Anatoly Hurgin, CEO and co-founder of Israeli firm Ability Inc, has given an interview to Forbes magazine where he claims his business can spy on the location, calls and texts of any GSM phone. According to Hurgin, all he needs is the telephone number or IMSI, and he can then spy on the phone no matter where it is located in the world. Ability says it will charge customers between USD5mn and USD20mn, depending on the number of targets to be monitored, for use of their Unlimited Interception System (ULIN) (logo photographed above). ULIN has not been sold to many customers yet, but spying is a booming business, and if this technology works it is only a matter of time before the revenues will start flowing. You can read the full article here, and I recommend you do!
Hurgin’s methods exploit weaknesses in SS7 security that have previously been explained by white hat hackers like Karsten Nohl. However, this is the first time I have heard of a business offering a spying service like this without needing the explicit involvement of a supporting telco. Perhaps Ability has a deal with a partner telco that currently remains in the shadows. However, that makes me wonder at the wisdom of any telco CEO who instigates a surveillance arms race with every other telco in the world. Or maybe Ability has made the investment to hack SS7 so ULIN can work without needing the assistance of a genuine telco. That would be a scary precedent, though hopefully it would only encourage telcos to speed their investment in SS7 firewalls. In the Forbes interview Hurgin dismissed the suggestion that SS7 firewalls would kill his business model before it gets any traction; he believes telcos will be too slow and too reluctant to invest in SS7 firewalls. Based on my own experience of telcos, he may be right.