Citizen Lab report exposes commercial surveillance firms abusing SS7, Diameter, and SIMjacking via Israeli telecom infrastructure to track targets across 10+ countries.
Key Takeaways
Two separate tracking campaigns logged 500+ location attempts (2022-2025) across Thailand, South Africa, Norway, Bangladesh, Malaysia, and others using SS7 via 019Mobile and Partner Communications infrastructure.
Swiss firm Fink Telecom Services enabled “ghost operator” access, letting surveillance companies impersonate carriers on legacy SS7 networks; 15,700+ SIMjacking attempts tracked since late 2022.
Diameter, the 4G/5G-era replacement for SS7, is now also being exploited, meaning the newer protocol designed to fix SS7 abuse is already compromised in tandem with the old system.
SIMjacking delivers a hidden SMS commanding the SIM card to silently transmit device location, leaving no visible trace on the target phone.
Cognyte (Verint spinoff) is flagged as a suspect; internal files show parent Verint sold SkyLock, an SS7 tracking tool, to the DRC government, with operator ties in Thailand, Malaysia, and Indonesia.
Hacker News Comment Review
The primary HN thread quickly redirected from the Haaretz article (paywalled) to the underlying Citizen Lab report, which is the substantive primary source.
Notable Comments
@chatmasta: flagged the Haaretz piece as paywalled blogspam and linked directly to the Citizen Lab source report.
