As some of you may remember, there was a scandal in Greece back in February 2006 involving the interception of mobile phones belonging to high-level government officials, including the Prime Minister. The CALEA software on the Ericsson switches used by Vodafone was blamed; it had apparently been surrepticiously turned on and was copying traffic to an equal number of "shadow" phones. An thorny point in the investigation was the revelation that the "shadow" phones had also been used to make phone calls to Laurel, MD. An interview with James Bamford on the possible role of the NSA in the "Mavili-gate" was published in last Sunday's (5/8) "To Vima", one of the major Athens newspapers. I contacted the journalist, Alexis Papahelas, asking for permission to forward the article to this list, and he was kind enough to send me the original raw transcript. Here it is, very slightly edited for obvious transcription mistakes. The published article (in Greek) can be found in: http://www.tovima.gr/print_article.php?e=B&f=14755&m=A20&aa=1 -- Mr. Bamford Good Evening from Athens, thank you very much for being with us tonight. JB: My pleasure -- Let me ask you first of all, there has been a lot of discussion here in Greece about this lawful interception software, explain to me what it is, and whether the US put pressure on worldwide companies to install that after 9/11 especially? JB: Well the software is basically used to attach to commercial communication facilities, like the AT&T in the US, or whatever commercial company it is, and anything that goes over these communication facilities gets picked up, whether it is e-mail, or telephone calls and divert it to the US Government, whoever attached the equipment. -- Is it your understanding that most of the hardware companies around the world, that provide mobile telephone companies with equipment, had this installed at some point? JB: Well in the US there was a lot of requiring that US companies do it, but around the world I think there was pressure by the US for a lot of the friendly countries to the US, allied countries to do as much as they can in terms of domestic eavesdropping and this type of equipment is most useful for that. -- As you know, during the Olympics here in 2004, a lot of the US intelligence agencies were here, based here, they had a lot of equipment here, now do you imagine they were able back then to monitor conversations between mobile phones here in Greece? JB: Oh, the technology has been long in existence for them to be able to monitor mobile phone calls, the US monitors phone calls all over the world, and it has the equipment, so I would imagine that especially since there was a large US contingency at the Olympics in Athens, that they would have, the NSA would have had a presence there with an eavesdropping capability. -- Give us a sense of you know, what an NSA operation would entail here in Greece. JB: Well, what would have happened was, the US would fly over a team plus equipment. They would first scan out the best places to maybe put antennas to intercept microwave communications, communications that would carry mobile phone signals, for example. On the other hand they could have also worked out an agreement with Greek telecommunications companies, or the Greek Government to install NSA equipment on their facilities in order to monitor the communications, so it is hard to say but there is very little question that the NSA did a lot of monitoring during that period of time. -- What you are saying is very important to us, so to my understanding is that the NSA does strike, I suppose secret agreements, with phone companies around the world, is that what you are saying? JB: Oh sure, it tries as much as it can to get phone companies around the world to co-operate with the NSA in order to help its world-wide monitoring operations. -- And would it be acceptable for them also, to try to recruit some people from inside the companies, if they cannot strike such an agreement? JB: Yeah, NSA does that too it will try to make a deal, to get somebody to co-operate. In the old days the NSA would try to get a code-clerk at an Embassy to co-operate, but these days they try to get people, that have access to large databases, or telecommunications facilities. -- We have sent you e-mails, and you have an idea of what this Greek system of interception looked like. Does it tell you something, I mean how sophisticated is it, does it tell you it is a US intelligence agency, a British, somebody else? What is your assessment? JB: Well I think it is pretty much a standard communications system, in terms of mobile phone calls and so forth, they all pretty much operate the same way, it is just that it is a different frequency, maybe some different equipment, but the ideas are that the signals go from the hand-held cell-phone to a repeater and from a repeater to maybe another repeater, eventually making their ways back to central telephone exchange where the information is retransmitted out to wherever it is supposed to go, so the NSA is set up for one reason and that is to eavesdrop on communications around the world so this would not be a tremendous technological difficulty for them. -- But can you say with some certainty that this was an American operation, or it could be somebody else? JB: Well, I am just speculating because I don't know for sure, but if the NSA was over there during the Olympics, and the US almost always sends a team consisting of people including NSA people to major events around the world, where Americans are going to take part, to try to find out if there is going to be any terrorism, and one way of doing that is by monitoring the communications, that go through the air, the communications that are communicated both internally and externally from that country. -- How many mobile phone-call-conversations could the NSA monitor in a country like Greece on any given day? JB: It is hard to say. What they would probably do , is to focus on the key-links where they think that the bulk of the communications-exchanges are going to be and probably intercept those kind of communications. And once they intercept them, the NSA would have computer-facilities so that the communications would go through the computers and they are probably going to be looking for calls from Afghanistan, information that they think is very susceptible to terrorism, for example in other words numbers that they have of previous terrorist contacts. They would all be fed in the computer, and then any e-mail or telephone-call with those numbers or e-mail- addresses would be kicked out. -- Now, who translates all of these things, because I imagine it is like thousands of hours of conversations that are being transmitted to NSA. everyday. JB: Well it is, but they take in enormous amounts of communications, but filters, computerized filters sort of get rid off by 98% of it, and there is only a 2% that actually gets analyzed in the end. And those 2% are whether names in the computer, people that they are suspicious of, telephone numbers that they are looking for, e-mail-addresses, and once they get down to those, and they do have a number of people that speak a wide variety of languages, including Greek at NSA. -- What is the most technologically advanced way of intercepting mobile phone conversations? Because for a while we are assuming that the code of transmitting over the air is safe. Is it still safe or has the NSA broken it? JB: No, if the communications are traveling through the air, which they do by a mobile phone call, they are going to go a very short distance so they get to a repeater and they eventually go to a central telephone office, so again if you are able to intercept those signals as they go through the air, which you would basically just need a microwave antenna, or if you have co-operation of the company or the Government, then you can get access of that. I mean they are not intercepting the entire communications systems by entering or leaving the country, certainly, but they are probably looking at certain key communications-node, where they think there may be communications coming from lets say places like Afghanistan, or Iraq or some place like that. -- Give us a sense of the Size of NSA, in terms of the budget of people working for it and so on. JB: NSA is the largest intelligence agency in the world, and it is twice the size of the CIA, it is far more secret, and it has about 38.000 people. Again NSA's entire job, at least until recently, was to spy overseas, to eavesdrop on communications in foreign countries. So most of those people are either at the headquarters at NSA, or else in countries around the world. NSA over the years has had a number of facilities in Greece at various times, I am not sure if they have one there now, but in the past they have had bases in Greece. -- And do you think they are focusing in that area from what you know, from your research, was Greece always sort of an important target for them? JB: Well, Greece has always been a target, I think it depends on world climate how important it is at various times, I mean right now it probably has less importance than it did in other times, because now they are focusing primarily on Iraq, Iran, Afghanistan, N. Korea, areas like that, but if it looks like some terrorists are coming into Greece, or are operating in Greece, or if it looks like the Government may be communicating with countries that the NSA is very interested in, such as Iran, Iraq or any places in the Middle East than the NSA would be very interested. -- Let me go back to what was the Greek system and so on.You had said in previous answer that there are very few people in the world, that could actually manipulate this Eriksson software in order to gain access to this system. How many people in the world have this kind of knowledge? JB: I don't know how many people around the world, but NSA's job, that is their entire job. This agency was created for one purpose and that is to eavesdrop on the maximum matter of communications around the world. NSA could find a way to get a trapped door or a back door into say an Eriksson telephone system, you know they would do it. Because those systems are used by people all over the world. -- In this case we are talking about a very big cell-phone- company, VODAFONE, which is a multinational as you know, would they risk you think their reputation, and you know, go ahead and co-operate with NSA at that level? JB: I would think that they would not co-operate at that level, but what the NSA normally does, is it hires people that have worked for companies like that, and these people tell them how the systems work and then their job with NSA is to reverse engineer these systems, to find ways into them, so although I doubt that the head of Eriksson would co-operate with NSA, the NSA has enormous technological capabilities to find sort of back doors, or trapped doors, or ways by reversed engineering into these systems. -- Knowing how these people work there is a legal investigation, a judicial investigation here in Greece, do you think they will ever find the answers, I mean who was behind this interception, any physical evidence, any traces? JB: Well, it is hard to say. This happened in the US several times, where there has been a question, whether monitoring has been legal or not, and they have looked into it occasionally and they have found an answer as to who was involved with it, but a lot of times they do not find him. Again with NSA, NSA keeps its information so very-very secret, they wouldn't even let the judges on the surveillance court, they are supposed to prove NSA warrants about it, they wouldn't let Congress except for 8 people. Over 500 people know about it, so NSA tries to keep it extremely secret. -- You are one of the world experts in this kind of issues, so if you had to take a bet today who was behind this kind of operations in Greece? JB: I just cant say, I don't know enough information about it , all I can tell you is that NSA's job is eavesdropping on communications around the world , Greece is a target occasionally whenever they think there is something important. NSA has bases in Greece and NSA looking for indications of terrorism during the Olympics, so whether they are involved with this recent operation I don.t know but certainly they have an interest in it. -- Your advice to someone using a mobile phone, should they talk openly or no? JB: The problem, cell phones also, there is not kind of information that the NSA cant eavesdrop on one way or another, this is why in the USA there is a big debate right now about making the NSA go through a quirk and get an authorization before they eavesdrop on somebody, but overseas the NSA can eavesdrop on anybody they want, there is no restriction on eavesdropping in Greece, even if there was an American in Greece, NSA could eavesdrop on that person without going through a quirk. -- so you are saying even the crypto phones that the prime minister/government/military are using they are vulnerable to this kind of penetration you say. JB: Well, crypto phones are probably NSA's biggest targets around the world, whether or not the NSA was able to break the encryption of the algorithm to get into those phones I don't know. I don't have this information, but I know obviously NSA's key job, NSA's first job is intercepting communications, and second job is breaking codes such as the codes that encrypts that communications, and third job is making USA encryption systems. -- Thank you --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]