Swiss Firm Executive Operates Secret Surveillance Operation

The co-founder of a company that has been trusted by technology giants including Google and Twitter to deliver sensitive passwords to millions of their customers also operated a service that ultimately helped governments secretly surveil and track mobile phones, according to former employees and clients.

Since it started in 2013, Mitto AG has established itself as a provider of automated text messages for such things as sales promotions, appointment reminders and security codes needed to log in to online accounts, telling customers that text messages are more likely to be read and engaged with than emails as part of their marketing efforts.

Mitto, a closely held company with headquarters in Zug, Switzerland, has grown its business by establishing relationships with telecom operators in more than 100 countries. It has brokered deals that gave it the ability to deliver text messages to billions of phones in most corners of the world, including countries that are otherwise difficult for Western companies to penetrate, such as Iran and Afghanistan. Mitto has attracted major technology giants as customers, including Google, Twitter, WhatsApp, Microsoft’s LinkedIn and messaging app Telegram, in addition to China’s TikTok, Tencent and Alibaba, according to Mitto documents and former employees.

But a Bloomberg News investigation, carried out in collaboration with the London-based Bureau of Investigative Journalism, indicates that the company’s co-founder and chief operating officer, Ilja Gorelik, was also providing another service: selling access to Mitto’s networks to secretly locate people via their mobile phones.

That Mitto’s networks were also being used for surveillance work wasn’t shared with the company’s technology clients or the mobile operators Mitto works with to spread its text messages and other communications, according to four former Mitto employees. The existence of the alternate service was known only to a small number of people within the company, these people said. Gorelik sold the service to surveillance-technology companies which in turn contracted with government agencies, according to the employees.

Responding to Bloomberg’s questions, Mitto issued a statement saying that the company had no involvement in a surveillance business and had launched an internal investigation “to determine if our technology and business has been compromised.” Mitto would “take corrective action if necessary,” according to Mitto.

“We are shocked by the assertions against Ilja Gorelik and our company,” according to the company. “To be clear, Mitto does not, has not, and will not organize and operate a separate business, division or entity that provides surveillance companies access to telecom infrastructure to secretly locate people via their mobile phones, or other illegal acts. Mitto also does not condone, support and enable the exploitation of telecom networks with whom the company partners with to deliver service to its global customers.”

Gorelik didn’t respond to requests for comment. A Mitto representative declined to comment on Gorelik’s current role with the company.

Custom Software

Two former employees of a company that provides intelligence-gathering technology to government organizations and law enforcement said staff at the company had worked with Gorelik to install custom software at Mitto that their company’s customers could use to track the locations of mobile phones and, in some cases, obtain call logs for specific people. During the time the former employees say they engaged in the work, there was virtually no oversight of alleged surveillance carried out using Mitto’s systems, creating potential opportunities for misuse, they said.


Comments