DeepSec 2015 Talk: A Death in Athens: The inherent Vulnerability of “lawful Intercept” Programs, and Why all Government authorized Backdoors are very dangerous – James Bamford
Some of you might remember the „Athens Affair“. In 2005 Ericsson found backdoors in the lawful interception systems of Vodafone Greece. The software on these modules was altered to successfully wiretap phone numbers without detection. When one of the tapped phones made or received a phone call, the exchange, or switch, sent a duplication of the conversation to one of fourteen anonymous prepaid mobile phones. The incident sparked an investigation, and Vodafone Greece was fined millions of Euros for breaching privacy laws. In February 2015 the Greek authorities issued a warrant for a suspect linked to the NSA.
Lawful interception (LI) capabilities are mandatory for telecommunication equipment. In Europe the technical requirements and standards are developed by the European Telecommunications Standards Institute (ETSI); the 3rd Generation Partnership Project (3GPP) maintains the part relevant for mobile phone networks. There have been a lot of discussions about the implications of putting LI interfaces into the infrastructure. Once you gain access to the LI systems, you get full access to communications without being detected by the communication end-points. James Bamford will hold a presentation at DeepSec 2015 about these concerns. He will use the „Athens Affair“ as the background.
I will discuss the “Athens Affair,” the subject of a recent investigation by me in The Intercept. In 2004, the NSA and CIA worked secretly with the Greek government to subvert Vodafone and other telecom companies in order to conduct widespread eavesdropping during the 2004 Athens Summer Olympics. The NSA agreed, however, to remove the spyware once the games were over. But rather than remove it, they instead secretly turned it on the top members of the Greek government and members of the Greek public, including journalists. When the covert operation was accidentally discovered, however, a Vodafone engineer involved was found dead, either by suicide or murder, and the death was officially connected to the bugging operation. I will show how the operation was pulled off, by recruiting an inside person, then subverting the company’s “lawful intercept” program, and transferring the data back to NSA headquarters at Fort Meade. The episode demonstrates the enormous vulnerability of widespread “lawful intercept” programs, and government backdoors in general, and also how the NSA often uses a “bait and switch” in its operations – promising to help find terrorists, but really spying on the host government and local population instead.
If you use modern communication technology, you cannot ignore lawful interception, just as you cannot ignore illegal interception. It really doesn’t matter why someone eavesdrop on your phone calls, emails, or data transmissions. You need to know what the infrastructure you are using is capable of. This is crucial for planning and implementing your defence. Don’t use any network out there blindly. Secure lines are harder to set up, and sometimes it’s well worth the effort.
We recommend James’ presentation for everyone using communication. No exceptions!
James Bamford is a columnist for Foreign Policy Magazine, a contributor to Wired magazine, a documentary producer for PBS, and a bestselling author. He is widely noted for his writing about the United States intelligence agencies, especially the highly secretive National Security Agency. The New York Times has called him “the nation’s premier journalist on the subject of the National Security Agency.” And in a lengthy profile, The New Yorker referred to him as “the NSA’s chief chronicler.” His most recent book, The Shadow Factory: The Ultra-Secret NSA From 9/11 to The Eavesdropping on America, became a New York Times bestseller and was named by The Washington Post as one of “The Best Books of the Year.” It is the third in a trilogy by Mr. Bamford on the NSA, following The Puzzle Palace (1982) and Body of Secrets (2001), also New York Times bestsellers.
In September 2014 he wrote a cover story for Wired magazine based on his three days in Moscow with fugitive NSA whistleblower Edward Snowden, the longest any journalist has spent with him there. In addition, he has written for the New York Review of Books, New York Times Magazine, The Atlantic, Harpers, Rolling Stone, and many other publications. In 2006, he won the National Magazine Award for Reporting, the highest honor in the magazine industry, for his writing in Rolling Stone on the war in Iraq. He also writes and produces documentaries for PBS, including The Spy Factory, based of his most recent book, which was nominated for an Academy Award in 2010. His most recent documentary for PBS, Cyber War Threat, aired on October 14, 2015.
Throughout the 1990s, Mr. Bamford served as the Washington Investigative Producer for ABC’s World News Tonight with Peter Jennings where he won a number of journalism awards for his coverage of national security issues. In 2005, he released A Pretext for War: 9/11, Iraq and The Abuse of America’s Intelligence Agencies, an examination of the intelligence community from the attacks of September 11 to the war in Iraq and was also a bestseller.
Mr. Bamford holds a Juris Doctor degree; was awarded a Polymer fellowship at Yale Law School; received a postgraduate diploma in International Law from the Institute on International and Comparative Law, Université Panthéon Sorbonne; and taught at the University of California, Berkeley’s Goldman School of Public Policy as a distinguished visiting professor. He has been a member of the defense team in a variety of high profile espionage and whistleblower cases, including the case involved NSA whistleblower Thomas Drake. He currently lives in Washington, DC after four years in London.
Email: WashWriter@gmail.com, Facebook: james.bamford2@facebook.com, Twitter: @WashAuthor.