My window to the world

How hackers planted trojan code into the Vodafone Greece network

By Mauricio Freitas, in , posted: 13-Jul-2007 21:52

Just now I was alerted to an interesting story that has been happening on the other side of the world, involving hackers, ministers, and Vodafone Greece.


The spying case, where the calls of around 100 people using Vodafone’s network were secretly tapped, remains unsolved and is still being investigated. Also complicating the case are question marks over the suicide in March 2005 of a top engineer at Vodafone Group in Greece in charge of network planning.



This is just an introduction. The juicy bits are available on IEEE Spectrum, the flagship IEEE publication:


The victims were customers of Athens-based Vodafone-Panafon, generally known as Vodafone Greece, the country's largest cellular service provider; Tsalikidis was in charge of network planning at the company. A connection seemed obvious. Given the list of people and their positions at the time of the tapping, we can only imagine the sensitive political and diplomatic discussions, high-stakes business deals, or even marital indiscretions that may have been routinely overheard and, quite possibly, recorded.

Even before Tsalikidis's death, investigators had found rogue software installed on the Vodafone Greece phone network by parties unknown. Some extraordinarily knowledgeable people either penetrated the network from outside or subverted it from within, aided by an agent or mole. In either case, the software at the heart of the phone system, investigators later discovered, was reprogrammed with a finesse and sophistication rarely seen before or since.

A study of the Athens affair, surely the most bizarre and embarrassing scandal ever to engulf a major cellphone service provider, sheds considerable light on the measures networks can and should take to reduce their vulnerability to hackers and moles.

We now know that the illegally implanted software, which was eventually found in a total of four of Vodafone's Greek switches, created parallel streams of digitized voice for the tapped phone calls. One stream was the ordinary one, between the two calling parties. The other stream, an exact copy, was directed to other cellphones, allowing the tappers to listen in on the conversations on the cellphones, and probably also to record them. The software also routed location and other information about those phone calls to these shadow handsets via automated text messages.

We still don't know who committed this crime. A big reason is that the UK-based Vodafone Group, one of the largest cellular providers in the world, bobbled its handling of some key log files. It also reflexively removed the rogue software, instead of letting it continue to run, tipping off the perpetrators that their intrusion had been detected and giving them a chance to run for cover. The company was fined €76 million this past December.



We have so far being led to believe mobile communications are secure and encrypted. But what actually seems to happen is that the links between handsets and cell sites are safe - but what about the inside of the companies?

How is the New Zealand security going? Is our government evaluating this? Are individuals safe from identity theft and other things that can happen when people interfere with communications?





Other related posts:
Microsoft Ignite New Zealand, Microsoft Surface Studio
Geekzone data analytics with Power BI
Now with more fibre






comments powered by Disqus

freitasm's profile

Mauricio Freitas
Wellington
New Zealand


I live in New Zealand and my interests include mobile devices, good books, movies and food of course! 

I'm the Geekzone admin. On Geekzone we publish news, reviews and articles on technology topics. The site also has some busy forums. Also worth visiting is TravelTalk NZ, a community for travelers!

Subscribe now to my blog RSS feed or the Geekzone RSS feed.

If you want to contact me, please use this page or email me freitasm@geekzone.co.nz. Note this email is not for technical support. I don't give technical support. You can use our Geekzone Forums for community discussions on technical issues.

Here's is my full disclosure post.

A couple of blog posts you should read:


Social networks presence

View Mauricio Freitas's profile on LinkedIn


My Blog by tags...

Blog...
Entrepreneurship...
Media...
Personal...
State of Browsers...
Technology...
Viral Marketing...
Web Performance Optimization...
Windows...
Windows Phone...

Other recent posts in my blog

Google crawling Geekzone HTTPS...
Geekzone gone full HTTPS...
Microsoft Ignite New Zealand, ...
If the headlines indicate the ...
Geekzone data analytics with P...
State of browsers Geekzone Mar...
2Cheap Cars discussion...
Now with more fibre...
Unlimited is not unlimited: Vo...
How bad is Vodafone cable at t...

New posts on Geekzone