Two Israeli-owned companies have developed technology capable of locating and, in some cases, identifying the users of Starlink - Elon Musk's satellite internet service - by fusing together vast stores of commercial data, including the advertising identifiers that sit at the core of the global digital advertising industry. The investigation, published by Haaretz on May 12, 2026, marks the first known report of off-the-shelf commercial products offering this capability for sale.

The findings matter for the marketing and advertising community specifically because, according to the investigation, advertising-based intelligence - or Ad-INT - appears to play a central role in the tools. The unique advertising identifiers that Apple and Google assign to every mobile device to enable personalized ad targeting are, according to the report, central to the deanonymization process these firms offer to government clients.

Starlink, owned by SpaceX, provides internet connectivity through a network of more than 8,000 low-Earth orbit satellites. Unlike traditional broadband or cellular infrastructure, it does not depend on national communications networks. A user can buy a terminal - a small white box roughly the size of a computer screen, containing a satellite dish and router - for a few hundred dollars, pay a monthly subscription, and connect to the internet independently of any state-controlled infrastructure. As of 2025, Starlink reported nine million subscribers across 150 countries.

That independence has made Starlink a tool with sharply divergent uses. In Ukraine, according to the Haaretz investigation, Starlink terminals have enabled the unmanned naval drones that sank Russian warships and oil tankers, withstanding Russian cyber and electronic warfare attempts. Tens of thousands of smuggled terminals helped Iranian protesters circumvent government blackout orders during earlier protests, with SpaceX reportedly waiving subscription fees. The service is also used in Gaza, by both aid organizations and Israeli military personnel.

The same characteristics that make Starlink attractive to civilians, activists, and soldiers in active conflict zones also make it useful to drug cartels, smugglers, and terrorist organizations. A salesperson cited in the Haaretz investigation put it bluntly: according to marketing materials, vessels that turn off their transponders and "go dark" - a tactic used by Russian and Iranian ships to evade tracking - can still be found because their crews require internet access. "The ship can hide, but the crew still needs porn and TikTok," the salesman said, according to the document.

The two firms and what their systems do

The investigation identifies two companies as the only known commercial providers of Starlink-monitoring tools.

The first is TargetTeam, a previously unknown company incorporated in Cyprus and owned by Israelis. It was founded by alumni of Israeli cyber intelligence firms Rayzone and Cognyte, according to Intelligence Online, which separately disclosed the company's existence. TargetTeam has developed a system called Stargetz. According to sales materials obtained by Haaretz, Stargetz can track close to one million Starlink terminals worldwide.

During a live demonstration shown to Haaretz, the interactive dashboard displayed terminals across the Middle East, the Arabian Peninsula and Gulf, India, Russia, and China. Offshore clusters appearing in the Arabian Sea and Bay of Bengal were assessed as likely ships. According to the dashboard seen during the demonstration, the system was monitoring one million terminals, with those terminals purportedly providing internet access to 5.5 million devices at that moment. Approximately 200,000 of those terminals had been "deanonymized" - meaning identifying details about the devices or users had reportedly been established. The system appeared to update at six-minute intervals and does not claim to offer real-time tracking. One example shown during the demonstration revealed a Starlink account associated with a Mexican phone number that was in fact operating from Pakistan and traveling frequently to Iran. The figures shown in the demonstration could not be independently verified.

The second firm is Rayzone, an established Israeli intelligence company whose sales are overseen by Israel's Defense Ministry. Rayzone markets a Starlink-monitoring capability as part of a broader suite of intelligence tools, including a big-data analytics product capable of deanonymizing users. Rayzone's Echo product was described in the investigation as an early leader in Ad-INT, the practice of harvesting location and device data from the digital advertising ecosystem. Today, Rayzone markets Echo alongside its Starlink monitoring system, with both products feeding the same data-fusion platform the firm sells to government clients as a competitor to Palantir.

Neither TargetTeam nor Rayzone responded to the investigation. SpaceX and Starlink also did not respond to requests for comment.

How the technology works: data fusion, not hacking

The critical technical distinction these firms emphasize is that their systems do not hack into Starlink or intercept its traffic. Starlink's architecture - using thousands of low-Earth orbit satellites rather than national telecoms or state-owned satellites - makes classic signals interception, as one source described it to Haaretz, "physically impossible." The Verint product called Starsky, which Haaretz obtained leaked documents about, operated on the old model: it intercepted traditional satellite phone communications by physically tapping the lines connecting satellite beams to a target country's telephone infrastructure. That approach became obsolete with Starlink.

Instead, TargetTeam and Rayzone use ground-based data fusion. Neither company disclosed the full technical details of how their systems work, but the investigation points strongly toward advertising-based intelligence as the mechanism. Both firms also develop and sell Ad-INT products. "It's not one source, it's not one sensor - it's connecting many layers of information and big data," a salesperson told potential clients, according to the document.

The implication is that unique advertising identifiers - the codes Apple and Google assign every user to serve personalized ads - play a central role in tracking Starlink users and in exposing their identities. A Starlink terminal acts as a hotspot: multiple devices connect through a single terminal. When a smartphone connects to the internet through a Starlink terminal and that phone subsequently runs an app, opens a browser, logs into social media, or is served an ad, digital traces are created. Mobile advertising SDKs embedded in applications, real-time bidding data, and location signals from the advertising ecosystem can all, in theory, be fused with the known IP range or location data of a Starlink terminal to link a specific device identifier - and, through that, a specific individual - to a particular terminal.

TargetTeam's website, as noted by Haaretz, does not list a Starlink product but does advertise data services consistent with Ad-INT capabilities. Rayzone's Echo product was, according to the investigation, among the first Ad-INT tools brought to market, two years before the Haaretz investigation into the broader practice was published.

The ad industry connection and why it alarmed privacy researchers

The connection to advertising technology drew a direct response from Donncha O Cearbhaill, head of Amnesty International's Security Lab. "For people living under internet shutdowns, blockades and active conflict - from Sudan to Myanmar to Iran - satellite services like Starlink are often the last remaining channel to call for help, document rights violations and tell the world what is happening," O Cearbhaill said. On the advertising data point specifically, he added: "It makes it all the more alarming that the locations of these terminals can be tracked, apparently through the processing of commercial and adtech data sources. While the adtech industry continues generating and selling huge volumes of location records and other highly sensitive data, it will keep fueling unintended threats that leave all of us - journalists, activists and ordinary users alike - exposed to state actors and cybercriminals."

This concern is not hypothetical. The intersection of advertising technology and state surveillance has been documented in other contexts. In January 2026, U.S. Immigration and Customs Enforcement (ICE) issued a Request for Information specifically seeking commercial ad tech and location data services for federal investigative and operational use, acknowledging in its own language the "regulatory constraints and privacy expectations" that such a purchase would need to navigate. That filing described commercial advertising technology as having developed surveillance infrastructure comparable to intelligence capabilities, with mobile advertising SDKs collecting location data continuously and data brokers aggregating coordinates into detailed mobility datasets.

The RTB ecosystem has also drawn scrutiny. The real-time bidding process, in which ad impressions are auctioned in milliseconds and bids are broadcast to potentially thousands of participants, has been identified as a channel through which data brokers can harvest massive quantities of consumer data - including timestamped GPS coordinates - simply by participating in auctions. As PPC Land has reported on the Check My Ads analysis of MRC transparency standards, the FTC's litigation against Mobilewalla alleged the company collected sensitive location data on consumers and sold it to third parties without express consent, using exactly this mechanism.

The structural picture that emerges is one in which advertising data generated for commercial purposes flows outward into intelligence products without consumers being aware. A device identifier created to serve a shoe advertisement can, through a data fusion process, contribute to the identification of a journalist using satellite internet in a conflict zone.

The "Palantirization" of intelligence and what comes next

Industry insiders described to Haaretz what they call the "Palantirization" of homeland security: a structural shift away from the targeted exploitation of individual encrypted devices - as with NSO Group's Pegasus spyware or Paragon - toward mass surveillance achieved through the aggregation and analysis of vast datasets. The model was, according to the investigation, pioneered by the American firm Palantir, which sells to the U.S. military and the CIA.

In this model, the attack surface is not a phone or a laptop. It is the data supply chain itself. Starlink terminals that were designed to be anonymous by virtue of operating outside national telecoms infrastructure become traceable because the humans using them carry smartphones generating advertising signals. The terminal provides the internet. The advertising ecosystem - built to serve ads - provides the identifiers that connect a terminal to a person.

The Stargetz and Rayzone systems join what Haaretz described as a growing portfolio of products illustrating the transformation that artificial intelligence has brought to the cyber intelligence industry. A vehicle-tracking intelligence capability, or "CarINT," was separately exposed by Haaretz prior to the Starlink investigation. These tools represent a category of product that does not require exploiting a software vulnerability or intercepting an encrypted signal. They require only access to the data that commercial platforms generate and sell in the normal course of business.

For the advertising industry, this creates a responsibility question that sits largely unresolved. Texas secured a $1.375 billion settlement from Google in a case centered on location data collection without proper consent, and California fined a data broker $45,000 for selling health condition lists under the state's Delete Act. These enforcement actions address privacy violations within the commercial context. They do not address the downstream use of that same data by intelligence firms operating outside U.S. or EU jurisdiction.

O Cearbhaill's comment pointed in the same direction: the problem is not simply that a bad actor obtained data illegally. The problem is that the data was generated, sold, and traded lawfully, and then applied to a purpose - identifying political dissidents or journalists using satellite internet - that no user consented to and that no advertising platform disclosed.

What this means for the marketing community

The marketing industry has long operated on the assumption that device identifiers, location signals, and behavioral data collected for advertising purposes are governed primarily by privacy law and consumer protection frameworks. The Haaretz investigation suggests the actual scope of that data's potential use is substantially broader.

Advertising identifiers are universal. Apple's IDFA and Google's equivalent are present on virtually every smartphone in service. They are not controlled for export. They flow through RTB auctions, data management platforms, mobile measurement partners, and data brokers in a chain that has limited visibility at any single point. When an intelligence firm combines those identifiers with IP address data, location signals, and social media activity - using machine learning to resolve them against known Starlink terminal locations - the advertising data supply chain becomes, inadvertently, a surveillance input.

ICE's 2026 RFI for ad tech surveillance capabilities described the commercial data industry as having assembled surveillance infrastructure comparable to intelligence capabilities. The Stargetz demonstration, in which a terminal linked to a Mexican phone number was resolved to a person moving between Pakistan and Iran, illustrates what that infrastructure can produce when applied at the country level by a well-funded buyer.

The investigation also highlights the limits of anonymization. Starlink terminals are not personally registered in a way that links a terminal to a specific individual. That is precisely what these tools are designed to overcome. Deanonymization - the process of stripping away the technical anonymity of a device and linking it to a human - is exactly the capability being marketed. And according to the Haaretz report, roughly 200,000 of the one million terminals monitored had already been deanonymized at the time of the demonstration.

Timeline

  • 2016 - Verint markets a satellite interception product called Starsky to India, tapping lines connecting satellite beams to national telephone infrastructure - a method made obsolete by Starlink's architecture
  • 2018 - Starlink launches commercially; Haaretz identifies this as approximately seven years before the investigation was published
  • September 2024 - Proximic by Comscore publishes State of Privacy in Advertising Report, finding nearly 40% of advertisers face difficulties with audience data availability under privacy laws
  • October 2025 - Check My Ads challenges MRC auction transparency standards, citing FTC litigation against Mobilewalla for collecting sensitive location data via RTB bidding
  • November 1, 2025 - Texas secures $1.375 billion settlement from Google in a case centered on covert location data collection
  • December 15, 2025 - Texas sues Hisense over smart TV ACR surveillance affecting 1.27 million residents, illustrating the expansion of consumer surveillance through commercial technology
  • December 30, 2025 - California fines data broker Datamasters $45,000 for selling health condition lists without registration under the Delete Act
  • January 25, 2026 - ICE issues a Request for Information seeking commercial ad tech and location data services for federal investigative use, with a response deadline of February 2, 2026
  • 2025 - Starlink reports nine million subscribers across 150 countries; Haaretz identifies this as the figure current at time of investigation
  • May 12, 2026 - Haaretz publishes investigation revealing TargetTeam's Stargetz system and Rayzone's Starlink-monitoring capability; both firms identified as the only known commercial providers of such tools

Summary

Who: Two Israeli-owned companies - TargetTeam, incorporated in Cyprus and founded by alumni of Rayzone and Cognyte, and Rayzone, an established Israeli intelligence firm whose sales are overseen by Israel's Defense Ministry. The investigation was conducted by Haaretz journalist Omer Benjakob. Amnesty International's Security Lab also provided comment.

What: The companies have developed and are actively selling to government clients systems capable of locating and identifying users of SpaceX's Starlink satellite internet service. TargetTeam's system, called Stargetz, monitored close to one million terminals at time of demonstration, with approximately 200,000 having been deanonymized. Rayzone markets a comparable capability alongside its broader intelligence product suite. Both systems rely on data fusion rather than traffic interception, and both firms also sell advertising-based intelligence products, with unique advertising identifiers - the same codes used to serve personalized ads - appearing central to the deanonymization capability.

When: The Haaretz investigation was published on May 12, 2026. The Verint Starsky product it references for historical comparison was marketed to India in 2016.

Where: TargetTeam is based in Cyprus. Rayzone operates in Israel under Defense Ministry oversight. The Stargetz demonstration was conducted for an unidentified client in Vienna. The systems claim global coverage, with the demonstration showing terminals across the Middle East, India, Russia, China, and offshore maritime areas.

Why: States - particularly those focused on counterterrorism, sanctions enforcement, and border control - have sought tools to locate users of Starlink, which operates outside national telecommunications infrastructure and is therefore inaccessible to traditional signals interception. The commercial availability of these tools marks a shift: what was previously achievable only through state-level infrastructure is now available to any government buyer. The advertising data supply chain, built to serve personalized digital advertising, has become an unintended input to intelligence products with no mechanism for consumer awareness or consent.

Share this article
The link has been copied!