Friday, September 28, 2007

Phone Tapping: Athens Affair and "Hello, Garci" Connection

The recently revived "Hello, Garci" probe by the Philippine Senate had the testimony by retired T/Sgt Doble that MIG21 (some sort of a "dirty tricks" department of the Intelligence service of the Armed Forces of the Philippines or ISAFP) had "moles" inside the largest mobile phone operator that enabled them to conduct the wiretapping.

Expectedly, the telco denied the claims of Doble saying equipment like GSM Interceptors are expensive and that sale of those prized equipment are highly restricted. Sale of those equipment is highly-regulated government to government deals, but what about the black market? I believe, though, that any telco doesn't have a business need to buy those pricey wiretapping boxes.

However, news reports that NTC inspected the premises of Smart and Globe and found no evidence was just a show. I doubt if those NTC guys really knew what to looking for similar to ignorant security guards armed with "magic sticks," "magic mirrors," and "magic metal detectors."

The telcos's denial, something expected, that after an internal investigation, nothing has been found to corroborate Doble's claims of a mole inside the telco. But be wary still that no company, in their right mind, will confirm such claims even if it's true since it's a very risky move that usually results in erosion of company integrity and lost customer confidence. That's the reason why internal security breaches and fraud are not reported to law enforcement people-- we all know that media has the power to turn a victim into a suspect. (In technical terms, detected, amplified, transmitted, distorted, but never rectified information)

Last year, a phone tapping scandal in Greece (and subsequent blame game) where mobile phones of around 100 people including the Greek prime minister, perpetrated by Vodafone Greece insider(s) who installed illegal software at the Mobile Switching Center (MSC), the heart of the GSM system, to tap mobile phone calls. The hack splitted the conversations of target phone numbers to the other cellphones (using prepaid numbers) in the pseudo-conference call to eavesdrop and record the conversation. What's mindboggling was the sophistication and stealth displayed by the attackers in carrying out the hack.

A more detailed and well-written paper written by IEEE is available here.

Perhaps this method was also the one employed by telco insiders, as claimed by Doble, where the insiders made the phone number, alleged to be that of Garci, a member of a conference call, undetected by telco systems administrators and Information security guys, and definitely too stealthy to be seen by NTC inspectors.

The response of Verifone in the Athens affiar, was also pathetic where application logs were not retained and logbook entries destroyed preventing proper forensic investigation.

Coming from a practitioner of Information Security, detecting insider fraud is really not easy since you're dealing with "trusted" systems administrators who knew the system well, but many safeguards can be put in place to prevent and detect such serious breaches.

Related Stories:

Phone Tapping Scandal in Greece
Vodafone Public Relations in the Phone Tapping Storm
Wikipedia article

No comments:

Post a Comment