Rayzone offers a suite of tools for interception, data extraction, and location tracking. One of its products, Geomatrix, is a surveillance software that enables real-time geolocation of mobile devices. It can track phones across 2G, 3G, and 4G networks by using phone numbers or IMSI (International Mobile Subscriber Identity) numbers. The platform also supports the creation of geofences, virtual boundaries that trigger alerts when a device enters or exits specified areas. This capability allows for precise monitoring and tracking of individuals.

Another tool offered by Rayzone, called Echo, is marketed by the company as a “Platform for Location Investigations.” It’s designed to locate an individual, or a group of people, on a geographical basis, pinpointing a target’s position and movement path with an accuracy of up to one meter, while also extracting additional information from applications installed on the target’s device.

Israeli police purchased Echo without approval in 2023. It is not clear, for example, whether and how the court will monitor that the use of the tool does not exceed the powers of the police, that it is used only when there is reasonable suspicion, and that it does not disproportionately infringe fundamental rights, such as privacy, dignity and due process.

As mentioned, Rayzone sells IMSI catchers (also known as Stingrays or Cell-site simulators), devices that masquerade as legitimate cell-phone towers, tricking phones within a certain radius into connecting to the device rather than a tower. 

Rayzone appears to have had access to the global telecommunications network via the mobile operator Sure Guernsey in the Channel Islands in the first half of 2018, potentially enabling it’s clients at that time to track the locations of mobile phones across the world.

Such access points, known in the telecoms industry as “global titles”, provide a route into a decades-old global messaging system known as SS7, which allows mobile operators to connect users around the world. It is not uncommon for mobile companies to lease out such access. Doing so potentially allows third parties to exploit signalling messages – commands that are sent through a telecoms operator across the global network, unbeknownst to a mobile phone user. Such commands allow operators and others with access to the network to (besides other things) locate mobile phones and monitor locations for the purpose surveillance or even intercept communications.

The company did not respond to questions about whether it had directly or indirectly leased a Sure Guernsey title in the first half of 2018, saying the query “entails regulatory and trade secret issues and a risk to our customers’ ongoing operations against terror and severe crime”.

According to invoices seen by the Bureau of Investigative Journalism, Rayzone rented this access point in January 2018 for a three-month period, via a subsidiary in the British Virgin Islands, at a cost of $13,000 per month, connecting it to the Latifa operation, on March 3 of that year, which falls within this period and where the surveillance technology was allegedly deployed.

Markéta Gregorová, the European Parliament’s chief negotiator on trade legislation for surveillance technology, called for “immediate regulatory, financial and diplomatic costs on companies and rogue jurisdictions” that enabled these practices.

Data from 2020 seen by the Bureau suggests that in 2018 to 2020 Rayzone Group has been significantly active in the worldwide phone surveillance market.A sample of data, believed to cover only a part of Rayzone’s operations, shows that between August 2019 and April 2020 the company enabled the targeting of more than 60 countries, with thousands of signals being sent into more than 130 different networks.

Spain – where the Guardian and El País revealed in July 2020 that a top Catalan politician was targeted in a “possible case of domestic political espionage” – was high on the list of countries monitored. The data shows thousands of message units requesting phone information from multiple major mobile networks.Large numbers of signals were also sent into Serbia, the Netherlands, Bulgaria, Denmark, Portugal, Cyprus and Bosnia-Herzegovina. Moreover, the Bureau’s investigation has confirmed that Rayzone Group has also leased access – directly or indirectly – to global titles in Iceland, Sweden and Switzerland. The data shows some level of activity in almost every country in Europe, as well as hinting at the extent of companies like Rayzone’s reach elsewhere in the world: networks were more heavily targeted in Israel, Hong Kong, Thailand, Guatemala, the Dominican Republic and the USA, with smaller scale intrusions into – among others – Morocco, Sudan, Libya, Palestine, Syria and Iran**.**

“The revelations of the sheer scale and global dimension of these attacks are a wake-up call,” Markéta Gregorová, the European surveillance rapporteur, said in response to the Bureau’s findings. “The delicate balance between lawful governmental surveillance and the sanctity of fundamental rights has been turned on its head.”

Presented with a detailed list of the Bureau’s findings, Rayzone declined to comment.