serious threat models

Perry E. Metzger perry at piermont.com
Fri Feb 3 16:21:19 EST 2006



"Steven M. Bellovin" <smb at cs.columbia.edu> wrote:
>> I hate to play clipping service, but this story is too important not to 
>> mention.  Many top Greek officials, including the Prime Minister, and
>> the U.S. embassy had their mobile phones tapped.  What makes this 
>> interesting is how it was done: software was installed on the switch 
>> that diverted calls to a prepaid phone.  Think about who could manage 
>> that.
>>
>> http://www.guardian.co.uk/mobile/article/0,,1701298,00.html
>> http://www.globetechnology.com/servlet/story/RTGAM.20060202.wcelltap0202/BNStory/International/

Jaap-Henk Hoepman <jhh at cs.ru.nl> wrote:

> Do commonly used mobile phone switches have built-in functionality
> to divert (or rather split) calls to another phone;[...]

All phone switches, thanks to the US government's CALEA rules, are
equipped with software that makes espionage easy. Whether that
software was abused in this instance, I do not know, but I will point
out that any switch sold in the US -- which is to say most switches
that exist -- has software available (but not necessarily installed)
to tap people's phones in a manner not entirely unlike what happened
to the high government officials in Greece.

Yet again, I point out John Gilmore's warning that once you make law
enforcement "convenient" by creating privacy invading technologies,
you have very little control over who ultimately comes to use those
technologies. It will not only be the good guys who get access to
them, and even the guys who have legitimate access will not always be
good guys.


Perry

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list