blog dds

2007.07.08

A Phone Exchange Rootkit

An article titled The Athens Affair appears in this month's IEEE Spectrum. In the article my colleague Vasilis Prevelakis and I provide an overview of the technical aspects of last year's cellphone wiretapping incident. An interesting aspect of the way the wiretapping took place is that it involved a rootkit that took advantage of the exchange's lawful interception capability.

The article is already making the rounds in the blogosphere. Matt Blaze in his blog entry sees the incident as evidence that the lawful interception interfaces built into network infrastructure become inviting targets for abuse. Steven Bellowin's blog entry makes the same point, while emphasizing the importance of logging and process; two elements we found severly lacking as the case unfolded. Finally, an entry in the European Tribune provides some additional links and a discussion on the article.
IEEE Spectrum cover

Read and post comments    AddThis Social Bookmark Button


Creative Commons License Last modified: Friday, July 13, 2007 1:58 pm
Unless otherwise expressly stated, all original material on this page created by Diomidis Spinellis is licensed under a Creative Commons Attribution-Share Alike 3.0 Greece License.