Bamford on the NSA and the Greek mobile phone tapping scandal

John Ioannidis ji at cs.columbia.edu
Sat May 13 18:03:45 EDT 2006


As some of you may remember, there was a scandal in Greece back in
February 2006 involving the interception of mobile phones belonging to
high-level government officials, including the Prime Minister.  The
CALEA software on the Ericsson switches used by Vodafone was blamed;
it had apparently been surrepticiously turned on and was copying
traffic to an equal number of "shadow" phones.

An thorny point in the investigation was the revelation that the
"shadow" phones had also been used to make phone calls to Laurel, MD.

An interview with James Bamford on the possible role of the NSA in the
"Mavili-gate" was published in last Sunday's (5/8) "To Vima", one of the
major Athens newspapers.  I contacted the journalist, Alexis Papahelas,
asking for permission to forward the article to this list, and he was
kind enough to send me the original raw transcript.  Here it is, very
slightly edited for obvious transcription mistakes. The published
article (in Greek) can be found in:

http://www.tovima.gr/print_article.php?e=B&f=14755&m=A20&aa=1

 -- Mr. Bamford Good Evening from Athens, thank you very much for being
    with us tonight.

JB: My pleasure

    
 -- Let me ask you first of all, there has been a lot of discussion here
    in Greece about this lawful interception software, explain to me
    what it is, and whether the US put pressure on worldwide companies
    to install that after 9/11 especially?

JB: Well the software is basically used to attach to commercial
    communication facilities, like the AT&T in the US, or whatever
    commercial company it is, and anything that goes over these
    communication facilities gets picked up, whether it is e-mail, or
    telephone calls and divert it to the US Government, whoever attached
    the equipment.


 -- Is it your understanding that most of the hardware companies around
    the world, that provide mobile telephone companies with equipment,
    had this installed at some point?

JB: Well in the US there was a lot of requiring that US companies do it,
    but around the world I think there was pressure by the US for a lot
    of the friendly countries to the US, allied countries to do as much
    as they can in terms of domestic eavesdropping and this type of
    equipment is most useful for that.

    
 -- As you know, during the Olympics here in 2004, a lot of the US
    intelligence agencies were here, based here, they had a lot of
    equipment here, now do you imagine they were able back then to
    monitor conversations between mobile phones here in Greece?

JB: Oh, the technology has been long in existence for them to be able to
    monitor mobile phone calls, the US monitors phone calls all over the
    world, and it has the equipment, so I would imagine that especially
    since there was a large US contingency at the Olympics in Athens,
    that they would have, the NSA would have had a presence there with
    an eavesdropping capability.

    
 -- Give us a sense of you know, what an NSA operation would entail here
    in Greece.

JB: Well, what would have happened was, the US would fly over a team
    plus equipment. They would first scan out the best places to maybe
    put antennas to intercept microwave communications, communications
    that would carry mobile phone signals, for example. On the other
    hand they could have also worked out an agreement with Greek
    telecommunications companies, or the Greek Government to install NSA
    equipment on their facilities in order to monitor the
    communications, so it is hard to say but there is very little
    question that the NSA did a lot of monitoring during that period of
    time.

    
 -- What you are saying is very important to us, so to my understanding
    is that the NSA does strike, I suppose secret agreements, with phone
    companies around the world, is that what you are saying?

JB: Oh sure, it tries as much as it can to get phone companies around
    the world to co-operate with the NSA in order to help its world-wide
    monitoring operations.

    
 -- And would it be acceptable for them also, to try to recruit some
    people from inside the companies, if they cannot strike such an
    agreement?

JB: Yeah, NSA does that too it will try to make a deal, to get somebody
    to co-operate. In the old days the NSA would try to get a code-clerk
    at an Embassy to co-operate, but these days they try to get people,
    that have access to large databases, or telecommunications
    facilities.

    
 -- We have sent you e-mails, and you have an idea of what this Greek
    system of interception looked like. Does it tell you something, I
    mean how sophisticated is it, does it tell you it is a US
    intelligence agency, a British, somebody else? What is your
    assessment?

JB: Well I think it is pretty much a standard communications system, in
    terms of mobile phone calls and so forth, they all pretty much
    operate the same way, it is just that it is a different frequency,
    maybe some different equipment, but the ideas are that the signals
    go from the hand-held cell-phone to a repeater and from a repeater
    to maybe another repeater, eventually making their ways back to
    central telephone exchange where the information is retransmitted
    out to wherever it is supposed to go, so the NSA is set up for one
    reason and that is to eavesdrop on communications around the world
    so this would not be a tremendous technological difficulty for them.

    
 -- But can you say with some certainty that this was an American
    operation, or it could be somebody else?

JB: Well, I am just speculating because I don't know for sure, but if
    the NSA was over there during the Olympics, and the US almost always
    sends a team consisting of people including NSA people to major
    events around the world, where Americans are going to take part, to
    try to find out if there is going to be any terrorism, and one way
    of doing that is by monitoring the communications, that go through
    the air, the communications that are communicated both internally
    and externally from that country.

    
 -- How many mobile phone-call-conversations could the NSA monitor in a
    country like Greece on any given day?

JB: It is hard to say. What they would probably do , is to focus on the
    key-links where they think that the bulk of the
    communications-exchanges are going to be and probably intercept
    those kind of communications. And once they intercept them,
    the NSA would have computer-facilities so that the communications
    would go through the computers and they are probably going to be
    looking for calls from Afghanistan, information that they think is
    very susceptible to terrorism, for example in other words numbers
    that they have of previous terrorist contacts. They would all be fed
    in the computer, and then any e-mail or telephone-call with those
    numbers or e-mail- addresses would be kicked out.

    
 -- Now, who translates all of these things, because I imagine it is
    like thousands of hours of conversations that are being transmitted
    to NSA. everyday.

JB: Well it is, but they take in enormous amounts of communications,
    but filters, computerized filters sort of get rid off by 98% of
    it, and there is only a 2% that actually gets analyzed in the
    end. And those 2% are whether names in the computer, people that
    they are suspicious of, telephone numbers that they are looking
    for, e-mail-addresses, and once they get down to those, and they
    do have a number of people that speak a wide variety of languages,
    including Greek at NSA.

    
 -- What is the most technologically advanced way of intercepting
    mobile phone conversations? Because for a while we are assuming
    that the code of transmitting over the air is safe. Is it still
    safe or has the NSA broken it?

JB: No, if the communications are traveling through the air, which
    they do by a mobile phone call, they are going to go a very short
    distance so they get to a repeater and they eventually go to a
    central telephone office, so again if you are able to intercept
    those signals as they go through the air, which you would
    basically just need a microwave antenna, or if you have
    co-operation of the company or the Government, then you can get
    access of that. I mean they are not intercepting the entire
    communications systems by entering or leaving the country,
    certainly, but they are probably looking at certain key
    communications-node, where they think there may be communications
    coming from lets say places like Afghanistan, or Iraq or some
    place like that.

    
 -- Give us a sense of the Size of NSA, in terms of the budget of
    people working for it and so on.

JB: NSA is the largest intelligence agency in the world, and it is
    twice the size of the CIA, it is far more secret, and it has about
    38.000 people. Again NSA's entire job, at least until recently,
    was to spy overseas, to eavesdrop on communications in foreign
    countries. So most of those people are either at the headquarters
    at NSA, or else in countries around the world. NSA over the years
    has had a number of facilities in Greece at various times, I am
    not sure if they have one there now, but in the past they have had
    bases in Greece.

    
 -- And do you think they are focusing in that area from what you
    know, from your research, was Greece always sort of an important
    target for them?

JB: Well, Greece has always been a target, I think it depends on world
    climate how important it is at various times, I mean right now it
    probably has less importance than it did in other times, because
    now they are focusing primarily on Iraq, Iran, Afghanistan,
    N. Korea, areas like that, but if it looks like some terrorists
    are coming into Greece, or are operating in Greece, or if it looks
    like the Government may be communicating with countries that the
    NSA is very interested in, such as Iran, Iraq or any places in the
    Middle East than the NSA would be very interested.

    
 -- Let me go back to what was the Greek system and so on.You had said
    in previous answer that there are very few people in the world,
    that could actually manipulate this Eriksson software in order to
    gain access to this system. How many people in the world have this
    kind of knowledge?

JB: I don't know how many people around the world, but NSA's job, that
    is their entire job. This agency was created for one purpose and
    that is to eavesdrop on the maximum matter of communications
    around the world. NSA could find a way to get a trapped door or a
    back door into say an Eriksson telephone system, you know they
    would do it. Because those systems are used by people all over the
    world.

    
 -- In this case we are talking about a very big cell-phone- company,
    VODAFONE, which is a multinational as you know, would they risk
    you think their reputation, and you know, go ahead and co-operate
    with NSA at that level?

JB: I would think that they would not co-operate at that level, but
    what the NSA normally does, is it hires people that have worked
    for companies like that, and these people tell them how the
    systems work and then their job with NSA is to reverse engineer
    these systems, to find ways into them, so although I doubt that
    the head of Eriksson would co-operate with NSA, the NSA has
    enormous technological capabilities to find sort of back doors, or
    trapped doors, or ways by reversed engineering into these systems.

    
 -- Knowing how these people work there is a legal investigation, a
    judicial investigation here in Greece, do you think they will ever
    find the answers, I mean who was behind this interception, any
    physical evidence, any traces?

JB: Well, it is hard to say. This happened in the US several times,
    where there has been a question, whether monitoring has been legal
    or not, and they have looked into it occasionally and they have
    found an answer as to who was involved with it, but a lot of times
    they do not find him. Again with NSA, NSA keeps its information so
    very-very secret, they wouldn't even let the judges on the
    surveillance court, they are supposed to prove NSA warrants about
    it, they wouldn't let Congress except for 8 people. Over 500 people
    know about it, so NSA tries to keep it extremely secret.

    
 -- You are one of the world experts in this kind of issues, so if you
    had to take a bet today who was behind this kind of operations in
    Greece?

JB: I just cant say, I don't know enough information about it , all I
    can tell you is that NSA's job is eavesdropping on communications
    around the world , Greece is a target occasionally whenever they
    think there is something important. NSA has bases in Greece and
    NSA looking for indications of terrorism during the Olympics, so
    whether they are involved with this recent operation I don.t know
    but certainly they have an interest in it.


 -- Your advice to someone using a mobile phone, should they talk
    openly or no?

JB: The problem, cell phones also, there is not kind of information
    that the NSA cant eavesdrop on one way or another, this is why in
    the USA there is a big debate right now about making the NSA go
    through a quirk and get an authorization before they eavesdrop on
    somebody, but overseas the NSA can eavesdrop on anybody they want,
    there is no restriction on eavesdropping in Greece, even if there
    was an American in Greece, NSA could eavesdrop on that person
    without going through a quirk.

    
 -- so you are saying even the crypto phones that the prime
    minister/government/military are using they are vulnerable to this
    kind of penetration you say.

JB: Well, crypto phones are probably NSA's biggest targets around the
    world, whether or not the NSA was able to break the encryption of
    the algorithm to get into those phones I don't know. I don't have
    this information, but I know obviously NSA's key job, NSA's first
    job is intercepting communications, and second job is breaking
    codes such as the codes that encrypts that communications, and
    third job is making USA encryption systems.


 -- Thank you 



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list