๐Bloomberg TechnologyโขFreshcollected in 61m
Circles Spy Tools Sold to Repressive Regimes
๐กCritical look at the ethical implications and security risks of AI-powered surveillance tools in the wrong hands.
โก 30-Second TL;DR
What Changed
Circles provided mobile tracking technology to repressive regimes.
Why It Matters
This highlights the ethical risks associated with dual-use AI surveillance technologies and may trigger stricter export controls on security software.
What To Do Next
Review your organization's security protocols regarding mobile device communication and potential exposure to SS7 or similar network vulnerabilities.
Who should care:Enterprise & Security Teams
๐ง Deep Insight
Web-grounded analysis with 10 cited sources.
๐ Enhanced Key Takeaways
- โขCircles is a corporate affiliate of Israel's NSO Group, having been acquired by U.S. private equity firm Francisco Partners in 2014 and subsequently merged with NSO Group.
- โขThe company's surveillance technology operates by exploiting vulnerabilities in Signalling System No. 7 (SS7), a core protocol of the global mobile phone system, to intercept communications and track devices.
- โขThe Citizen Lab identified Circles' technology deployed in at least 25 countries worldwide, encompassing both democratic nations and those with documented histories of human rights abuses.
- โขUnlike NSO Group's Pegasus spyware, Circles' SS7 exploitation method does not leave an obvious digital signature on the target's mobile phone, making it harder to detect.
- โขCircles offers its customers two deployment options: a system that integrates directly with local telecommunications infrastructure or a 'Circles Cloud' service that connects with telcos globally.
๐ ๏ธ Technical Deep Dive
- Exploitation Method: Circles' primary method involves exploiting weaknesses in Signalling System No. 7 (SS7), a protocol suite used for routing phone calls and exchanging information between telecommunications companies.
- SS7 Vulnerability: The SS7 protocol lacks robust authentication, allowing attackers to send fraudulent commands to a target's home network, falsely indicating that the subscriber is roaming.
- Capabilities:
- Location Tracking: Enables tracking of a target's mobile device location, even when they are traveling internationally.
- Call Interception: Allows for the interception and eavesdropping on voice calls.
- SMS Interception: Facilitates the interception of SMS text messages, including those used for two-factor authentication.
- Deployment Options:
- Customers can acquire a system for direct connection to their local telecommunications companies' infrastructure.
- Alternatively, a 'Circles Cloud' system is available, designed to interconnect with telecommunications companies worldwide.
- Detection: The SS7 mechanism used by Circles does not leave an obvious signature on the target's phone. However, researchers like Citizen Lab have identified Circles deployments through internet scanning for unique signatures associated with Check Point firewalls used in their infrastructure.
- Network Susceptibility: The U.S. Department of Homeland Security has indicated that all U.S. wireless networks are vulnerable to SS7 weaknesses, with a majority of global networks facing similar risks. SS7 is predominantly used in 2G and 3G networks.
๐ฎ Future ImplicationsAI analysis grounded in cited sources
Telecommunications companies will face increased pressure to secure legacy SS7 infrastructure.
The ongoing revelations about SS7 exploitation by companies like Circles highlight critical, long-standing vulnerabilities that could compel regulatory bodies and telcos to invest more heavily in detection and mitigation measures.
There will be enhanced scrutiny and potential regulation of the global surveillance technology market.
Continued reports from human rights organizations and researchers regarding the misuse of surveillance tools by repressive regimes are likely to intensify calls for stricter international export controls and greater accountability for vendors.
Surveillance firms may develop more sophisticated and harder-to-detect methods as SS7 vulnerabilities become more widely known.
As public awareness and potential mitigation efforts against SS7 exploitation increase, surveillance companies are likely to innovate and pivot to new, less detectable exploits to maintain their operational capabilities.
โณ Timeline
2008
Circles reportedly founded.
2014
Circles acquired by Francisco Partners for $130 million and merged with NSO Group.
2015
Circles' 3G interception and global mobile geolocation services are noted in intelligence reports.
2020-12
The Citizen Lab publishes 'Running in Circles,' a report detailing Circles' SS7 exploitation and identifying deployments in 25 countries.
2026-06-18
Human Rights Watch reviews documents showing Bulgaria granted licenses to Circles for surveillance technology exports to countries with human rights abuse records.
๐ Sources (10)
Factual claims are grounded in the sources below. Forward-looking analysis is AI-generated interpretation.
๐ฐ
Weekly AI Recap
Read this week's curated digest of top AI events โ
๐Related Updates
Same topic
Explore #security
Same product
More on circles-surveillance-tech
Same source
Latest from Bloomberg Technology
๐
Anthropic Ban Forces Investor Rethink of Political Risk
Bloomberg TechnologyโขJun 18
๐
Mainland Investors Drive 570% Rally in Kingboard Laminates
Bloomberg TechnologyโขJun 18
๐
Korea Rejects Antitrust Settlements for Delivery Apps
Bloomberg TechnologyโขJun 18
Hutong Research on PBOC Policy and Yuan Outlook
Bloomberg TechnologyโขJun 18
AI-curated news aggregator. All content rights belong to original publishers.
Original source: Bloomberg Technology โ