Full Report
Mother Jones has a long article on surveillance arms manufacturers, their wares, and how they avoid export control laws: Operating from their base in Jakarta, where permissive export laws have allowed their surveillance business to flourish, First Wap’s European founders and executives have quietly built a phone-tracking empire, with a footprint extending from the Vatican to the Middle East to Silicon Valley. It calls its proprietary system Altamides, which it describes in promotional materials as “a unified platform to covertly locate the whereabouts of single or multiple suspects in real-time, to detect movement patterns, and to detect whether suspects are in close vicinity with each other.”...
Analysis Summary
Based on the provided context, here is the summary structured as requested:
# Threat Actor: First Wap
## Attribution & Identity
* **Identification:** Surveillance arms manufacturer known as "First Wap."
* **Founders/Executives:** European founders and executives.
* **Operational Base:** Jakarta, Indonesia, utilizing permissive local export laws.
* **Known Aliases/Groups:** None explicitly named besides the company name "First Wap."
## Activity Summary
First Wap has built a "phone-tracking empire" operating quietly. Their primary activity is the development and deployment of surveillance technology for covert tracking purposes, selling their wares globally.
## Tactics, Techniques & Procedures
* **Core Capability:** Covertly locating suspects in real-time, detecting movement patterns, and determining proximity between multiple targets.
* **Primary TTP:** Shrewd use of the antiquated telecommunication protocol **Signaling System No. 7 (SS7)**.
* **SS7 Exploitation:** Using SS7 access to send queries to phone carriers to determine the nearest cell tower to a target phone number, facilitating location tracking.
* **Evasion:** Their method (Altamides) leaves no trace on the targeted phones, unlike spyware (e.g., Pegasus), and does not require user interaction via malicious links.
## Targeting
* **Sectors:** Not explicitly detailed beyond general government/intelligence/security entities capable of purchasing such tools (implied by the nature of the product and clients).
* **Geography:** Global footprint described as extending from the **Vatican** to the **Middle East** to **Silicon Valley**.
* **Victims:** Single or multiple suspects whose real-time location data is sought.
## Tools & Infrastructure
* **Malware Families Used:** Not applicable (The system relies on telecom signaling exploitation rather than traditional malware installation).
* **Infrastructure:**
* **Proprietary System:** Altamides (described as a "unified platform").
* **Infrastructure Component:** Access to SS7 network routing capabilities.
## Implications
First Wap represents a significant threat by providing a highly covert, non-intrusive location tracking solution utilizing fundamental global telecommunication vulnerabilities (SS7). Their ability to operate globally from a permissive jurisdiction (Jakarta) and potentially sell to varied clients (indicated by the diverse geographical footprint) suggests a sophisticated evasion of international export controls governing surveillance technology.
## Mitigations
* **Focus on SS7 Monitoring:** Organizations and telecom carriers must enhance monitoring and ingress filtering on their SS7/Diameter interfaces to detect unauthorized location tracking queries.
* **Supply Chain Due Diligence:** Governments and security organizations must rigorously vet third-party surveillance vendors, particularly those operating from jurisdictions with lax export controls.
* **Defense Against Location Data Interception:** Since the tool uses telephony protocols rather than device infection, mitigation should focus on hardening core network layer signaling security rather than endpoint security alone.