A research conducted by The Citizen Lab , of the Universty of Toronto,has revealed that Kenya is among at least 25 other nations who bought equipment and other tools to spy on its citizens.

According to the report titled Running in Circles: Uncovering the Clients of Cyber-espionage Firm, Circles, Circles, a cyberespionage firm located in Israel, has been helping state intelligence exploit weaknesses in the global mobile phone system to snoop on calls, texts, and the location of phones around the globe. The research also found that Circles is affiliated with NSO Group, an Israeli hacker-for-hire company which developed the Pegasus spyware.

Circles, whose products work without hacking the phone itself, allege that they sell only to nation-states. Circles customers can reportedly purchase a system that they connect to their local telecommunications companies’ infrastructure, or can use a separate system called the “Circles Cloud,” which interconnects with telecommunications companies around the world.

Apart from Kenya, other Circles verified customers include :Australia, Belgium, Botswana, Chile, Denmark, Ecuador, El Salvador, Estonia, Equatorial Guinea, Guatemala, Honduras, Indonesia, Israel, Malaysia, Mexico, Morocco, Nigeria, Peru, Serbia, Thailand, the United Arab Emirates (UAE), Vietnam, Zambia, and Zimbabwe.

Image courtesy of Citizen Lab

We identified a single system in Kenya. Though MaxMind geolocates the IP addresses to Mauritius, a traceroute indicates that the IP addresses are in Kenya. The name “Kali” appears inconsistent with other client naming schemes, as we are not aware of any automotive brand named “Kali”,” Says the report.

Accoding to Citizen lab, som governments who are Circles customers are synonymous with leveraging digital technology for human rights abuses. The lab also says that NSO’s cellphone-hacking software, Pegasus, has been linked to political surveillance in Mexico, Saudi Arabia, and the United Arab Emirates.

In June 2020, an investigation by Amnesty International alleged that Moroccan journalist Omar Radi was targeted using the Israeli spyware Pegasus. The rights group claimed that the journalist was targeted three times and spied after his device was infected with an NSO tool. Meanwhile, Amnesty also claimed that the attack came after the NSO group updated their policy in September 2019.

In October 2019, instant messaging company WhatsApp and its parent company Facebook sued NSO under the US Computer Fraud and Abuse Act (CFAA), accusing it of helping government spies break into the phones of about 1,400 of their users across four continents.

NSO denied the allegations, saying it only “provides technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime”.

Targets of the alleged hacking included diplomats, political dissidents, journalists and senior government officials.