Those who follow the evolution of Israeli legislation in the field of wiretapping must have noticed the amendments proposed for the new bills, scheduled to be submitted to the Knesset for final approval. In essence, these amendments propose the expansion of the media in which security services can monitor targets in the context of surveillance operations.
"The definition means that authorities will be able to monitor any mobile phone, smartphone, E-Mail message, text message, messages sent via instant messaging applications or through social media, for the purpose of locating or preventing the leakage of security information," the bill reads.
Israel is not alone. Several countries around the world have already established constitutional procedures to promote similar legislation that will allow their security services almost unlimited latitude in gathering digital intelligence. This trend gained momentum in recent years mainly due to the attacks in Europe, Asia, and the USA, which made authorities prioritize the citizens' personal security over their privacy.
Having predicted this trend, the Rayzone Group of Israel launched a new system called Vegas, unveiled at the recent ISS Conference. The Vegas system was designed to enable security services to intercept wireless communications from any wireless router.
The system implements two major changes that have recently taken place in the world of operational cyber intelligence: the aspiration of security services to be steer clear of their service providers and their need for comprehensive information regarding the target, emanating from all of the information services the individual uses. WikiLeaks has recently uncovered the existence of a similar tool, CherryBlossom, which has been in use by the CIA. The US intelligence service uses this system to gather intelligence covertly from wireless routers worldwide.
The Router Is the Center
The advantage of monitoring the router, as opposed to monitoring a single device, lies in the fact that security services can monitor every person connected to the router within a particular cell – whether it is a private residence or a public place such as a coffee shop, a restaurant, a hotel, or any other place connected to a wireless network. Due to its deployment capabilities, and combined with other monitoring systems, the Vegas system provides security services with a near-complete persistent area surveillance capability.
Installed on the wireless router, the Vegas system continuously monitors the data traffic of a wireless infrastructure. By monitoring the router, security services can also monitor landline computers, IoT devices and internal communications within the LAN – which does not even leave the boundaries of the house or café.
Since the system can monitor several networks in different parts of the world simultaneously, it provides security services with a strategic ability to monitor multiple "branches" or individuals affiliated with a criminal or terrorist organization at the same time – as opposed to the tactical ability of monitoring only one person or place at a time.
The Vegas system leaves no trace. It uses an extremely narrow bandwidth that will not raise suspicion if the client installs a network-monitoring tool. Furthermore, it can be installed on a variety of routers that utilize different operating systems. In addition to data interception, the Vegas system also enables user spotting over the wireless network, as well as monitoring the user's browsing history, social media activity, and E-Mail correspondence. Additionally, the system may be used to monitor the user's activity in the cloud.
The Vegas system's robust capabilities are made possible by social engineering methods used by security services on the users of a specific wireless network. The system enables authorities to assemble a profile of the target being monitored – a continuous profile that includes the targets' personal details, the services they use, their locations, the people with whom they were in contact and the information they had accessed – practically everything a security service needs to build a case.
In an era where terrorist and criminal organizations worldwide use "civilian" technologies such as encryption, restricted-access forums, private areas in social networks, encrypted messaging programs, etc., security services cannot conduct their intelligence-gathering operations effectively without the necessary technological tools, and the Vegas system by the Rayzone Group offers an effective and highly productive covert surveillance solution.