[smb at cs.columbia.edu: serious threat models]

[Tyler Durden]

Coderman's on to something here...


>if you knew what you were doing it would be straightforward to insert
>a promiscuous device on the LAN or add a process on the unix host used
>by the softswitch that listened for incoming calls from a given set of
>MIN's and one way conference these calls to a third party*.  if you
>had access to a current version of the softswitch software itself for
>modification it would be even easier (most companies license sources
>and tailor or customize the software to run these switches so it's not
>quite as simple as a generic drop in replacement).
>
>it took "a professional" to do this, sure, but the number of people
>skilled enough to pull this off is not a small number.

I actually strongly suspect Vodaphone cooperation in this.

"Seeding" a remote software upgrade to a switch like this is extremely 
difficult if you're coming in from another vendor's gear. Right now I 
believe they would've had to gain physical access and install the software 
in person, otherwise they'd have to go through the local Greek NOC.

I suppose it's POSSIBLE they modified the Vodaphone software and remotely 
seeded it without anyone being the wiser, but what? No one noticed a bunch 
of DS0s were all of a sudden provisioned with unknown traffic?

But no doubt they had copies of the gear, no doubt they had access to the 
firmware code, no doubt they had telco gear coders (something that's 
practically nonexistent in Greece right now)...

If you ask me, Vodaphone's playing dumb in light of EFF suing AT&T. They 
realized there's no way they code hide that if someone was inspired to start 
looking more closely.

-TD