Saudi Arabian citizens who travel around the United States are being tracked by their government as they appear to be exploiting weaknesses in the global mobile telecoms network, according to a whistleblower who has shown the Guardian millions of alleged secret tracking requests.
According to experts, the data revealed by the whistleblower, who is seeking to expose vulnerabilities in a global messaging system called SS7, appears to suggest a systematic spying campaign by the kingdom.
The data suggests that millions of secret tracking requests emanated from Saudi Arabia over a four-month period beginning in November 2019.
The tracking requests, which sought to establish the US location of Saudi–registered phones, appeared to originate from Saudi’s three biggest mobile phone companies, namely, Saudi Telecom, Mobily and Zain.
The whistleblower said they were unable to find any legitimate reason for the high volume of the requests for location information. “There is no other explanation, no other technical reason to do this. Saudi Arabia is weaponising mobile technologies,” the whistle-blower claimed.
The data leaked by the whistleblower was also seen by telecommunications and security experts, who confirmed they too believed it was indicative of a surveillance campaign by Saudi Arabia.
The data shows requests for mobile phone location data that were routed through the decades-old SS7 global messaging system, which allows mobile operators to connect users around the world. For example, a mobile user from the US travelling in Germany and seeking to make a call back to the US is connected through the SS7 network.
The SS7 system also enables tracking of phones, which has been a cause for concern by security experts. When a US carrier – such as Verizon, T-Mobile or AT&T – receives what is known as a Provide Subscriber Information SS7 message (or PSI) from a foreign mobile phone operator, they are getting, in effect, a tracking request.
Such requests are legitimately used to help foreign operators register roaming charges. But excessive use of such messages is known in the mobile telecoms industry to be indicative of location tracking.
Experts expressed alarm at the tracking request data because of the apparently persistent high frequency of the requests that appeared to be emanating from Saudi operators seeking to locate their subscribers once they entered the US.
It is not known whether the Saudi mobile operators that were requesting large amounts of location tracking data about their subscribers were knowingly complicit in any government–run surveillance programme.
However, it has already been widely reported that the Saudi government uses cyber weapons to hack dissidents and critics of the kingdom’s crown prince, Mohammed bin Salman. In January the Guardian revealed that the Amazon billionaire Jeff Bezos’s mobile phone was “hacked” in 2018 after receiving a WhatsApp message that had apparently been sent from the personal account of Prince Mohammed.
The data appears to suggest the Saudi mobile phones were being tracked as they travelled through the US as often as two to 13 times per hour. Expert said that frequency suggests users could probably have been tracked on a map to within hundreds of metres of accuracy in a city.
The data seen by the Guardian did not identify the individual Saudi mobile users who were being tracked.
The Saudi embassies in Washington and London did not respond to multiple requests for comment. Neither did Saudi Telecom, Zain or Mobily. (Source: The Guardian)