More on Greek Wiretapping
Earlier this month I blogged about a wiretapping scandal in Greece.
Unknowns tapped the mobile phones of about 100 Greek politicians and offices, including the U.S. embassy in Athens and the Greek prime minister.
Details are sketchy, but it seems that a piece of malicious code was discovered by Ericsson technicians in Vodafone’s mobile phone software. The code tapped into the conference call system. It “conference called” phone calls to 14 prepaid mobile phones where the calls were recorded.
More details are emerging. It turns out that the “malicious code” was actually code designed into the system. It’s eavesdropping code put into the system for the police.
The attackers managed to bypass the authorization mechanisms of the eavesdropping system, and activate the “lawful interception” module in the mobile network. They then redirected about 100 numbers to 14 shadow numbers they controlled. (Here are translations of some of the press conferences with technical details. And here are details of the system used.)
There is an important security lesson here. I have long argued that when you build surveillance mechanisms into communication systems, you invite the bad guys to use those mechanisms for their own purposes. That’s exactly what happened here.
UPDATED TO ADD (3/2): From a reader: “I have an update. There is some news from the ‘Hellenic Authority for the Information and Communication Security and Privacy’ with a few facts and I got a rumor that there is a root backdoor in the telnetd of Ericssons AXE backdoor. (No, I can’t confirm the rumor.)”
Dimitris Andrakakis • March 1, 2006 9:06 AM
The technical commitee that examines the issue concluded that the “intruders” must have had physical access –there was no way this could have been done remotely. So it’s an insider thing.
Link (in Greek, unfortunately, but you can translate at systran.otenet.gr):
http://www.enet.gr/online/online_hprint.jsp?q=%F5%F0%EF%EA%EB%EF%F0%DD%F2&a=&id=80225496