*What do you know. That was a nine-days' wonder at the time. I wonder who else they managed that trick on.
RISKS-LIST: Risks-Forum Digest Saturday 3 October 2015 Volume 29 : Issue 01
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
(…)
———————————————————————-
Date: Wed, 30 Sep 2015 10:13:42 -0700
From: Henry Baker
Subject: NSA's Trojan Horse Scored Gold at Athens Olympics
The NSA – with the secret approval of the Greek govt – installed a malware
implant that utilized existing 'lawful intercept' capabilities of the
Ericsson system to spy during the Athens Olympics. But since the 'lawful
intercept' capabilities of the Ericsson system had never been legally
approved or paid for, the logging function of the 'lawful intercept' system
was never turned on.
However, post-Olympics, the implants were not only not removed, but upgraded
to subsequently spy on the the top officials of the Greek govt. The
Ericsson telephone system in Greece became a *roach motel* – the NSA
implants checked in, but they never checked out.
We now know why FBI Director Comey loves 'lawful intercept' capabilities of
phone systems so much; they supply a substantial attack surface that's easy
to subvert!
Incredible irony: in the ancient Greek world, the "Olympic Truce" protected the Games from war-like behavior:
https://en.wikipedia.org/wiki/Olympic_Truce
'During the Truce period (lasting up to three months), wars were suspended,
armies were prohibited from threatening the Games, legal disputes were
stopped, and death penalties were forbidden'
'2004 Athens Summer Games: The Olympic Truce was promoted through Olympic
Flame Relay [NSA's "Olympic Frame Relay" !?!] events. The UN supported the
IOC in asking the nations of the world to stop all wars for 16 days during
the Games.'
Some quotes from this too-long article:
``The world will be watching and so will NSA!''
``The key to the operation was hijacking a particular piece of software, the
`lawful intercept' program.''
``Exploiting the weaknesses associated with lawful intercept programs was a common trick for NSA.''
``But without the IMS [logging] program there would be no audit trail.''
'But less than a week later, long after the Olympic Torch had been
extinguished, new malware was implanted.'
``They [NSA] said when the Olympics is over, we'll turn [the interception
capability] off and take it away. And after the Olympics they turned it off
but they didn't take it away and they turned it back on and the Greeks
discovered it.''
``They never [remove the malware implants]. Once you have access, you have
access. You have the opportunity to put implants in, that's an
opportunity.''
``From the very start, according to a former senior Greek official involved
in the investigation, there was no doubt within the highest levels of
government that the U.S. was behind the bugging.''
Snowden docs pertinent to the Athens Olympic Trojan Horse:
https://cryptome.org/2015/09/nsa-rogue-olympics.zip
James Bamford, A Death in Athens: Did a Rogue NSA Operation Cause the Death
of a Greek Telecom Employee?, 29 Sep 2015
https://theintercept.com/2015/09/28/death-athens-rogue-nsa-operation/
Documents published with James Bamford's item:
Another Successful Olympics Story
Exploiting Foreign Lawful Intercept Roundtable
Gold Medal Support for Olympic Games
NSA Team Selected for Olympics Support
SID Trains for Athens Olympics
——————————
