Schneier on Security

The internal risk again, but this time they *did* get caught.

This type of attack is so hard to defend against and is a good example of why the watchers must be watched.

Vodafone clearly had no economic motivation to efficiently secure their network. I hope we see substantial economic penality to provide that motivation.

This reminds me of the Crypto AG story. In the 80s (or was it the 70s), the NSA managed to get a back door inserted into Crypto AG's encryption hardware; Libya was a big customer, so they could read all of the Libyan government's "secure" communications.

Maybe the US spooks are still at it, bribing employees of foreign telecom companies to bug their equipment. Or maybe it's the Turks, or just domestic crooks.

i vas just followink orders!

"The apparent suicide of its network planning manager, Kostas Tsalikides, a day after the discovery of the devices ..."
To acquire the services of an insider, bribery and/or blackmail is sometime used. Typically, somenbody is offered a small bribe to do something harmless looking but clearly a breach of trust. Once an employee has been trapped by the possibility of exposure for their breach of trust, then the employee can be blackmailed into doing an attacker's bidding. I believe this sort of thing has been seen before in the banking industry. It is the classic way to gain leverage over insiders. I feel sorry for Kostas Tsalikides. I have no doubt he was trapped in a situation where he had to choose between personal disgrace or doing the NSA'a bidding and hoping it all faded away.
When "big boys" like NSA, organized crime etc do this it is always the small people who get hurt

This may hark back to other irregularities
in the Greek government which have to do
with 'stay-behind groups' like the Italian Gladio.

Gladio: http://en.wikipedia.org/wiki/Operation_Gladio

Very well researched in a book by this person here:
http://www.css.ethz.ch/people/stafflist/dganser/index
https://www.rdb.ethz.ch/projects/project.php?proj_id=8960&type=search&z_detailed=1&z_popular=1&z_keywords=1
Book:
http://www.amazon.com/gp/product/0714656070/sr=8-2/qid=1152635796/ref=sr_1_2/002-9041282-6408841?ie=UTF8

I am receiving emails that have no message in the body of the email;yet my seders say the email has one;I cannot open any message.What am i doing wrong?

All in all there does not appear to be anything new "technically" in the press release. Interestingly they name some of the WASP countries who are part of the UKUSA ComInt pact as being destination countries (I see smoke obscuring a mirror or three ;).

More importantly it does not indicate if those named are "Squirels" or "Goats" or indicate who the "Directing Mind" was/is.

It might well be the case that there is one very senior prinicpal within the organisation who simply issued orders down to selected subordinate staff. As was once pointed out to me many years ago,

"The chain of command like any chain is easily broken by breaking one weak link"

Unfortunatly for investigators it is likewise difficult to work back up the chain from physical evicence to the "directing mind" when the chain is broken.

I get the feeling that the final outcome of this, is in reality going to be inconclusive, and will just fade away once the sacrificial goats have been slaughtered.

One thing I have not seen mentioned anywhere is "billing information", telcos are fairly hot on knowing exactly who/when utilised their resources and to where the bill should be sent.
Probably the hardest part of keeping this sort of thing covered up would be aranging either payment, or suppressing the billing system from registering the outbound calls...

You would need to either find somebody sufficiently senior in the Telco to sign off on the costs and be able to get the "upgrade" software installed (which puts them up with the eagles). Or a number of people at the lower levels not just in the network side but also in the billing side.

> When "big boys" like NSA,
> organized crime etc do this it is
> always the small people who get hurt

Interesting how you view NSA as distinct from organized crime. I've always thought the NSA was very organized.

OK, point well made funkyj.

@Ralph: "why the watchers must be watched."

And who, may I ask, is going to watch the watcher-watchers? And the watcher-watcher-watcherers? Soon we will all be watching the backs of our own heads without realising it is us, as the guy in the CCTV shot reaches for the big red button, and we reach for the big red button and OMG.