Yeah, a friend of mine was tracked by a stalker ex boyfriend who worked at a Telco.
It was irritatingly difficult to avoid because it seemed he could look up her SIM card by name and then get her location no matter what (new SIM, new phone)
Anyone who reports this kind of thing to the police just sounds irrational and crazy and gets ignored.
Sounds like something worth reporting as it is an offence in Australia at least. The police would certainly investigate such an allegation and charges could be laid if there was sufficient evidence and a conviction was possible.
> The police would certainly investigate such an allegation and charges could be laid if there was sufficient evidence and a conviction was possible.
I'll let you know when I finish laughing.
This is 100% false. You can serve up all the evidence on a silver platter the the police will ignore it. I know, I've tried, specifically in a stalking case. They don't care.
Yeah it was reported, but the telcos systems were such a load of slop there wasn’t any specific evidence recorded (logs etc), and besides nobody knew what to ask for, so it couldn’t be taken seriously.
I don’t remember the exact circumstances of how they got a confession years later, I think bragging, but he did get convicted and the Telco eventually fired him, which stopped the stalking.
Doesn’t surprise me at all. I signed up for an internet plan with a provider once, but they never let me login to pay the bills. After they started threatening me with collections and several phone calls layer it turned out they were billing someone in a completely different city. Complete shambles.
I’m spitballing here but it seemed like his job was a kind of ITS/technician job in the core infrastructure, and it seemed like he didn’t need to go through normal channels to get the information he wanted, ie he could just like pcap a tower with a filter or whatever in a routine kind of way that I guess didn’t create any specific logs. If there were any relevant logs they would have had to give them to the police. And I know that at a high level Telcos are heavily regulated, so there should have been logs.
I've seen people getting fired in BigTech for using the platform to stalk their ex-es. It's usually an alert that goes off when employees access internal dashboards for a certain profile, too many times.
Some systems, like lawful intercept, are designed to be hidden even from telco network management systems. The LI console that set up a wire tap might log activity at that particular console at that particular law-enforcement agency. But if you don't know where to look exactly, good luck.
This is why the Chinese picked lawful intercept as a hacking target for the salt typhoon exploit. It's almost impossible to know whether that exploit is continuing or when exactly it began.
Assuming he had access to a database with (lat, long, SIM) data, if she got a new phone he could just use the known (lat, long pairs) from the old sim and lookup to get the new sim. Then bam, you can get all of the new lat longs.
It’s impossible to avoid unless you simultaneously move to a new house / apartment when you get your new phone, and never bring the new phone to any previous low-traffic location you brought the old phone to.
If the person was deep enough into the system to have access to location data, then they'd probably be able to just directly look up customer details (likely easier).
So what you’re saying is if you were secretly a psycho and wanted to stalk your ex-girlfriend, you work at a Telco and basically have access to the tools to do it?
So putting aside the fact you’re a reasonable person, anyone who works themselves up to a similar seniority and job description in a Telco as you, could in fact do exactly what the article is saying is an issue for the victims.
Even in pretty dysfunctional countries, or pro-business ones like the US, where nothing like the GDPR exists, telcos management have a strong interest in not letting just any rank and file employee spy on subscribers.
Most breaches are not in the interests of management, but they happen anyway as management wants to save money or doesn't understand how it could happen.
> And obviously, a simple email to the data governance and privacy office would be taken extremely seriously.
What is this based on? I used to work for a data governance and privacy vendor that supplied data for audits. Tons and tons of customers asked us to fudge their data.
This is after the Delve scandal, where the hottest tech compliance company was completely fraudulent and numerous other hot tech companies also had completely fraudulent audits.
you are close to a system in a way that those guardrails are clear and present; the story is from the point of view of a victim, and it is possible that they were indeed a victim. Therefore the means of the stalking is not known at all via this story, but somehow, something did occur. It is not surprising on either side, and they do not necessarily contradict each other IMHO
> Gary Miller, one of the researchers who investigated these attacks, told TechCrunch that some clues point to an “Israeli-based commercial geo-intelligence provider with specialized telecom capabilities,” but did not name the surveillance provider. Several Israeli companies are known to offer similar services, such as Circles (later acquired by spyware maker NSO Group), Cognyte, and Rayzone.
This is just par for the course in Russia. Government has telcos track people, and that data ends up available on the black market for anyone to purchase, for a fairly modest fee. The government has been recently trying (with uncertain degree of success) to crack down on the latter, as this was frequently used by the opposition journalists and investigators to uncover the details of the government's own nefarious plots.
The data is cross-referenced with other telcos, other SIM cards, Wi-Fi hotspots (anonymous public hotspots are outlawed), street cams, and many other databases, so it's basically impossible to avoid being tracked.
Probably inevitable to become the norm everywhere in the world.
In my country 95% of people don't mind Meta tracking their location with WhatsApp, so I think the days of people caring about tracking are long gone!
I am the exception and believe in privacy, and I've not used a Meta app since I tested Facebook/WhatsApp back in 2010 and soon uninstalled them as I don't want a digital portfolio to be developed on me for advertisers. Same with Google, they can whistle for my personal information, but they won't get it!
I'm sure surveillance companies have an even easier time buying data from Meta/WhatsApp so that's even more worrying as people use different ISPs so 95% of people won't be traced by any one ISP, but Meta and Google have the location information of anyone gullible enough to use their services.
One of the first bits of infosec advice I give to my non-technical friends and family, when they ask for it, is to turn off background location access for all apps on their phones.
Needless to say, I know plenty of technical people who don't care about it.
They run a mass surveillance operation so they can target individual people with exploding pagers. It's just another aspect of the longstanding war between Israel and Iran (via Hezbollah etc).
They are a country surrounded by countries that either dislike them or want them wiped from the face of the earth. It only makes sense that they have a significant intelligence and spying industry.
The genocide they're undertaking does place that industry in a whole new light, of course.
Oh would you look at that: “Israeli-based commercial geo-intelligence provider with specialized telecom capabilities.”
Make no mistake, the people of Gaza and Lebanon are being used as guinea pigs for highly invasive surveillance technology that could easily be pointed at any of us if we step out of line.
And yes I said people of Gaza, not tellhullists as they’re referred to in Zion.
It was irritatingly difficult to avoid because it seemed he could look up her SIM card by name and then get her location no matter what (new SIM, new phone)
Anyone who reports this kind of thing to the police just sounds irrational and crazy and gets ignored.
I'll let you know when I finish laughing.
This is 100% false. You can serve up all the evidence on a silver platter the the police will ignore it. I know, I've tried, specifically in a stalking case. They don't care.
I don’t remember the exact circumstances of how they got a confession years later, I think bragging, but he did get convicted and the Telco eventually fired him, which stopped the stalking.
This is why the Chinese picked lawful intercept as a hacking target for the salt typhoon exploit. It's almost impossible to know whether that exploit is continuing or when exactly it began.
Most simple criminals get away with their crimes. Anyone with any level of sophistication does as well.
It’s impossible to avoid unless you simultaneously move to a new house / apartment when you get your new phone, and never bring the new phone to any previous low-traffic location you brought the old phone to.
- Very few people have legit business cases requiring access to enriched network telemetry, at least non aggregated.
- Of which, only a handful have any reason to see the MSISDN in clear.
- Of which, none can get access to clear CRM data.
- Lawful interception and emergency services use completely separate paths, exposed via user interfaces that aren't available to employees.
And obviously, a simple email to the data governance and privacy office would be taken extremely seriously.
Also why not simply switch to a different phone operator?
So putting aside the fact you’re a reasonable person, anyone who works themselves up to a similar seniority and job description in a Telco as you, could in fact do exactly what the article is saying is an issue for the victims.
What is this based on? I used to work for a data governance and privacy vendor that supplied data for audits. Tons and tons of customers asked us to fudge their data.
This is after the Delve scandal, where the hottest tech compliance company was completely fraudulent and numerous other hot tech companies also had completely fraudulent audits.
This is not a reasonable assumption.
The data is cross-referenced with other telcos, other SIM cards, Wi-Fi hotspots (anonymous public hotspots are outlawed), street cams, and many other databases, so it's basically impossible to avoid being tracked.
Probably inevitable to become the norm everywhere in the world.
Yes
> and that data ends up available on the black market for anyone to purchase, for a fairly modest fee
Probably not. Those DBs are fake most ( all ? ) the time.
I am the exception and believe in privacy, and I've not used a Meta app since I tested Facebook/WhatsApp back in 2010 and soon uninstalled them as I don't want a digital portfolio to be developed on me for advertisers. Same with Google, they can whistle for my personal information, but they won't get it!
I'm sure surveillance companies have an even easier time buying data from Meta/WhatsApp so that's even more worrying as people use different ISPs so 95% of people won't be traced by any one ISP, but Meta and Google have the location information of anyone gullible enough to use their services.
Needless to say, I know plenty of technical people who don't care about it.
why are they good at these kind of things - security, hacks, surveillance, 0-days?
The genocide they're undertaking does place that industry in a whole new light, of course.
https://citizenlab.ca/research/uncovering-global-telecom-exp...
Make no mistake, the people of Gaza and Lebanon are being used as guinea pigs for highly invasive surveillance technology that could easily be pointed at any of us if we step out of line.
And yes I said people of Gaza, not tellhullists as they’re referred to in Zion.