Report reveals which countries are using Circles Technologies’ invasive spyware
Canada’s The Citizen Lab detected the Israeli-founded and NSO linked company’s fingerprints in use by a wide range of rights-violating regimes
The firewall’s had the administration server configured with a website called tracksystem.info that we were able to attribute to Circles. That domain name was linked to Circles, in part by emails leaked by the company. At that stage, the researchers searched on Shodan and other specialized web crawlers to see if there were other Check Point firewalls in which tracksystem.info was included in the management server name. The search revealed 240 different IP addresses, some of which included data that was fed by the organizations or states that operate the firewall. The researchers ended up with a list of organizations that connected to Circles’ domain name, which led them to the conclusion that they use the company’s spyware system.The findings uncovered by The Citizen Lab reveal that among the countries that make use of the company’s platform are some with a dubious history when it comes to protecting human and civil rights. In Chile, for example, the researchers identified a Circles system used by the country’s premier law enforcement agency, the PDI, which in the past purchased surveillance systems from other companies like Hacking Team. Chile’s law enforcement agencies have a long history of human and civil rights violations and in the past were able to intercept calls and WhatsApp message exchanges of journalists and opposition leaders. It’s important to note that several western democratic countries such as Australia, Belgium, and Denmark have also made use of the system. Those countries apparently use it as part of counter-terrorism or grievous crime investigations and operate under court-sanctioned regulations. In Guatemala, the system was reportedly used by the DIGICI, Guatemala’s civilian intelligence agency. A local paper reported in 2018 that Israeli weapon dealers sold the agency a variety of spying systems, including those developed by NSO and Circles. According to the report, the agency used these systems to spy on journalists, businessmen and political rivals of the local regime. Mexico has a long history as one of NSO's most notable clients and in the past, it was reported many times that the government used the company’s systems to spy on journalists, human rights activists, and family members of drug cartel victims. The Citizen Lab researchers uncovered in the country a system developed by Circles that is in use by the Mexican navy. A report by human rights organization Front Line Defenders revealed in 2018 that Nigeria implemented a mass spying program against citizens via the country’s telecom infrastructure. According to The Citizen Lab, there are currently two Circles systems that are being used in Nigeria, one by the Nigerian Defence Intelligence Agency and another by an unknown source. Circles’ systems are also in wide use in Thailand, being used by the local army and by the narcotics department in the Thailand police. One of the army units using a Circle’s product, the Royal Thai Army Internal Security Operations Command, was accused in the past of torturing activists. In June of this year, the New York Times reported that at least nine Thai exiles, notable critics of the army and the Thai royal family, were kidnapped from the countries in which they were living. The UAE, which recently established full diplomatic ties with Israel, has been mentioned several times in the past as a client of NSO and reportedly used the company’s spying software to spy on the Qatar royal family, as well as a Saudi prince and the Prime Minister of Lebanon. Three Circles systems were identified in the country, including one being used by the country’s security council. Additional countries in which the system was used include Ecuador, El Salvador, Equatorial Guinea, Honduras, Indonesia, and Kenya. The system has also been active in Israel, but that may be the result of the fact the company’s development center is in the country rather than spying activity.
“The publication of this report is the first step on the road to making the company accountable for the use being made of the system,” said Marczak. “As soon as you know what the company does, people can ask more solid questions like, do certain deals need to be investigated or should the company receive an export license. This provides more information for the efforts being made so that this industry takes responsibility for the way their products are being used.“What is important in this report is that we provide the scientific method to a problem for which most of the available information comes from second-hand rumors. It is important to create accurate information, to be able to attribute the activity to certain companies and governments. This is very valuable information for social rights organizations, decision-makers, and other stakeholders. What I love the most about this job is that we receive very trustworthy and accurate results. This is a challenging industry to research. It is based on secrecy, and the ability to provide credible results is important in the efforts to bring transparency to the tracking industry.”
Aren’t you afraid that exposing this activity will bring the company more attention and help it recruit additional clients?“If we were only reporting on how effective their spying tool is then maybe it would increase their sales. But if you look at 2016, we exposed an unknown breach that NSO was exploiting and that disrupted the company’s activity. Perhaps there was also an effect of increasing the NSO’s profile, but they could have also done that without us. The disruption caused to the company by our exposure had a positive effect. “When the founders of NSO bought back the control of their company, there was a report on Bloomberg that its valuation dropped due to the reports of the unlawful use of the company’s products. There is evidence that our work at The Citizen Lab has an effect and informs people of what these systems are being used for and caused them to push the company to take steps that rectify some of them.” Circles said in response: “NSO and Circles are separate companies within the same corporate family, both of which lead their industries in a commitment to ethical business and adhere to strict laws and regulations in every market in which they operate. As we have previously stated, Circles is involved in search and rescue and tactical geolocation technology. “We cannot comment on a report we have not seen. Given Citizen Lab’s track record, we imagine this will once again be based on inaccurate assumptions and without a full command of the facts. As ever, we find ourselves being asked to comment on an unpublished report from an organization with a predetermined agenda."