random Δημοσ. 16 Ιουλίου 2007 Δημοσ. 16 Ιουλίου 2007 The Athens Affair By: Vassilis Prevelakis and Diomidis Spinellis Αρθρο για την υπόθεση των υποκλοπών, το 2005. Τίποτα νέο στο αστυνομικό, πολιτικό θέμα, αλλα ενδιαφέρον απο τεχνική άποψη, γραμμένο σε κατανοητή γλώσσα (ευτυχώς όχι "γιαννακουδάκεια"). επιλογές μου... The intruders' task was particularly complicated because they needed to install and operate ... without being detected by Vodafone or Ericsson system administrators. ...needed access to the rogue software to update the lists of monitored numbers and shadow phones. These activities had to be kept off all logs, while the software itself had to be invisible to the system administrators conducting routine maintenance activities. The intruders achieved all these objectives.... ... ... They took advantage of the fact that the AXE allows new software to be installed without rebooting the system ... ... ... the software included a back door to allow the perpetrators to control it in the future. This, too, was cleverly constructed to avoid detection. ...modified the exchange's command routine status—so that innocuous commands followed by six spaces would deactivate the transaction log and the alarm associated with its deactivation, ..In effect, it was a signal to allow operations associated with the wiretaps but leave no trace of them. It also added a new user name and password to the system, which could be used to obtain access to the exchange. ... ... ... Creating the rogue software so that it would remain undetected required a lot of expertise in writing AXE code, an esoteric competency that isn't readily available in most places. But as it happens, for the past 15 years, a considerable part of Ericsson's software development for the AXE has been done under contract by a Greek company based in Athens, Intracom Telecom. The necessary know-how was available locally and was spread over a large number of present and past Intracom developers. ... ... ... key material has been lost or was never collected. For instance, in July 2005, while the investigation was taking place, Vodafone upgraded two of the three servers used for accessing the exchange management system. This upgrade wiped out the access logs and, contrary to company policy, no backups were retained. Some time later a six month retention period for visitor sign-in books lapsed, and Vodafone destroyed the books corresponding to the period where the rogue software was modified, triggering the text-message errors. ... ... ... The response of Greek law enforcement officials also left a lot to be desired. Police could have secured evidence by impounding all of Vodafone's telecommunications and computer equipment involved in the incident. Instead it appears that concerns about disruption to the operation of the mobile telephone network led the authorities to take a more light-handed approach—essentially interviewing employees and collecting information provided by Vodafone—that ultimately led to the loss of forensic evidence. ... ... ... It is particularly important not to turn the investigation into a witch hunt. Especially in cases where the perpetrators are unlikely to be identified, it is often politically expedient to use the telecom operator as a convenient scapegoat. This only encourages operators and their employees to brush incidents under the carpet, and turns them into adversaries of law enforcement. http://www.spectrum.ieee.org/print/5280
Προτεινόμενες αναρτήσεις
Αρχειοθετημένο
Αυτό το θέμα έχει αρχειοθετηθεί και είναι κλειστό για περαιτέρω απαντήσεις.