Schneier on Greek wiretapping, Blaze on US wiretapping

Bruce Schneier writes about a wiretapping scandal in Greece:

Schneier on Security: More on Greek Wiretapping:

The attackers managed to bypass the authorization mechanisms of the eavesdropping system, and activate the "lawful interception" module in the mobile network. They then redirected about 100 numbers to 14 shadow numbers they controlled. (Here are translations of some of the press conferences with technical details. And here are details of the system used.)

There is an important security lesson here. I have long argued that when you build surveillance mechanisms into communication systems, you invite the bad guys to use those mechanisms for their own purposes. That's exactly what happened here.

In a related note, Matt Blaze is going to be talking at Stanford about holes in the US CALEA in-band signalling used to control domestic wiretaps:

Topic: Signaling Vulnerabilities in Law-Enforcement Wiretap Systems

Speaker: Matt Blaze
University of Pennsylvania

About the talk:

Telephone wiretap and dialed number recording systems are used by
law enforcement and national security agencies to collect
investigative intelligence and legal evidence. This talk will
show how many of these systems are vulnerable to simple,
unilateral countermeasures that allow wiretap targets to prevent
their call audio from being recorded and/or cause false or
inaccurate dialed digits and call activity to be logged. The
countermeasures exploit the unprotected in-band signals passed
between the telephone network and the collection system and are
effective against many of the wiretapping technologies currently
used by US law enforcement, including at least some ``CALEA''
systems.

Both of these are via Dave Farber's "interesting people" list.