Dustin D. Trammell points out this Wall St. Journal article on the VOIPSEC mailing list about an incident in one of the Greek cell networks during the 2004 Olympics that serves as a scary reminder of what can happen when backdoors are mandated into communications systems. The Vodafone network in Greece was the victim of a sophisticated eavesdropping incident that was focused on bugging high government officials’ cell phones leading up to the 2004 Olympics, which was accomplished by taking advantage of supposedly disabled technology to allow for lawful intercept that was included in Ericsson’s network gear. From the Journal article:
Behind the bugging operation were two pieces of sophisticated software, according to Ericsson. One was Ericsson’s own, some basic elements of which came as a preinstalled feature of the network equipment. When enabled, the feature can be used for lawful interception by government authorities, which has become increasingly common since the Sept. 11 terror attacks. But to use the interception feature, operators like Vodafone would need to pay Ericsson millions of dollars to purchase the additional hardware, software and passwords that are required to activate it. Both companies say Vodafone hadn’t done that in Greece at the time.
The second element was the rogue software that the eavesdroppers implanted in parts of Vodafone’s network to achieve two things: activate the Ericsson-made interception feature and at the same time hide all traces that the feature was in use. Ericsson, which analyzed the software in conjunction with Greece’s independent telecom watchdog, says it didn’t design, develop or install the rogue software.
It’s a worthwhile read full of scandal and intrique, even including the possible murder of a Vodafone network engineer over the incident. I certainly don’t take issue with the need for lawful intercept laws and methods, but it does seem that with the explosive growth we’re seeing in IP-based communications combined with the emergence of more sophisticated and convenient voice encryption technology, there’s going to be bigger challenges and problems ahead for the surveillance agencies.