In 2024, a Lighthouse Reports journalist stumbled across a vast dataset on the deep web. It was a record of over a million tracking operations carried out via a previously unreported surveillance technology company, First Wap, based in Indonesia.
The data included 14,000 different phone numbers in 160 countries, targeted at specific times over a span of years. In many cases, it also included latitude and longitude, showing a person’s movements — sometimes with minute-by-minute precision.
Working with Paper Trail Media from Germany, Lighthouse Reports analysed the dataset and identified 1,500 of the people who had been targeted. They included VIPs, heads of state and top executives — but also journalists, lawyers and many ordinary people with no political exposure.
The reporting team ultimately included 14 organisations across the world.
The stories within the data led to Italy, uncovering a spying operation against a reporter investigating corruption in the Vatican; to South Africa, where a group of Rwandan dissidents were being hunted down by the regime in Kigali; and to Austria, where employees of the drinks company Red Bull were being mysteriously monitored.
A Russian businesswoman was surveilled on holiday in India while tech founder Anne Wojcicki was tracked across San Francisco.
Confidential documents revealed how First Wap’s phone tracking tool, called Altamides, had been marketed to authoritarian governments. But, breaking a rule that the surveillance industry often says it abides by, it was also used by corporate investigators for private clients.
The team wanted to know what kind of boundaries the company placed around use of its tech. So we went undercover to the world’s premier surveillance tech trade fair in Prague, to find out where they might draw the line.
On hidden camera, First Wap’s executives talked candidly about using their systems to track environmental activists, cracking WhatApp accounts, and about setting up shell companies to sell to sanctioned entities.
See the stories below.