Friday, June 23, 2006

Vodafone, Ericsson Get Hung Up In Greece's Phone-Tap Scandal

The WSJ had a front page story on the tapping of the Greek Prime Minister's cell phone,Vodafone, Ericsson Get Hung Up In Greece's Phone-Tap Scandal. The news broke in March 2005 but there have been very few details reproted since.

What's interesting is that Ericsson's equipment comes pre-installed with software to enable bugging. No doubt this feature is well known to security experts but it was news to me. Fascinating in particular given the row going on in the US about making the Internet CALEA compliant i.e. hardwired for tapping by law enforcement. Here's what the WSJ says:

"Behind the bugging operation were two pieces of sophisticated software, according to Ericsson. One was Ericsson's own, some basic elements of which came as a preinstalled feature of the network equipment. When enabled, the feature can be used for lawful interception by government authorities, which has become increasingly common since the Sept. 11 terror attacks. But to use the interception feature, operators like Vodafone would need to pay Ericsson millions of dollars to purchase the additional hardware, software and passwords that are required to activate it. Both companies say Vodafone hadn't done that in Greece at the time.

The second element was the rogue software that the eavesdroppers implanted in parts of Vodafone's network to achieve two things: activate the Ericsson-made interception feature and at the same time hide all traces that the feature was in use. Ericsson, which analyzed the software in conjunction with Greece's independent telecom watchdog, says it didn't design, develop or install the rogue software.

The software allowed the cellphone calls of the targeted individuals to be monitored via 14 prepaid cellphones, according to the government officials and telecom experts probing the matter. They say when calls to or from one of the more than 100 targeted phones were made, the rogue software enabled one of the interceptor phones to be connected also.

The interceptor phones likely enabled conversations to be secretly recorded elsewhere"

Vodaphone and Ericsson are preparing the ground to avoid liability when the lawyers come hunting them. Vodaphone say they didn't know about the pre-intalled bugging software because Ericsson didn't tell them. Ericsson says Vodaphone should have read the manuals because the information was in there. It's possible senior managers never got to hear about it, of course.

No comments: