Researchers at the University of Toronto's Citizen Lab have mapped the customers of Circles, a surveillance company that exploits weaknesses in the global mobile phone interconnection systems, to spy on people without hacking their devices.
By network fingerprinting firewalls made by security vendor Check Point and used by Circles, Citizen Lab researchers were able to identify 252 internet protocol addresses in 50 autonomous systems (ASNs) around the world.
A total of 25 governments were identified in the 50 ASNs, among these Australia, Citizen Lab said.
Citizen Lab was not able to identify the operator of the single system it found in Australia, but noted it is hosted on Optus and TPG networks that the Maxmind geolocating service places in Canberra.
Circles is affiliated with controversial spyware vendor NSO Group that develops the Pegasus malware, thought to be used in the grisly murder of United States journalist Jamal Khashoggi by a Saudi-Arabian government hit squad.
Many of the governments identified by Citizen Lab as potential Circles customers have a long history of harsh suppression of dissidents and journalists, human rights abuses and covert surveillance.
Chile's national police agency, the Carabineros, for example illegally intercepted phone and WhatsApp calls and Telegram messages of journalists.
Some Carabinero officials were prosecuted for planting false evidence on the leaders of the indigenuous Mapuche movement.
Mexico, Morocco, and Thailand were also singled out for torture, murders, disappearances and other abuses by government agencies and security forces.
Unlike NSO Group that tries to plant its spyware on targets' phones, Circles is said to exploit weaknesses and the lack of authentication in ..