DeepSec 2024 Press Release: Industrial Espionage – New old Attacks through Lawful Interception Interfaces
Lawful interception backdoors are exploited by nation states for espionage.
The Communications Assistance for Law Enforcement Act (CALEA) passed in 1994 forced telecoms providers and suppliers to equip all relevant components with backdoors that allow the recording of transported metadata and data. For over 30 years, information security experts have warned against the misuse of these accesses. The US-American telecommunication companies AT&T and Verizon have recently been the victims of an attack. The trail leads to China. Because of the legal abolition of security in networked systems, the attack comes as no surprise. The DeepSec conference therefore repeats its annual warning against deliberate weakening of information security.
Fear of digitalisation
CALEA began because the Federal Bureau of Investigation (FBI) was afraid of the failure of the interception technology of the time because of the increasing digitalisation of telecommunications. The consequence was the installation of interfaces for wiretapping in all relevant components of telecommunications providers. Originally, only telephony calls were affected. CALEA was subsequently extended to Voice over IP (VoIP) and all Internet broadband connections. This applies in particular to mobile phone networks, but also to all fixed network technologies. From the outset, the benefits of CALEA were a subject of controversy, as monitoring and forced decryption did not affect existing encryption in transmissions.
As a result, companies ensure that all components for telecommunications networks used in the USA have these interfaces for the global market. This makes it technically easier for totalitarian countries such as Iran to implement surveillance of the population. Other countries with a similar government probably view this technology in a favourable light, too.
Espionage case in Greece
In 2004 and 2005, the legally required monitoring interfaces in Greece were compromised and used to intercept over 100 mobile phones. These included high-ranking government officials and civil servants. The perpetrators spied on the then Prime Minister Kostas Karamanlis, the Mayor of Athens, members of the military, and members of parliament. The incident known worldwide as The Athens Affair was discussed in detail by James Bamford at the opening of the DeepSec conference in 2015. It was one scenario that experts had warned about over 10 years earlier. The perpetrators are still unknown.
Taking the current geopolitical situation as a backdrop, it is easy to foresee what can actually happen with current and future backdoors in telecommunications and IT infrastructure. Under the Hungarian EU Council Presidency, work is being carried out to destroy messenger security on mobile devices. The pretexts are exactly the same as before with the development of CALEA. However, the consequences of Chat Control would be much more serious, because secure end-to-end encryption was precisely the measure to counter CALEA as a threat. However, it is precisely end-to-end encryption that is to be undermined by backdoors in apps and operating systems in these new legislative proposals.
Warnings from experts are ignored
Espionage is a serious and topical issue. Political processes and companies are also under threat. The defence of data and access is the primary task of information security. Surveillance interfaces ultimately always undermine security measures, regardless of the reason. Therefore experts always refer to them as backdoors. The intended function is irrelevant. Even in the event of an attack, there is no technical difference whether data is recorded with or without judicial authorisation. The technical infrastructure is in place and is being exploited. On 5 October 2024, the Wall Street Journal reported attackers had exploited the interfaces of AT&T and Verizon. Experts attributed the attack to connections with the Chinese government. The warnings of the past have been confirmed again.
Secure or insecure – no middle ground
There must be no weakening of security in information technology. This statement is ignored again and again in proposals for surveillance. The consequences are equally threatening for companies and governments. Industrial espionage causes a great deal of damage. Espionage at the government level also has political or diplomatic consequences that sometimes cannot be expressed in monetary terms. The opening of DeepSec deals with political influence on opinion manipulation. Data gained through espionage is extremely dangerous in this context.
The DeepSec conference aims to draw attention to real threats with presentations. From security in cloud systems to the dangers of ‘AI’ language models and defects in applications, the spectrum includes threats to data centers. Implementing information security is important for everyday life, whether at home or at work. Breaches in digital infrastructure rarely happen without warning. Similar to flood disasters, there are sometimes warnings from experts years in advance that are not heard. For over 30 years, experts have been issuing warnings about the CALEA interfaces. The presentations also provide solutions to security problems. This information is indispensable for the modern defence of your own infrastructure.
In this context, the DeepINTEL Security Intelligence Conference is worth mentioning. It takes place one day before the DeepSec conference. DeepINTEL is not open to the public and discusses current threats to IT systems and infrastructure such as details on incidents and the capabilities of attack groups. Information security is not static. A good defence must respond to attacks with appropriate adjustments.
Programme and booking
The DeepSec 2024 conference days are on 21 and 22 November. The DeepSec trainings will take place on the two preceding days, 19 and 20 November. All trainings (with announced exceptions) and presentations are intended as face-to-face events, but can be held partially or completely virtually if necessary. For registered participants, there will be a stream of the presentations on our internet platform.
The DeepINTEL Security Intelligence Conference will take place on 20 November. As this is a closed event, please send direct enquiries about the programme to our contact addresses. We provide strong end-to-end encryption for communication: https://deepsec.net/contact.html
Tickets for the DeepSec conference and training sessions can be ordered online at any time via the link https://deepsec.net/register.html. Discount codes from sponsors are available. If you are interested, please contact deepsec@deepsec.net. Please note that we depend on timely ticket orders because of planning security.