Hungarian domestic intelligence, the national police in El Salvador, and several U.S. law enforcement and police departments have been attributed to the use of an advertising-based global geolocation surveillance system called Webloc.
The tool was developed by Israeli company Cobwebs Technologies and is now sold by its successor Penlink after the two firms merged in July 2023, according to a report published by the Citizen Lab. Penlink, founded in 1986, is a provider of “mission-critical communications and digital evidence collection and analysis software” to law enforcement agencies in the U.S. and across the world.
U.S. customers of the Webloc include Immigration and Customs Enforcement (ICE), the U.S. military, Texas Department of Public Safety, DHS West Virginia, NYC district attorneys, and various police departments in Los Angeles, Dallas, Baltimore, Tucson, Durham, and in smaller cities and counties like the City of Elk Grove and Pinal County.
“Webloc is sold as an add-on product to the social media and web intelligence system Tangles,” Citizen Lab researchers Wolfie Christl, Astrid Perry, Luis Fernando Garcia, Siena Anstis, and Ron Deibert said. “Webloc provides access to a constantly updated stream of records from up to 500 million mobile devices across the globe that contain device identifiers, location coordinates, and profile data harvested from mobile apps and digital advertising.”
The ad-based surveillance system, in a nutshell, makes use of data purchased from mobile apps and digital advertising to analyze the behaviours and movements of hundreds of millions of people. It was officially announced by Cobwebs Technologies in October 2020, describing it as a “cutting-edge location intelligence platform that gathers and analyzes web data fused with geospatial data points, using interactive layered maps to connect the digital world with physical data.”
Customers of the tool can use it to monitor the location, movements, and personal characteristics of entire populations up to three years in the past. According to information available on Penlink’s website, Webloc can be used for “investigating and interpreting location-based data to support your cases.” Webloc also has the capability to infer location from IP addresses and identify the persons behind the devices by gathering their home addresses and workplaces.
Interestingly, Cobwebs Technologies was among the seven cyber mercenaries that were deplatformed by Meta in December 2021 for operating about 200 accounts to conduct reconnaissance on targets and even engage in social engineering to join closed communities and forums and trick people into revealing personal information.
The social media giant revealed at the time that it had identified Cobwebs Technologies customers in Bangladesh, Hong Kong, the United States, New Zealand, Mexico, Saudi Arabia, and Poland. “In addition to targeting related to law enforcement activities, we also observed frequent targeting of activists, opposition politicians, and government officials in Hong Kong and Mexico,” Meta noted.
Reports from 404 Media, Forbes, and Texas Observer have revealed that Webloc can be used to track phones without a warrant, with one procurement notice highlighting the tool’s “ability to automate and continuously monitor unique mobile advertising IDs, geolocated IP addresses, and connected devices analysis.”
An analysis of corporate records and other public information has revealed that Cobwebs Technologies shares links to Israeli spyware vendor Quadream through Omri Timianker, the founder and former president of Cobwebs Technologies, who now oversees Penlink’s international operations. The company is suspected to have shuttered its operations in 2023.
As many as 219 active servers associated with Cobwebs product deployments have been identified, most of which are located in the U.S. (126), Netherlands (32), Singapore (17), Germany (8), Hong Kong (8), and the U.K. (7). Potential product servers have also been detected in various countries across Africa, Asia, and Europe.
Responding to the report, Penlink said the findings “appear to rely on either inaccurate information or a misunderstanding about how we operate, including practices that Penlink does not engage in following our acquisition of Cobwebs Technologies in 2023.” It also said it complies with U.S. state privacy laws.
“Our research shows that intrusive and legally questionable ad-based surveillance (i.e., without a warrant or adequate oversight) is being used by military, intelligence, and law enforcement agencies down to local police units in several countries across the globe,” the Citizen Lab said.
About The Author
Original post here
