The Athens Affair - The Vodafone wiretapping scandal
This is an excellent article with good technical explanations. Unfortunately, no answers to the question of whodunnit.Summary: what happened was that someone installed a very sophisticated rootkit for Vodafone's Ericsson AXE including:
* using the existing wiretapping code, but not the normal user interface;
* bypassing the logging system (of course);
* bypassing the audits;
* hiding the illegal processes from the process list (task manager in Windows or ps ax in Unix) by modifying the relevant system code;
* adding a backdoor user;
* modified the shell to allow access to the illegal processes.
All done without rebooting the AXE switch!
On 9 March 2005, a 38-year-old Greek electrical engineer named Costas Tsalikidis was found hanged in his Athens loft apartment, an apparent suicide. It would prove to be merely the first public news of a scandal that would roil Greece for months.
The next day, the prime minister of Greece was told that his cellphone was being bugged, as were those of the mayor of Athens and at least 100 other high-ranking dignitaries, including an employee of the U.S. embassy.
A study of the Athens affair, surely the most bizarre and embarrassing scandal ever to engulf a major cellphone service provider, sheds considerable light on the measures networks can and should take to reduce their vulnerability to hackers and moles.
It's also a rare opportunity to get a glimpse of one of the most elusive of cybercrimes. Major network penetrations of any kind are exceedingly uncommon. They are hard to pull off, and equally hard to investigate.
Labels: Backdoor
<< Home