After assisting internet heavyweights such as Google, WhatsApp, Twitter, LinkedIn, and Telegram with their one-time password (OTP) services, Swiss company Mitto AG has suddenly found itself in the midst of a worldwide eavesdropping enterprise. According to a report by the London-based nonprofit The Bureau of Investigative Journalism (TBIJ), Ilja Gorelik, the company’s co-founder and chief operating officer, provided services to surveillance companies, including “selling access to Mitto’s networks in order to secretly locate people via their mobile phones.”
Employees and whistleblowers at Mitto disclosed that the company’s own networks were also being exploited for spying purposes. In its report, Mitto stated that the surveillance businesses involved in his business with Mitto were contracted to work with government agencies, but it could not identify whose agency they were working with.
Mitto AG, a private corporation based in Zug, Switzerland, has relationships with more than 100 telecommunications carriers throughout the world and has its headquarters in Zug. SS7 protocol, according to the TBIJ investigation, was used by a Swiss corporation to identify persons and perhaps intercept messages via mobile phone networks. Telecom networks all over the world make use of the SS7 infrastructure in order to connect with one another as calls and text messages are routed from one network to another.
According to the study, at least one event occurred in which an official of the United States State Department was targeted with a flurry of signals utilising Mitto’s network to determine the position of the device. When the information received from Mitto AG’s network is combined with other sophisticated surveillance technologies now available on the market, it has the potential to make device interception significantly easier.
This has caused consternation within the corporation, which has distanced itself from the covert monitoring operation managed by its co-founder. “The allegations made against Ilja Gorelik and our firm have taken us completely by surprise. So that there is no confusion, Mitto does not run or manage a distinct business, division, or organisation that allows surveillance businesses access to telecom infrastructure in order to discreetly locate individuals using their mobile phones or to engage in other criminal activities.
Mitto also does not condone, support, or enable the exploitation of telecom networks with which the company partners in order to deliver service to its global customers. Mitto also does not condone, support, or enable the exploitation of telecom networks with which the company partners to deliver service to its global customers “Mitto AG made announcement in a statement.
SMS-based services are used by technology businesses such as Google, Twitter, WhatsApp, LinkedIn, and Telegram to verify user identities, retrieve passwords, and conduct security assessments. Hosting infrastructure for a large worldwide user base is a costly operation for technology businesses, and aggregators such as Mitto AG provide a solution at a far cheaper cost than they would otherwise.