| |
How the Greek cellphone network was tapped
by Decius at 1:39 pm EDT, Jul 10, 2007 |
From the cryptography@metzdowd.com list: A fascinating IEEE Spectrum article on the incident in which lawful
intercept facilities were hacked to permit the secret tapping of
the mobile phones of a large number of Greek government officials,
including the Prime Minister: http://www.spectrum.ieee.org/print/5280 Hat tip: Steve Bellovin. Perry
--
Perry E. Metzger perry@piermont.com
This is worth reading. An operation leverages the "lawful intercept" features of telephone switches, combined with rootkit malware specifically designed for the switches, and a collection of corrupt employees for some very unlawful intercepts. One, possibly two deaths. One of the most sophisticated computer intrusions I have ever heard of. Most likely a state intelligence organization. Americans widely suspected. |
| |
RE: How the Greek cellphone network was tapped
by skullaria at 8:08 pm EDT, Jul 10, 2007 |
This is VERY interesting...(from the details)
"we suspect that the software also modified the operation of the command used to print the checksums—codes that create a kind of signature against which the integrity of the existing blocks can be validated. One way or another, the blocks appeared unaltered to the operators." |
|
| |
RE: How the Greek cellphone network was tapped
by flynn23 at 10:21 am EDT, Jul 11, 2007 |
Decius wrote:
From the cryptography@metzdowd.com list: A fascinating IEEE Spectrum article on the incident in which lawful
intercept facilities were hacked to permit the secret tapping of
the mobile phones of a large number of Greek government officials,
including the Prime Minister: http://www.spectrum.ieee.org/print/5280 Hat tip: Steve Bellovin. Perry
--
Perry E. Metzger perry@piermont.com
This is worth reading. An operation leverages the "lawful intercept" features of telephone switches, combined with rootkit malware specifically designed for the switches, and a collection of corrupt employees for some very unlawful intercepts. One, possibly two deaths. One of the most sophisticated computer intrusions I have ever heard of. Most likely a state intelligence organization. Americans widely suspected.
For a long time, there was speculation that the SS7 network was bugged as well, since there were routes which were 'unidentified'. You'd need this to help you determine if a call traversed networks, so that your rootkit at Sprint on the DMS can pick up where your rootkit on the SysV at MCI left off. Once things are in the switch, it's very easy to pipe multiple copies around. ANY switch of any type has code in it, usually in the debug state left by the manufacturer, to let you duplicate trunks. Of course, recompiling the OS's commands is some serious programming and would need someone with adept skill for that particular architecture. I'm sure this happens A LOT, but it's probably done even more skillfully in other installations. There's probably a senior engineer for Ericsson driving around a really nice car bought by his American friends. The fact that this code was modified so low level and that the targets were so diverse clearly indicates a state intelligence organization. Even if the management console was installed, it sounds like the hack could've easily plotted around the audit functions. |
|
How the Greek cellphone network was tapped
by jlang at 12:40 pm EDT, Jul 10, 2007 |
From the cryptography@metzdowd.com list: A fascinating IEEE Spectrum article on the incident in which lawful
intercept facilities were hacked to permit the secret tapping of
the mobile phones of a large number of Greek government officials,
including the Prime Minister: http://www.spectrum.ieee.org/print/5280 Hat tip: Steve Bellovin. Perry
--
Perry E. Metzger perry@piermont.com
|
There is a redundant post from Rattle not displayed in this view.
|
|
