Friday, February 7, 2025

DIS links to Israel spying circle exposed

Botswana is among 25 countries in the world that have deployed controversial Israeli invasive surveillance technology that can snoop on calls, texts, and the location of phones anywhere in the world in just seconds with only a telephone number.

The technology that exploits flaws in telecoms systems and access telephone calls, text messages and location services was supplied by the Israeli business Circles, claimed Citizen Lab, a University of Toronto organization that has long tracked the activities of surveillance companies. Circles is a sister company of NSO Group, an iPhone and Android spyware developer that is currently being sued by Facebook over attacks on the WhatsApp accounts of 1,400 users and has been criticized for selling to nations who went on to spy on activists, journalists and other citizens.

In its report titled: “Running in Circles: Uncovering the Clients of Cyberespionage firm circles” Citizen Lab detailed how the Directorate of Intelligence and Security Services (DIS) domain was used to identify two snooping systems linked to Circles platforms. This was undertaken through cryptographic TLS certificates signed under “CN=sid.org.bw” which is a domain name linked to the country’s state security and defense department.

The targets for this surveillance seemed to have been opposition politicians, media houses, journalists, and their sources in cases involving corruption by politicians.

The DIS has been specifically identified among a handful of Circles customers that have a history of leveraging digital technology for human rights abuses.

“We identified two Circles systems in Botswana: an unnamed system and a system named Bentley Bullevard that appears to be operated by Botswana’s Directorate of Intelligence and Security Service (DISS), as TLS certificates used on the Check Point firewalls were signed by a self-signed TLS certificate for “CN=sid.org.bw” which is a domain name used by the Directorate of Intelligence and Security,” the researchers at the University of Toronto said adding that “The DISS is sometimes referred to as the “Directorate of Intelligence and Security” (DIS).”

The report revealed that Botswana was among Circles clients identified to have two-word nicknames, where the first word is a car brand that almost always shares the same first letter as the country or state of the apparent customer. For example, Circles firewalls whose IPs geolocate to Botswana are named Bentley.

The use of car brands to refer to clients was first reported by Haaretz, though the report indicated that this was an NSO Group practice, as opposed to Circles. Haaretz also named Botswana among countries that have been importing invasive surveillance technology from Israel.

It emerged from the Citizen Lab report that the system deployed by the DIS which has been codenamed Bentley Bullevard has been active from June 2015 to now while the other system which is unnamed was active in June 2015 and September 2020.

The DIS has been identified among Circles customers that have a history of leveraging digital technology for human rights abuses.

On alleged surveillance abuses in Botswana, the researchers found that: “There are multiple recent reports of the abuse of surveillance equipment in Botswana to suppress reporting and public awareness of governmental corruption.”

According to the report, in 2014, it was reported that the DISS participated in using surveillance and jamming technology developed by Elbit Systems to conduct “electronic warfare” against the media. In addition, the DISS has reportedly engaged in attempts to compromise the privacy of relationships between sources and reporters, the researchers found.

According to leaked documents, Circles customers can purchase a system that they connect to their local telecommunications companies’ infrastructure, or can use a separate system called the “Circles Cloud,” which interconnects with telecommunications companies around the world. 

Independent investigations have revealed that the DIS three years ago colluded with the publicly listed Botswana Telecommunications Corporations (BTC) to set up a PRISM-esque system which would enable the spy outfit to monitor all telecommunications communication and internet traffic with or without a warrant.

Concerns within BTC were raised during the installation of the massive DIS data collection project that is estimated to have cost over three hundred and fifty million pula (P350 000 000.00).

The project which involved various companies providing specialised services each working individually and separately under the guidance of DIS and BTC ran into difficulties when service providers failed to meet the IT specifications demanded by the project sponsors (DIS and BTC.)

Information obtained by the Sunday Standard reveals that the DIS instructed the service providers to use specific locally authorised software agents for eastern European IT providers.

In at least one instance the DIS designated local software agent was not authorised by the software designer and copyright owner to install the software and modify it for compatibility with local systems. The failure of the single software component cost an estimated twenty million Pula (P20 000 000. 00) which BTC refused to pay due to its reporting obligations as a publicly listed company.

Records obtained by the Sunday Standard reveal a series of concerns raised by BTC to the DIS over the lack of compliance with procedure and PPADB legislations.

The BTC/ DIS project sought to establish a central data capture base for all internet traffic in Botswana. The installation of both the hardware and software at BTC was authorised as a communication hub for “inter government information sharing.” The project was however expanded at the instruction of the DIS to copy the more robust US “PRISM” data capture programme.

According to the Citizen Lab report, the technique used by the Circles snooping tech is known as Signaling System 7 (SS7) exploitation, a powerful yet difficult-to-detect tool in government spy arsenals. It’s named after the portion of the telecoms network that deals with cross-border functionality and billing. When a cellular phone user travels to another country, the SS7 network is used to move their phone over to a partner telecoms provider and adjust billing accordingly. But should a surveillance vendor have access to SS7 networks, either via hacking or acquiring it, they can send commands to a subscriber’s “home network” falsely indicating the subscriber is roaming. That will, in turn, reveal their location, though only the coordinates of the cell tower closest to the phone. It may also be possible to intercept calls and texts through SS7 exploitation.

Citizen Lab said it tracked down Circles customers by looking for a unique “fingerprint” on servers across the globe that helped them identify where the spy tool was deployed. That fingerprint was built on numerous data points, most significantly a web domain that was linked to Circles business, according to the full technical report.

Circles was an independent intelligence agency vendor up until 2014, when it was acquired by private equity company Francisco Partners for $130 million and merged into a larger surveillance company. That umbrella organization also included NSO Group.

RELATED STORIES

Read this week's paper