As confirmed by Citizen Lab investigators, a firm called “Circles” - which is affiliated with the NSO Group - has been actively exploiting weaknesses in the global mobile communications system to track devices around the globe and to snoop on SMS and calls. Like NSO, Circles claims that its products are made available only to nation-states, but recent leaks prove that this is not the entire truth.
The researchers who attempted to figure out where Circles is deployed confirm that its products are found in at least 25 countries.
More specifically, the governments of the following countries are using Circles device tracking software: Australia, Belgium, Botswana, Chile, Denmark, Ecuador, El Salvador, Estonia, Equatorial Guinea, Guatemala, Honduras, Indonesia, Israel, Kenya, Malaysia, Mexico, Morocco, Nigeria, Peru, Serbia, Thailand, the United Arab Emirates (UAE), Vietnam, Zambia, and Zimbabwe.
The flaws exploited by Circles are the well-documented SS7 vulnerabilities that remain largely unsolved. These attacks have been possible for years now. In February 2019, it became clear that they are no longer the exclusivity of sophisticated intelligence agencies or those willing to pay a lot of money.
In March 2020, Saudi spies were confirmed to be using SS7 flaws to spy on their citizens in the United States and other foreign countries. In October 2020, possibly nation-sponsored hackers managed to take over email and IM accounts by working their way through SS7 vulnerabilities.
Circles is merely monetizing these flaws by standardizing and streamlining the exploit process. It’s a company that makes money through abusing the SS7 system, acting in a gray area that is purposefully left uncontrolled by the potent entities in a position to exploit the situation.
Citizen Lab offers some insight into the surveillance operations in each of the identified countries, but this goes beyond this outline’s scope. If you’re interested in particular regions, you may read the full report.
The general takeaway is that most of the countries using Circles software are doing it to suppress their people further, bash activists and human rights advocates, and track those that maintain a stance that’s not in line with the local regime’s policies. In a word, the deployment is purely “authoritarian.”
By searching on specialized engines like Shodan, Censys, and Fofa, the researchers also found several systems that appear in IP ranges registered to Circles, but whose identities or location cannot be confirmed with certainty. Thus, having deployments in more countries than the ones mentioned above is very probable, if not absolutely certain.