Hackers Reveal El Salvador Bought Comms Spy Equipment from President’s Friend

Salvadoran online newspaper El Faro has published details of the previously unknown 2020 purchase of communications surveillance systems. A contract worth USD2.2mn was agreed between the National Civil Police of El Salvador (Policía Nacional Civil) and Eyetech, a business whose CEO, Yaniv Zangilevitch (pictured right), is a friend of President Nayib Bukele (pictured left, at Zangilevitch’s wedding). Like other suppliers of advanced communications surveillance equipment, Zangilevitch is closely connected to Israel’s security forces.

Zangilevitch is an Israeli citizen based in Mexico. According to his resume, posted on Linkedin, he was a “special operations officer” in the Israel Armed Forces from 1991-1997. He later worked as a “counterterrorism specialist” for the office of Israel’s then Prime Minister Benjamin Netanyahu (1997-2009) and other prime ministers. And since 2011 he is the owner and CEO of Eyetech Solutions company.

The leaked contract included USD480,000 to buy a “GEOLOC” system that would report the location of mobile phones. It does not appear that “GEOLOC” is a brand name, and other paperwork refers to this system being from a company called UT-X, which is now known as Cognyte. In 2021, Cognyte was spun-off from Verint, a well-known manufacturer of IMSI-catchers. Cognyte continues to hold several patents for methods to identify and locate radio communication devices. El Faro’s report is vague about what specific equipment was delivered because there appears to have been a dispute over whether Eyetech had the rights to distribute it in El Salvador, and this confusion may have been exacerbated by the restructuring and rebranding of the aforementioned companies that occurred around that time. Nevertheless, the purpose of the equipment was clear.

Another USD793,000 was allocated in the contract to obtain “Guardian”, which is likely to be a reference to the Guardian radio spectrum monitoring product of Israeli business Wave Guard Technologies. However, the description of Guardian given in the paperwork says it is used for “final mile identification and location”. This description would be a better fit for Wave Guard’s Tracer geolocation product. El Faro uses “Guardian” and “Tracer” interchangeably in their article, leaving it uncertain as to which of the Wave Guard products was purchased.

The remaining USD680,000 of the contract’s total value was spent on a service called “Tangles” from Cobwebs Technologies. Cobwebs is a New York-headquartered business that says it provides national security agencies with web intelligence solutions that identify threats ‘with just one click’. The apparent purpose of Tangles is to monitor social media and determine the real identity of social media users.

On February 1, 2021, Eyetech shared with the Police a manual for “virtual agents” that includes an illustration of the “Tangles” program console, which contains a search engine similar to Google’s. The tool shows different social network profiles associated with a person, locations where a user stayed connected, and information extracted from different open sources on the Internet.

The information about the Eyetech contract was obtained by El Faro via a whistleblower’s site called DDoSecrets and a hacker collective called Guacamaya.

…the Eyetech Solutions contract file, which was provided by DDoSecrets, an organization that received the documents from a hacker group calling itself Guacamaya. El Faro verified the documents and traced information from the manufacturing companies in the public registries of companies and trademarks in Mexico and Israel with the help of the Latin American Center for Journalistic Investigation.

Journalists working for El Faro are understandably wary of state surveillance after it was revealed that the NSO Group’s Pegasus spyware had been used to monitor phones belonging to 22 members of staff. They observe that El Salvador does not have legal and regulatory prohibitions that would potentially limit the abuse of surveillance equipment.

El Faro’s story is imperfect; there are gaps and inconsistencies in some of the descriptions of the systems obtained by El Salvador’s police. But these may well reflect the inconsistencies that will creep into a procurement process where little scrutiny is applied to intermediaries who supply foreign tools and services that are meant to be used in secret. The overall intent is clear: El Salvador has increased its capacity for communications surveillance but has not been so quick to implement checks and restrictions on how these new capabilities will be used in practice.

The full story from El Faro can be found here (in Spanish).

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.