08448380779 Call Girls In Civil Lines Women Seeking Men
Crash course of Mobile (SS7) privacy and security
1. COVER
The Athens Affair
How some extremely smart hackers pulled off the most audacious cell-network break-in ever
By VASSILIS PREVELAKIS, DIOMIDIS SPINELLIS / JULY 2007
On 9 March 2005, a 38-year-old Greek electrical engineer named Costas
Tsalikidis was found hanged in his Athens loft apartment, an apparent
suicide. It would prove to be merely the first public news of a scandal that
would roil Greece for months.
The next day, the prime minister of Greece was told that his cellphone was
being bugged, as were those of the mayor of Athens and at least 100 other
high-ranking dignitaries, including an employee of the U.S. embassy [see
sidebar "CEOs, MPs, & a PM."]
The victims were customers of Athens-based Vodafone-Panafon, generally
known as Vodafone Greece, the country's largest cellular service provider;
Tsalikidis was in charge of network planning at the company. A connection
seemed obvious. Given the list of people and their positions at the time of
the tapping, we can only imagine the sensitive political and diplomatic
discussions, high-stakes business deals, or even marital indiscretions that
may have been routinely overheard and, quite possibly, recorded.
Even before Tsalikidis's death, investigators had found rogue software
Photo: Fotoagentur/Alamy installed on the Vodafone Greece phone network by parties unknown.
Some extraordinarily knowledgeable people either penetrated the network
from outside or subverted it from within, aided by an agent or mole. In either case, the software at the heart of the
phone system, investigators later discovered, was reprogrammed with a finesse and sophistication rarely seen before
Crash course of Mobile (SS7)
or since.
A study of the Athens affair, surely the most bizarre and embarrassing scandal ever to engulf a major cellphone
service provider, sheds considerable light on the measures networks can and should take to reduce their vulnerability
privacy and security
to hackers and moles.
It's also a rare opportunity to get a glimpse of one of the most elusive of cybercrimes. Major network penetrations of
any kind are exceedingly uncommon. They are hard to pull off, and equally hard to investigate.
Even among major criminal infiltrations, the Athens affair stands out because it may have involved state secrets, and it
Monday, October 3, 2011 targeted individuals—a combination that, if it had ever occurred before, was not disclosed publicly. The most notorious
2. $ whoarewe
• Arturo Filastò • Jacob Appelbaum
• The Tor Project • The Tor Project
• A Random • I break bad software
GlobaLeaks and build better
Developer alternatives
• I hack on stuff for • Understanding
censorship
fun and profit!
@hellais @ioerror
Monday, October 3, 2011
7. What technologies can
be intercepted?
• GSM
• CDMA
• iDEN
• Thuraya
• BGAN/Inmarsat
• VSAT
Monday, October 3, 2011
8. Who?
• Law enforcement
• National Secret Service
• Foreign Secret Service
• Large corporations
• Outsourced intelligence
service providers
• Organized crime
• Military organizations
Monday, October 3, 2011
9. Targets of Interception
• A person
• A medium (think wire tap)
• A device (think rootkit)
• Parametric
• Keywords (sniffing for triggers)
• Perimeter (area sniffing)
Monday, October 3, 2011
10. Why?
• The architecture is designed for it
• To suppress uprisings
• To collect intelligence
• Monitor behavior
Monday, October 3, 2011
11. How is this possible?
• The security is outdated; take GSM...
• No effort has been made to fix it
• A5/1 is broken
• A5/2 is purposefully broken
• A5/3 is a bit better but not implemented
(http://security.osmocom.org/trac/ticket/
4)
Monday, October 3, 2011
14. More accessible
• This equipment used to be very expensive
• But with projects such as USRP and
OsmocomBB this is no longer true
Monday, October 3, 2011
17. Geolocation
• Where are you?
• Various technologies give
various levels of accuracy
• SS7 (HLR, ATI)
• Stingray and AmberJack
Monday, October 3, 2011
19. Walled Garden
• For accessing SS7 there used to be:
• High costs
• Strict peering agreements
• Not designed with security in mind
Monday, October 3, 2011
20. The GSM network
OsmocommBB
OpenBTS
BSC APIs to HLR
subscriber BTS BSC MSC
VLR HLR
SMSC
OpenBSC
VLR
MSC
SMS Injection
Monday, October 3, 2011
21. Macro Area
Geolocation
• With network interrogations
• A feature to SMS sending
• The level of detail goes from 1km in cities
to 200km in rural areas
Monday, October 3, 2011
22. More detail is possible
• Other privacy invading queries exists
• PSI, ATI
• Reach a level of detail of ~100m
• Require, more strict agreements with telcos
• If you know where to ask...
• ... you will get them
• (that means if you have the $$$)
Monday, October 3, 2011
23. Denial of Service
• You just want to stop
that or those people
communicating.
Monday, October 3, 2011
27. Help!
• Ok, so you have scared me. Now what should I do?
• be aware of patterns and realities
• use software on top of what is available
• Tor, RedPhone, TextSecure, PrivateGSM, etc
• Avoid bad software - eg: UltraSurf, SMS
• Resist giving your ID for a SIM card!
• If you are really worried or privacy and security don’t use
mobile phones.
• Until we create a free telco, we’re doomed.
Monday, October 3, 2011