06.01.2017
New Article: A Death in Athens -- The Inherent Vulnerability of »Lawful Intercept«
by James Bamford
I will discuss the »Athens Affair,« the subject of a recent investigation by me in The Intercept. In 2004, the NSA and CIA worked secretly with the Greek government to subvert Vodafone and other telecom companies in order to conduct widespread eavesdropping during the 2004 Athens Summer Olympics. The NSA agreed, however, to remove the spyware once the games were over. But rather than remove it, they instead secretly turned it on the top members of the Greek government and members of the Greek public, including journalists. When the covert operation was accidentally discovered, however, a Vodafone engineer involved was found dead, either by suicide or murder, and the death was officially connected to the bugging operation. I will show how the operation was pulled off, by recruiting an inside person, then subverting the company’s »lawful intercept« program, and transferring the data back to NSA headquarters at Fort Meade. The episode demonstrates the enormous vulnerability of widespread »lawful intercept« programs, and government backdoors in general, and also how the NSA often uses a »bait and switch« in its operations – promising to help find terrorists, but really spying on the host government and local population instead.
This paper is a transcript of the talk held at DeepSec 2015
This article appears in the special edition „In Depth Security – Proceedings of the DeepSec Conferences Vol. 2“. Edited by Stefan Schumacher and René Pfeiffer
http://www.sicherheitsforschung-magdeburg.de/uploads/journal/MJS_048_Bamford_DeathinAthens.pdf
