Anomaly Six, a US surveillance firm that tracks roughly 3 billion devices in real-time

An interesting article published by The Intercept reveals the secretive business of a US surveillance firm named Anomaly Six.

When we speak about the secretive business of surveillance businesses we often refer to the powerful tools developed by Israeli firms like NSO Group and Candiru, but many other firms operates in the shadow like the US company Anomaly Six (aka A6).

According to an interesting analysis published by The Intercept, Anomaly Six is a secretive government contractor that claims to monitor billions of phones worldwide.

While Russia was invading Ukraine in February, two unknown surveillance startups, Anomaly Six and Zignal Labs joined forces to provide powerful surveillance services.

Zignal Labs is a company that provides social media surveillance, combining its analysis with capabilities of A6, the U.S. government was able to spy on Russian the army before the invasion.

“According to audiovisual recordings of an A6 presentation reviewed by The Intercept and Tech Inquiry, the firm claims that it can track roughly 3 billion devices in real time, equivalent to a fifth of the world’s population.” reads the article published by The Intercept. “The staggering surveillance capacity was cited during a pitch to provide A6’s phone-tracking capabilities to Zignal Labs, a social media monitoring firm that leverages its access to Twitter’s rarely granted “firehose” data stream to sift through hundreds of millions of tweets per day without restriction.”

The capabilities claimed by the surveillance firm are worrisome, a government contractor can spy on Americans and pass gathered data to the US intelligence agencies.

The source that provided the information on the secretive surveillance firms to The Intercept said that Zignal Labs violated Twitter’s terms of service to gather intelligence, but the company refused any accusation.

A6, unlike other surveillance firms, harvests only GPS pinpoints and data it provides allows to surveil roughly 230 million devices on an average day. A6 is able to access GPS measurements gathered through covert partnerships with “thousands” of apps. A6 also claimed to have amassed a huge quantity of information on people, it has gathered over 2 billion email addresses and other personal details for these individuals.

These data were voluntarily shared by mobile users when signing up for smartphone apps, a company spokesman explained that users agree on everything without reading the end-user license agreement.

At this time, The Intercept was not able to verify the real capabilities of the Anomaly Six’s surveillance platform, while Zignal Labs denied any form of collaboration with Anomaly Six.

“While Anomaly 6 has in the past demonstrated its capabilities to Zignal Labs, Zignal Labs does not have a relationship with Anomaly 6. We have never integrated Anomaly 6’s capabilities into our platform, nor have we ever delivered Anomaly 6 to any of our customers.” reads a statement issued by Zignal Labs.

Motherboard reported that U.S. Special Operations Command paid Anomaly Six $590,000 in September 2020 for a year of access to the company service.

“Anomaly Six software lets its customers browse all of this data in a convenient and intuitive Google Maps-style satellite view of Earth. Users need only find a location of interest and draw a box around it, and A6 fills that boundary with dots denoting smartphones that passed through that area. Clicking a dot will provide you with lines representing the device’s — and its owner’s — movements around a neighborhood, city, or indeed the entire world.” continues the article.

In a demo of their platform, Anomaly Six was able track devices belonging to individuals that visited NSA’s headquarters in Fort Meade, Maryland, and the CIA’s headquarters in Langley, Virginia. The platform identified 183 mobile devices potentially belonging to American intelligence personnel.

“The remarkable world-spanning capabilities of Anomaly Six are representative of the quantum leap occurring in the field of OSINT.” concludes the article. “Automated OSINT has also become something of a misnomer, using information that is by no means “open source” or in the public domain, like commercial GPS data that must be bought from a private broker. While OSINT techniques are powerful, they are generally shielded from accusations of privacy violation because the “open source” nature of the underlying information means that it was already to some extent public.”

Let me suggest reading the article published by The Intercept, it is full of interesting information about the surveillance capabilities of A6.

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform  

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, surveillance)

[adrotate banner=”5″]

[adrotate banner=”13″]