A Phone Exchange Rootkit
An article titled The Athens Affair appears in this month's IEEE Spectrum. In the article my colleague Vasilis Prevelakis and I provide an overview of the technical aspects of last year's cellphone wiretapping incident. An interesting aspect of the way the wiretapping took place is that it involved a rootkit that took advantage of the exchange's lawful interception capability.
The article is already making the rounds in the blogosphere.
Matt Blaze in his
sees the incident as evidence that the lawful interception interfaces
built into network infrastructure become inviting targets for abuse.
makes the same point, while emphasizing the importance of
logging and process;
two elements we found severly lacking as the case unfolded.
Finally, an entry
in the European Tribune provides some additional links and a discussion on the