Behind the bugging operation were two pieces of sophisticated software, according to Ericsson. One was Ericsson’s own, some basic elements of which came as a preinstalled feature of the network equipment. When enabled, the feature can be used for lawful interception by government authorities, which has become increasingly common since the Sept. 11 terror attacks. But to use the interception feature, operators like Vodafone would need to pay Ericsson millions of dollars to purchase the additional hardware, software and passwords that are required to activate it. Both companies say Vodafone hadn’t done that in Greece at the time.
The second element was the rogue software that the eavesdroppers implanted in parts of Vodafone’s network to achieve two things: activate the Ericsson-made interception feature and at the same time hide all traces that the feature was in use. Ericsson, which analyzed the software in conjunction with Greece’s independent telecom watchdog, says it didn’t design, develop or install the rogue software.
The software allowed the cellphone calls of the targeted individuals to be monitored via 14 prepaid cellphones, according to the government officials and telecom experts probing the matter. They say when calls to or from one of the more than 100 targeted phones were made, the rogue software enabled one of the interceptor phones to be connected also.
The interceptor phones likely enabled conversations to be secretly recorded elsewhere, the government said during a February 2006 news conference. At least some of the prepaid cellphones were activated between June and August 2004. Such cellphones, particularly when paid for in cash, typically are harder to trace than those acquired with a monthly subscription plan.
Vodafone claims it didn’t know that even the basic elements of the legal interception software were included in the equipment it bought. Ericsson never informed the service provider’s top managers in Greece that the features were included nor was there a “special briefing” to the relevant technical division, according to a Vodafone statement in March.
But Ericsson’s top executive in Greece, Bill Zikou, claimed during parliamentary-committee testimony that his company had informed Vodafone about the feature via its sales force and instruction manuals.
Vodafone and Ericsson discovered something was amiss in late January 2005 when some Greek cellphone users started complaining about problems sending text messages. Vodafone asked Ericsson to look into the issue. Ericsson’s technicians spent several weeks trying to figure out the problem, with help from the equipment maker’s technical experts at its headquarters in Sweden. In early March of that year, Ericsson’s technicians told Vodafone’s technology director in Greece of their unusual discovery about the cause of the problems: software that appeared to be capable of illegally monitoring calls. It’s unclear exactly how the rogue software caused the text-messaging problem.
Ericsson confirmed the software was able to monitor calls, and Vodafone soon discovered that the targeted phones included those used by some of the country’s most important officials. On March 8, Mr. Koronias ordered that the illegal bugging program be shut down, in a move he has said was made to protect the privacy of its customers. He called the prime minister’s office the next evening.
The head of Greece’s intelligence service, Ioannis Korantis, said in testimony before the parliamentary committee last month that Vodafone’s disabling of the software before authorities could investigate hampered their efforts. “From the moment that the software was shut down, the string broke that could have lead us to who was behind this,” he said. Separately, he distanced his own agency from the bugging effort, saying it didn’t have the technical know-how to effectively monitor cellphone calls.
Entries Tagged "phones"
Page 16 of 18
The basic service that Pena provided is not uncommon. Telecommunications brokers often buy long-distance minutes from carriers—especially VoIP carriers—and then re-sell those minutes directly to customers. They make money by marking up the services they buy from carriers.
Pena sold minutes to customers, but rather than buy the minutes, he instead decided to hack into the Internet phone company networks, and route calls over those networks surreptitiously, say prosecutors. So he had to pay virtually no costs for providing phone service.
Fascinating essay about how EU law would treat the NSA’s collection of everyone’s phone records.
There’s other NSA news today: USA Today is reporting that the NSA is collecting a massive traffic-analysis database on Americans’ phone calls. This looks like yet another piece of Echelon technology turned against Americans.
The NSA’s domestic program, as described by sources, is far more expansive than what the White House has acknowledged. Last year, Bush said he had authorized the NSA to eavesdrop—without warrants—on international calls and international e-mails of people suspected of having links to terrorists when one party to the communication is in the USA. Warrants have also not been used in the NSA’s efforts to create a national call database.
The government is collecting “external” data on domestic phone calls but is not intercepting “internals,” a term for the actual content of the communication, according to a U.S. intelligence official familiar with the program. This kind of data collection from phone companies is not uncommon; it’s been done before, though never on this large a scale, the official said. The data are used for “social network analysis,” the official said, meaning to study how terrorist networks contact each other and how they are tied together.
Note that this database does not just contain phone calls that either originate or terminate outside the U.S. This database is mostly domestic calls: calls we all make everyday.
AT&T, Verizon, and BellSouth are all providing this information to the NSA. Only Quest has refused.
According to sources familiar with the events, Qwest’s CEO at the time, Joe Nacchio, was deeply troubled by the NSA’s assertion that Qwest didn’t need a court order—or approval under FISA—to proceed. Adding to the tension, Qwest was unclear about who, exactly, would have access to its customers’ information and how that information might be used.
Financial implications were also a concern, the sources said. Carriers that illegally divulge calling information can be subjected to heavy fines. The NSA was asking Qwest to turn over millions of records. The fines, in the aggregate, could have been substantial.
The NSA told Qwest that other government agencies, including the FBI, CIA and DEA, also might have access to the database, the sources said. As a matter of practice, the NSA regularly shares its information—known as “product” in intelligence circles—with other intelligence groups. Even so, Qwest’s lawyers were troubled by the expansiveness of the NSA request, the sources said.
The NSA, which needed Qwest’s participation to completely cover the country, pushed back hard.
Trying to put pressure on Qwest, NSA representatives pointedly told Qwest that it was the lone holdout among the big telecommunications companies. It also tried appealing to Qwest’s patriotic side: In one meeting, an NSA representative suggested that Qwest’s refusal to contribute to the database could compromise national security, one person recalled.
In addition, the agency suggested that Qwest’s foot-dragging might affect its ability to get future classified work with the government. Like other big telecommunications companies, Qwest already had classified contracts and hoped to get more.
Unable to get comfortable with what NSA was proposing, Qwest’s lawyers asked NSA to take its proposal to the FISA court. According to the sources, the agency refused.
We should also assume that the cellphone companies received the same pressure, and probably caved.
This is important to every American, not just those with something to hide. Matthew Yglesias explains why:
It’s important to link this up to the broader chain. One thing the Bush administration says it can do with this meta-data is to start tapping your calls and listening in, without getting a warrant from anyone. Having listened in on your calls, the administration asserts that if it doesn’t like what it hears, it has the authority to detain you indefinitely without trial or charges, torture you until you confess or implicate others, extradite you to a Third World country to be tortured, ship you to a secret prison facility in Eastern Europe, or all of the above. If, having kidnapped and tortured you, the administration determines you were innocent after all, you’ll be dumped without papers somewhere in Albania left to fend for yourself.
Judicial oversight is a security system, and unchecked military and police power is a security threat.
Verizon has announced that is has activated the Access Overload Control (ACCOLC) system, allowing some cell phones to have priority access to the network, even when the network is overloaded.
If you are a first responder with a Verizon phone, please visit the government’s WPS Requestor to provide the necessary information to have your handset activated.
Sounds like you’re going to have to enter some sort of code into your handset. I wonder how long before someone hacks that system.
Technology Review has an interesting article discussing some of the technologies used by the NSA in its warrantless wiretapping program, some of them from the killed Total Information Awareness (TIA) program.
Washington’s lawmakers ostensibly killed the TIA project in Section 8131 of the Department of Defense Appropriations Act for fiscal 2004. But legislators wrote a classified annex to that document which preserved funding for TIA’s component technologies, if they were transferred to other government agencies, say sources who have seen the document, according to reports first published in The National Journal. Congress did stipulate that those technologies should only be used for military or foreign intelligence purposes against non-U.S. citizens. Still, while those component projects’ names were changed, their funding remained intact, sometimes under the same contracts.
Thus, two principal components of the overall TIA project have migrated to the Advanced Research and Development Activity (ARDA), which is housed somewhere among the 60-odd buildings of “Crypto City,” as NSA headquarters in Fort Meade, MD, is nicknamed. One of the TIA components that ARDA acquired, the Information Awareness Prototype System, was the core architecture that would have integrated all the information extraction, analysis, and dissemination tools developed under TIA. According to The National Journal, it was renamed “Basketball.” The other, Genoa II, used information technologies to help analysts and decision makers anticipate and pre-empt terrorist attacks. It was renamed “Topsail.”
Interesting details emerging from EFF’s lawsuit:
According to a statement released by Klein’s attorney, an NSA agent showed up at the San Francisco switching center in 2002 to interview a management-level technician for a special job. In January 2003, Klein observed a new room being built adjacent to the room housing AT&T’s #4ESS switching equipment, which is responsible for routing long distance and international calls.
“I learned that the person whom the NSA interviewed for the secret job was the person working to install equipment in this room,” Klein wrote. “The regular technician work force was not allowed in the room.”
Klein’s job eventually included connecting internet circuits to a splitting cabinet that led to the secret room. During the course of that work, he learned from a co-worker that similar cabinets were being installed in other cities, including Seattle, San Jose, Los Angeles and San Diego.
“While doing my job, I learned that fiber optic cables from the secret room were tapping into the Worldnet (AT&T’s internet service) circuits by splitting off a portion of the light signal,” Klein wrote.
The split circuits included traffic from peering links connecting to other internet backbone providers, meaning that AT&T was also diverting traffic routed from its network to or from other domestic and international providers, according to Klein’s statement.
The secret room also included data-mining equipment called a Narus STA 6400, “known to be used particularly by government intelligence agencies because of its ability to sift through large amounts of data looking for preprogrammed targets,” according to Klein’s statement.
Narus, whose website touts AT&T as a client, sells software to help internet service providers and telecoms monitor and manage their networks, look for intrusions, and wiretap phone calls as mandated by federal law.
More about what the Narus box can do.
EDITED TO ADD (4/14): More about Narus.
Sidebar photo of Bruce Schneier by Joe MacInnis.