Alleged Unfettered Snooping at a Major Telco

Blut Wump · 03-08-2008, 07:21 AM

Whistleblower: Cellular carrier giving FBI unfettered access

Computer security analyst Babak Pasdar says that a major mobile telecommunications carrier has a built-in backdoor that provides an undisclosed third-party with unfettered access to its internal technical infrastructure, including the ability to eavesdrop on all calls through its network. In an affidavit that describes the circumstances and basis for the allegations, Pasdar provides evidence which could indicate that the FBI is on the other side of the secret line, engaging in warrantless surveillance of mobile communications.

Pasdar discovered evidence of the backdoor when he was part of a rapid deployment team that was brought in to facilitate a large-scale network security hardware migration for the mobile carrier. During the migration, Pasdar was instructed not to migrate the traffic for one particular DS-3, which was referred to as the "Quantico Circuit" by consultants who worked closely with the carrier (the FBI Academy is based in Quantico, Virginia).

According to Pasdar, the consultants informed him that the Quantico Circuit is supposed to have no firewalls of any kind and no access control—it is given complete access to everything in the carrier's internal network and there is no way to tell conclusively what has been accessed through it. The consultants indicated that they knew who was at the other end of the Quantico Circuit, but they refused to divulge this information to Pasdar.

When Pasdar insisted that the Quantico Circuit should at least have the minimum level of security access logging if not access control, the consultants called the company's Director of Security, who threatened Pasdar, telling him that he would be replaced if he didn't forget about the circuit and continue with the migration.

In the affidavit, Pasdar says that the absence of access control systems and basic access logging for the Quantico Circuit represents a deviation from industry-acceptable use scenarios and notes that such a serious breach of security would generally be considered a breach of organizational policy. He also points out that even the internal offices and systems of the carrier don't have the same level of unfettered access to the network as the Quantico Circuit.

Although Pasdar has refused to name the carrier, and those working for the carrier who have knowledge of the Quantico Circuit's user aren't saying what they know, Wired's Threat Level blog connected the pieces and points us to the 2006 wiretapping lawsuit against the telcos, which alleges that Verizon "has engaged and maintained and still does maintain a high speed data transmission line from its wireless call center to a remote location in Quantico, Virginia, the site of a U.S. government intelligence and military base." The lawsuit also asserts that "the transmission line provided the Quantico recipient direct access to all content and all information concerning the origin and termination of telephone calls placed on the Verizon Wireless network as well as the actual content of calls."

Providing any third party with unfettered network access to such a broad spectrum of sensitive consumer data would seem to constitute a very clear violation of the Communications Act, which broadly forbids disclosure of such information. The lack of access controls and logging undermines safeguards against abuse by enabling the recipient of the data to operate entirely outside the realm of accountability. This is particularly disturbing if the recipient of the Quantico Circuit is the FBI, because the agency has a long history of intelligence abuses and has been found to have a serious lack of meaningful internal oversight.

Ulter · 03-08-2008, 08:14 AM

Your going to see a lot more of these in the next couple years.

Harleymarleybone · 03-09-2008, 05:40 PM

Don't see anything different (or illegal) here from the NSA's data mining program. Having access to and analyzing call detail records itself does not prove spying on content. Now, if there are records of warrantless spying on content of domestic callers, that would be another matter.

Blut Wump · 03-10-2008, 12:48 AM

Call detail records and the calls themselves can be snooped on, according to the expert's report on the setup.

The issue would seem to be the utter and intended lack of any oversight and the ensuing reasonable conclusion that the Telco has been coerced into permitting and facilitating unfettered and untrackable warrantless eavesdropping.

Access to the call detail records alone would, by my understanding of your laws, currently be legal. That the FBI has a functioning wiretap on the whole network would seem to be illegal. Providing it to them also seems to be illegal.

Harleymarleybone · 03-10-2008, 11:56 AM

Quote:

Originally Posted by Blut Wump

That the FBI has a functioning wiretap on the whole network would seem to be illegal. Providing it to them also seems to be illegal.

I dunno. The NSA has had this capacity with land lines and email for a long time. I don't see anything new here, in substance. Depends on what they are doing with the access. They could mine the call detail records, and if something looks suspicious and is international, go the next step, and eavesdrop or get a FISA warrant if necessary. The legality of this sort of thing is being debated in Congress right now.

Blut Wump · 03-11-2008, 12:56 AM

I think the point is that the line takes away any need to have any 'next step'. The allegation is that they have an unmonitored, active wiretap on the whole Verizon cellular system.

Whether anyone chooses to listen in isn't relevant; there's no way of knowing, anyway, since the system is prevented from logging any activity.

Harleymarleybone · 03-11-2008, 11:30 AM

Quote:

Originally Posted by Blut Wump

I think the point is that the line takes away any need to have any 'next step'. The allegation is that they have an unmonitored, active wiretap on the whole Verizon cellular system.

Whether anyone chooses to listen in isn't relevant; there's no way of knowing, anyway, since the system is prevented from logging any activity.

There has to be a number of discrete technical steps you take from having access to the whole network to pinpointing one conversation and eavesdropping on it. And the usual policies and laws would apply to taking those steps. The postal service is unmonitored too, in the sense it's employees could be peaking in your mail without others finding out. In many cases, there would be no way of knowing, and no logging of any activity. It could still be illegal, and any info useless in court. Same with the Verizon access. So, I don't see a *new* problem or issue here.

solidspine · 03-16-2008, 07:04 PM

The FBI is the biggest bunch of losers that we pay for as taxpayers.

Complete idiots, Only concerned with nonsense, have no idea what day, week or month it is.

I wish I paid for there crack, they may accidentally wake up, after an overdose,

Right now like a daffy duck carton, running into each other in the dark.

03-08-2008, 07:21 AM	#1 (permalink)
Blut Wump The Venerable Wump Join Date: Feb 2007 Location: UK Posts: 7,539 Rep Power: 428436	Alleged Unfettered Snooping at a Major Telco Whistleblower: Cellular carrier giving FBI unfettered access Computer security analyst Babak Pasdar says that a major mobile telecommunications carrier has a built-in backdoor that provides an undisclosed third-party with unfettered access to its internal technical infrastructure, including the ability to eavesdrop on all calls through its network. In an affidavit that describes the circumstances and basis for the allegations, Pasdar provides evidence which could indicate that the FBI is on the other side of the secret line, engaging in warrantless surveillance of mobile communications. Pasdar discovered evidence of the backdoor when he was part of a rapid deployment team that was brought in to facilitate a large-scale network security hardware migration for the mobile carrier. During the migration, Pasdar was instructed not to migrate the traffic for one particular DS-3, which was referred to as the "Quantico Circuit" by consultants who worked closely with the carrier (the FBI Academy is based in Quantico, Virginia). According to Pasdar, the consultants informed him that the Quantico Circuit is supposed to have no firewalls of any kind and no access control—it is given complete access to everything in the carrier's internal network and there is no way to tell conclusively what has been accessed through it. The consultants indicated that they knew who was at the other end of the Quantico Circuit, but they refused to divulge this information to Pasdar. When Pasdar insisted that the Quantico Circuit should at least have the minimum level of security access logging if not access control, the consultants called the company's Director of Security, who threatened Pasdar, telling him that he would be replaced if he didn't forget about the circuit and continue with the migration. In the affidavit, Pasdar says that the absence of access control systems and basic access logging for the Quantico Circuit represents a deviation from industry-acceptable use scenarios and notes that such a serious breach of security would generally be considered a breach of organizational policy. He also points out that even the internal offices and systems of the carrier don't have the same level of unfettered access to the network as the Quantico Circuit. Although Pasdar has refused to name the carrier, and those working for the carrier who have knowledge of the Quantico Circuit's user aren't saying what they know, Wired's Threat Level blog connected the pieces and points us to the 2006 wiretapping lawsuit against the telcos, which alleges that Verizon "has engaged and maintained and still does maintain a high speed data transmission line from its wireless call center to a remote location in Quantico, Virginia, the site of a U.S. government intelligence and military base." The lawsuit also asserts that "the transmission line provided the Quantico recipient direct access to all content and all information concerning the origin and termination of telephone calls placed on the Verizon Wireless network as well as the actual content of calls." Providing any third party with unfettered network access to such a broad spectrum of sensitive consumer data would seem to constitute a very clear violation of the Communications Act, which broadly forbids disclosure of such information. The lack of access controls and logging undermines safeguards against abuse by enabling the recipient of the data to operate entirely outside the realm of accountability. This is particularly disturbing if the recipient of the Quantico Circuit is the FBI, because the agency has a long history of intelligence abuses and has been found to have a serious lack of meaningful internal oversight.

03-08-2008, 08:14 AM	#2 (permalink)
Ulter Chairman of the board Join Date: Feb 2000 Location: Orlando Posts: 27,639 Rep Power: 303044	Your going to see a lot more of these in the next couple years. __________________ > . . When you register at www.theafstore.com make sure you register as an AF Board Member to get the discounted pricing.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Helpful links suggested by members
Cycles for Pennies a day by DC	The original thread by Dogg Crapp aka Dante
Pubmed	National Institute of Health Public Library.
Real Sports Report on Steroids	The truth about steroids that only HBO would present. MP4 Large file. Use Real Player
Merck Medical Manual	Merck manual of medical information
AAS: Mechanism of Action and Effects on Performance	Encyclopedia of Sports Medicine and Science California State Univ. Explanation of AAS effects on athletes
Carlorie King	The world's largest food database
ExRx Exercise and Muscle Directory	Exercises by muscle parts and vice versa. Includes video of popular exercises.
Wholesale Hair Products	Nizoral and other hair products
USDA National Nutrient Database	The nutritional value of all foods.
Fitday.com	Detailed Nutrition for 1,000's of foods with macro breakdowns
List of brand names for drugs	What various drugs are called by name brands around the world.
Getpinz.com	Medical and lab supplies
Health Tests Direct	Blood tests by mail without a prescription

03-09-2008, 05:40 PM	#3 (permalink)
Harleymarleybone AKA Conan The Librarian Join Date: Feb 2007 Location: Malibu Holding Cell Posts: 298 Rep Power: 0	Don't see anything different (or illegal) here from the NSA's data mining program. Having access to and analyzing call detail records itself does not prove spying on content. Now, if there are records of warrantless spying on content of domestic callers, that would be another matter.

03-10-2008, 12:48 AM	#4 (permalink)
Blut Wump The Venerable Wump Join Date: Feb 2007 Location: UK Posts: 7,539 Rep Power: 428436	Call detail records and the calls themselves can be snooped on, according to the expert's report on the setup. The issue would seem to be the utter and intended lack of any oversight and the ensuing reasonable conclusion that the Telco has been coerced into permitting and facilitating unfettered and untrackable warrantless eavesdropping. Access to the call detail records alone would, by my understanding of your laws, currently be legal. That the FBI has a functioning wiretap on the whole network would seem to be illegal. Providing it to them also seems to be illegal.

03-11-2008, 12:56 AM	#6 (permalink)
Blut Wump The Venerable Wump Join Date: Feb 2007 Location: UK Posts: 7,539 Rep Power: 428436	I think the point is that the line takes away any need to have any 'next step'. The allegation is that they have an unmonitored, active wiretap on the whole Verizon cellular system. Whether anyone chooses to listen in isn't relevant; there's no way of knowing, anyway, since the system is prevented from logging any activity.

03-16-2008, 07:04 PM	#8 (permalink)
solidspine Retired Join Date: Feb 2002 Posts: 6,622 Rep Power: 0	The FBI is the biggest bunch of losers that we pay for as taxpayers. Complete idiots, Only concerned with nonsense, have no idea what day, week or month it is. I wish I paid for there crack, they may accidentally wake up, after an overdose, Right now like a daffy duck carton, running into each other in the dark.