Israeli telecommunications infrastructure was used to track citizens in more than 10 countries over the past three years, according to a report published by the digital research group Citizen Lab and reviewed by Haaretz.
The findings, detailed in a May 2026 investigation, expose two separate tracking operations that exploited legacy and modern mobile network protocols to locate devices without user consent. One operation used Israeli carriers 019Mobile and Partner Communications, while another was linked to Swiss firm Fink Telecom Services. The tracking methods included abuse of the SS7 signaling protocol, exploitation of the Diameter protocol used in 4G and 5G networks, and a SIM-card technique known as SIMjacking.
Technical Background: Signaling Protocols and Exploitation
The SS7 protocol, a global standard defined by the International Telecommunication Union, was originally designed for call routing, text messaging, and international roaming. According to the book “Telecom 101 CTA Study Guide,” SS7 defines the protocols by which network elements exchange information for call setup, routing and control [1].
However, the protocol lacks authentication measures, allowing malicious actors to send location queries that can pinpoint a mobile device. A 2017 report by NaturalNews.com described how SS7 vulnerabilities had already been exploited to intercept two-step verification codes and steal money from bank accounts [2].
Newer signaling systems, such as the Diameter protocol used in 4G and 5G networks, were designed to mitigate security risks but have proven susceptible to similar exploitation. Citizen Lab documented that both old and new signaling systems are being used in tandem to locate targets. Additionally, a technique called SIMjacking sends hidden SMS commands to SIM cards, forcing them to transmit location data without the user’s knowledge or any visible trace on the phone.
First Operation: Use of Israeli Telecoms
Citizen Lab researchers logged more than 500 location-tracking attempts between November 2022 and 2025 across Thailand, South Africa, Norway, Bangladesh, Malaysia and several other African countries. The investigation began with a single subscriber in the Middle East who was tracked methodically over four hours. According to Haaretz, the tracking requests appeared to pass through 019Mobile’s registered addresses and Partner Communications’ infrastructure, with another route going through Exelera Telecom, an Israeli cloud and communications company [3].
Internal files obtained by Haaretz connect Cognyte, an Israeli-American company, to the operation. Cognyte’s parent company, Verint, sold a product called SkyLock – an SS7-based tracking tool – to a government client in the Democratic Republic of Congo.
The files also show commercial ties with operators in Thailand, Malaysia, Indonesia, Vietnam and Congo, some of the same countries where the tracking campaign was later identified [3]. 019Mobile’s head of security, Gil Nagar, denied involvement, stating the company is a virtual operator with no roaming agreements. Citizen Lab suggested the identity may have been forged.
Second Operation: Fink Telecom Services and SIMjacking
A second operation is attributed to Fink Telecom Services, a Swiss company exposed by Haaretz and Lighthouse Reports in 2023 for supplying SS7-based tracking capabilities to surveillance firms, including Rayzone. Haaretz reported at the time that Fink allowed companies to impersonate cellular carriers and connect to legacy mobile networks to track users worldwide [3]. Citizen Lab identified more than 15,700 tracking attempts since late 2022 using SIMjacking, a technique Fink did not employ in 2023.
Researchers noted that newer mobile infrastructure, meant to prevent abuse, is being exploited in a similar way as older systems. Both the old SS7 and newer Diameter protocols are used in tandem to locate targets. Fink did not respond to requests for comment. The Swiss firm’s activities represent a more sophisticated evolution of surveillance methods, adapting as telecom infrastructure evolves.
Reactions and Regulatory Response
019Mobile’s head of security denied involvement, stating the company has no roaming agreements. Partner Communications said it has no connection to the case. Exelera Telecom and Verint/Cognyte did not respond to requests for comment.
British regulators banned the practice last week, calling it the largest source of malicious traffic to mobile networks, according to Haaretz [3]. The ban aims to crack down on tracking spyware after more than a decade of investigative reporting on the abuse of SS7 and related protocols.
The regulatory response underscores the growing awareness of vulnerabilities in global telecom infrastructure. Citizen Lab’s findings show that commercial firms selling surveillance technologies to governments continue to exploit both legacy and modern systems, raising questions about privacy and the effectiveness of security upgrades.
References
- Telecom 101 CTA Study Guide and High-Quality Reference Book Covering All Major Telecommunications Topics in Plain English – Coll Eric. (Excerpt on SS7 protocol definition.)
- Horrifying new bank hack intercepts two-step verification codes sent to your phone is your money safe in any ban – NaturalNews.com, May 14, 2017.
- Ghost Operators: How Israeli telecoms were exploited to track citizens worldwide – Haaretz, Omer Benjakob, May 3, 2026.
- Telecom 101 CTA Study Guide – Coll Eric. (Fundamentals of telecommunications and the telephone network.)
- Invisible Threat: How wireless tech is poisoning humanity – NaturalNews.com, February 4, 2026. (Background on EMF exposure and health risks, not directly used for tracking claims but referenced as contextual source.)
- Mike Adams interview with Nick Pinault – August 1, 2024. (Mentions big tech reliance on telecoms and suppression of information about harm; used to support context on industry power.)
Explainer Infographic
Read full article here