Decius wrote:
From the cryptography@metzdowd.com list: A fascinating IEEE Spectrum article on the incident in which lawful
intercept facilities were hacked to permit the secret tapping of
the mobile phones of a large number of Greek government officials,
including the Prime Minister: http://www.spectrum.ieee.org/print/5280 Hat tip: Steve Bellovin. Perry
--
Perry E. Metzger perry@piermont.com
This is worth reading. An operation leverages the "lawful intercept" features of telephone switches, combined with rootkit malware specifically designed for the switches, and a collection of corrupt employees for some very unlawful intercepts. One, possibly two deaths. One of the most sophisticated computer intrusions I have ever heard of. Most likely a state intelligence organization. Americans widely suspected.
For a long time, there was speculation that the SS7 network was bugged as well, since there were routes which were 'unidentified'. You'd need this to help you determine if a call traversed networks, so that your rootkit at Sprint on the DMS can pick up where your rootkit on the SysV at MCI left off. Once things are in the switch, it's very easy to pipe multiple copies around. ANY switch of any type has code in it, usually in the debug state left by the manufacturer, to let you duplicate trunks. Of course, recompiling the OS's commands is some serious programming and would need someone with adept skill for that particular architecture. I'm sure this happens A LOT, but it's probably done even more skillfully in other installations. There's probably a senior engineer for Ericsson driving around a really nice car bought by his American friends. The fact that this code was modified so low level and that the targets were so diverse clearly indicates a state intelligence organization. Even if the management console was installed, it sounds like the hack could've easily plotted around the audit functions. RE: How the Greek cellphone network was tapped | 
