(revised March 2007)An article I wrote for the March 20, 2006 edition of U.S. liberal
weekly The Nation ("An
Olympian Scandal") caused uproar in Greece when it appeared
on March 2. The Karamanlis government had learned from mobile telephone
provider Vodafone Greece back in March 2005 that some high-tech entity, apparently nervous about Greek security preparations for the
2004 Olympic Games, had been listening to the mobile phone conversations
of Greek officials and various activists and Middle Easterners from the
summer of 2004. In an open democracy with a free press, covering up
scandals is a mistake. When the story finally leaked out on February 2,
2006 as
such stories eventually do, the government took a heavy beating in the
press and the public opinion polls. The Public Order Minister, who had
pointed the finger at the U.S. Embassy, ended up being demoted to Culture
Minister.
My article was crafted for a U.S. audience, to remind Americans of the serious political harm espionage scandals do to
friendly governments. This is one of
several reasons the more polite and cautious State Department is usually a better
guide to foreign policy than its aggressive but parochial rivals in the
CIA and Pentagon.
A Greek journalist friend made my article the lead headline in Eleftherotypia,
and it was picked up by other Athens newspapers on March 3, 2006. I spoke to Greek
journalists (Mega TV, Alter, Channel 9 and Ta Nea) to clarify the record. Greeks were disappointed to
learn I had no private information about the scandal, simply
analytical common sense. "Ta
Nea" (headline story of March 2, 2006) found anonymous sources in Vodafone and the Greek
government to assert CIA responsibility. Other agencies seem more
likely.
Since I wrote my article, the Greek Authority for the Assurance of Information and Communication
Privacy (ADAE)
has produced three reports. Crucial details of the eavesdropping remain
secret, but one important fact emerged in that report: the eavesdropping
began just before the Olympic Games started in August 2004, ended
when the Para-Olympic games finished in September 2004, and then resumed
sometime in October 2004. This fact, if true, lends itself to
scenarios implying shared culpability.
There are legitimate public safety reasons not to reveal in public
that you are monitoring organized crime figures and terrorism suspects
even when it is legal to do so (as this was not). The
failure of the Greek government to make public a full list of eavesdropping
victims suggests some legitimate law enforcement targets were
on
it.
The key political question is whether Greek authorities were
beneficiaries of either phase of the eavesdropping. It is possible that Greek
security officials cooperated with foreigners to install the bugging system in hopes of
monitoring terror suspects. Once the capability existed, the
temptation to misuse it against rivals and superiors would be strong.
The constructive Greek reaction to the Vodafone scandal would have been to link up with other EU states and
try to strengthen the rule of law on intelligence/surveillance within the EU.
This did not happen. The government decided instead to run out the clock
while blaming Vodafone and Ericsson. Judging from the diversionary
material that has been leaked to the press, there is little likelihood
of pursuing the actual culprits.
Nifty Spy Tools for Ericsson Telephone Systems
(Note: for technical details my blurb should be read in
conjunction with an article in the July
2007 Spectrum, published by the IEEE, The Athens Affair,
by Vassilis Prevelakis and Diomidis Spinellis
The scandal opens an unclassified window into the impressive technical
capabilities of intelligence agencies. Here is a synopsis of what
the Greek Authority for the Assurance of Information and Communication
Privacy (ADAE)
experts and others have told Greek journalists as of April 8, 2006. The
full 27 pages of ADAE's interim secret report of 7 April 2006 soon made
its way to journalists, and into mine in mid-May.
Built into the Ericsson (Sweden) software that runs the Vodafone (UK-owned) mobile telephony network switching system in Greece, and
similar GSM service providers around the world, is a little-known
"Legal Interception" software
package designed to be used by law enforcement authorities. This software
allows incoming and outgoing conversations from allegedly up to 5000-6000 mobile phone
numbers to be recorded, on presentation of a valid judicial warrant.
[A friend in telecoms claims governments require that telephone companies
give law enforcement authorities the capability to monitor up to 5% of active calls
as one precondition for an operating license]. However, to unlock and use the eavesdropping package, the company must pay Ericsson a
hefty fee (allegedly four million euros). The Greek government
allegedly refused to pay this fee, despite its desire for wiretapping
capability during the 2004 Athens Summer Olympics. One reason was that a
clear legal basis for such eavesdropping was not yet in place. The
relevant Presidential Decree was not published until March 2005. Vodafone GR refused to eat
the cost itself. Greek journalists claim the Greek Intelligence Service (EYP)
has, gift of the U.S. government, a cruder means of listening to mobile telephone calls (e.g., a
suitcase system called "XP" that, when close enough to the
target, can pick up the signals between the handset and the nearest cellular
antenna), but nothing so elegant and flexible as Legal Interception.
Apparently someone
persuaded a Vodafone or Ericsson employee with access to the switching
network to install a software parasite in at least four and possibly more of the
22 call management centers that
Vodafone operates in Greece. The parasite can only intercept calls that
pass through that particular switching center, but the known centers
cover most of Athens. Given that some of the eavesdropping victims
lived in the northern city of Thessaloniki, experts presume a center there might also
have been infected.
The bug allows phone calls and SMS messages to be intercepted, and also
can track the geographic location of callers (how closely ADAE does not
specify). ADAE says this is a generic parasite designed to work with Ericsson
software everywhere -- proven by the fact that it can exploit software features Vodafone GR does not
itself exploit. Designing the bug was a major technical undertaking requiring
thousands of man-hours and intimate familiarity with Ericsson telephone software. The parasite bypasses the passwords, allegedly
known to only three senior Ericsson managers in Sweden, for activating the
law enforcement eavesdropping software package. The parasite conceals that
it has activated the eavesdropping package, and conceals its own tracks as
well.
The belief of ADAE (per Ta Nea of April 8, 2006) was that the parasite must have
been installed on-site by a Vodafone employee. There is a less-likely alternative scenario of misusing the service "backdoor" Vodafone
leaves open to Ericsson for remote servicing and technical support.
According to Vodafone CEO Koronias, Vodafone's own technicians must unlock
that backdoor. Vodafone technicians, however, apparently do not know very
much about the inner workings of Ericsson software, and have to take Ericsson's
technicians on faith.
When a phone call to or from one of the targeted Vodafone GR subscribers
came in
through an infected center, a copy of the digital signal was sent to
another phone in the network, where it was recorded. In the Athens case,
the intercepting unit reportedly had two clusters of seven mobile phones apiece
(ordinary Sony-Ericsson GSM card-phones purchased in two batches from
ordinary telephone shops by someone who failed to
give his name). Those "shadow phones" at one time or another
intercepted conversations from 106 known telephone numbers. When one of
the phones was busy, it would forward the call to another phone in the
same cluster. Incoming calls are free in Greece, but the transfer to
another phone in the bank would be a
paid call; outgoing calls were made to recharge calling credits from time to time.
Two of the phones were activated on June 8, 2004 in the Marousi area,
site of many Olympics facilities. Another three were activated in rapid
succession the next day in the same general location. The remaining nine
were activated over a 40-minute period on August 4, 2004 in the Nea Ionia
area (location of the Athens 2004 Olympic HQ?). Per ADAE, on two dates all
14 card-phones were recharged with calling credit in identical sequence,
proving that a single organization operated both banks. All further
activities of the 14 phones took place in a restricted area of central
Athens, the Kolonaki/Mavili area that includes the U.S., British, and
other embassies as well as many offices.
However, different shadow phones reportedly favored different mobile
antennas. Though the coverage area of the mobile antennas overlapped in
the same general area, four of the phones frequently relied on a
short-range antenna atop the Athinais Hotel. If all 14 phones were indeed
together and stationary, this would exclude the British Embassy (but not
the U.S. Embassy). A handful of calls and SMSs were handled by an indoor
antenna serving an expensive restaurant atop Mt. Lykavittos, overlooking
Kolonaki. Freak network conditions are a more economical explanation than
itinerant spy-epicures.
The parasite worked undetected from August 2004 through September 2004,
and resumed in October 2004 through late January 2005.
The list of numbers being tapped changed over time, apparently (Ta Nea
of April 8, 2006) through the hands-on intervention of a complicit
Vodafone employee. ADAE thinks there was at least one attempt to upgrade the
parasite's capabilities, from the Paiania call management center. As a result of this January 24,
2005 upgrade, the
parasite starting blocking SMS messages from a separate small
communications company that piggybacked on the Vodafone network. This
piggybacking is
an uncommon business practice, one perhaps not taken into account by the bug's
designers. System alarms finally rang. Vodafone claims it took several
weeks and a special visit by Ericsson technicians to find the bug and
finally remove it in early March 2005. Activity by the shadow phones
ceased on March 4, 2005.
The installation of a major Ericsson software upgrade successively in
Vodafone's call management centers in late 2004/early 2005 gradually eliminated the
parasite from the system,
along with most of its traces. ADAE is struggling to piece together the
work of the bug from the limited number of electronic snapshots of the
network Vodafone kept
from the 2004-2005 period.
ADAE has leaked hints that suspicious calls were briefly made to/from a
TIM mobile phone in July 2004, perhaps a failed experiment in implanting
the bugging software in TIM's system. The third major Greek mobile
operator, Cosmote, uses Nokia switching software, not Ericsson.
I speculated incautiously in a
BBC interview on possible scenarios for the March 9, 2005 suicide of
Vodafone network manager Kostas Tsalikidis. The
text of his final e-mail to his
co-workers before he was found hanging was the
message of someone who
was not coming back. An outsider could not have counterfeited his
specialized knowledge of Vodafone technical issues. The rigorously
technical language is remarkable for a farewell -- this was a
clinical gesture of loyalty to an electronic network, without a single nod
to the social ties that dominates ordinary lives. He bought the rope
himself.
In June 2006, Greece's famous counterterrorism prosecutor Giannis Diotis
reached the logical conclusion that Tsalikidis had committed suicide for
reasons directly connected with the eavesdropping. His report did not
reveal who installed the software and what role Tsalikidis might have
played.
(compiled from Greek-language press reports in February
through April 2006, Eleftherotypia, Ta Nea, To Pontiki, and To
Vima.)
The publicly identified surveillance targets were Greek government officials, senior police and security officers,
leftists often with some connection to the 17 November and ELA terror
groups, Middle Eastern immigrants, and a handful of people with no known
interest. The list is almost certainly incomplete, and perhaps has serious
errors. ADAE reports that their data dumps found a consistent list of 67
tapped phone numbers in three of the call centers. They have not
specified, however, to which category of targets these numbers belong.
About 30 anonymous card phones, now out of use, have not yet
been publicly linked to a specific person. Normally, purchasers of a card
phone give their name. The mystery numbers may be tied to criminal groups,
which tend to use anonymous mobile phones for brief periods and then
discard them.
| Name |
Identity |
source |
GOVERNMENT TARGETS
|
|
|
| Karamanlis, Kostas |
Prime Minister of Greece (two phones of 20) |
Elef. 3Feb |
| Molyviatis, Petros |
then Foreign Minister, a private phone |
Elef. 3Feb |
| Spiliotopoulos, Spilios |
then Minister of Defense |
Elef. 3Feb |
| Voulgarakis, Giorgos |
then Minister of Public Order |
Elef. 3Feb |
| Papaligouras, Anastasios |
Minister of Justice |
Elef. 3Feb |
| Valinakis, Giannis |
Alternate Foreign Minister |
Elef. 3Feb |
| Dimas, Stavros |
EU Commissioner |
Elef. 3Feb |
| Bakoyianni, Dora |
then Mayor of Athens |
Elef. 3Feb |
| Vallindas, Giorgos |
Ambassador, Foreign Ministry Mideast Division Director |
Elef. 3Feb |
| Choreftaki, Glykeria |
Foreign Ministry employee? |
Elef. 3Feb |
| Papantoniou, Giannis |
PASOK MP, ex Minister of Defense |
Elef |
| Apostolidis, Pavlos |
then Head of Greek Intelligence Service (EYP), his car phone |
Nea |
| Karamanli, Natasha |
wife of Prime Minister |
Nea |
| eight unidentified foreign
ministry officials |
|
Nea |
| unnamed intelligence officials |
EYP operations officers |
Nea |
| Korandis, Giannis |
current EYP director, then Ambassador to Turkey, his private
card phone |
Nea 3-16 |
| Molyviati, Lora |
daughter of former Foreign Minister |
Nea 3-16 |
POLICE/SECURITY
|
|
|
| Maravelis, Dimitris |
Police officer in Olympic Security |
Elef. 3Feb |
| Maris, Giorgos |
lawyer, legal advisor to Public Order Ministry |
Elef. 3Feb |
| Angelakis, Dimitris |
Police in Olympic Security or EYP unionist |
Elef. 3Feb |
| Sontis, Theodore |
U.S. Embassy Greek-American, gave to security detail |
Elef |
| Kyriakakis, Evstratios |
Former Director, Criminological Service, Greek Police |
Ta Nea |
| Galiatsos, G. |
Director of Exercises, Athens Olympic Security |
Ta Nea |
| Mitropoulos, G. |
Chief of Staff, Ministry of Public Order |
Ta Nea |
| Konstantinidis, V |
Olympic Games Security Director |
Ta Nea |
| Nasiakos, Fotis |
Former Chief, Greek Police (phone given to another) |
Ta Nea |
| Dimoschakis, An. |
Chief of Staff, Greek Police |
Ta Nea |
| Syrros, St. |
Former director of Counterterrorism division, Greek Police |
Ta Nea |
| Galikas, D. |
Director of Counterterrorism Division, Greek Police |
Ta Nea |
| Angelakos, Giorgos |
Chief of Greek Police |
Ta Nea |
| seven senior military |
Senior officers in general staff |
Ta Nea |
| General Staff Communications
Dir |
Communications Director, chief of General Staff |
|
| Defense Ministry staffer |
Defense Ministry staff company |
Eleft 2/5 |
RADICAL CONNECTIONS
|
|
|
| Iatropoulou, Katerina |
defense lawyer, ELA terror trial |
Elef. 3Feb |
| Meidani, Marina |
leftist journalist in Thessaloniki |
Elef. 3Feb |
| Giannopoulos, Nikolaos |
Network for Political, Social rights, Tsigaridas (ELA) trial |
Elef. 3Feb |
| Mouratidis, Argyris |
Antiauthority Struggle, Thessaloniki |
Elef. 3Feb |
| Vitouni, Despoina |
ELA connection?, translated "Shoot the Women First" book
by Macdonald |
Elef. 3Feb |
| Roubinidou, Milana |
wife of Nikolinas, ELA? |
Elef. 3Feb |
| Voutsinos, Alexandros |
defense witness for N Papanastasiou (17N member) |
Elef. 3Feb |
| Sifakakis, Giorgos |
Stop the War Movement |
Elef. 3Feb |
| Koulidou, Anastasia |
leftist?, got phone 8/05 per Elef. 2/5 |
Nea |
| Tsilimandos, Grigoris |
Antiauthority Struggle, convicted in "Diver" planted firearms trial |
Elef |
| Nikolinas, Giorgos |
alleged ELA connection? |
Elef |
| unnamed businessman radical |
businessman linked to arms for ELA |
Vima |
| Katsikeas, Vasilis |
Center for Medit. Cooperation, CIA questioned 2004 Sofia 17N, Iraq
trips |
Pontiki |
| Katsikeas wife |
Center for Medit. Cooperation, Iraq trips |
|
| young woman leftist |
young woman connected with leftists, activated 1/05 |
Vima 2/25 |
| relative of terror suspect |
no specifics |
Vima 2/25 |
| Tsigaridas, Christos |
convicted ELA member, card phone |
Nea 3-16 |
| unnamed former radical |
Old anti-establishment type, sailing instructor on island |
Vima 3/25 |
| wife of unnamed radical |
Wife of above |
Vima 3/25 |
| Iskiar, Attila |
Antiauthority Struggle Thes, Pomak student |
Elef |
| unnamed 17N source |
phone in mom's name, claimed to know 17N members |
Vima 3/25 |
FOREIGNERS
|
|
|
| Meim, Mohamad |
Pakistani |
Elef |
| Moktar, Ramzi |
Sudanese |
Elef |
| Maloum, Udin |
|
Elef |
| Jamal, Abdullah |
Lebanon radio reporter or Syrian journalist, now fast food
operator |
Elef |
| Sadik, Hussein Moh. |
Pakistani store owner |
Elef |
| Tarek, Ibrahim Ahmet |
Iraqi |
Elef |
| Kadir, Aris |
Kurd |
Elef |
| Thair, Hermiz |
Iraqi |
Elef |
| Ayoubi, Chadi |
Lebanese al Jazeera reporter, Gr resident |
Elef |
| Basari, Mohamed |
Iraqi immigrant Igoumenitsa, 3 years, furniture factory worker |
Nea 3-16 |
| Unnamed Syrian |
Unnamed Syrian, 3 years |
Nea 3-16 |
| Unnamed Iraqi |
Unnamed Iraqi, 2 years |
Nea 3-16 |
UNEXPLAINED TARGETS
|
|
|
| Fergadis, Theodoros |
businessman |
Elef. 3Feb |
| Kakotaritis, Giorgos |
blanket factory? |
Elef. 3Feb |
| Linardos, Nikolaos |
Pegasus financial co, underwear firm |
Nea 3-16 |
| Cretan businessman |
shipper of remote control airplanes, including Souda Bay |
Vima 3/25 |
| Cretan refrigeration tech |
Refrigeration tech from Ag. Nikolaos Crete |
Vima 3/25 |
| Koika, Katerina |
journalist |
Elef. 3Feb |
| Psychogios, Giorgos |
criminal lawyer, Thebes mayor candidate |
Elef. 3Feb |
| Makris, Kostas |
|
Elef. 3Feb |
| Barbarousi, Dimitra |
|
Elef. 3Feb |
| Notas, Anastasios |
|
Elef |
| Pavlidis, Pavlos |
|
Elef |
| Pnevmatikakis, Angelos |
|
Elef |
| unknown |
unknown card phone 6942 5447..
Activated 2/28/05 |
Vima 2/25 |
