Mobile Interception and Infection

Operational agencies face unprecedented challenges which are inherent in today’s fast-changing environment.

End users—to keep up with relentless, ongoing change—require innovative, synergeticsolutions that dynamically adapt to both existing or emerging scenarios.

This document outlines our cyber-ecosystem offering. Our distinctive and powerful solutionsconnect to a highly-sophisticated, fusion intelligence platform used to covertly detect, intercept, control, and analyse mobile communications—all this is achieved with minimal interface with local service providers.

Circumstances often show that “the best defence is a strong offence”. We provide both a powerful Offense Suite and a formidable Defense Suite.


  1. Remote Cyber Solution for Mobile phones
  2. Geolocation Intel
  3. Active Tactical Interception
  4. Passive Tactical Interception (GSM)
  5. Thuraya / SLIS / Iridium I-System
  6. NEXGEN OSINT / Target Profiling / Virtual Identities




REMOTE ACCESS TROJAN solution for remote mobile infection & Interception, provides a complete solution for the secure, anonymous, and remote gathering of intelligence from multiple platforms.

Everywhere and all the time we use our smartphones to access email, messaging, social media, calendar, camera, navigation, encyclopaedias, news, and more. These same smartphones are continuously in flux—customers are constantly offered new models, upgraded software, and endless new apps.

Criminals and terrorists too see the benefit in mobile phone technology. Ironically, growing sensitivity to cybersecurity issues helps these elements protect their data and communications from law enforcement and homeland security organizations.

Our solution addresses one of the great challenges facing government intelligence agencies—how to covertly access data on targets smartphones and computers without being detected or blocked!

The solution meets the challenges created by the smartphone revolution. Using a powerful Remote Access Trojan (RAT) remote intelligence is securely and covertly gathered from all types of smartphones and computers. RAT is installed on smartphones and computers via undetectable means.

  1. Mobile Phone Data
  2. Location Contacts
  3. Call logs Photos gallery
  4. WhatsApp chats & calls and call logs Calendar
  5. SMS Browsing history
  6. Other encrypted IM apps; e.g., Viber, Skype,
  7. Telegram, Signal…


  1. Undetectable by anti-virus software
  2. Proximity to a target is not required
  3. Not depended on network operator
  4. Can be traced back to the using agency


A complete geolocation solution, acquires real-time location information for target mobile phones—at any time, in any network, across the globe.

Cellular phone technology makes it possible to determine the location of phones in mobile networks. This is critically advantageous during rescue operations when phone owners are unable to communicate with rescuers and it offers intelligence agencies with the ability to track and follow target whereabouts.

The increasing techno-sophistication of criminals and terrorists means they are well aware of cyber tracking options and, as such, take steps to hide or disguise their location.

The ideal for intelligence agencies is to seamlessly and covertly track targets without risk of being detected or identified. Our geolocation solution meets these challenges!

The geolocation is transparent to the target—it can’t be identified, blocked, or traced back to the operational user.

The geolocation solution features an intuitive, user-friendly interface which opens up a wide and flexible range of methodologies for tracking targets and receiving alerts.


  1. Accurately locates a targets cell location within their home network (HLR)
  2. Accurately locates a targets cell location while roaming via another network (VLR)
  3. Provides target status information: idle / busy and stationary / moving
  4. Intuitive, web-based user interface for creating and monitoring targets
  5. Maps mobile cell IDs into GPS coordinates and plots them on maps
  6. Programmable alerts include
  7. Proximity to sensitive locations
  8. Proximity to other targets
  9. Phone reactivated


  1. Not connected to any service provider networks
  2. Mobile-technology agnostic
  3. Based on SMS centres, not signalling
  4. Total anonymity, undetectable


Active Tactical Interception locates, detects, controls, intercepts, and manipulates target devices and their communications.

Operational Flow:

  1. REALTIME DETECTION of 2G, 3G, and 4G GSM-standard mobile phones located within the System operational-coverage zone.
  2. FULL CONTROL—a target device is identified, registered to the System network, and then their communications are fully controlled using Man-in-the-Middle (MITM) technology which remains undetectable as it mimics real network parameters.
  3. PRECISELY LOCATE using a tactical, hand-held homing device that gives you a location accuracy level of 1-meter!
  4. INTERCEPT all target device communication traffic (Voice calls and SMS) once it is under the System control.
  5. MANIPULATE targets by changing the original content of incoming/outgoing SMS or create fake SMS or calls to a target.


The Focus-Zone sub-system has an operational range of up to 1 km though, with our Expanded-Zone option, this increases to 2 Km.

Environmental factors play a part during real-time usage.

 In heavily built-up urban areas, where the interception zone is smaller, the range is about 150 meters.

 In rural areas, where cell coverage encompasses a larger territory, the interception distances will be greater.


  1. Defines key mobile phone parameters required for the System operation: IMSI, IMEI, KC, Public Number, and more.
  2. Captures full incoming and outgoing mobile phone traffic located within the System operational zone.
  3. Manipulates mobile phone states—identify the location of a mobile station (target) by remotely activating its GPS receiver and microphone.
  4. Operates in stealth mode (GSM networks) using various types of encoding (А5.2)

Operational Modes

The System operating modes include Catcher, Interceptor, Target Correlation, and Local Network.

Catcher Mode

  1. Covertly obtains the main identification parameters of mobile stations—IMSI, IMEI, TMSI, Kc, etc.
  2. IMSI detection and IMEI catching
  3. Prevents operation of a select mobile station (target) or group of stations found within the System coverage zone.

Interceptor Mode

Maintains full control over mobile station target traffic (incoming and outgoing) captured by the System.

Further, the System supports subscriber (target) selection using known IMSI and/or IMEI identifiers.

  1. RANDOM MODE intercepts all captured mobile phones and records all traffic within the operational zone of coverage.
  2. TARGET MODE intercepts the traffic of a given target.

Target Correlation Mode

Utilized to distinguish select target parameters from amongst all the subscribers registered to the System.

The technique compares between subscribers—subscriber data is collected from different addresses during varying time periods—registered to the internal network.

Local Network Mode 1

  1. The System supports mobile-station operations during critical situations—such as restoration of a radio coverage zone—by creating a private network.
  2. Search, detection, and possible contact with GSM mobile station owners during hostage-taking scenarios, natural disasters, and accidents.
  3. Supports the System operator’s exclusive contact with pre-determined mobile stations.


The unique 3G INTERCEPTION system captures calls, SMS and data, and manipulates cellular devices/subscribers—3G/UMTS networks are used without downgrading to 2G/GSM networks.

  1. The 3G INTERCEPTION system creates a virtual BTS (Node B):
  2. Features the best operational parameters for 3G/UMTS communications.
  3. Provides authentication/cyphering keys to targeted cellular devices.

A cellular device registering to the Node B reveals its IMSI and IMEI identities as well as other detailed information about its communication capabilities.

The 3G INTERCEPTION user—having collected all required information—can release a mobile device to the provider’s 3G/UMTS network OR provide the target device with authentication/cyphering keys in order to perform cellular interception and manipulation.


3G INTERCEPTION components work cooperatively with advanced and upgraded cellular providers using 3G/UMTS BTS.

  1. 3G/UMTS virtual BTS (Node B)
  2. Multi-channel clone station
  3. 3G/UMTS BTS—femtocell, picocell, nano cell
  4. TAIS Nano is fully compatible with our 2G/GSM and 4G/LTE systems; it can also be operated as a standalone product.


  1. Provides and all-in-one solution that is completely portable and flexible.
  2. Doesn’t require a roaming connection with international virtual providers.
  3. Doesn’t disturb or interfere with cellular network providers.
  4. Provides online authentications and cyphering keys (doesn't require additional deciphering units).
  5. Intercept calls, SMS and data, and manipulates cellular devices registered to the System (3G/UMTS network).
  6. Use as a standalone 3G/UMTS interception system.
  7. Integrates with a data manipulation unit.
  8. Upon return to the provider network, targets do not receive any network-issued SMS.


The Passive Tactical Interception System Performance Network Analyzer (PNA) is designed to passively intercept cellular communications over GSM networks; it is based on a wide-band, high-sensitivity receiver that covers the GSM/DCM spectrum. During operations, the System detects all over-the-air (OTA) communications and intercepts them in real-time. This is achieved using a unique, high power A5/1 decipher that decrypts OTA GSM traffic and presents it to the user for further analysis.

Operational Modes

The System modes are easily operated using its interactive and user-friendly interface.

  1. TARGET MODE alerts the user to all calls made from a given target MSISDN.
  2. MASS INTERCEPTION MODE intercepts all OTA communications within operational range.

Intercepted Information

  1. Every intercepted Voice/SMS session is automatically recorded and registered; collected particulars include date, time, incoming/outgoing, duration, MSISDN, and Cell ID particulars.
  2. Analyzes downlink (DL) and uplink (UL) channels; includes IMSI/TMSI (as defined by given MNO) and, if captured via UL, incoming MSISDN or outgoing MSISDN/IMEI.


Automatically detects:

  1. All BTS—within the System operational range—that operate over GSM networks; it also evaluates their BTS signal quality.
  2. All communications (Voice, SMS, network updates) made by an intercepted BTS.
  3. Presents the network parameters of intercepted BTS—MCC, MNC, Cell ID, LAC, etc.
  4. Simultaneous control and decoding of up to 128 GSM channels (simplex channels).
  5. Uses A5/1 DECIPHER for real-time analyses of Voice calls and SMS.
  6. Supports multiple formats for fast and efficient data export, report escalation, and more.


Decipher is specifically designed to support the tactical operation of our Passive, Active, and Hybrid GSM monitoring systems.

All sensitive GSM communications are encrypted—this makes A5/1 DECIPHER key to decrypting intercepted over-the-air (OTA) Voice calls and SMS traffic.

A5/1 encryption is a stream cipher that ensures OTA communication privacy in a GSM cellular standard; consequently, without the A5/1 DECIPHER module it is impossible to monitor GSM OTA communications.


  1. Highly reliable module
  2. Quickly calculates session keys (KC)
  3. Supports remote connections via Internet and VPN
  4. Enables real-time interception of encrypted Voice calls and SMS

Network Activity and Architecture

Thuraya is the worlds most popular, hand-held satellite phone system with over 350,000 subscribers—the small, easy-to-use handsets feature extremely low (20 cent/min) call rates.

Subscriber activity can peak at 2-3K calls/hour which includes both voice and terminal-to-terminal calls.

Segment capabilities include satellite-space, gateway-ground, mobile-user, and single-hop mobile-to-mobile voice calls.

Network Services

Dual-mode (GSM & Satellite) handsets, a terminal type to fit your needs, GSM/GMR-1 standard encryption, and high-speed data together make up Thuraya’s network offerings.

Dual-mode Handsets

  1. Voice, SMS, CLIP, call forwarding, and waiting
  2. Location determining (GPS)
  3. Fax and data up to 9.6 kbps

Terminal Types

  1. Hand-held
  2. Fixed
  3. Vehicle-mounted
  4. Maritime

System Composition

  1. Scalable, easily configured, and sized to requirements
  2. Antennas, RF/IF, demodulators, system control & data collection, cryptanalysis subsystem, operation & analysis

Mobile Identifiers

  1. Mobile identifiers match those for GSM technologies with SIM card-related identifiers (IMSI, TMSI, ISDN) and the IMEI hardware ID.
  2. Coverage
  3. Monitoring Solution

Home-cell Cluster

  1. L-band and C-band downlinks (DL)
  2. Home + 6 neighbouring spot beams
  3. Full-duplex call interception
  4. Phone-activity logging for other spot beams: receive C-band DL; GPS position; identify handset of called numbers

Remote L-band Extension

  1. Add one or more remote L-band system
  2. Extends coverage to 7 more spot beams
  3. Live data link between home and remote cells; min 28kbps for control/monitoring
  4. Extends full-duplex call interception capability C-band Monitoring—expand as required
  5. Full monitoring of all C-band RACH data (additional De-Z required)
  6. Monitor number-dialled and location information, though not content
  7. Half-duplex monitoring (only one side) of Thuraya calls: MES to Thuraya gateway; from selected network spot beams; or recording of all calls made to target numbers TiSYS monitoring coverage is possible for home-cell clusters, an expanded remote L-bandextension, or C-band-only monitoring.

Tactical Solution

  1. L-band downlink and uplink
  2. Provides full-duplex call interception and phone activity logs for Thuraya phones within radio line-of-sight


The Satellite Links Monitoring Solution (SLIS) includes both VSAT and IsatPhone solutions.

VSAT Overview

The flexible VSAT Solution is tailored to your requirements and features:

  1. Regional and national coverage
  2. Passive, non-intrusive operation
  3. Satellite survey tools
  4. Installation, training, and through-life support as well as being easily upgradeable


The satellite components use industrial-grade computers that accept one L-band input.

The system manually selects / automatically detects modulation, coder, scrambling, and frame types.


  1. Auto- carrier and auto-clock detection
  2. Automatic or manual gain control
  3. BER calculations and display
  4. Displays signal spectrum
  5. I-Q diagram


  1. Support FEC correction codes
  2. Performs auto detect or manual select


  1. Select from all standard descramblers
  2. Determines polynomial for standard & non-standard scramblers


  1. Framing types include IBS, IDR, and EDMAC
  2. Handles EDMAC with customizable parameters
  3. Uses customizable frames & signals with frame decoder


  1. Views and analyses frames by adjusting period and offset values
  2. Achieved on a dedicated frame viewer during signal analysis

VSAT Analysis / Interception Solution

This solution includes both the VSAT Analysis / Interception module and the related vendor equipment.


  1. Separate, industrial-grade computer
  2. Flexible capabilities for detecting VSAT parameters
  3. Supports VSAT classification
  4. Automatically or manually selects/detects VSAT vendors or technology


  1. Hughes PES, TES, and DVB-IPoS (DIRECWAY)
  2. Gilat SkyEdge DVB-RCS and IP
  3. iDirect IP Communications Technology
  4. Supports variable voice codecs
  5. Decodes variable channel / network, transport / application protocols
  6. Handles A & ABis LAPD signalling

Relational Database Management System (RDBM)

An RDBM program lets you create, update, and administer a relational database.

  1. Robust, reliable and user-friendly database management application.
  2. Performs standard and advanced searches as well as the sorting of database content.


The wide-spread use of laptops, smartphones, tablets, and other data enabled devices—alongside the accessibility of high-speed Internet services—has forever changed the way we interact. Every day the migration from traditional voice services to advanced data communications gains momentum and, with this, the exponential increase in the volume of information available on the Internet—social networks, chats, blogs, etc. On the downside, terrorists, criminals, and other dark forces use these same services and capabilities to conduct illegal activities and threaten national security.

The Internet today is an endless source of current, open-source information on people, places, business, government—the list goes on and on. A goldmine for intelligence organizations seeking information on potential suspects, and known criminals and terrorists. The role of web and open-source intelligence technologies in electronic warfare has dramatically evolved in recent years; despite this, it is still considered a daunting task to quickly and efficiently collect, organize, and analyse oceans of information. NextGen OSINT System is based on a user-friendly Intelligence Board. Analysts use MATRIX to covertly build and manage virtual avatars (Virtual HUMINT), view critical target-profile information, collect data traffic, and manage the system’s unique and essential decision-making tools.

Using the NextGen OSINT System, agencies quickly generate rich, timely intelligence that keeps them on top of emerging threats.

NextGen OSINT Subsystems


With the single click of a button, OSINT-related tasks are defined (per target) and varied information is automatically extracted and used to build and enhance target profiles; e.g., IMSI, location data, social media accounts, and more.


Information abounding in the surface and deep web is constantly monitored. Collected web pages, social networks, video-sharing sites, microblogs, forums, etc. are then correlated (by data collector) to varying degrees of detail. This process gives creation to clear and comprehensive intelligence reports via an advanced and user-friendly intelligence dashboard.


A dynamic and easy-to-use environment for analysts to covertly create and manage virtual avatars. The System embedded, virtualization tools

provide complete and comprehensive NATIVE desktop and mobile environments for every virtual avatar; it also supports their associated apps such as Skype, Jabber, WhatsApp, Telegram, Line, Office and more. This unique capability supports, long-term, in-depth, covert intelligence operations while leveraging real Virtual HUMINT capabilities.


For any additional technical information please contact our office to view these files.