unlimited access to cell phone information

The Federal Police’s Last Mile operation, which investigates the participation of professionals from the Brazilian Intelligence Agency (Abin) in the use of First Mile monitoring and surveillance software, brought to the public the debate about the use of cyber weapons by the Brazilian government.

Increasingly commonplace, cyber weapons such as First Milethe solution used by Abin, and Pegasus, a technology that has also been investigated by Brazilian government bodies, can, respectively, discover the location of cell phones in real time and capture the most diverse information.

The development of cyber weapons is sometimes justified as a response to the emergence of malicious software [malwares] for criminal purposes. But in practice they are sophisticated intelligence weapons, which weigh on negotiations and diplomatic relations in the same way as state-of-the-art fighter planes or advanced ballistic missile systems.

Israeli technology companies currently dominate the market and sell their products only to governments and not companies or individuals. Negotiations only take place with the approval of the Israeli government. Permissions are granted to countries interested in using the weapons to fight organized crime and terrorism.

“Defense and intelligence forces need to stay ahead of crime. They need to have tools to be able to do their work effectively”, says Wanderson Castilho, an expert in digital crimes.

The innovation and advances in the services offered by these companies are surprising. As reported by the Israeli newspaper Haaretzthe company responsible for First MileThe Insanetcreated by former senior defense officials in the country, developed a technology capable of making simple advertisements install devices for user surveillance, without it being necessary to click on these advertisements or perform any other actions.

How does the First Mile

Each technology has a specific function. Castilho highlights that, for example, there are differences between invasive software and those that collect momentary data, for example, without being installed on devices. This is the case of First Mile.

The software cannot capture user information, but it can track the GPS positioning of cell phones in real time and generate alerts about the routine movement of targets of interest.

To do so, devices need to be connected to 2G, 3G and 4G networks. The operators of the First Mile They just need to enter the phone number they want to locate in the program. The technology was also developed by the Israeli company Cognyte Technologies Israelformerly known as Verint Systems Ltd – Israel.

In the letter sent to the Attorney General’s Office (PGR) in March this year requesting investigations into the use of technology, the Data Privacya Brazilian association that researches cybersecurity and personal data protection, indicates that the First Mile
It operates through a protocol used by telephone exchanges around the world.

The ‘Signalling System No. 7’ or signaling system No. 7 (SS7) allows the exchange of signaling information used for forwarding messages and calls to the right phone, redirecting calls and operating in roaming.

Through a message called ‘any time interrogation‘, SS7 finds the ID of the cell in which a mobile number is located at any given time. This ID allows you to know the latitude and longitude of the device through commercially available geolocation databases.

This specific message was created to be used internally by the operator, but there are no barriers or blocks of this information when the order comes from operators in another country, for example.

In this way, SS7, which was to be used both between two operators and within each of them, ends up also being used to track programs such as First Milewhich can act from anywhere in the world.

Castilho states that this type of location is already widely used by security forces to combat crime. “Cellphones need to constantly send their location to cell phone towers. So, in an investigation, for example, the police can request a court order for operators, who hold the devices’ geospatial data, to provide this information. This has been done for years, but the First Mile takes it to another level, as it does not require the collaboration of operators”.

The issue is that in several documented cases, countries purchase these cyber artifacts to combat organized crime but also use them politically, to monitor rivals, violating local legislation.

So far, the PF investigation has led to the arrest of two Abin employees, by order of the Minister of the Federal Supreme Court, Alexandre de Moraes, and the dismissal of five directors. 25 search and seizure warrants were also carried out to investigate whether there was illegal monitoring of cell phones between December 2018 and 2021.

According to investigations, the geospatial movements of more than 30,000 phones would have been analyzed using Israeli software. Of these, around 1,800 locations would be related to devices belonging to politicians, journalists and opponents of the government of former president Jair Bolsonaro, according to the investigation determined by Alexandre de Moraes. Abin is collaborating with the investigations, but details of the process have not been made public.

Pegasus: full access, control and information collection

Another cyber weapon used for monitoring is Pegasus, from the Israeli group NSO. Classified as spy software, it allows full access to its targets’ cell phones and turns them into surveillance devices.

Pegasus was created by Israeli entrepreneurs who had a small technology company that created a way to control cell phones remotely. The service was offered to information technology companies to resolve cell phone problems without the customer having to go to a store. But the company was approached by intelligence agencies and its owners realized that they would have a cyber weapon if they developed a way to achieve this remote access without the device owner’s permission.

The first versions of the program were installed through vulnerabilities in applications or through phishingwhen a link or document that secretly installs software is clicked by the user.

As of 2019, however, the solution was updated and the program began to be installed on smartphones based on missed calls on WhatsApp, even if the record is deleted. Another way of installation is to simply send a message to the user’s phone – which happens without producing any notifications.

In other words, its installation does not require the user to perform any action, making it impossible to use strategies or programs to prevent devices from being infected. The technology, created by a team of former Israeli intelligence agents, was dubbed “zero click”. The program is compatible with Android, Blackberry, iOS and Symbian devices.

Even with technological advances, software has limitations. Castilho, who has already participated in training at the NSO factory in Israel, says that there is a certain amount of effectiveness in using Pegasus. “For every ten infection attempts, four are successful,” he explains. “It depends on the device, the settings and even the programs and applications that are installed”, he adds.

More comprehensive than the First MilePegasus collects a wide range of information and can read text from emails, monitor app usage, track location data, access and activate a device’s microphone and camera at any time, record conversations, view photos and saved files.

Once a mobile device is infected by Pegasus, it saves login credentials via a keylogger [um programa que detecta tudo o que é digitado em um computador ou celular] not detected. It then sends the personal information to NSO’s cloud servers.

Because of the way the software works, there is virtually no way to defend against it. Because of this, the Israeli government ended up including the new weapon in diplomatic negotiations, conditioning the sale of Pegasus to countries in exchange for international support. The cyber artifact was offered, for example, to Saudi Arabia and the United Arab Emirates, as well as other weapons, in exchange for diplomatic relations, according to a report in the magazine New York Times.

According to the website of Avast, a software and antivirus company, Amnesty International has developed a program, the Cell Phone Toolkit [MVT na sigla em inglês]which claims to remove spy software including Pegasus.

In 2021, a non-governmental organization (NGO) investigation Forbidden Stories [histórias proibidas] showed that more than 50,000 phones around the world had been infected with Pegasus. In addition to actions against terrorism and crime, it was also discovered that politicians, journalists and activists are on the list.

The use for civilian investigations heated international sentiments against Pegasus and the NSO Group, which was listed as unsuitable for government contracts in countries such as the United States, United Kingdom and Norway. But the decision, at least in the United States, is not definitive. This is because an eventual exit of Israeli companies from the market could open up space for technology from Washington’s rivals, such as China and Russia.

“This equipment is essential for the defense system, which needs to stay ahead of criminals. To ensure that they are used in accordance with the law, all of them are auditable, that is, their use can be tracked”, explains Castilho.

Car wash: spying via Telegram

Technologies like Pegasus and the First Mile represent an unprecedented advance in cell phone hacking and spying techniques. But there are less technological and quite ingenious ways to spy on other people’s cell phones. The episode that occurred with the PGR and authorities of the Lava Jato operation is a good example.

As clarified at the time the hacking was discovered, the entire process was carried out through the Telegram messaging application. According to the police, the hackers used VOIP technology (voice over IP services), which makes calls via computers, conventional telephones or cell phones from anywhere in the world.

Hackers used VOIP from the company BRVOZ, which has a service called “caller ID”. Through this solution, users can make phone calls simulating any number as the origin of the calls.

Using the number of users they wanted to spy on, the hackers would have requested that the access code to activate Telegram Web (which allows the application to be used on the computer) be sent via a telephone call.

Then, the attackers would have made several calls to the targets’ number, in order to keep the line busy. In this way, the call containing the Telegram Web activation code was directed to the victim’s voicemail.

Thus, hackers simply had to call the target’s voicemail, with the simulated use of their own telephone line, to listen to the message sent and retrieve the code that allows access to Telegram on the computer.

With this code, the hackers were able to enable Telegram Web with the victim’s number and view all the messages she exchanged through the application.

Price and use restricted by governments

At the time of the Lava Jato hacking episode, software such as Pegasus was already available on the market, as the technology was launched in 2011. Its use, however, has a very high value, which restricts its access.

According to the American newspaper The New York Timesa license to use the program, in 2016, cost around US$650 thousand [R$ 3,2 milhões, na cotação atual] plus a $500,000 setup fee [R$ 2,5 milhões] to install Pegasus on ten phones.

Furthermore, the manufacturing companies claim that both Pegasus and First Mile They are only made available to governments for defense purposes, limiting access to these applications.

Currently, a quick internet search shows that VOIP plans can be purchased for up to R$25 for a telephone number. According to the investigation into the hacking of authorities’ cell phones in Lava Jato, around a thousand numbers were hacked, an estimated total value of R$250,000, that is, much lower than cyber technologies.