I was training to be a 911 dispatcher a while ago. When they told us about getting someone’s location from the cell company outside of what was available automatically from e911 or whatever— which required them to be on the phone with you, so not useful if you get a text saying they just drove off a cliff in the middle of nowhere, or something— you had to sign an affidavit testifying that there were exigent circumstances, fax it to them, and then wait, sometimes for hours, until their legal department approved it. And you always risked being dragged to court if you made the wrong call. That’s the price of privacy, and the potential for abuse is rife, so it makes sense.
Yet these jackholes can just snag it whenever because, ya know, profit. That is obviously insane. Our corporate culture has driven our society insane with normalized greed. The unholy alliance of tech and marketing is largely to blame.
One of the biggest lies about the surveillance state is that it'll be professional.
NSA employees have used multi-billion dollar American surveillance assets to spy on women they're infatuated with. There's even a cute term for it, LOVEINT.
In another instance, a foreign woman who was employed by the U.S. government suspected that her lover, an NSA civilian employee, was listening to her phone calls. She shared her suspicion with another government employee, who reported it. An investigation found the man abused NSA databases from 1998 to 2003 to snoop on nine phone numbers of foreign women and twice collected communications of an American, according to the inspector general's report.
People aren't able to imagine the ramifications of pervasive surveillance because there never has been such pervasive surveillance in human history. And humans are terrible at predicting how this is going to change things. Especially, with LLMs in the mix.
Unless a very strict line is maintained for privacy across the board; the world that's coming will be many, many custom, tailor-made hells co-existing as tumors off of the back of state and corporate surveillance infrastructure.
Yeah, a friend of mine was tracked by a stalker ex boyfriend who worked at a Telco.
It was irritatingly difficult to avoid because it seemed he could look up her SIM card by name and then get her location no matter what (new SIM, new phone)
Anyone who reports this kind of thing to the police just sounds irrational and crazy and gets ignored.
Sounds like something worth reporting as it is an offence in Australia at least. The police would certainly investigate such an allegation and charges could be laid if there was sufficient evidence and a conviction was possible.
> The police would certainly investigate such an allegation and charges could be laid if there was sufficient evidence and a conviction was possible.
I'll let you know when I finish laughing.
This is 100% false. You can serve up all the evidence on a silver platter the the police will ignore it. I know, I've tried, specifically in a stalking case. They don't care.
Things are very different in the US. Police do not exist to uphold the law or protect civilians from anything. There are specific rulings in our legal code that flatly state police are not obligated to protect anyone.
Police in the US exist mainly to suck up tax money and harass and murder civilians and escalate peaceful protests into riots to justify suppression and murder. They're merely an instrument of an increasingly authoritarian government.
Yeah, if you gave police here a complaint with all the evidence in the world, there is absolutely no obligation for them to investigate or take any action. And there's really no recourse.
Maybe you're being Naive? Just because there are laws doesn't mean there going to be enforced. Especially with what's going on right now with governments becomming authoritarian.
Yeah it was reported, but the telcos systems were such a load of slop there wasn’t any specific evidence recorded (logs etc), and besides nobody knew what to ask for, so it couldn’t be taken seriously.
I don’t remember the exact circumstances of how they got a confession years later, I think bragging, but he did get convicted and the Telco eventually fired him, which stopped the stalking.
I’m spitballing here but it seemed like his job was a kind of ITS/technician job in the core infrastructure, and it seemed like he didn’t need to go through normal channels to get the information he wanted, ie he could just like pcap a tower with a filter or whatever in a routine kind of way that I guess didn’t create any specific logs. If there were any relevant logs they would have had to give them to the police. And I know that at a high level Telcos are heavily regulated, so there should have been logs.
Doesn’t surprise me at all. I signed up for an internet plan with a provider once, but they never let me login to pay the bills. After they started threatening me with collections and several phone calls layer it turned out they were billing someone in a completely different city. Complete shambles.
I have a comparable dispute with an old ISP from an old apartment. Their system had me as still receiving services there for many months after I cancelled and moved. Every year they send me a final warning saying it'll go to collections (the fact that it hasn't actually gone to collections more or less tells me I'm right, lol). Every year I'm grateful it's "just" an ISP and not the government because the government would've escalated the fine to a bajillion dollars and issued a bench warrant by now.
I've seen people getting fired in BigTech for using the platform to stalk their ex-es. It's usually an alert that goes off when employees access internal dashboards for a certain profile, too many times.
Some systems, like lawful intercept, are designed to be hidden even from telco network management systems. The LI console that set up a wire tap might log activity at that particular console at that particular law-enforcement agency. But if you don't know where to look exactly, good luck.
This is why the Chinese picked lawful intercept as a hacking target for the salt typhoon exploit. It's almost impossible to know whether that exploit is continuing or when exactly it began.
Assuming he had access to a database with (lat, long, SIM) data, if she got a new phone he could just use the known (lat, long pairs) from the old sim and lookup to get the new sim. Then bam, you can get all of the new lat longs.
It’s impossible to avoid unless you simultaneously move to a new house / apartment when you get your new phone, and never bring the new phone to any previous low-traffic location you brought the old phone to.
If the person was deep enough into the system to have access to location data, then they'd probably be able to just directly look up customer details (likely easier).
Are you in a small company where most people wear lots of hats, or in a big company that has siloed off groups? Am guessing it's more of the big company approach that silos things off?
I'm glad to hear that your random telco's governance and influence has spread around the entire world to every other telco.
FYI: from the fact it's hard (not impossible) to see the data mentioned and it's possible (not guaranteed) that the caught offender would be punished is a VERY long way to "you lie".
Theirs was anecdata, yours is anecdata but you're additionally rude.
So what you’re saying is if you were secretly a psycho and wanted to stalk your ex-girlfriend, you work at a Telco and basically have access to the tools to do it?
So putting aside the fact you’re a reasonable person, anyone who works themselves up to a similar seniority and job description in a Telco as you, could in fact do exactly what the article is saying is an issue for the victims.
Even in pretty dysfunctional countries, or pro-business ones like the US, where nothing like the GDPR exists, telcos management have a strong interest in not letting just any rank and file employee spy on subscribers.
Most breaches are not in the interests of management, but they happen anyway as management wants to save money or doesn't understand how it could happen.
> And obviously, a simple email to the data governance and privacy office would be taken extremely seriously.
What is this based on? I used to work for a data governance and privacy vendor that supplied data for audits. Tons and tons of customers asked us to fudge their data.
This is after the Delve scandal, where the hottest tech compliance company was completely fraudulent and numerous other hot tech companies also had completely fraudulent audits.
you are close to a system in a way that those guardrails are clear and present; the story is from the point of view of a victim, and it is possible that they were indeed a victim. Therefore the means of the stalking is not known at all via this story, but somehow, something did occur. It is not surprising on either side, and they do not necessarily contradict each other IMHO
> Gary Miller, one of the researchers who investigated these attacks, told TechCrunch that some clues point to an “Israeli-based commercial geo-intelligence provider with specialized telecom capabilities,” but did not name the surveillance provider. Several Israeli companies are known to offer similar services, such as Circles (later acquired by spyware maker NSO Group), Cognyte, and Rayzone.
This is just par for the course in Russia. Government has telcos track people, and that data ends up available on the black market for anyone to purchase, for a fairly modest fee. The government has been recently trying (with uncertain degree of success) to crack down on the latter, as this was frequently used by the opposition journalists and investigators to uncover the details of the government's own nefarious plots.
The data is cross-referenced with other telcos, other SIM cards, Wi-Fi hotspots (anonymous public hotspots are outlawed), street cams, and many other databases, so it's basically impossible to avoid being tracked.
Probably inevitable to become the norm everywhere in the world.
In my country 95% of people don't mind Meta tracking their location with WhatsApp, so I think the days of people caring about tracking are long gone!
I am the exception and believe in privacy, and I've not used a Meta app since I tested Facebook/WhatsApp back in 2010 and soon uninstalled them as I don't want a digital portfolio to be developed on me for advertisers. Same with Google, they can whistle for my personal information, but they won't get it!
I'm sure surveillance companies have an even easier time buying data from Meta/WhatsApp so that's even more worrying as people use different ISPs so 95% of people won't be traced by any one ISP, but Meta and Google have the location information of anyone gullible enough to use their services.
One of the first bits of infosec advice I give to my non-technical friends and family, when they ask for it, is to turn off background location access for all apps on their phones.
Needless to say, I know plenty of technical people who don't care about it.
They are a country surrounded by countries that either dislike them or want them wiped from the face of the earth. It only makes sense that they have a significant intelligence and spying industry.
The genocide they're undertaking does place that industry in a whole new light, of course.
They run a mass surveillance operation so they can target individual people with exploding pagers. It's just another aspect of the longstanding war between Israel and Iran (via Hezbollah etc).
I do believe the law was specifically carved out so it could only be used against Palestinian prisoners. And there is no far-left in Israel, at least no far-left party that could ever be in government.
Oh would you look at that: “Israeli-based commercial geo-intelligence provider with specialized telecom capabilities.”
Make no mistake, the people of Gaza and Lebanon are being used as guinea pigs for highly invasive surveillance technology that could easily be pointed at any of us if we step out of line.
And yes I said people of Gaza, not tellhullists as they’re referred to in Zion.
That Gaza, the world's largest open prison, is an experiment playground for Israeli surveillance and military tech is a popular theory online that is now finding space in mainstream media too:
I was training to be a 911 dispatcher a while ago. When they told us about getting someone’s location from the cell company outside of what was available automatically from e911 or whatever— which required them to be on the phone with you, so not useful if you get a text saying they just drove off a cliff in the middle of nowhere, or something— you had to sign an affidavit testifying that there were exigent circumstances, fax it to them, and then wait, sometimes for hours, until their legal department approved it. And you always risked being dragged to court if you made the wrong call. That’s the price of privacy, and the potential for abuse is rife, so it makes sense.
Yet these jackholes can just snag it whenever because, ya know, profit. That is obviously insane. Our corporate culture has driven our society insane with normalized greed. The unholy alliance of tech and marketing is largely to blame.
One of the biggest lies about the surveillance state is that it'll be professional.
NSA employees have used multi-billion dollar American surveillance assets to spy on women they're infatuated with. There's even a cute term for it, LOVEINT.
https://www.nbcnews.com/news/world/loveint-nsa-letter-disclo...
https://www.yahoo.com/news/nsa-staff-used-spy-tools-spouses-...
People aren't able to imagine the ramifications of pervasive surveillance because there never has been such pervasive surveillance in human history. And humans are terrible at predicting how this is going to change things. Especially, with LLMs in the mix.Unless a very strict line is maintained for privacy across the board; the world that's coming will be many, many custom, tailor-made hells co-existing as tumors off of the back of state and corporate surveillance infrastructure.
> She shared her suspicion with another government employee, who reported it.
And what pray tell do you do if you don't have anyone to report it to inside the government? Reports like that can easily get blackholed.
Yeah, a friend of mine was tracked by a stalker ex boyfriend who worked at a Telco.
It was irritatingly difficult to avoid because it seemed he could look up her SIM card by name and then get her location no matter what (new SIM, new phone)
Anyone who reports this kind of thing to the police just sounds irrational and crazy and gets ignored.
Scammy telcos in poorer countries sell SS7 data for a small fee. It will give you all the location data you need.
Sounds like something worth reporting as it is an offence in Australia at least. The police would certainly investigate such an allegation and charges could be laid if there was sufficient evidence and a conviction was possible.
> The police would certainly investigate such an allegation and charges could be laid if there was sufficient evidence and a conviction was possible.
I'll let you know when I finish laughing.
This is 100% false. You can serve up all the evidence on a silver platter the the police will ignore it. I know, I've tried, specifically in a stalking case. They don't care.
Maybe where things are different where you live.
Things are very different in the US. Police do not exist to uphold the law or protect civilians from anything. There are specific rulings in our legal code that flatly state police are not obligated to protect anyone.
Police in the US exist mainly to suck up tax money and harass and murder civilians and escalate peaceful protests into riots to justify suppression and murder. They're merely an instrument of an increasingly authoritarian government.
Yeah, if you gave police here a complaint with all the evidence in the world, there is absolutely no obligation for them to investigate or take any action. And there's really no recourse.
Be glad you live in a functional society.
Maybe you're being Naive? Just because there are laws doesn't mean there going to be enforced. Especially with what's going on right now with governments becomming authoritarian.
You're referring to the police, who are also the ones abusing these surveillance systems to stalk their exes?
Or maybe federal law enforcement, who are also the ones abusing these surveillance systems to stalk their exes?
Ha. That's what everyone thinks before they've needed the police.
Yeah it was reported, but the telcos systems were such a load of slop there wasn’t any specific evidence recorded (logs etc), and besides nobody knew what to ask for, so it couldn’t be taken seriously.
I don’t remember the exact circumstances of how they got a confession years later, I think bragging, but he did get convicted and the Telco eventually fired him, which stopped the stalking.
What no log files of who's accessing records? That seems super sketch.
Bad actors will buy data from people and places where they don’t care.
https://www.lighthousereports.com/methodology/surveillance-s...
I’m spitballing here but it seemed like his job was a kind of ITS/technician job in the core infrastructure, and it seemed like he didn’t need to go through normal channels to get the information he wanted, ie he could just like pcap a tower with a filter or whatever in a routine kind of way that I guess didn’t create any specific logs. If there were any relevant logs they would have had to give them to the police. And I know that at a high level Telcos are heavily regulated, so there should have been logs.
Doesn’t surprise me at all. I signed up for an internet plan with a provider once, but they never let me login to pay the bills. After they started threatening me with collections and several phone calls layer it turned out they were billing someone in a completely different city. Complete shambles.
I have a comparable dispute with an old ISP from an old apartment. Their system had me as still receiving services there for many months after I cancelled and moved. Every year they send me a final warning saying it'll go to collections (the fact that it hasn't actually gone to collections more or less tells me I'm right, lol). Every year I'm grateful it's "just" an ISP and not the government because the government would've escalated the fine to a bajillion dollars and issued a bench warrant by now.
I've seen people getting fired in BigTech for using the platform to stalk their ex-es. It's usually an alert that goes off when employees access internal dashboards for a certain profile, too many times.
BigTech is far more competent than a Telco though.
Some systems, like lawful intercept, are designed to be hidden even from telco network management systems. The LI console that set up a wire tap might log activity at that particular console at that particular law-enforcement agency. But if you don't know where to look exactly, good luck.
This is why the Chinese picked lawful intercept as a hacking target for the salt typhoon exploit. It's almost impossible to know whether that exploit is continuing or when exactly it began.
Someone else was targeting it long before the Chinese.
Cops are too dumb to comprehend that. They would proclaim it impossible and order more donuts.
Most simple criminals get away with their crimes. Anyone with any level of sophistication does as well.
Assuming he had access to a database with (lat, long, SIM) data, if she got a new phone he could just use the known (lat, long pairs) from the old sim and lookup to get the new sim. Then bam, you can get all of the new lat longs.
It’s impossible to avoid unless you simultaneously move to a new house / apartment when you get your new phone, and never bring the new phone to any previous low-traffic location you brought the old phone to.
If the person was deep enough into the system to have access to location data, then they'd probably be able to just directly look up customer details (likely easier).
Absolutely not. I have access to geo-located network telemetry. CRM data is completely off limit to anyone on my team.
Are you in a small company where most people wear lots of hats, or in a big company that has siloed off groups? Am guessing it's more of the big company approach that silos things off?
Well maybe it wasn't such a well secured company and also this seems story from the past.
it's impossible for your precise location to be tracked by anybody... wow thats crazy
What does this mean?
I'm sorry but this sounds like bullshit. As someone who has access to such data at a telco:
- Very few people have legit business cases requiring access to enriched network telemetry, at least non aggregated.
- Of which, only a handful have any reason to see the MSISDN in clear.
- Of which, none can get access to clear CRM data.
- Lawful interception and emergency services use completely separate paths, exposed via user interfaces that aren't available to employees.
And obviously, a simple email to the data governance and privacy office would be taken extremely seriously.
Also why not simply switch to a different phone operator?
I'm glad to hear that your random telco's governance and influence has spread around the entire world to every other telco.
FYI: from the fact it's hard (not impossible) to see the data mentioned and it's possible (not guaranteed) that the caught offender would be punished is a VERY long way to "you lie".
Theirs was anecdata, yours is anecdata but you're additionally rude.
So what you’re saying is if you were secretly a psycho and wanted to stalk your ex-girlfriend, you work at a Telco and basically have access to the tools to do it?
So putting aside the fact you’re a reasonable person, anyone who works themselves up to a similar seniority and job description in a Telco as you, could in fact do exactly what the article is saying is an issue for the victims.
I'm sure every single telco in the world is perfectly in line with this
Even in pretty dysfunctional countries, or pro-business ones like the US, where nothing like the GDPR exists, telcos management have a strong interest in not letting just any rank and file employee spy on subscribers.
Most breaches are not in the interests of management, but they happen anyway as management wants to save money or doesn't understand how it could happen.
> And obviously, a simple email to the data governance and privacy office would be taken extremely seriously.
What is this based on? I used to work for a data governance and privacy vendor that supplied data for audits. Tons and tons of customers asked us to fudge their data.
This is after the Delve scandal, where the hottest tech compliance company was completely fraudulent and numerous other hot tech companies also had completely fraudulent audits.
This is not a reasonable assumption.
you are close to a system in a way that those guardrails are clear and present; the story is from the point of view of a victim, and it is possible that they were indeed a victim. Therefore the means of the stalking is not known at all via this story, but somehow, something did occur. It is not surprising on either side, and they do not necessarily contradict each other IMHO
> Gary Miller, one of the researchers who investigated these attacks, told TechCrunch that some clues point to an “Israeli-based commercial geo-intelligence provider with specialized telecom capabilities,” but did not name the surveillance provider. Several Israeli companies are known to offer similar services, such as Circles (later acquired by spyware maker NSO Group), Cognyte, and Rayzone.
This is just par for the course in Russia. Government has telcos track people, and that data ends up available on the black market for anyone to purchase, for a fairly modest fee. The government has been recently trying (with uncertain degree of success) to crack down on the latter, as this was frequently used by the opposition journalists and investigators to uncover the details of the government's own nefarious plots.
The data is cross-referenced with other telcos, other SIM cards, Wi-Fi hotspots (anonymous public hotspots are outlawed), street cams, and many other databases, so it's basically impossible to avoid being tracked.
Probably inevitable to become the norm everywhere in the world.
> Government has telcos track people
Yes
> and that data ends up available on the black market for anyone to purchase, for a fairly modest fee
Probably not. Those DBs are fake most ( all ? ) the time.
In my country 95% of people don't mind Meta tracking their location with WhatsApp, so I think the days of people caring about tracking are long gone!
I am the exception and believe in privacy, and I've not used a Meta app since I tested Facebook/WhatsApp back in 2010 and soon uninstalled them as I don't want a digital portfolio to be developed on me for advertisers. Same with Google, they can whistle for my personal information, but they won't get it!
I'm sure surveillance companies have an even easier time buying data from Meta/WhatsApp so that's even more worrying as people use different ISPs so 95% of people won't be traced by any one ISP, but Meta and Google have the location information of anyone gullible enough to use their services.
One of the first bits of infosec advice I give to my non-technical friends and family, when they ask for it, is to turn off background location access for all apps on their phones.
Needless to say, I know plenty of technical people who don't care about it.
> ... Israeli-based commercial geo-intelligence provider with specialized telecom capabilities ...
why are they good at these kind of things - security, hacks, surveillance, 0-days?
When your goal is to covertly subvert and take control of foreign nations, these sorts of skills tend to come in handy.
No clue why this is getting downvoted, this is literally the purpose.
They are a country surrounded by countries that either dislike them or want them wiped from the face of the earth. It only makes sense that they have a significant intelligence and spying industry.
The genocide they're undertaking does place that industry in a whole new light, of course.
They run a mass surveillance operation so they can target individual people with exploding pagers. It's just another aspect of the longstanding war between Israel and Iran (via Hezbollah etc).
I get a 404 when I try and view the CitizenLab report:
https://citizenlab.ca/research/uncovering-global-telecom-exp...
Everyone does it, they just got caught.
They do have the death penalty now in Israel. So it might get interesting for those bosses
The death penalty was intended for Palestinians, not Israeli bosses
sure, but when the tide switches to a far-left government they might use it against them.
I do believe the law was specifically carved out so it could only be used against Palestinian prisoners. And there is no far-left in Israel, at least no far-left party that could ever be in government.
You forgot one important detail there.
Why is the citizen lab report URL suddenly a 404?
I’m shocked, shocked I say!
Well, not that shocked.
Oh would you look at that: “Israeli-based commercial geo-intelligence provider with specialized telecom capabilities.”
Make no mistake, the people of Gaza and Lebanon are being used as guinea pigs for highly invasive surveillance technology that could easily be pointed at any of us if we step out of line.
And yes I said people of Gaza, not tellhullists as they’re referred to in Zion.
That Gaza, the world's largest open prison, is an experiment playground for Israeli surveillance and military tech is a popular theory online that is now finding space in mainstream media too:
1. Gaza: a testing ground for Israeli military technology - https://www.middleeasteye.net/opinion/gaza-testing-ground-is...
2. Gaza “laboratory” boosts profits of Israel’s war industry - https://electronicintifada.net/content/gaza-laboratory-boost...
3. Gaza Becomes Israel’s Testing Ground for Military Robots - https://archive.is/P6mAQ
Color me shocked
jesus christ!