Welcome to European Tribune. It's gone a bit quiet around here these days, but it's still going.

Greek wiretapping scandal redux

by talos Mon Jul 9th, 2007 at 08:50:40 AM EST

IEEE Spectrum has an excellent article, written by two Greek Computer Scientists (V. Prevelakis and D. Spinellis) about last year's wiretapping scandal, a scandal about which I reported here in the European Tribune at the time (1, 2, 3, 4, see also the relevant Wikipedia article, and former US diplomat's Brady Kiesling summing up of the affair)

The article provides an astonishingly detailed investigation on the technical aspects of the wiretap, and explains the highly sophisticated methods used. This highlights the fact that the operation was surely the work of highly skilled professionals, with intimate knowledge of Vodafone's and Ericsson's systems (Prevelakis and Spinellis mention in a sidebar the various scenarios circulating). It's also a great introduction to various technical aspects of mobile telephony BTW.

Update: One of the two authors (Dr. Spinellis) of the IEEE Spectrum article was kind enough to comment on the issue in the discussion thread.


Promoted by afew


I note that, while the official investigation did not uncover the culprits of the physical attack, it did fine Vodafone (for misdeeds and omissions mentioned in the IEEE Spectrum article) a quite substantial sum of 76 million Euros. Worth noting is that Vodafone, as the scandal was still under investigation, promoted Vodafone-Greece's CEO to regional director.

[crossposted at histologion]

Display:
Thanks for keeping us posted...though its getting more and more difficult to keep the scandals sorted out...

"Once in awhile we get shown the light, in the strangest of places, if we look at it right" - Hunter/Garcia
by whataboutbob on Wed Jul 4th, 2007 at 10:49:36 AM EST
BTW - a side remark and a different discussion: the article demonstrates that in technical/technological matters academics/scientists are often vastly better in presenting a story to a literate (at least) audience than journalists. I'm not sure that there are many journalists who could retrieve, analyse and present the technical details of the wiretaps as clearly and efficiently as the the authors of the Spectrum article.

The road of excess leads to the palace of wisdom - William Blake
by talos (mihalis at gmail dot com) on Wed Jul 4th, 2007 at 01:37:27 PM EST
True. But there aren't that many academics/scientists capable of it either...

It is a good article, right enough.

"The future is already here -- it's just not very evenly distributed" William Gibson

by ChrisCook (cojockathotmaildotcom) on Wed Jul 4th, 2007 at 04:45:21 PM EST
[ Parent ]
And of course the $64,000 question.

Who was it?

And where else has it been going on?

I bet Vodaphone has been conducting a thorough review, and if they haven't, I should think Ericsson has.

"The future is already here -- it's just not very evenly distributed" William Gibson

by ChrisCook (cojockathotmaildotcom) on Wed Jul 4th, 2007 at 04:48:02 PM EST
[ Parent ]
In Italy. Telecom. Sismi. The works.
by de Gondi (publiobestia aaaatttthotmaildaughtusual) on Thu Jul 5th, 2007 at 04:49:06 PM EST
[ Parent ]
Let me note here the great job that the IEEE Spectrum staff editors and graphic artists did with our submission.  Very few (if any) pieces of the original submitted article survived the editing process.  Through many iterations we had to explain every technical term in plain words, remove technical details that weren't needed, and guide the graphic artists to create the beautiful pictures you see in the article.
by dds (dds at aueb dot gr) on Sun Jul 8th, 2007 at 02:48:59 PM EST
[ Parent ]
Welcome to ET, dds.
by afew (afew(a in a circle)eurotrib_dot_com) on Sun Jul 8th, 2007 at 02:58:53 PM EST
[ Parent ]
Welcome and kudos for the article to all involved. Brilliant work.

The road of excess leads to the palace of wisdom - William Blake
by talos (mihalis at gmail dot com) on Sun Jul 8th, 2007 at 05:47:22 PM EST
[ Parent ]
And since you're here, I wonder if you could elaborate on the following:

To piece together this story, we have pored through hundreds of pages of depositions, taken by the Greek parliamentary committee investigating the affair, obtained through a freedom of information request filed with the Greek Parliament

"Freedom of information request"? I wasn't aware we had such a thing. Does it apply only to parliamentary committees or does it apply to other government agencies? Is it mandatory that they provide the material, or is it  up to the parliament? Was the information classified before the request? Can one file such a request and expect to acquire information from other agencies and authorities i.e. ADAE or EYP (Greek Intelligence Service) or any ministry?

And another question: Were a similar break in to have occurred in other telephone providers (say Cosomote, or TIM) could all traces of it have been erased once the perpetrators knew that they have been exposed? I mean given that between the public announcement and the actual act there was a year's time, were someone to investigate the other providers for similar setups (as apparently was the case) would it be possible to trace the break months later, or could the perpetrators wipe out all incriminating evidence. That is: how certain can we be that the exact same thing didn't happen with other major providers in Greece but went unnoticed?

The road of excess leads to the palace of wisdom - William Blake

by talos (mihalis at gmail dot com) on Sun Jul 8th, 2007 at 06:11:20 PM EST
[ Parent ]

"Freedom of information request"? I wasn't aware we had such a thing.

Yes, Greece has such legislation, since 1996.  Some time ago I added the details in the corresponding Wikipedia page. Unfortunately, public administration bodies are reluctant to embrace the spirit of this idea.  For instance, ADAE refused my request with a reply providing four different reasons why they couldn't grant it.  To me this means that their legal counsel drafted it under instructions to refuse the request.



Were a similar break in to have occurred in other telephone providers (say Cosomote, or TIM) could all traces of it have been erased once the perpetrators knew that they have been exposed?

An interesting idea.  It is plausible, but, I doubt that the same installation vector (insider, backdoor or security hole) could be replicated across all three operators.  I also think that if such a breakin were to occur in other providers we would find traces through the calls made to the shadow phones.  It is conceivable that a separate set of shadow phones were used for each provider, but the fact that the interceptors did not handle the shadow phones with the care they should tells me that if more shadow phones existed they would have been discovered.
by dds (dds at aueb dot gr) on Mon Jul 9th, 2007 at 03:48:02 AM EST
[ Parent ]
The linked article is really interesting, I too recommend others to read it.

There was one point not clear to me. It is one thing that Vodafone foolishly(?) deleted the spy program before investigators would have got the chance to catch the spies in the act. But, if the program was copied and its phone number database too, what about the phone numbers of the shadow phones?

*Lunatic*, n.
One whose delusions are out of fashion.

by DoDo on Fri Jul 6th, 2007 at 04:31:54 AM EST
If I understand your question correctly: the phone numbers of the shadow phones are known, and the numbers that they called are known also (thus Fort Meade). But the phones were card phones, with no identities attached to them.

The road of excess leads to the palace of wisdom - William Blake
by talos (mihalis at gmail dot com) on Fri Jul 6th, 2007 at 06:17:24 AM EST
[ Parent ]
D'oh, I remember that about Fort Meade! But this track is completely lacking in the IEEE article.

*Lunatic*, n.
One whose delusions are out of fashion.
by DoDo on Fri Jul 6th, 2007 at 06:26:16 AM EST
[ Parent ]
We decided to focus on the technical side and ignore the whodoneit angle.  I don't think as outsider scientists we could contribute any ideas or substance that were not already known.
by dds (dds at aueb dot gr) on Sun Jul 8th, 2007 at 02:51:09 PM EST
[ Parent ]
On the technical side I searched where I've seen AXE mentionned and found it, it's in the history of the (very interesting) Erlang language way through Ericsson:

http://www.cs.chalmers.se/~rjmh/Armstrong/bits.ps

The last slide is an amusing historical reference for geeks :)

by Laurent GUERBY on Sun Jul 8th, 2007 at 03:27:04 PM EST
[ Parent ]
Even without identity, you can trace the shadow phone physical location and movements (if any) like for any cell phone.

I don't know if that lead was explored, the article sidebar hints at it:


[...]
Another popular theory posits that the U.S. National Security Agency, Central Intelligence Agency, or some other U.S. spy agency did it. The location of the monitored phones correlates nicely with apartments and other property under the control of the U.S. Embassy in Athens.
[...]

If the shadow phones number in the hundred some things becomes really hard to hide. And conspiracy theory of having the real spy hiding all the shadow phones near USA property undiscovered for more than a year harder to believe.

by Laurent GUERBY on Sun Jul 8th, 2007 at 03:46:00 PM EST
[ Parent ]
The problem was that the perpetrators found out that their illegal phonetapping had been discovered (for example through an insider or when Vodafone removed their software from the exchange) and thus had a chance to switch off / throw away the shadow phones, before anybody could triangulate their location.  Thus, the only thing we know regarding their location are the base stations that these phones used.
by dds (dds at aueb dot gr) on Sun Jul 8th, 2007 at 05:02:33 PM EST
[ Parent ]
With 100 phones that should give an idea :)
by Laurent GUERBY on Sun Jul 8th, 2007 at 05:24:09 PM EST
[ Parent ]
There were only 14-16 shadow phones.  The wiretapped phones were about 100, but it is not those that an investigator would wish to locate.
by dds (dds at aueb dot gr) on Mon Jul 9th, 2007 at 03:58:35 AM EST
[ Parent ]
I also found the article very informative. However there is something that concerns me and I think that it hasn't been discussed: Can we trust that telecom operators will come forward with similar incidents and report them to authorities? Especially if they risk huge fines and damage to their reputations. It has been speculated that Vodafone Greece was forced to come clean because of Tsalikidis suicide. Couldn't they just silently cover it up and never let anyone know? Presumably ADAE makes random audits to all licensed operators but I'm not sure that they have the expertise to discover intrusions at such an advanced level. Even Vodafone employees couldn't and as the article mentions there aren't many experts for this kind of systems. As it is now I think that the only thing that we can depend on is the integrity of the engineers working there.
by hypnotist on Tue Jul 10th, 2007 at 04:01:54 AM EST
You're right on that.  That's why we write in the article

It is particularly important not to turn the investigation into a witch hunt. Especially in cases where the perpetrators are unlikely to be identified, it is often politically expedient to use the telecom operator as a convenient scapegoat. This only encourages operators and their employees to brush incidents under the carpet, and turns them into adversaries of law enforcement. Rather than looking for someone to blame (and punish), it is far better to determine exactly what went wrong and how it can be fixed, not only for that particular operator, but for the industry as a whole.
by dds (dds at aueb dot gr) on Thu Jul 12th, 2007 at 05:38:14 PM EST
[ Parent ]


Display:
Go to: [ European Tribune Homepage : Top of page : Top of comments ]