Jump to content


Photo
- - - - -

First phone switch rootkit


  • Please log in to reply
13 replies to this topic

#1 Havoc

Havoc

    "I Hack, therefore, I am"

  • Agents of the Revolution
  • 923 posts
  • Country:
  • Gender:Male
  • Location:Poland

Posted 14 July 2007 - 03:06 AM

http://www.computerw...p;intsrc=kc_top


The rootkit enabled a transaction log to be disabled and allowed call monitoring on four switches made by Telefonaktiebolaget LM Ericsson within Vodafone's equipment. The software let the hackers listen in on phone calls in the same way law enforcement would, and allowed for a second, parallel voice stream to be sent to another phone for monitoring.

The intruders covered their tracks by installing patches on the system to route around logging mechanisms that would alert administrators that calls were being monitored. "It took guile and some serious programming chops to manipulate the lawful call-intercept functions in Vodafone's mobile switching centers," the authors wrote.

The secret operation was finally discovered around January 2005, when the hackers tried to update their software and interfered with how text messages were forwarded, which generated an alert. Investigators found hackers had installed 6,500 lines of code, an extremely complex coding feat.



#2 PhreakerD7

PhreakerD7

    SUPR3M3 31337 Mack Daddy P1MP

  • Agents of the Revolution
  • 375 posts
  • Location:Using your phone line

Posted 14 July 2007 - 10:51 AM

Thats really sweet. Nice fine, dude.

#3 albertterego

albertterego

    The phorce is with me!

  • Members
  • 75 posts
  • Location:Under a harmless little reflection on your TDR

Posted 14 July 2007 - 11:32 AM

Yes, I posted about this here a week ago:

http://www.binrev.co...showtopic=32323

#4 Havoc

Havoc

    "I Hack, therefore, I am"

  • Agents of the Revolution
  • 923 posts
  • Country:
  • Gender:Male
  • Location:Poland

Posted 14 July 2007 - 02:49 PM

Yes, I posted about this here a week ago:


it wasn't clear to me that you have mentioned some information about this particular rootkit

btw: trojans in phone switches are nothing new, it happened before but nobody wants to talk about it, for instance in Poland some it was similar but not connected with wiretaping

Edited by Havoc, 14 July 2007 - 02:50 PM.


#5 natas

natas

    De La Natas

  • Agents of the Revolution
  • 4,273 posts
  • Gender:Male
  • Location:The Old Skool

Posted 15 July 2007 - 06:23 PM

Theres something about this phone switch hack that makes me think James Bond + Jack Bauer + Bush Administration.

#6 gbppr

gbppr

    DDP Fan club member

  • Members
  • 54 posts

Posted 16 July 2007 - 10:00 PM

Theres something about this phone switch hack that makes me think James Bond + Jack Bauer + Bush Administration.


This is also covered in the last few issues of Eye Spy Magazine. Mossad most likely did it, but that's not good for riling up the $2600-reading kiddies. Israel also tapped the White House phone system a few years back.

FBI Probes Espionage at Clinton White House - Suspected Telecommunications Espionage:
http://findarticles...._16/ai_62401780

Eye Spy Magazine:
http://www.eyespymag.com/newindex3.htm

Edited by gbppr, 16 July 2007 - 10:21 PM.


#7 Perf-149

Perf-149

    Hakker addict

  • Members
  • 502 posts
  • Location:Location is key!

Posted 16 July 2007 - 10:04 PM

This is also covered in the last few issues of Eye Spy Magazine. Mossad most likely did it, but that's not good for riling up the $2600-reading kiddies. Israel also tapped the White House phone system a few years back.


And what makes you think that we don't illegally wiretap other countries governments? Why would Mossad have a use for listening in on us? You seriously need to get a clue.

Edited by Perf-149, 16 July 2007 - 10:08 PM.


#8 gbppr

gbppr

    DDP Fan club member

  • Members
  • 54 posts

Posted 16 July 2007 - 10:26 PM

And what makes you think that we don't illegally wiretap other countries governments?


We do - and they spy on us.

"France and Germany, and many other countries, require U.S. companies to register their encryption key for reasons of national security. All the American transmissions are monitored and the data is passed onto the local competitors. Companies like IBM finally began to routinely transmit false information to their French subsidiary just to thwart the French Secret Service..."

--- Excerpt from the book "Friendly Spies."
http://www.amazon.co...7...ks&v=glance

Why would Mossad have a use for listening in on us? You seriously need to get a clue.


Oh Lordy...

#9 Majest|c

Majest|c

    Dangerous free thinker

  • Members
  • 883 posts

Posted 16 July 2007 - 11:06 PM

And what makes you think that we don't illegally wiretap other countries governments?


We do - and they spy on us.

"France and Germany, and many other countries, require U.S. companies to register their encryption key for reasons of national security. All the American transmissions are monitored and the data is passed onto the local competitors. Companies like IBM finally began to routinely transmit false information to their French subsidiary just to thwart the French Secret Service..."

--- Excerpt from the book "Friendly Spies."
http://www.amazon.co...7...ks&v=glance

Why would Mossad have a use for listening in on us? You seriously need to get a clue.


Oh Lordy...


Mossad is one group that I would never fuck with ... I would rather run through a Federal Building with C4 strapped to me, then to fuck with them ...

#10 Perf-149

Perf-149

    Hakker addict

  • Members
  • 502 posts
  • Location:Location is key!

Posted 16 July 2007 - 11:16 PM

Hah, of course nobody would fuck with Mossad...

But do they harbor some anti American sentiments that I am not aware of? Planting a rootkit on a publicly used US bridge could be blamed on any number of sources, so why do you jump to Mossad so quickly? Prior record? They piss you off? Sort out your bias before you spew?

Edited by Perf-149, 16 July 2007 - 11:20 PM.


#11 gbppr

gbppr

    DDP Fan club member

  • Members
  • 54 posts

Posted 17 July 2007 - 02:20 AM

But do they harbor some anti American sentiments that I am not aware of? Planting a rootkit on a publicly used US bridge could be blamed on any number of sources, so why do you jump to Mossad so quickly? Prior record? They piss you off? Sort out your bias before you spew?


The articles in Eye Spy Magazine have much more background information on the people and techniques involved. Nobody said they were "anti-U.S."

Hint #1: Where were the 2004 Summer Olympics held?

Hint #2: What happened in 1972?

Hint #3: Stop reading Digg, and go to a library.

#12 greyarea_4.0

greyarea_4.0

    H4x0r

  • Banned
  • 35 posts
  • Location:075T

Posted 17 July 2007 - 02:37 AM

But do they harbor some anti American sentiments that I am not aware of? Planting a rootkit on a publicly used US bridge could be blamed on any number of sources, so why do you jump to Mossad so quickly? Prior record? They piss you off? Sort out your bias before you spew?


The articles in Eye Spy Magazine have much more background information on the people and techniques involved. Nobody said they were "anti-U.S."

Hint #1: Where were the 2004 Summer Olympics held?

Hint #2: What happened in 1972?

Hint #3: Stop reading Digg, and go to a library.


Since this is like a conversation, I might as well ask =)
What happened in 1972?

=)

#13 bjorn

bjorn

    H4x0r

  • Members
  • 35 posts

Posted 17 July 2007 - 12:54 PM

This is the problem with requiring a "lawful-intercept" option as it only takes time for it to be exploited and utilized by those other than LEOs. The FCC has demanded all US VOIP carriers have such an option in place by May of this year.

#14 Abhayaa

Abhayaa

    SUP3R 31337 P1MP

  • Members
  • 296 posts
  • Location:Too many handles, too many places.

Posted 24 July 2007 - 05:04 AM

Don't kid yourselves -- stupidity in being caught doesn't constitute being the first at anything except being stupid enough to be caught. It's been done before -- and not even always, or usually, by "secret agents". Spy agencies, in fact, probably would tend NOT to rootkit a switch because usually they are monitoring only a small number of lines on any given switch, and usually that is best/most easily done by more disposable technologies. This is why people are the number one asset in gaining information in the investigation world (if probably the most fallible -- and possibly because they are the most fallible).




BinRev is hosted by the great people at Lunarpages!