Government communication illegally wiretapped in Greece

By EDRi · February 15, 2006

Over a 100 phone numbers of Greek Government officials were illegally
wiretapped for 11 months, during and after the 2004 Olympic games. This
was confirmed on 2 February 2006 by three ministers during the daily
Greek government press conference.

The illegal wiretaps were discovered in March 2005 during a
routine control at Vodafone, one of the main mobile providers in Greece.
Those under surveillance included the Prime Minister, many ministers, the
police, army and intelligence heads and headquarters, along with left wing
political activists, journalists, and lawyers. The system was deactivated
by the mobile operator too soon to trace the perpetrators, yet their
approximate location was interpreted by some in the media as being
suspiciously close to the US embassy in Athens.

The events received world-wide coverage yet most news agencies
failed to highlight the technology policy implications of the affair. The
illegal wiretaps used the “lawful interception subsystems” present in most
telecommunication equipment that security services and law enforcement to
listen to a live copy of every call. The perpetrators managed to bypass the
authorisation mechanisms by technical means or or, more likely, by using an
insider, then installed software on the control computers of Vodafone that
redirected the monitored calls to a group of “shadow” pre-paid mobile
phones, from which the conversations could be listened to and recorded.
Traffic data including the location of the handsets under surveillance may
also have been collected.

These interception interfaces first came to light in 2001, when
they were standardised by the European Telecommunications Standard
Institute (ETSI). Many specialists predicted that “surveillance by
design” would introduce a systemic vulnerability into the communication
infrastructure that would in time be inevitably abused. The Greek case
confirms this grim prediction, yet no word has been spoken about reversing
this trend.

The matter is now being investigated by the Greek justice, but polls reveal
that many people are pessimistic about ever finding the perpetrators and are
distrustful of the overall state of mobile phone privacy. The government is
wary of blaming Vodafone for the security breach. If the operator had not
raised the alarm no one would have ever known about the illegal wiretapping,
the minister of Interior admitted.

The independent authority whose job it is to preserve the confidentiality of
communications learnt of the case at the same time the journalists were
briefed, nearly a year after the discovery and the deactivation of the
monitoring operation. So far the response of the government has
been to look at strengthening the legal apparatus to protect citizens
against illegal wiretapping, without considering any of the technical
telecommunication security options. As a Greek journalist remarked during
a press conference, the current, already modern and sophisticated, legal
apparatus seems to have failed at each and every stage.

Some translations of the Greek ministers’ press conferences with a focus
on technical details
http://homes.esat.kuleuven.be/~gdanezis/intercept.html

Some technical manuals of the Interception Management Systems and AXEs
from Ericsson (similar to the equipment used by Vodafone)
http://www.quintessenz.at/cgi-bin/index?id=000100003502
http://www.wedophones.com/EricssonManualsLead.htm

Greek Government Press Briefing (Greek only, 2.02.2006)
http://www.hri.org/news/greek/kyber/2006/06-02-02.kyber.html

Wiretaps of phones and ministers (Greek only, 2.02.2006)
http://ta-nea.dolnet.gr/print_article.php?e=A&f=18454&m=N01&aa=0

Athens Olympics phone tapping revealed (3.02.2006)
http://www.guardian.co.uk/international/story/0,,1701218,00.html

The ETSI Interception Dossiers (27.03.2001)
http://cryptome.org/etsi-intercept.htm

ETSI Lawful Interception Summary
http://portal.etsi.org/li/Summary.asp

The masts betrayed the bugs (Greek only, 13.02.2006)
http://ta-nea.dolnet.gr/print_article.php?e=A&f=18463&m=N08&aa=1

Press Release – Authority for the assurance of the confidentiality of
communications (ADAE) (Greek only, 6.02.2006)
http://www.adae.gr/adae/viewarticle.html?langid=el&articleid=73

(Contribution by Dr George Danezis from Katholieke Universiteit Leuven)