Friday, February 17, 2006

ID Cards and the Vodafone Scandal

Most readers of this weblog will be aware that a political scandal recently occurred in Greece after it emerged that persons unknown had been illegally intercepting the mobile phone calls of a wide range of prominent Greeks, including senior ministers and ex-ministers of the Interior, Defence, Merchant Shipping (a Greek touch), and many civil servants and officers. What they had in common apart from power was that they all used Vodafone's Greek business. There has been a great deal of blog traffic on this, so a list of links would be lengthy and probably wasted - I recommend Soj, who has a useful series of roundups if you need to self-brief.

Now, on towards the point.

The interception came to light when numerous customers complained of interruptions of service. In subsequent technical investigation, the engineers discovered that a small but elite group of subscribers were being monitored without authorisation. In essence, there had been a major security breach. They immediately took steps to end the monitoring and restore security.

This decision caused a furore on the grounds that this somehow prejudiced the task of determining who was behind the hack. Now, I do not think this is at all fair on Vodafone Greece. So, some technical points. Out of the flurry of public statements and press reports, of varying degrees of reliability, cluefulness and impartiality, it's possible to pick out some facts. Everyone and their dog has mentioned "surveillance software from Ericsson". Well, this is only one-third right. All telecoms standards actually provide for your calls to be monitored where it is legal to do so. GSM and UMTS are no different. In fact, both the GSM and UMTS specifications, as determined by 3GPP (in UMTS's case) and ETSI and ratified by CEPT and the ITU, specifically define how what is termed Lawful Interception works. Briefly, there is a function in the SS7 switch at the heart of the network, the huge specialised computer that routes your calls, text messages, data streams and whatever, cues in other applications like cell location or voicemail, starts and stops the billing database, that allows calls on a given line to be monitored at another number.

Ericsson's role in this is simply that it is the world's biggest telecommunications infrastructure manufacturer.

Now, lawful intercept is meant to be just that - lawful. The plan is that the cops turn up at the Mobile Switching Centre with a warrant, the tap is activated, and then shut off when no longer required. In this case, though, someone hacked into the Voda Greece switch and flipped the lawful intercept function on, setting it to route the intercepted calls to a group of prepaid mobile phones (doubtless so the airtime required could be paid for in untraceable cash). This is technically nontrivial, to say the least. It's also interesting that the hacker had a list of phone numbers for the elite of Greece, and a list of dormant prepaid phone numbers - but the difficulty of acquiring these pales in comparison to getting access to an SS7. (They were probably, for my two cents, extracted from a less-secure billing or customer-service database rather than the operations critical Home Location Register, although if you can hack the SS7...)

Telecommunications people tend to be different to computer people - the Bellhead/Nethead split. On our side of the wire, there are lots of suits, conservatism, centralisation and an overriding concern with reliability. Everything has to work 99.999% of the time. Everything has to be chargeable for, which means everything must be measured, identified and logged in such a way as to be accounted for. Getting into Vodafone's Greek network was a serious challenge and a securifart of epic proportions. There was simply no way anyone in the industry would have let a p0wned switch stay that way. The entire culture, history, SOPs and economics go against it.

Further, given the amount of data the system (which thanks to the EU data retention shitbag you have to keep), I rather doubt there was that much loss. The Greeks seem convinced the Americans are behind it. Well, perhaps. Garbled early reports spoke of a base station near the US Embassy (also near every other national institution) being "used to intercept calls," but this is nonsense because the system doesn't work like that - lawful intercept is a core-network function not a radio access network function. What they seem to have meant was that the phone numbers used to receive the intercept data were to be found in that cell.

That could mean the US, or the British embassy (it's not far), or for that matter the Greek government itself. Or it could mean that the phones were kept in a rented office there - or whatever. It's curious that they were always within the same few cells - they could have been anywhere on-network, which you would think would be better for counter-surveillance. Upshot? I don't know whodunnit, but it is rough to blame Vodafone for fixing the hole when they found it.

Now, those ID cards. Whilst I was away, the Commons duly rolled over and capitulated to the whole stack of Blairite crufto binge-legislation - smoking, IDs, "glorification", the lot. I would like to remind you that a National ID System as proposed is going to be a similar scale and nature to a bank's remote authorisation system, or indeed Vodafone UK's core network. It will need to be very high-availability (i.e. not break down), very high reliability (i.e. not make mistakes) and very high security (i.e. keep out the haX0rs and keep in the data).

I've said this before and I'll say it again. There will be some 44 million ID cards when the system is complete. If they are all looked-up against the register once a year, that makes 44 million queries. If it's as reliable as VisaNet or GSM, that makes...440 wrong'uns, each one of which could mean denial of liberty or a four-figure fine. Clear the courts! The pathetically minimal real data that is available is worse, putting a failure rate for the best of the biometrics at 4% - or 1,760,000 fails a year in our example scenario.

1 comment:

Anonymous said...

If all of the 16 or so prepaid mobile handsets had not been actice for several weeks or months when the security breach was discovered by Vodafone Greece, then there would probably have been no opportunity to trace the physical locations of the handsets more accurately than from the nearest 4 cell base statuions, which cover most of central Athens, and are not specific to ththe US embassy etc.

If, however, any of those pre-paid mobile phones was still active and connected to the network at the time of the discovery, then , by panicking (your reasoning about the telecomms management culture is correct) and pulling the plug on the rogue software, a potential opportunity to ibestigate more about who might be responsible would have been lost.

Surely a Greek military electronic warfare team or a Vodafone radio propagation survey team could have been assigned to more accurately radio locate those mobile phone handsets within a cell, if any were still active ?

Granted, those handsets could have be located somewhere neutral, or even in a deliberately misleading location, but now we will never know, and the conspiracy theories about active complicity by Vodafone Greece have been fed.

kostenloser Counter