Advertisement
X

Middle Eastern Telecom Networks Targeted in Cyber Campaign to Track US Personnel During War: FT

Gulf officials and US sources believe actors linked to Iran exploited SS7 mobile network protocols and commercial advertising databases to locate US personnel, although officials said more evidence is needed to directly link the surveillance to specific attacks.

War In West Asia | Photo: AP; Representative Image
Summary
  • Middle Eastern telecom networks were hit by repeated cyber attacks during the Iran war, the Financial Times reported.

  • The reported surveillance has renewed concerns in Washington over vulnerabilities in smartphone roaming systems and location data.

  • US lawmakers have pushed for tighter safeguards to prevent foreign adversaries from tracking government and military personnel.

Middle Eastern mobile phone networks came under repeated cyber attacks aimed at tracking the locations of US military personnel and contractors during the Iran war, according to telecom data reviewed by the Financial Times and people familiar with the matter.

The suspected surveillance campaign began in the lead-up to the US-Israeli offensive on Iran in late February and continued during the early stages of the conflict, when Tehran launched retaliatory missile and drone strikes against US forces and military installations across the Gulf. The revelations have raised concerns among US lawmakers that vulnerabilities in international mobile roaming systems and smartphone advertising technology may have exposed American personnel to hostile surveillance.

According to data shared with the Financial Times by the Mobile Surveillance Monitor research project, telecom operators across the region blocked a surge of requests known as SS7 pings. These requests are designed to determine the approximate location of mobile phones connected to foreign networks. Two cybersecurity experts who reviewed the data told the newspaper the pattern pointed to what appeared to be a coordinated campaign targeting specific devices.

One person familiar with the matter told the Financial Times that Gulf officials suspected Iran or allied groups had exploited international roaming agreements with regional telecom operators to locate US personnel. Separately, an anonymous US official said actors linked to Iran were also believed to have used commercially available advertising databases to track mobile phones in Iraq's Kurdistan region.

Iran absolutely has capabilities to get real-time, immediate, and continuous location information,” said Gary Miller, a senior research fellow at Citizen Lab. “It would surprise me very much if Iran were not using SS7, or mobile network access in the region, to track US users.”

During the conflict, Iranian and Iran-backed forces struck several locations in Iraq, Bahrain and elsewhere in the Gulf, including sites where US personnel and contractors were present. While experts cautioned that more evidence would be needed to directly link the cyber activity to specific attacks, US Central Command told Congress in April that it had received multiple threat reports about adversaries exploiting commercial location data to monitor or target American personnel.

Advertisement

Democratic Senator Ron Wyden, who has repeatedly warned about such vulnerabilities, told the Financial Times this could mark the first known instance of US adversaries using commercial location data to target American personnel during wartime.

“For years I’ve warned both Democratic and Republican administrations about the national security threat posed by foreign adversaries tracking the phones of US personnel,” Wyden said.

US Central Command said it had implemented "unprecedented force-protection measures" to safeguard its personnel but declined to disclose details. A US official added that claims suggesting digital tracking played a significant role in attacks were "a departure from the facts."

The Financial Times reported that at least some of the blocked SS7 requests could be traced to an Iranian mobile operator, according to Miller, who said the activity appeared to involve highly targeted attempts to locate specific devices. The Iranian embassy in London did not immediately respond to the newspaper's request for comment.

Advertisement

The report also said suspected surveillance extended beyond telecom networks. One person familiar with the matter told the Financial Times that Iran was believed to have used commercial advertising technology in Iraq's Kurdistan region to identify hotels housing US government staff and contractors. Advertising identifiers assigned to smartphones can be used to determine the location of individual devices or groups of users, a practice that has long been recognised within intelligence circles.

Republican Congressman Pat Harrigan said he had not been briefed on specific cases involving Iran but described the threat as serious. He is proposing legislation to prevent technology companies from selling location data linked to US government employees.

“The capability and the threat . . . exists,” Harrigan told the Financial Times. “If it continues to be exploited, and it’s exploited properly, it could be catastrophic.”

A 2024 review by the US Department of Defense's Office of the Inspector General found that the military had yet to fully address security vulnerabilities in smartphones issued to personnel. Michael Stokes, a former CIA official and vice-president at secure communications company Veilant, told the Financial Times that modern smartphones generate vast amounts of location and behavioural data, creating what he described as a "digital exhaust" that can reveal a user's movements, contacts and activities even if the device itself has not been compromised.

Advertisement

“This is a national security exposure created by unmanaged phones, commercial ad tech, location data and, of course, operational necessity colliding with the realities of the field,” Stokes said.

Published At:
US