betabug... Sascha Welter

home english | home deutsch | Site Map | Sascha | Kontakt | Pro | Weblog | Wiki

02 February 2006

Phone Tapping Scandal in Greece

Hello Mr. President

From before the 2004 Olympics, until March 2005, about 100 mobile phone numbers of politicians (amongst them also the prime minister) and official offices have been tapped by unknowns. One number under "surveillance" seems to have belonged also to the american embassy. In March 2005 the installation was discovered by an audit (or a check up) from Ericsson technicians, and the officials were informed. Not until today though, was the public and ADAE ("Hellenic Authority for the Information and Communication Security and Privacy") informed. The mobile phones were tapped by stealth software in the providers systems...


From what I can understand from an article on the news site in.gr (article in Greek) about the technical details, stealth software was hidden in the parts of the system for conference calls of the provider Vodafone. The phone calls in question were "conference called" to 14 mobile phones with prepaid cards, stationed in the area of Ilissia (which coincidally is around the american embassy). There they seem to have been recorded.

The usual shoving of responsibility (article in Greek) is happening now: The former government vs. the current government. Vodafone informed the officals right away (at least they claim), after "shutting down" the illegal software in question. Some politicians say that investigations were hindered because that software was removed.

To my eyes, the information that obviously has been induced shows that some data for an investigation has been kept (we know: a list of people being spied upon, duration of that observation, places where the "receiver" phones were hidden, the "receivers" being prepaid phones). I don't believe those communications engineers were not making copies or at least dumps of the illegal software used.

No information was given about the suspects who performed the surveillance.

Update: Some English language reports: Hellenic Radio has a news bulletin, a shorter piece by the "Athens News Agency", Reuters (all in English). Duh, had misspelled Vodaphone -> Vodafone is correct.

See also: Vodafone Public Relations in the Phone Tapping Storm

See also: telnetd root Backdoor in Vodafone's Ericsson Systems?

Posted by betabug at 23:20 | Comments (2) | Trackbacks (0)
ch athens
Life in Athens (Greece) for a foreigner from the other side of the mountains. And with an interest in digital life and the feeling of change in a big city. Multilingual English - German - Greek.
Main blog page
Recent Entries
Backyard Adventure (07/08 08:18)
Danakos Climbing Gym (06/26 18:40)
Getting into the Ruby Debugger (06/13 13:36)
The site is coming back (06/11 14:17)
Best of
Some of the most sought after posts, judging from access logs and search engine queries.

Apple & Macintosh:
Security & Privacy:
Misc technical:
Athens for tourists and visitors:
Life in general:
<< Μαθαίνοντας Zope στην Ελλάδα | Main | Blog Tapping >>
Comments
Re: Phone Tapping Scandal in Greece

Look at the following:
http://www.spectrum.ieee.org/jul07/5280
This is the journal of one of the most prestigious scientific organisations worldwide: the Institute of American Electrical and Electronic Engineers (IEEE). I first saw it on a hardcopy, the Athens affair article bearing on the front page. It is very good written, accurate and detailed. It is a very good illustration on what happened. Yes, very rapidly, the scandal faded away in the peoples' memories.

Posted by: Panagiotis at August 07,2007 00:49
Re: Phone Tapping Scandal in Greece

The telco engineering job no longer seems to be what it used to. I must confess that there has been a bit of a co-incidence with some of the elements of this article.

1) Running through that strictly confidential IMS_USER_MANUAL is a picture of a GUI making reference to a machine (prsm07) that I christened and setup for Ericsson 10 years ago! How did that document end up on the internet?

2) In early 2006 I was talking to Bill Zikou about transferring to Ericsson Athens when his face appeared on local TV (delayed N.E.T. TV played in Australia) almost spraying my morning coffee (just like the movies)!

3) I have worked with Ericsson twice, the first time I ended it in 1998 when coming back from holidays to discover that one of our staff members had been knocked off (strangled to death)!

The first time I worked with Ericsson in 1997 it was a very process and procedure driven organisation with copious amounts of documentation to describe pretty much everything. In Australia, Ericsson had a CMM level of 2. During this period the manufacturing of phones and circuit boards became too expensive forcing the local factories to be closed and work either outsourced or sent to China, however software and services remained strong. My induction took roughly 2 months.

The second time I worked with Ericsson in 2006 I saw people with old skills trying to relive the old ways and blend in with the furniture. While I was away from Ericsson I modernised my skills (AGILE, SOA, opensource, etc). The new Ericsson was using Windows 2000 server on low specification PCs to do software development. And it gets worse – staff were bringing in their personal copies of windows 2003 server to meet 3PP requirements just to move forward. I could not convince Ericsson to use Linux, I struggled to introduce VMWARE (it ran like a dog), and was forced to use old unsupported Sun Microsystems hardware – including the original IMS development machine (which I reformatted of course). The only induction for new staff was to throw them in the deep end.

If I were to give Ericsson a CMM rating it would be minus five. Perhaps I am a bit hard as the cost of supporting the old way is now too expensive. However these issues were not technical but more managerial as other aspects besides software development were lacking. For example, security was explained to us but its practice was often ignored with an I-don't want-to-know-about-it attitude by managers. This led to practices like developers setting up IP tunnels over the internet between two Ericsson buildings to access test equipment that was not allowed to be connected to the local area network - sometimes we found the test servers had been hacked and filled with pornographic content. Once when working back late (and the only time I worked through the entire night) in a supposedly secured Ericsson building I could hear someone violently bashing the door on the floor I worked on (level 37) at 3am in the morning. I was very fortunate he didn't get through the last line of defence and that he did not hide in the toilets which were outside. I could not report this to anyone – was someone going to knock me off that night? The final confirmation of this apathy came from someone I know who does not work in IT (he works in law enforcement) told me that he found an Ericsson pass that looked recent which he actually bothered to take to Ericsson direct and in his words "they didn’t even seem to care".

In the Human Resources aspect I saw individuals with extremely lucrative contracts, I saw people who literally did nothing, I saw bullying, personal abuse, and a huge staff turnaround. My line manager as it turned out was friends with the underworld owner of the largest brothel in Australia and boasted about having flown on his private jet. I found it rather unusual that he send his secretary to request my username and password before I left which was against Ericsson policy which he knew – of course I refused. I thought all this was very un-Ericsson until I came across The Ericsson Group website which exposes a significant amount of corruption in the company.

This dysfunction in Ericsson I feel is causing the vulnerable weakness to security. This dysfunction was deliberately done as it allowed certain senior players to manoeuvre themselves for building stronger personal empires. Ericsson I found is very unlike the old days, even Bill Zikou who is now CEO of Ericsson Australia remarked on how much better organised they were in his region in Europe. A clue to who was responsible for creating this dysfunction in Ericsson Australia can be found in a quote used by our technically challenged (no formal engineering qualifications) but very street smart Oracle DBA who kept on surviving even after introducing so many show stoppers and even after crashing the customers live mobile phone network service – he used to say quite regularly and loudly "I'm not Jewish but I wish I was". Definitely not a normal place to work in, but if you think of the rewards of taking control of systems that allow you to listen in to big business and politics then you begin to attract a different breed of worker.

Posted by: e-engineer at February 13,2008 02:21
Trackbacks
You can trackback to: http://betabug.ch/blogs/ch-athens/288/tbping
Phone Tapping in Greece

Unknowns tapped the mobile phones of about 100 Greek politicians and offices, including the U.S. embassy in Athens and the Greek prime minister. Details are sketchy, but it seems that a piece of malicious code was discovered by Ericsson technicians...

Read the linking post here: Schneier on Security at February 03,2006 18:30
Teléfonos pinchados en Grecia

Esta noticia va a traer cola. Según veo en el blog de Bruce Schneier, al menos 100 teléfonos móviles pertenecientes a políticos y diversas instituciones han sido pinchados en Grecia. Parece ser que las escuchas se consiguieron insertando código en el s...

Read the linking post here: Las penas del Agente Smith at February 04,2006 09:13
Vodafone Suicide Rumours: Weird Last Mails

Let's play rumourmill for a moment: Just talked to a friend who is working in the telecoms
industry here in Greece. He's not working for Vodafone (nor was he ever), but he had heard from
the suicide of the Vodafone employee (the one who seems connect...

Read the linking post here: ch-athens at February 07,2006 16:20
Leave a comment