How ordinary tech becomes surveillance infrastructure: Best infosec long reads 5/9/26

Full access to Metacurity's curated infosec long reads is available to paid subscribers. Our goal is simple: make it financially viable to keep investing the time and expertise required to find, vet, and contextualize the most important security journalism each week. Free readers will still get highlights, but subscribers will get the complete, deeply curated set.

Please help support Metacurity achieve our goal by upgrading your subscription to gain full access to this issue and all content published on Metacurity, including the archives.

May 9: This week's long reads explore how modern technology is quietly reshaping surveillance from something targeted and exceptional into something ambient and embedded within ordinary life. The Haaretz investigation into telecom tracking, the hacked robotic lawn mower, and the Aeon essay on devices “having jobs” all point to the same unsettling reality: systems originally designed for convenience, connectivity, or automation increasingly double as tools for observation and behavioral monitoring.

They also share a deeper concern about invisible infrastructure. Much of the power described in these stories operates below public awareness — inside telecom signaling protocols, AI systems, metadata, connected devices, and networked platforms. Rather than relying on dramatic breaches, these systems derive power from quietly collecting and correlating fragments of everyday activity until intimate patterns emerge.

Even the Quanta piece on frightening AI narratives fits within this theme. It suggests that public anxiety around AI is not simply fear of futuristic machines, but an instinctive recognition that technological systems are becoming more autonomous, interpretive, and difficult to see or control. These articles sketch a world in which the real cybersecurity challenge is no longer just protecting data, but understanding how ordinary digital systems are evolving into pervasive infrastructures of inference and visibility.

Ghost Operators: How Israeli Telecoms Were Exploited to Track Citizens Worldwide

Haaretz's Omer Benjakob walks through how Citizen Lab research showed that Israeli telecom infrastructure and surveillance capabilities were allegedly leveraged to covertly track individuals around the world through weaknesses and backdoor access within mobile networks.

The report describes two separate tracking operations, each likely run by a commercial firm selling surveillance technologies to governments around the world. One was also found to have exploited Israeli geolocation technology to track targets, using networks belonging to 019Mobile and Partner Communications, although both Israeli companies denied any involvement.

A second, more sophisticated operation is linked to a Swiss firm at the center of a 2023 Haaretz investigation for supplying Israeli surveillance companies, including Rayzone, which develops and sells cyber intelligence technologies to government agencies around the world.

The investigation found that the Swiss telecom company allowed companies like Rayzone to impersonate cellular carriers and connect to legacy mobile networks in order to track users worldwide, exploiting an older telecom signaling protocol called SS7 for surveillance purposes. SS7 was originally designed to route calls and text messages, enable international roaming, and connect different mobile operators.

British regulators banned the practice last week in an effort to crack down on tracking spyware, after more than a decade of investigative reporting on its abuse, calling the practice the largest source of malicious traffic to mobile networks.

Moreover, Citizen Lab's findings show that newer signalling systems – introduced to strengthen security measures – are being similarly exploited by spyware firms, despite being designed to mitigate security risks and prevent surveillance.

One example is Diameter, a mobile network system that handles 4G international roaming and most 5G networks, designed to streamline cellular connectivity to the internet, which was now shown to be susceptible to tracking spyware.

In the first operation uncovered by Citizen Lab, researchers logged more than 500 location-tracking attempts between November 2022 and 2025 across Thailand, South Africa, Norway, Bangladesh, Malaysia and several other African countries. The investigation began with a single subscriber: a Middle East businessman tracked methodically over four hours in an episode that opened the door to the broader pattern researchers later mapped: a company querying the international phone system on behalf of clients to follow targets.

An Israeli carrier, 019Mobile, was used in the operation. According to information obtained by Haaretz, dozens of separate tracking attempts appear to have passed through 019's servers - requests that did not look like legitimate communications but like surveillance. Every mobile network has a unique address – similar to a website address – that other telecom companies use to route calls and data traffic. Citizen Lab found that addresses registered to 019 were used to send location-tracking requests through Partner Communications, whose infrastructure 019 relies on. Another route passed through Exelera Telecom, an Israeli company that provides cloud and communications services, including an international undersea fiber-optic cable. Exelera did not respond to Haaretz's request for comment.