Swiss company Mitto AG that assisted technology giants like Google, WhatsApp, Twitter, LinkedIn and Telegram with the OTP services, now finds itself in the middle of a global spying business. According to a report by London based nonprofit, The Bureau of Investigative Journalism (TBIJ), co-founder and chief operating officer of the company, Ilja Gorelik, provided services to surveillance companies that included “selling access to Mitto’s networks to secretly locate people via their mobile phones”. The company’s employees and whistleblowers revealed that these Mitto’s own networks were also used for the surveillance work. The report said that the surveillance companies involved in the business with Mitto were contracted to work with government agencies, however, it did not reveal their identities.

Headquartered in Zug, Switzerland, Mitto AG is a private company that has partnerships with over 100 telecom operators across the world. The TBIJ report suggests that Swiss company used mobile phone networks to locate people and possibly intercept the messages using the SS7 protocol. SS7 infrastructure is used by the telecom networks around the world to communicate while calls and text messages are routed from one network to another. The report also cited at least one incident where an official of the US State Department was targeted with a flurry of signalling using Mitto’s network to locate device’s location. The information obtained from Mitto AG’s network, once mixed with other modern surveillance technologies available in the market, could make interception of devices a lot easier.

The company has expressed shock and distanced itself from the secret surveillance business run by its co-founder. “We are shocked by the assertions against Ilja Gorelik and our company. To be clear, Mitto does not, has not, and will not organise and operate a separate business, division, or entity that provides surveillance companies access to telecom infrastructure to secretly locate people via their mobile phones, or other illegal acts. Mitto also does not condone, support, and enable the exploitation of telecom networks with whom the company partners to deliver service to its global customers”, Mitto AG said in a statement.

Technology companies such as Google, Twitter, WhatsApp, LinkedIn and Telegram uses SMS based services for user verification, password retrievals and security checks. Hosting infrastructure for a global user base is a costly operation for technology companies and aggregators like Mitto AG provide the solution at a much lower cost.