligence provider with specialized telecom capabilities.”
Make no mistake, the people of Gaza and Lebanon are being used as guinea pigs for highly invasive surveillance technology that could easily be pointed at any of us if we step out of line.
And yes I said people of Gaza, not tellhullists as they’re referred to in Zion.
thisislife2 2 days ago [-]
That Gaza, the world's largest open prison, is an experiment playground for Israeli surveillance and military tech is a popular theory online that is now finding space in mainstream media too:
Off topic, but is there any black market way I can buy the personal data of the robodialers that flood my number 20x / day? I know they spoof caller ID, and I'm not referring to filing a costly civil suit and getting their names from discovery.
Yet these jackholes can just snag it whenever because, ya know, profit. That is obviously insane. Our corporate culture has driven our society insane with normalized greed. The unholy alliance of tech and marketing is largely to blame.
that just sounds pointless, won't they be dead by that point anyways?
It's all about power, anyway. The NSA doesn't need a warrant at all. When the police want to get an alleged criminal they can get a warrant in minutes. But when it's your life in danger, it takes hours. The purpose of a system is what it does.
The NSA doesn’t need warrants in many cases because they can get the information they need from the government’s own databases. I’m not an expert, but as far as I know, if they need someone’s location from a phone company they do need a warrant or to prove there were exigent circumstances, which is why they just get shit from data brokers. Some politicians want to close that loop hole but most either don’t, or don’t care enough. Some, shockingly, even want to reform FISA.
That’s why these agencies buy data from brokers: sidestepping the mechanisms in place to stop them from getting it straight from the source for free.
Silicon Valley and global communications infrastructure has been compromised by Israel. Quoting TFA:
> This analysis identified 4G infrastructure associated with operator networks based in Israel, the United Kingdom, and the Channel Islands. Notably, in prior public reporting these same countries have been linked to CSVs targeting mobile users.
> Israel has long been a focal point in the global surveillance industry, with multiple companies developing and exporting advanced spyware, cellular communications interception, and monitoring technologies.
In a sense, where already there, funhouse mirror-like - consider the sentence for selling a pound of coke vs that for a literal ton of Percocets; people will still want to hang out with you after you've laid off 1,000 employees, but god forbid you, I dunno, watch cartoons - but I guess it would still be a sea-change in the approach.
You’d be wild if lawyers had prevented saving a life though.
bro your posting on HN, what do you think the response to this will be
Nothing in the article suggests the cause of this is "greed". The protocols are vulnerable and various shady companies have been set up to exploit it, but that has nothing to do with "greed", any more than the fact that there are shady hosters for spammers[1] are caused by "corporate culture has driven our society insane with normalized greed"
[1] https://en.wikipedia.org/wiki/Bulletproof_hosting
NSA employees have used multi-billion dollar American surveillance assets to spy on women they're infatuated with. There's even a cute term for it, LOVEINT.
https://www.nbcnews.com/news/world/loveint-nsa-letter-disclo...
https://www.yahoo.com/news/nsa-staff-used-spy-tools-spouses-...
People aren't able to imagine the ramifications of pervasive surveillance because there never has been such pervasive surveillance in human history. And humans are terrible at predicting how this is going to change things. Especially, with LLMs in the mix.Unless a very strict line is maintained for privacy across the board; the world that's coming will be many, many custom, tailor-made hells co-existing as tumors off of the back of state and corporate surveillance infrastructure.
And what pray tell do you do if you don't have anyone to report it to inside the government? Reports like that can easily get blackholed.
not only that but - someone in the Senate (Wyden?) recently said it’s worse than anyone thinks and people would be outraged - a judge from the FISA court, said FISA should be revised
e.g. https://www.politico.com/live-updates/2026/04/15/congress/wy...
> Consequently, in an extraordinary public order on Tuesday, the secret court’s presiding judge, Rosemary Collyer, directed the Justice Department and the FBI to conduct a thorough review of all submissions the bureau has made to the FISC. They have about three weeks (until Jan. 10, 2020) to explain what steps have been taken to assure the candor of each submission.
https://thehill.com/opinion/judiciary/475053-fisa-courts-reb...
The future black markets are going to be filled with all sorts of illegal "private comms" devices to give us our privacy back. I am sure there are sci-fi novels with this theme.
If you're going to use technology to illegally spy on millions people, at least do it with some professionalism and restraint. Bastards.
> many, many custom, tailor-made hells co-existing as tumors off of the back of state and corporate surveillance infrastructure.
We already live in this world. Most of the conversations here on HN are naturally America centric, and the situation with the rest of the humans on the planet is secondary. The more distant, the less interest.
For most of that world, please for help are sent via stomach churning amounts of appeals on via WhatsApp. The hope is that someone knows someone at a platform to get them help.
Something like being having your non-consensual intimate imagery shared, means you are pretty much done. Since a majority of people live in nations with more conservative mores (on average) than the west, this means an absurd number of lives ruined.
Fraud, pig butchering scams, are examples of outright crimes. Tech isn’t much better when it comes to customer support. You want to recover your account, or reach a human? Good luck.
I’d love to hear a counter argument for this position: Tech platforms are as valuable as they are, because they do not pay the support costs they incur.
It was irritatingly difficult to avoid because it seemed he could look up her SIM card by name and then get her location no matter what (new SIM, new phone)
Anyone who reports this kind of thing to the police just sounds irrational and crazy and gets ignored.
I once asked someone on the security /investigations side if you are logging what everyone is doing can't you easily find when folks are looking up stuff unrelated to their job? Their answer: we'd have to fire over half the people here - everyone is constantly looking up people's PII - celebrities, friends, enemies, etc. it's almost considered a unofficial perk of the job. This was from one of the largest US Telco carriers circa 2010. Maybe things have changed, hopefully.
I can tell you exactly how much privacy the celebrities got. There is no record of the sharing or the breaches.
It’s impossible to avoid unless you simultaneously move to a new house / apartment when you get your new phone, and never bring the new phone to any previous low-traffic location you brought the old phone to.
If that happened more than 5-6 years ago, it would sound even less likely. Most telcos never bothered doing the processing needed to position raw events based on timing advances. They'd simply offload that to third party companies. These solution providers aren't crazy, they don't touch data that isn't already anonymized. It's even less probable that a random employee would have access to the multiple datasets needed to piece someone's personal data together.
I'll let you know when I finish laughing.
This is 100% false. You can serve up all the evidence on a silver platter the the police will ignore it. I know, I've tried, specifically in a stalking case. They don't care.
The police is made of people who want to do the job but are swamped with bigger problems, and people who don't want to do any real job.
Police in the US exist mainly to suck up tax money and harass and murder civilians and escalate peaceful protests into riots to justify suppression and murder. They're merely an instrument of an increasingly authoritarian government.
Yeah, if you gave police here a complaint with all the evidence in the world, there is absolutely no obligation for them to investigate or take any action. And there's really no recourse.
Be glad you live in a functional society.
Or maybe federal law enforcement, who are also abusing these surveillance systems to stalk their exes?
Or perhaps intelligence agencies, who are also abusing these surveillance systems to stalk their exes?
Did I mention they're all friends with each other and usually help each other and cover for each other?
I don’t remember the exact circumstances of how they got a confession years later, I think bragging, but he did get convicted and the Telco eventually fired him, which stopped the stalking.
https://www.lighthousereports.com/methodology/surveillance-s...
level competency is higher at BigTech but laziness, vanity, selfishness, ego, and learned-helplessness happens plenty too.
e.g. for all of the BigTech brilliance plenty of them fall for mildly complex phishing efforts or bribes, etc.
This is why the Chinese picked lawful intercept as a hacking target for the salt typhoon exploit. It's almost impossible to know whether that exploit is continuing or when exactly it began.
Most simple criminals get away with their crimes. Anyone with any level of sophistication does as well.
- Very few people have legit business cases requiring access to enriched network telemetry, at least non aggregated.
- Of which, only a handful have any reason to see the MSISDN in clear.
- Of which, none can get access to clear CRM data.
- Lawful interception and emergency services use completely separate paths, exposed via user interfaces that aren't available to employees.
And obviously, a simple email to the data governance and privacy office would be taken extremely seriously.
Also why not simply switch to a different phone operator?
So putting aside the fact you’re a reasonable person, anyone who works themselves up to a similar seniority and job description in a Telco as you, could in fact do exactly what the article is saying is an issue for the victims.
What is this based on? I used to work for a data governance and privacy vendor that supplied data for audits. Tons and tons of customers asked us to fudge their data.
This is after the Delve scandal, where the hottest tech compliance company was completely fraudulent and numerous other hot tech companies also had completely fraudulent audits.
This is not a reasonable assumption.
> As someone who has access to such data at a telco
so you do have access :)
> - Lawful interception and emergency services use completely separate paths, exposed via user interfaces that aren't available to employees.
correct for LI, not for emergency.
> Also why not simply switch to a different phone operator?
yes, the only solution.
This shouldn't be the case anywhere in Europe or regions with similar laws. And we have a lot less than 50M subscribers.
Anyway, there's really nothing that justifies having access to both. If you work on network quality and need enriched traces, personal data is completely useless. Most business cases don't even need stable, let alone clear IMSI. Very few people will need to look at a clear MSISDN for troubleshooting, and if you do things properly they shouldn't get blanket access to terabytes of daily telemetry.
Aggregated CRM data can be useful to more high-level business cases, nothing that can be used to identify someone personally. Our data governance office doesn't even let us correlate anonymized and GDPR compliant data that we buy from third parties when the IDs are too stable, as it'd be fairly easy to match raw network traces.
> so you do have access :)
No I don't. Sometimes people move to different teams you know, and access to datasets I had in the past is mutually exclusive with some that I do have now.
> correct for LI, not for emergency.
If people that can see E112 payloads with GNSS locations exist, then I don't know they are, but I'm sure they can't have access to stuff relevant to the discussion here. On the network telemetry side, our job is monitoring and quality assurance. Anyway this kind of data is too sparse to be abused by a stalker.
The likelihood a random employee could run a quick SQL join to stalk someone based on their name is zero.
FYI: from the fact it's hard (not impossible) to see the data mentioned and it's possible (not guaranteed) that the caught offender would be punished is a VERY long way to "you lie".
Theirs was anecdata, yours is anecdata but you're additionally rude.
If you live in a country where you cannot trust law enforcement then there isn't much your telco can do. But specifically, these surveillance tools are not available to us.
The data is cross-referenced with other telcos, other SIM cards, Wi-Fi hotspots (anonymous public hotspots are outlawed), street cams, and many other databases, so it's basically impossible to avoid being tracked.
Probably inevitable to become the norm everywhere in the world.
Yes
> and that data ends up available on the black market for anyone to purchase, for a fairly modest fee
Probably not. Those DBs are fake most ( all ? ) the time.
Seems like Ukrainians assassins targeting Russian VIP's would be the most compelling motive for a crackdown.
Or perhaps Mr. Putin provides a feed of "currently in favor" VIP's to the black market folks, who know better than to sell intel on anyone on that list?
nice deflection there, ofc bad russia! you did surely notice that this article is about the uk? oh, and (big surprise!) israeli cell and surveillance companies ...
btw, that was another deflection right there, just saying ;-)
worse how? are you aware of the real sorry state of privacy, freedom of information and civil rights all around the globe today, and very specially in our shiny western democracies? that's getting considerably worse, i recommend you pay a bit more close attention instead of chasing tired clichés and ghosts abroad.
why are they good at these kind of things - security, hacks, surveillance, 0-days?
The genocide they're undertaking does place that industry in a whole new light, of course.
I am the exception and believe in privacy, and I've not used a Meta app since I tested Facebook/WhatsApp back in 2010 and soon uninstalled them as I don't want a digital portfolio to be developed on me for advertisers. Same with Google, they can whistle for my personal information, but they won't get it!
I'm sure surveillance companies have an even easier time buying data from Meta/WhatsApp so that's even more worrying as people use different ISPs so 95% of people won't be traced by any one ISP, but Meta and Google have the location information of anyone gullible enough to use their services.
Source? Seems unlikely given that both android and ios has location permissions and keeps track of whether it's used. Non-consensual (ie. you're not specifically using some location sharing feature or whatever) is very likely to be caught and cause a publicity shitstorm.
Needless to say, I know plenty of technical people who don't care about it.
The cost of opting out is very high.
"Mark of the beast"-- you want to participate in society, you need it.
The way mobile radio/phone networks have evolved (trusted walled garden with backward compatibility) vs Internet has evolved (untrusted with end to end security) is in stark contrast to each other.
https://citizenlab.ca/research/uncovering-global-telecom-exp...
“Contact Us
Do you have more information about surveillance vendors that exploit cellphone networks? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email[]”
Cops and agencies trying to change this, (buuhuuu someone bought anonymous SIMs in bulk and sold them on darknet)
Surprisingly, there was major public pushback, pretty unlucky for cops.
The goal is dominance and control of the poor by the rich.
Make no mistake, the people of Gaza and Lebanon are being used as guinea pigs for highly invasive surveillance technology that could easily be pointed at any of us if we step out of line.
And yes I said people of Gaza, not tellhullists as they’re referred to in Zion.
1. Gaza: a testing ground for Israeli military technology - https://www.middleeasteye.net/opinion/gaza-testing-ground-is...
2. Gaza “laboratory” boosts profits of Israel’s war industry - https://electronicintifada.net/content/gaza-laboratory-boost...
3. Gaza Becomes Israel’s Testing Ground for Military Robots - https://archive.is/P6mAQ