Re: Greek cellular wiretapping scandal

[Florian Weimer]

* Steven M. Bellovin:

 I have more than a passing aquaintance with the complexity of phone
 switch software; doing that was *hard* for anyone, especially anyone
 not a switch developer.

Isn't Ericsson's switching software written in Erlang, is highly
modular and officially supports run-time code replacement (like many
COBOL systems, but unlike, say, traditional IOS)?  This means that at
least no rootkit is needed.  You just replace the parts of the
system you are interested in using the standard system interfaces
intended for this purpose.  Of course, the complexity of the attack is
still significant.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

RE: Greek cellular wiretapping scandal

[Alexander Philippou]

 From a non-technical perspective, at least one death may be 
 linked to the incident.  A communications expert who was working on the 
 switch apparently commited suicide, but this has been 
 questioned by some.

It was recently concluded that there was no foul play involved in his tragic
death. The arguments are convincing enough. However, it has not been
concluded yet if he was somehow involved in or had knowledge about the
wiretapping, and whether this might have been a factor in his suicide.

 were in contact via phone calls and text messages with various
 overseas destinations, namely the U.S., including Laurel, Md.,
the
snip
 Guess what's just to the east of Laurel, MD...  On the other 
 hand, exposing links like that is clumsy -- could it be 
 disinformation?

Yes, it might have been clumsy operation-wise. Clumsiness was involved in
last year's incident in Italy: it was a trail of casual cellphone use that
tripped up the 19 purported CIA operatives wanted by Italian authorities in
the alleged kidnapping of a radical Muslim cleric.
http://www.cnn.com/2005/WORLD/europe/07/28/cia.phonetrail.ap/. On the other
hand, no publicly available information has linked the locations of the
phones involved in the Greek wiretapping with foreign agencies. Various
opinions have been voiced on who might be behind this affair, but no
accusations have been made against the US or any other government.

  And one of the phones monitored was from the 
 American embassy in Athens -- or is that the disinformation?  
 Or is NSA spying on the embassy?  You are in a maze of twisty 
 little spooks, all different.

One telephone was listed to an inconspicuous Greek-American at the US
Embassy. Journalists learned the phone had been lent to the embassy's Greek
police security detail. http://www.thenation.com/doc/20060320/kiesling

 The attack was very sophisticated, and required a great deal 
 of arcane knowledge.  Whoever did it had detailed knowledge 
 of Ericsson switches, and probably a test lab with the proper 
 Ericsson gear.  It strongly suggests that Ericsson and/or 
 Vodafone insiders were involved -- my guess is both.  But who 
 did it, and why, remains obscure.

The investigation is still ongoing. It will be interesting to read the final
report.

Alexander Philippou


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]