The Israeli private intelligence firm Rayzone Group used a cellphone carrier in the UK’s Channel Islands to gain access to the global telecommunications network, enabling it to track the location of any cellphone user across the globe.
Sure Guernsey, a wireless services provider in the Channel Islands, leased an access point in the telecommunication network to Rayzone in 2018, according to invoices seen by the Guardian and the Bureau of Investigative Journalism, an independent journalism outfit.
The access point gave the Israeli firm access to a network used to track roaming charges, but which could also be exploited to track the locations of phones across the globe.
Rayzone markets a service on its website known as “GeoMatrix,” which claims to provide the real-time location of any cellular user worldwide.
The Tel Aviv-based company claims its geolocation tools are only provided to governmental authorities.
Industry and security experts told the Guardian that intelligence firms will often use small mobile operators, based on tiny islands in offshore jurisdictions as ways to exploit the telecoms network, especially regarding the islands of Guernsey and Jersey as potentially soft routes into UK phone networks.
Rayzone declined to divulge the purpose of its access via the Sure Guerney network. It told the Guardian doing so “entails regulatory and trade secret issues and a risk to our customers’ ongoing operations against terror and severe crime.”
The mobile operator, Sure Guernsey responded to the Guardian by saying “Sure does not lease access to global titles directly or knowingly to organizations for the purposes of locating and tracking individuals or for intercepting communications content,” adding that any abuse of their infrastructure would lead them to immediately terminate the service.
Rayzone Group is far from the first Israeli intelligence firm to be scrutinized over its use of spyware to track cellphone users.
Most notably, Herzliya-based NSO group is being sued by Facebook over its alleged hacking of Whatsapp on behalf of clients. It has been accused of selling its Pegasus 3 hacking software to regimes that use the technology to track opponents, including in Mexico and the Persian Gulf.
The software allows the operator access to a device within several hours, simply by supplying the program with the phone number of the device one wants to hack, with no action required by the targeted user.