Slashdot Mirror

← Back to Stories (view on slashdot.org)

Greek, U.S. Officials Tapped For Years

Posted by Zonk on from the privacy-is-not-a-right dept.

Bruce Schneier posts on a story being reported in the Seattle Intelligencer. Greek and U.S. officials in Greece apparently had their phones tapped for over a year before the 2004 Olympics. From the article: "It was not known who was responsible for the taps, which numbered about 100 and included Greek Prime Minister Costas Caramanlis and his wife, and the ministers of foreign affairs, defense, public order and justice. Most of Greece's top military and police officers were also targeted, as were foreign ministry officials and a U.S. embassy number. Also tapped were some journalists and human rights activists." Schneier gives a bit of technical background on how the tapping was accomplished.

14 of 236 comments (clear)

  1. Well duh by DarkClown · · Score: 3, Interesting

    does this surprise anyone? it's the admissability in court that's really the big deal, as well as being able to point to the use of it in ongoing investigations between agencies and oversight.

    1. Re:Well duh by Anonymous Coward · · Score: 1, Interesting
      I'm sure the US embassy already has recording devices on all the phones; it's hard for me to believe US spies would tap the US embassy.

      I have no idea whether the US embassy was involved, but US's intelligence service (along with UK, France, Germany etc) would be sophisticated to put bugs onto their own phone lines for reasons of plausible deniability. Of course, the bugs will then have to be sophisticated enough to either not really bug (which potentially compromises the plausible deniability aspect) or bug and transmit, but in an encrypted manner so that your allies (Greece/US as well as the EU one below are all allies), can't use it to bug you instead. Here's a story about phone tapping in the EU a few years ago.

      In this case, who has access to insert software trojan horses in Vodafone software? Do Vodafone not have records of access (free from tampering)? Or was it a more sophisticated operation involving multiple Vodafone employees?

  2. Organized Crime? by egarland · · Score: 5, Interesting

    This sounds like an organized crime activity to me. Lots of cash flowing around and knowing people's secrets could be just what somebody needed to get a fat contract where they could skim millions. Follow the money and you'll probably find who did this, even if you cant prove it.

    I wouldn't be surpriesd if organized crime here in the US hadn't figured out a way to tap into people's phone calls. The telepone companies don't seem to care who listens to our phone calls anymore.

    It's time for end to end encryption of all communications. We should get an SSL session from one handset to the other.

    --
    set softtabstop=4 shiftwidth=4 expandtab nocp worlddomination
  3. Re:Interesting by kent_eh · · Score: 4, Interesting
    How did they get access to the phones


    They didn't have to.

    They (whoever "they" is) did it all from the telephone company switch.

    This is exactly the same mechanism that is used for "proper" (IE: court ordered, law enforcement initiated) taps.

    A command is issued in the switch that makes any future calls to or from the "target" phone part of a conference. The 3rd party in the conference would normally be a one-way audio device, that is connected to the police recording equipment.

    In this case, it appears that the monitoring party was another cell phone (a pre-paid one, hard to track down who it belongs to).

    The "hack" in this case, is really just an un-authorized use of an existing function in the telephone switching platform. It only takes a couple of commands, from a login with appropriate permissions, to do this.


    All that stuff in the movies "..what was that, did you hear a click?" is bogus. I've been involved in a lot of testing of these and you can't tell that there's anything out of the ordinary going on.

    --

    ---
    "I can't complain, but sometimes still do..." Joe Walsh
  4. Re:Interesting by ale3ns · · Score: 2, Interesting

    I'm currently in Greece right now. What they officialy announced was that malicious code triggered a feature of the Ericsson systems Vodafone is using that "duplexes" phone calls. This feature is disabled in Greece by default (or should be anyway) because it is illegal. What is being heavily debated over right now is this: Once Vodafone's administrators found out about the malicious code and the whole illegal setup, they immediantly shut it down, hindering the task of finding the location of the 14 numbers almost impossible. So the question is, if you where in the Vodafone administrator's shoes, would you immediantly shutdown the obviously illegal code, or inform the police before taking action about it?

  5. Not the whole story... by Sub+Zero+992 · · Score: 5, Interesting

    Some more interesting details:

    1) The software used was developed by Vodafone's major supplier,
    Ericsson. It was installed although Vodafone does not own any licenses
    to use it.
    http://news.kathimerini.gr/4dcgi/_w_articles_polit ics_371_03/02/2006_172382

    2) Vodafone was notified by a Reseller, Q-Telecoms, about delays in
    text message delivery, after which they undertook an ad-hoc analysis.
    They found the software, supposedly a remotely activated Trojan (how
    the hell could a Trojan get onto an SMS gateway?), by sheer luck, and
    then disconnected the computer from the network.

    3) The day after (2) the local security manager was discovered dead.
    "Suicide", don't you know.

    4) Ta Nea (http://digital.tanea.gr/) are claiming it was the CIA,
    since the remote proxy used for collecting data appeared to lie in the
    vicinity of the American and / or British embassies. How amateurish is
    that? Their motive was "Anti-Terrorism" before, during and evidently
    also after the 2004 Olympics, which is no doubt why the list of
    mobiles being tracked also included those of some prominent, and very
    very active (if you follow the news about bombs and firebombs at Greek
    banks and ministries, you'll know what I mean) anarchists (not
    commies, much more left wing than those boy-scouts).

    So long,

    --
    They who would give up an essential liberty for temporary security, deserve neither liberty or security - Ben Franklin
  6. Re:Interesting by Rei · · Score: 4, Interesting

    I'd guess that they probably got access at some stage during shipping, not at the factory, and swapped outbound phones with ones modded in at their leisure.

    Never underestimate the power of even a simple device to spy. My favorite spy tool of all time was a plaque given to the US Embassy at Moscow by the Soviets in 1946. The US inspected it and determined that there was absolutely no way it could be bugged. It was ;) It was a hollow cavity resonator - it had a large open space in the center with a simple wire in it. The vibration changed the capacitance between the diaphragm and the post plate, but there was no power source. It was not a bug on its own, but when the Soviets would broadcast a strong radio signal, an induced current would induce currents and stimulate a return broadcast at varying frequencies using the wire as an antenna, with frequency determined by the distance between the diaphragm and the post plate (which was determined by the sound impacting the diaphragm). I.e., a simple arrangement of metal became an FM transmitter when you broadcast radio waves at it.

    --
    Son, a woman is a lot like a refrigerator. They're six feet tall, 300 pounds... they make ice... umm...
  7. Re:Why can't we have... by stanwirth · · Score: 2, Interesting
    The objection to "roll your own" reads:
    1. Build encryptor for phones to hide nefarious deeds
    2. Authorities take interest in you
    3. Authorities tap your phone and find out that they can't decode your speech data
    4. Authorities go " .. Hmmm .. I wonder what he is hiding?" and throws mainframe full of cracking software at the problem.

    Several problems with this objection. First of all STU phones have existed for years (and they keep replacing them with STU I, STU II, STU III etc) -- well because the keep getting cracked. So your point that such a phone couldn't be built -- blunted somewhat.

    Second of all, if you were conducting internet traffic on the same line as your voice traffic, both as packets, one can be disguised as the other.

    This is what VOIP already does -- and is it any wonder that commercial server-mediated VOIP services are being pushed in a situation where FOSS/P2P could do? FOSS/P2P VOIP could be easily disguised as music sharing...oops! That's under attack, too. I wonder why. Is it really just to protect the poor singer/songwriter (and the profits of RIAA members)? Or is it to stigmatize and have an excuse to monitor your most likely covert channel?

  8. Re:Interesting by kent_eh · · Score: 2, Interesting
    This feature is disabled in Greece by default (or should be anyway) because it is illegal Disabled, sure, but it's a standard Ericsson (and every other phone switch maker, as well, I expect) feature. The code to make it happen is part of the system, and all that is needed to turn it on is a handfull of commands (restricted level commands typically issued by Ericsson).
    The collection of Ericsson cell phone switches that I am currently sitting beside (4 of them) have a lot of features available in them, that my employer hasn't bought, and are not enabled. All it'll take to enable those features is a call to Ericsson with a purchase order.

    My wild-assed speculation is that this "hack" was done by an employee, or former employee) who was probably recieving more than one income..

    --

    ---
    "I can't complain, but sometimes still do..." Joe Walsh
  9. Re:Why can't we have... by lawpoop · · Score: 2, Interesting

    Oh really? You mean that all of the corporate boards are dissolved every 2, 4, and 8 years, and new boards are instated?

    You mean that the Democratic and Republican parties are not more than 8 years old?

    All that happens here in the US is that the two political parties trade off every several years. Currently, laws are written in private closed door sessions, when they are not directly written by the corporate interests themselves. Case in point, the recent consumer bankrupcy bill. It was literally written by industry lawyers. And bills are passed in the middle of the night, with little to no floor discussion.

    Open your eyes, man. We live in Corporate fuedalism.

    --
    Computers are useless. They can only give you answers.
    -- Pablo Picasso
  10. Re:So? by Betabug · · Score: 2, Interesting

    > Oh, and I've not read this anywhere else, but there's a post here
    > which gives a few other details, including the mysterious
    > "suicide" of one of the local security officials... not that I can
    > tell you that it's anything real other than some radom dude posted
    > something here

    The story of the Vodafone employee who was found dead two days after the discovery of the "spyware" has been in the TV news here (in Greece) and in some online news reports too. There was a "thorough investigation" by a high ranking state attorney, after which it was declared suicide. Vodafone denies any connection of this death to the phone tapping.

  11. Anyone with real knowledge about phone tapping? by portforward · · Score: 2, Interesting

    I once heard a story about someone who claimed that they were being listened to. This person says that he heard an odd "clicking" and other bizzare noises when he was talking on his home land line. When he complained to the phone company, the repairman said his phone was wired really weird. He claimed that it was wired through to the company he used to work for. This was in the mid-nineties. I don't really trust the word of this person, but I would like to know if this has any validity.

    Now, thanks to the wonder of Slashdot, I can ask multiple people who may know something about this.
    1) Is this story believable?
    2) Do you hear "clicks" if your phone line is being tapped?
    3) Can any private organization arrange to have another wire leading from another phone?

  12. Fasten your seatbelts! by WheelDweller · · Score: 2, Interesting

    If you think this is news, it'll shudder you to your core to know that...brace yourself...the UN is also completely bugged. Been that way since the start.

    A lot of you zombies think it's some good-hearted organization for finding lost puppies, but part of the Iraq-war intel came from there. And it stretches back all the way....I suppose to the Bay of Pigs or so.

    It's not new; it's just new to you...part of how the world has always worked. Don't panic.

    --
    --- For a good time mail uce@ftc.gov
  13. Re:Why can't we have... by mesocyclone · · Score: 2, Interesting

    It's a whole lot easier to just steal your encryption devices, put in something that will give away the keys, and return it.

    Or just put someone hear you when you are talking.

    Or look at other information about you to see if you are worth listening to.

    Or ask a bunch of folks about you.

    Or feed you some information about something nefarious and see if you use encryption to relay it to someone.

    It is way too easy to put your faith in high tech cryptography and high tech cryptanalysis, when old fashioned methods work much better.

    The Venona project ( http://www.nsa.gov/publications/publi00039.cfm ) worked because the Soviet organization for producing one time pads duplicated some of them. Oops!

    So much for high tech.

    --

    The only good weather is bad weather.