The Greek wiretapping case from 2004-2005 proves to be a very intriguing tale of not so long ago. The case involved a rootkit being installed on the switches of Greek wireless provider Vodafone Greece with the lead up to the Athens Olympics and well beyond. The incident is beyond technically interesting though, it’s a lesson hard-learned on responding to security incidents. The case is well written up in an IEEE Spectrum article. The author, as did the authorities, took the company to task for their fumbling response that destroyed crucial evidence. They also call for the creation of a skilled international police force capable of properly performing cyber forensics.
On 9 March 2005, a 38-year-old Greek electrical engineer named Costas Tsalikidis was found hanged in his Athens loft apartment, an apparent suicide. It would prove to be merely the first public news of a scandal that would roil Greece for months.
The next day, the prime minister of Greece was told that his cellphone was being bugged, as were those of the mayor of Athens and at least 100 other high-ranking dignitaries, including an employee of the U.S. embassy.
Starting off quite sensationally, the story gets more serious from both a technical and managerial perspective. The case, generally unsolved, involves someone with very specific knowledge of the systems they were working on or a very talented hacker. Access to your systems from moles and hackers is greatly stressed when reading the extent this incident was able to permeate the network’s high-ranking customers.
It took guile and some serious programming chops to manipulate the lawful call-intercept functions in Vodafone’s mobile switching centers. The intruders’ task was particularly complicated because they needed to install and operate the wiretapping software on the exchanges without being detected by Vodafone or Ericsson system administrators. From time to time the intruders needed access to the rogue software to update the lists of monitored numbers and shadow phones. These activities had to be kept off all logs, while the software itself had to be invisible to the system administrators conducting routine maintenance activities. The intruders achieved all these objectives.
You can read the full article at: http://spectrum.ieee.org/telecom/security/the-athens-affair/0
Another perspective can be seen in the Wikipedia article of the incident.
It reminds me a bit of the instance retold in Kevin Mitnick’s book Ghost in the Wires where he social engineers his way into getting a specialized cell phone sent his way with an unlocked firmware but far worse.