Swiss tech firm aided surveillance ops
The co-founder of a company that has been trusted by technology giants including Google and Twitter to deliver sensitive passwords to millions of their customers also operated a service that ultimately helped governments secretly surveil and track mobile phones, according to former employees and clients.
Since it started in 2013, Mitto AG has established itself as a provider of automated text messages for such things as sales promotions, appointment reminders and security codes needed to log in to online accounts, telling customers that text messages are more likely to be read and engaged with than emails as part of their marketing efforts.
Mitto, a closely held company with headquarters in Zug, Switzerland, has grown its business by establishing relationships with telecom operators in more than 100 countries. It has brokered deals that gave it the ability to deliver text messages to billions of phones in most corners of the world, including countries that are otherwise difficult for Western companies to penetrate, such as Iran and Afghanistan. Mitto has attracted major technology giants as customers, including Google, Twitter, WhatsApp, Microsoft's
LinkedIn and messaging app Telegram, in addition to China's TikTok, Tencent and Alibaba, according to Mitto documents and former employees.
But a Bloomberg News investigation, carried out in collaboration with the London-based Bureau of Investigative Journalism, indicates that the company's co-founder and CEO
Ilja Gorelik was also providing another service: selling access to Mitto's networks to secretly locate people via their mobile phones.
That Mitto's networks were also being used for surveillance work wasn't shared with the company's technology clients or the mobile operators Mitto works with to spread its text messages and other communications, according to four former Mitto employees. The existence of the alternate service was known only to a small number of people within the company, these people said. Gorelik sold the service to surveillance-technology companies, which in turn contracted with government agencies, according to the employees.
Responding to questions, Mitto issued a statement saying the company had no involvement in a surveillance business and had launched an internal investigation "to determine if our technology and business has been compromised." Mitto would "take corrective action if necessary."
Two former employees of a firm that provides intelligence-gathering tech to government organisations and law enforcement said staff at the firm had worked with Gorelik to install custom software at Mitto that helped track mobile phone locations and, in some cases, obtain call logs.