On October 14, 2025, Lighthouse Reports dropped a bombshell that is shaking the surveillance industry to its core. A team of 70 journalists from 14 media outlets, including Der Spiegel, and Mother Jones, spent months uncovering a hidden surveillance network that quietly tracked over 14,000 phone numbers across 168 countries.

At the center of this global espionage machine is First Wap, an Indonesian company that built a covert tracking system named Altamides. Their targets?
Investigative journalists, activists, CEOs, celebrities, and even Anne Wojcicki, founder of 23andMe.

And the most disturbing part?
They didn’t hack phones.
They hacked the telecom networks themselves, exploiting a flaw old enough to retire.

How a Telecom Loophole Became a Global Spy Weapon

To understand how First Wap pulled off this massive espionage operation, you need one word:

SS7 (Signaling System 7)

  • Created by AT&T in 1975
  • Standardized in 1980
  • Still used today by almost every telecom network on Earth

SS7 is what allows your carrier to:

  • Route calls abroad
  • Deliver SMS while you travel
  • Connect networks worldwide

But there’s a catch:
It was never designed to be secure.

SS7 assumes telecom operators are trustworthy. There is no strong authentication, no encryption, no verification, nothing.

Anyone who can pretend to be a telecom operator… becomes one.

And that’s where First Wap comes in.

The Tech Duo Who Exploited the Flaw: Fuchs & Lalanne

First Wap was founded in 1999 in Jakarta by:

  • Josef Fuchs, an Austrian telecom engineer who previously worked at Siemens and Telkomsel
  • Pascal Lalanne, a French businessman who later vanished from the tech world
READ 👉  Operation CargoTalon: Sophisticated Spear-Phishing Campaign Targets Russian Aerospace Entity

After the 2000 dot-com crash, Lalanne cashed out and disappeared. Today, he reportedly runs a wildlife sanctuary in Lombok.

Fuchs, however, continued building the ultimate spy tool.

Altamides: Network-Level Spyware That Leaves Zero Trace

Altamides (Advanced Location Tracking and Mobile Information and Deception System) works by impersonating legitimate telecom operators using rented Global Titles — telecom network addresses sold by carriers, including Mobilkom Liechtenstein.

Once inside the network, Altamides can:
✔ Locate any phone, anywhere in the world, in real time
✔ Intercept SMS messages
✔ Listen to calls
✔ Break WhatsApp and 2FA protections via SS7
✔ Do all this without infecting the target’s phone

No malware. No spyware. No Pegasus-style exploits.
The victim never suspects anything. No battery drain, no strange files, no alerts.

If your phone is turned on, Altamides can find you. Period.

14,000+ Targets Revealed (And That’s Only a Fraction)

Lighthouse Reports obtained 1.5 million tracking records, leaked on the dark web. They document tracking activity between 2007 and 2014. Investigators say the real number of victims is much higher — and the system is still active.

Who Was Spied On?

  • Anne Wojcicki (Founder of 23andMe)
  • Jared Leto, Hollywood actor
  • Hamad bin Jassim Al Thani, former PM of Qatar
  • Asma al-Assad, wife of the Syrian dictator
  • Adam Ciralsky, former CIA lawyer and Vanity Fair journalist
  • Erik Prince, founder of Blackwater

And far more worrying: dozens of activists, opposition leaders, and investigative reporters — some of whom were later imprisoned or assassinated.

Case Study 1 — Vatican Whistleblower Hunt (2012)

Italian journalist and writer Gianluigi Nuzzi, Milano, 29th February 2024. (Photo by Leonardo Cendamo/Getty Images)

Italian investigative journalist Gianluigi Nuzzi published Sua Santità, exposing secret documents about financial corruption inside the Vatican.

Hours later, Altamides began:

  • Tracking his movements hourly
  • Mapping addresses, meetings, and trips between Milan and Rome
  • Sending location updates in real time

Days later, police arrested the whistleblower: Paolo Gabriele, Pope Benedict XVI’s butler.

READ 👉  Windows Hello: Fingerprint authentication on PC has been bypassed

When asked whether the Vatican used Altamides, church officials refused to answer.

Case Study 2 — An Opposition Leader Is Murdered (2014)

Rwandan intelligence defector Patrick Karegeya went into exile in South Africa. For 18 months before his assassination, Altamides tracked:

  • His driver
  • His bodyguard
  • His political allies
  • His wife

On December 31, 2013, Karegeya was found strangled in a Johannesburg hotel. The main suspect fled to Rwanda the same night. No one has ever been arrested.

Surveillance for Sale: First Wap’s Business Model

Leak documents show Altamides was sold to:

  • Nigeria
  • Malaysia
  • Saudi Arabia
  • United Arab Emirates
  • Indonesia
  • Uzbekistan
  • Belarus
  • And private spying companies

An ex-employee said:

“There were no red lines. If the money arrived, they got the system.”

In 2024, during the ISS World surveillance conference, First Wap executives were secretly filmed offering to sell Altamides to monitor activists in Niger, despite EU sanctions. They offered to route contracts through Jakarta using shell companies.

When confronted months later, they claimed it was simply discussing “technical feasibility.”

The Double Life of Josef Fuchs

Here’s the strangest twist:
While building one of the world’s most dangerous surveillance companies…

Fuchs founded a charity for Indonesian street children.

His NGO, ISCO (Indonesian Street Children Organization), has helped over 2,000 children access education. In 2018, the Austrian embassy awarded him the Golden Medal of Honor.

He is celebrated as a philanthropist by day — and sells spy tools to oppressive regimes by night.

SS7: A Flaw Everyone Knows About (But Nobody Fixes)

Cybersecurity experts have warned about SS7 vulnerabilities for over a decade:

  • 2017 (Germany): Criminals intercepted 2FA and emptied bank accounts
  • 2016 (Norway): 30% of Telenor’s network crashed due to rogue SS7 traffic
  • 2014: SS7 exploitation was demonstrated at 31C3 (Chaos Communication Congress)

Fixing SS7 would require a multi-trillion-dollar global telecom upgrade. No one wants to pay the bill.

So we keep using it.

The Real Scandal Is Bigger Than First Wap

The real scandal isn’t just a secret Indonesian spying company.

The real scandal is that:

🔴 The world still runs on a broken telecom protocol from the 1970s
🔴 Telecom operators rent network access to private spy companies
🔴 Surveillance tools are sold to dictators like office printers
🔴 You don’t need Pegasus or zero-days to spy on millions of people

READ 👉  From Cascade Virus to Cybersecurity Empire: The Incredible Story of Eugene Kaspersky

Your phone can betray you even if you never touch it.

Takeaways: What You Should Know

FactImpact
SS7 is outdated but still used globallyBillions of phones are vulnerable
Altamides works at the network levelNo malware, no trace, impossible to detect
Telecom operators sell accessSpyware = commercial product
Victims include activists & journalistsSome were murdered
Fixing SS7 is expensiveNo telecom wants to pay

📚 Sources

  1. Lighthouse Reports – Surveillance Secrets
    This is the primary investigation. It covers the archive, methodology, key targets, and how First Wap operates via SS7.
  2. Lighthouse Reports – Technical Explainer
    Detailed breakdown of how First Wap’s Altamides works, including SS7 abuse, the dataset of 1.5 million entries, and the methods used to analyze the data.
  3. Amnesty International Response
    Amnesty calls for urgent regulation and highlights how First Wap exploited legal gaps in export controls.
  4. Lawfare – Analysis of First Wap
    A commentary on how First Wap is part of a “middle tier” of surveillance firms exploiting telecom protocols, even as major spyware firms face tighter crackdowns.
  5. Le Monde – First Wap Profile
    Le Monde article on First Wap’s history, its use of Altamides, and how the company tracks staff, journalists, and activists.
  6. KRIK (Serbia) – Targets in Serbia
    A local investigation that shows how Altamides was used to track Serbian businesspeople.
  7. Netcost-Security – Secret Empire of First Wap
    French-language tech/security site summarizing the global scope, the number of tracked phones, and misuse by private and state actors.
  8. GiornaleTecnologico – Altamides Exposed
    Italian-language report that explains how Altamides works “without hacking” by abusing SS7, and provides a timeline of First Wap’s operations.
  9. Wikipedia – First Wap
    General overview: history, technical product (Altamides), and public reporting on the scandal.
Did you enjoy this article? Feel free to share it on social media and subscribe to our newsletter so you never miss a post!

And if you'd like to go a step further in supporting us, you can treat us to a virtual coffee ☕️. Thank you for your support ❤️!
Buy Me a Coffee
⚠️ Legal Disclaimer: This website is an informational and educational tech blog. The content provided aims to help users better understand technologies, software, online tools, and digital practices.

We do not support or promote any form of piracy, copyright infringement, or illegal use of software, video content, or digital resources.

Any mention of third-party sites, tools, or platforms is purely for informational purposes. It is the responsibility of each reader to comply with the laws in their country, as well as the terms of use of the services mentioned.

We strongly encourage the use of legal, open-source, or official solutions in a responsible manner.

Categorized in:

Cybersecurity

Tagged in:

, , , , , , , ,