Israeli telecom infrastructure was used to track citizens in more than ten countries over the past three years, according to a report published recently by the digital research group Citizen Lab.

The findings, reviewed by Haaretz in recent weeks, expose how efforts to upgrade phone network infrastructures built in the 1970s for the smartphone era still leave even the most advanced devices exposed to surveillance.

The report describes two separate tracking operations, each likely run by a commercial firm selling surveillance technologies to governments around the world. One was also found to have exploited Israeli geolocation technology to track targets, using networks belonging to 019Mobile and Partner Communications, although both Israeli companies denied any involvement.

A second, more sophisticated operation is linked to a Swiss firm at the center of a 2023 Haaretz investigation for supplying Israeli surveillance companies, including Rayzone, which develops and sells cyber intelligence technologies to government agencies around the world.

The investigation found that the Swiss telecom company allowed companies like Rayzone to impersonate cellular carriers and connect to legacy mobile networks in order to track users worldwide, exploiting an older telecom signaling protocol called SS7 for surveillance purposes. SS7 was originally designed to route calls and text messages, enable international roaming, and connect different mobile operators.

Close

British regulators banned the practice last week in an effort to crack down on tracking spyware, after more than a decade of investigative reporting on its abuse, calling the practice the largest source of malicious traffic to mobile networks.

Moreover, Citizen Lab's findings show that newer signalling systems – introduced to strengthen security measures – are being similarly exploited by spyware firms, despite being designed to mitigate security risks and prevent surveillance.

One example is Diameter, a mobile network system that handles 4G international roaming and most 5G networks, designed to streamline cellular connectivity to the internet, which was now shown to be susceptible to tracking spyware.

In the first operation uncovered by Citizen Lab, researchers logged more than 500 location-tracking attempts between November 2022 and 2025 across Thailand, South Africa, Norway, Bangladesh, Malaysia and several other African countries. The investigation began with a single subscriber: a Middle East businessman tracked methodically over four hours in an episode that opened the door to the broader pattern researchers later mapped: a company querying the international phone system on behalf of clients to follow targets.

An Israeli carrier, 019Mobile, was used in the operation. According to information obtained by Haaretz, dozens of separate tracking attempts appear to have passed through 019's servers - requests that did not look like legitimate communications but like surveillance. Every mobile network has a unique address – similar to a website address – that other telecom companies use to route calls and data traffic. Citizen Lab found that addresses registered to 019 were used to send location-tracking requests through Partner Communications, whose infrastructure 019 relies on. Another route passed through Exelera Telecom, an Israeli company that provides cloud and communications services, including an international undersea fiber-optic cable. Exelera did not respond to Haaretz's request for comment.

019Mobile's head of security, Gil Nagar, denied any involvement, writing that the company is a virtual operator, selling service over another carrier's network without running its own, and has no roaming agreements with foreign carriers. He said messages sent in its name would have been "rejected" in any case. Citizen Lab says whoever is behind the operation may have forged 019's identity to gain access.

Although the Canadian researchers do not publicize the vendors behind the operations, they do flag several potential suspects - among them Cognyte, an Israeli-American company that provides similar services to government clients.

Haaretz Podcast How a Haaretz investigation into stolen Ukrainian wheat triggered a diplomatic crisis play Haaretz Podcast How a Haaretz investigation into stolen Ukrainian wheat triggered a diplomatic crisis Volume: 0.5 X1 total -- : -- time 0:00 fast forward 15 play rewind 15

Internal files obtained by Haaretz show that Cognyte's parent company, Verint, sold a product called SkyLock - an SS7-based tracking tool - to a government client in the Democratic Republic of Congo.

SkyLock uses the old roaming system to locate devices anywhere in the world. The files also show the company's commercial ties with operators in Thailand, Malaysia, Indonesia, Vietnam and Congo - some of the same countries where the first tracking campaign was later identified. One of those operators, AIS Thailand, also appears as a source of traffic in that campaign.

Another operation is attributed to Fink Telecom Services – a Swiss company exposed by Haaretz and Lighthouse Reports in 2023 for supplying SS7-based tracking capabilities to surveillance firms, allowing them to ping the mobile network as if they were mobile providers.

Researchers say that newer mobile infrastructure, meant to prevent exactly this kind of abuse, is being exploited in a very similar way as the older system it was supposed to render obsolete. In fact, it shows how both the old and new signaling systems are being used in tandem to try to find people.

One method includes deploying a technique that exploits vulnerabilities in SIM cards, showing how the firms and ghost operators are adapting their surveillance methods as telecom infrastructure evolves. The target phone receives a hidden text message containing a secret command that prompts the SIM card to transmit the device's location – without the user's knowledge and without leaving any visible trace on the phone.

Citizen Lab identified more than 15,700 such tracking attempts since late 2022. When Haaretz and Lighthouse Reports exposed Fink's activity in 2023, it did not yet employ this technique, known as SIMjacking.

Fink, Exelera Telecom, and Verint/Cognyte did not respond. Partner told Haaretz that the company "has no connection to the current case and any attempt to link its name to it is mistaken."