Re: Greek cellular wiretapping scandal
* Steven M. Bellovin: I have more than a passing aquaintance with the complexity of phone switch software; doing that was *hard* for anyone, especially anyone not a switch developer. Isn't Ericsson's switching software written in Erlang, is highly modular and officially supports run-time code replacement (like many COBOL systems, but unlike, say, traditional IOS)? This means that at least no rootkit is needed. You just replace the parts of the system you are interested in using the standard system interfaces intended for this purpose. Of course, the complexity of the attack is still significant. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Greek cellular wiretapping scandal
From a non-technical perspective, at least one death may be linked to the incident. A communications expert who was working on the switch apparently commited suicide, but this has been questioned by some. It was recently concluded that there was no foul play involved in his tragic death. The arguments are convincing enough. However, it has not been concluded yet if he was somehow involved in or had knowledge about the wiretapping, and whether this might have been a factor in his suicide. were in contact via phone calls and text messages with various overseas destinations, namely the U.S., including Laurel, Md., the snip Guess what's just to the east of Laurel, MD... On the other hand, exposing links like that is clumsy -- could it be disinformation? Yes, it might have been clumsy operation-wise. Clumsiness was involved in last year's incident in Italy: it was a trail of casual cellphone use that tripped up the 19 purported CIA operatives wanted by Italian authorities in the alleged kidnapping of a radical Muslim cleric. http://www.cnn.com/2005/WORLD/europe/07/28/cia.phonetrail.ap/. On the other hand, no publicly available information has linked the locations of the phones involved in the Greek wiretapping with foreign agencies. Various opinions have been voiced on who might be behind this affair, but no accusations have been made against the US or any other government. And one of the phones monitored was from the American embassy in Athens -- or is that the disinformation? Or is NSA spying on the embassy? You are in a maze of twisty little spooks, all different. One telephone was listed to an inconspicuous Greek-American at the US Embassy. Journalists learned the phone had been lent to the embassy's Greek police security detail. http://www.thenation.com/doc/20060320/kiesling The attack was very sophisticated, and required a great deal of arcane knowledge. Whoever did it had detailed knowledge of Ericsson switches, and probably a test lab with the proper Ericsson gear. It strongly suggests that Ericsson and/or Vodafone insiders were involved -- my guess is both. But who did it, and why, remains obscure. The investigation is still ongoing. It will be interesting to read the final report. Alexander Philippou - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Greek cellular wiretapping scandal
The Greek cellular wiretapping scandal was the subject of a front-page article in today's Wall Street Journal. (It's http://online.wsj.com/article/SB115085571895085969.html?mod=hps_us_pageone for subscribers.) The broad outlines of the story are familiar to anyone who has been following the story -- a Lawful Intercept mechanism was abused to send copies of certain calls to prepaid cell phone numbers -- but the details are interesting. From a non-technical perspective, at least one death may be linked to the incident. A communications expert who was working on the switch apparently commited suicide, but this has been questioned by some. He told his fiancée not long before he died that it had become a matter of life or death that he leave [Vodafone] The problem was discovered when some people had problems sending text messages; the link between the two issues is unclear. The bug itself wasn't simply a matter of turning on Lawful Intercept. That software did exist in the switch, but everyone says it wasn't activated and Ericsson wasn't paid for it. (Aside: Greece does have a CALEA-like law, which means it should have been enabled.) Vodafone denies even knowing about such software, which strikes me as improbable. In addition, the attack required some other software that activated the Lawful Intercept but hid its existence. In other words, it was a rootkit running on a phone switch. I have more than a passing aquaintance with the complexity of phone switch software; doing that was *hard* for anyone, especially anyone not a switch developer. Installing the rogue software quite likely involved authorized access to Vodafone's networks. Most suspicious, the prepaid phones that could pick up the calls were in contact via phone calls and text messages with various overseas destinations, namely the U.S., including Laurel, Md., the U.K., Sweden and Australia, according to the ADAE preliminary report. Some of these calls and messages were initiated and received directly from the 14 interceptor phones and some were relayed via a second group of at least three other prepaid phones that also were in contact with the 14 interceptor phones. Guess what's just to the east of Laurel, MD... On the other hand, exposing links like that is clumsy -- could it be disinformation? And one of the phones monitored was from the American embassy in Athens -- or is that the disinformation? Or is NSA spying on the embassy? You are in a maze of twisty little spooks, all different. The attack was very sophisticated, and required a great deal of arcane knowledge. Whoever did it had detailed knowledge of Ericsson switches, and probably a test lab with the proper Ericsson gear. It strongly suggests that Ericsson and/or Vodafone insiders were involved -- my guess is both. But who did it, and why, remains obscure. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]