Greek wiretapping case 2004–05

The Greek wiretapping case of 2004–05, also referred to as Greek Watergate,[1] involved the illegal tapping of more than 100 mobile phones on the Vodafone Greece network belonging mostly to members of the Greek government and top-ranking civil servants.[2] The taps began sometime near the beginning of August 2004 and were removed in March 2005 without discovering the identity of the perpetrators.

The phones tapped included those of the Prime Minister Kostas Karamanlis and members of his family, the Mayor of Athens, Dora Bakoyannis, most phones of the top officers at the Ministry of Defense, the Ministry of Foreign Affairs, the Ministry for Public Order, members of the ruling party, ranking members of the opposition Panhellenic Socialist Movement party (PASOK), the Hellenic Navy General Staff, the previous Minister of Defense and one phone of a locally hired Greek American employee of the American Embassy. Phones of Athens-based Arab businessmen were also tapped.

Foreign and Greek media have raised United States intelligence agencies as the main suspects.[3][4] AFP reported that one Greek official stated on background that the likely initial penetration occurred during the run-up to the 2004 Athens Olympics, stating: "it is evident that the wiretaps were organized by foreign intelligence agencies, for security reasons related to the 2004 Olympic Games."[5] The leader of the PASOK socialist opposition George Papandreou said that the Greek government itself had pointed towards the US as responsible for the wiretaps by giving up the zone of listening range, in which the US embassy was included.[6] In 2015, after an investigation lasting 10 years, Greek investigators have found conclusive evidence linking the wiretapping to the US Embassy in Athens.[7] As a result of the investigation, Greek authorities have issued an arrest warrant for a certain William George Basil, a NSA operative from a Greek immigrant background.[7] The incident was one of the biggest political scandals of recent Greek history—tapping mobile phones of members of the cabinet, the Prime Minister, and hundreds of others.[8] The authorities and the media strongly feel that the death of Network Planning Manager for Vodafone Greece Kostas Tsalikidis was associated with his position in the company.

Exploitation of Vodafone's network

edit
 
Ericsson AXE

The Ericsson switches used by Vodafone Greece were compromised and unauthorized software was installed that made use of legitimate tapping modules, known as "lawful interception", while bypassing the normal monitoring and logging that would take place when a legal tap is set up.[9] This software was eventually found to be installed on four of Vodafone's Ericsson AXE telephone exchanges.[10]

In modern mobile telecommunication networks, legal wiretaps, known as lawful interceptions, are performed at the switch. Ericsson AXE telephone exchanges support lawful intercepts via the remote-control equipment subsystem (RES), which carries out the tap, and the interception management system (IMS), software used for initiating addition of the tap to the RES database. In a fully operating lawful interception system the RES and IMS both create logs of all numbers being tapped, allowing system administrators to perform audits in order to find unauthorized taps.

To successfully wiretap phone numbers without detection, as the intruders did, a special set of circumstances had to be present. The RES had to be active on the exchange, but the IMS had to be unused. At the time of the illegal wiretaps, Vodafone had not yet purchased the lawful intercept options, meaning the IMS was not present on their systems. However, an earlier exchange software upgrade had included the RES. In addition, the intruders needed to continue to have access to the exchange software to change tapped numbers, without alerting system administrators that the exchange had been modified. Normally, all changes to exchange software would be logged. To get around this, the intruders installed a rootkit on the exchange, a piece of software that would modify the exchange software on the fly to hide all changes and, in case of an audit, to make the exchange appear as though it had been untouched.

When one of the tapped phones made or received a phone call, the exchange, or switch, sent a duplication of the conversation to one of fourteen anonymous prepaid mobile phones. As these phones are not associated with a contract, retrieving details of their owners is very difficult. About half of the intercepting phones were activated between June and August 2004. The base stations that serviced those phones were in an area near the center of Athens.

Discovery of illegal taps

edit

On January 24, 2005, an intruder update of exchange software resulted in customer text messages not being sent. Vodafone Greece sent firmware dumps of the affected exchanges to Ericsson for analysis. On March 4, 2005, Ericsson located the rogue code, 6500 lines of code written in the PLEX programming language used by Ericsson AXE switches.[10] Writing such sophisticated code in a very esoteric language required a high level of expertise. Much of Ericsson's software development for AXE had been done by an Athens-based company named Intracom Telecom, so the skills needed to write the rogue software were likely available within Greece.[11]

On March 7, 2005, Ericsson notified Vodafone of the existence of rogue wiretaps and software in their systems. The next day the general manager of the Greek Vodafone branch, George Koronias, asked for the software to be removed and deactivated. Because the rogue software was removed before law enforcement had an opportunity to investigate, the perpetrators were likely alerted that their software had been found and had ample opportunity to turn off the "shadow" phones to avoid detection.[10] According to the head of Greece's intelligence service, Ioannis Korantis: "From the moment that the software was shut down, the string broke that could have lead [sic] us to who was behind this."[4]

On March 9, the Network Planning Manager for Vodafone Greece, Kostas Tsalikidis, was found dead in an apparent suicide. According to several experts questioned by the Greek press, Tsalikidis was a key witness in the investigation of responsibility of the wiretaps. Family and friends believe there are strong indications he was the person who first discovered that highly sophisticated software had been secretly inserted into the Vodafone network.[3] Tsalikidis had been planning for a while to quit his Vodafone job but told his fiancée not long before he died that it had become "a matter of life or death" that he leave, says the family's lawyer, Themis Sofos.[4] There is speculation that either he committed suicide because of his involvement in the tapping of the phones, or he was murdered because he had discovered, or was about to discover, who the perpetrators were.[10] After a four-month investigation of his death, Supreme Court prosecutor Dimitris Linos said that the death of Tsalikidis was directly linked to the scandal. "If there had not been the phone tapping, there would not have been a suicide," he said.[12]

In November 2007, press reports in Greece quoted the Tsalikidis family attorney, Themistokles Sofos, as saying they had commenced legal action against Vodafone, "suspect[ing] he was poisoned".[13]

On March 10 Koronias asked to meet Prime Minister Karamanlis to discuss matters of national security. At 20:00 on the same day he presented the facts to the Minister of Public Order and the Prime Minister's chief of staff, and on the next day he presented them to the Prime Minister.

A preliminary judicial investigation was carried out, which, due to the complexity of the case, lasted until February 1, 2006. The preliminary investigation did not point out any persons connected with the case. The investigation was hindered by the fact that Vodafone disabled the interception system, and therefore locating the intercepting phones was no longer possible (the phones were apparently switched off), and that Vodafone had incorrectly purged all access logs. Police rounded up and questioned as suspects persons who called the monitoring phones, but all callers claimed they called these phones because their number was previously used by another person.

Ericsson has checked their equipment in other markets world-wide and has not found the illegal software installed anywhere else. "As far as Ericsson knows, this is a unique incident. We have never discovered anything like this before or since." Vodafone spokesman Ben Padovan said.[4]

Kostas Tsalikidis

edit

Kostas Tsalikidis (Κώστας Τσαλικίδης; July 23, 1966 – March 9, 2005) was Vodafone Greece's Network Planning Manager when he died at the age of 39 during the wiretapping case, in what appeared to be a suicide, but later was found to be a murder.[14][15][16][17][18][19]

Biography

edit

Kostas Tsalikidis was born on July 23, 1966. He worked for Vodafone Greece for almost 11 years, beginning as Switching Planning and Technology Manager. From 2001 until his death, he was responsible for all planning activities for the GSM, GPRS and UMTS Vodafone Panafon Core Network (Design, Architecture, Dimensioning, Ordering, Rollout, Interconnect, Optimisation). He was also responsible for all technology issues of the Core Network (GSM, GPRS functionalities implementation and Roadmap), and liaison with Vodafone Global regarding Vodafone Networks Evolution road-maps.

Tsalikidis received his diploma from the National Technical University of Athens (NTUA), Department of Electrical and Computer Engineering. His specialization was in Telecommunications and dissertation topic on “Air Interface Measurements Collection for Mobile Telephony Systems.” He has attended seminars at the Athens University, on Management and Business Administration, technical seminars on Telecommunications, GSM Systems, Data Networks, Transport Techniques, and a number of Skills Development seminars on Team Work, Team Building, Communication Skills, Project Management and Negotiation capabilities.

Calls for reinvestigation

edit

On September 7, 2011, Tsalikidis' family and their lawyers asked for the case to be reopened, claiming that forensic medical examination results prove that Tsalikidis' death could not have been suicide.[20]

In 2017, The European Court of Justice held that the Greek authorities had not carried out an “adequate and effective” investigation to examine the causes of Tsalikidis’ death and found that the authorities were in a hurry to close the supplementary investigation by simply naming the steps they had taken and citing new reports without explaining important details.

In 2019, after 14 years of investigation, the alleged suicide has been pronounced a murder by the Greek Ministry of Justice. The case was closed.

Fallout

edit

The investigation into the matter was further hampered when Greek law enforcement officials began to make accusations at both Vodafone and Ericsson, which forced experts on the defensive.[10]

A recent appeal of the main opposition party, PASOK, to form an investigating parliamentary committee was rejected by the governing party.[21]

In December 2006, Vodafone Greece was fined 76 million by the Communications Privacy Protection Authority, a Greek privacy watchdog group, for the illegal wiretapping of 106 cellphones. The fine was calculated as €500,000 for each phone that was eavesdropped on, as well as a €15 million fine for impeding their investigation.[22]

On October 19, 2007, Vodafone Greece was again fined €19 million by EETT, the national telecommunications regulator, for alleged breach of privacy rules.[23]

In September 2011, new evidence emerged indicated the US Embassy in Athens was behind the telephone interceptions. The key evidence of complicity was that out of the 14 anonymous prepaid mobile phones used for the interception, three had been purchased by the same person at the same time as a fourth one. The fourth phone called mobile phones and landlines registered with the US Embassy in Athens. With a sim card registered to the US Embassy, it also called two telephone numbers in Ellicott City and Catonsville, Maryland, both NSA bedroom communities.[further explanation needed] A criminal investigation was launched, and in February 2015, Greek investigators were finally able to finger a suspect, William George Basil, a NSA operative from a Greek immigrant background.[7] Greek authorities have issued a warrant for Basil's arrest, who has since gone into hiding.[7]

See also

edit

References

edit
  1. ^ Kyriakidou, Dina (2 March 2006). ""Greek Watergate" Scandal Sends Political Shockwaves". Reuters. Retrieved 24 November 2007.[permanent dead link]
  2. ^ Monshizadeh, Mehrnoosh; Khatri, Vikramajeet; Varfan, Mohammadali; Kantola, Raimo (2018). "LiaaS: Lawful Interception as a Service". 2018 26th International Conference on Software, Telecommunications and Computer Networks (SoftCOM). IEEE. pp. 1–6. doi:10.23919/softcom.2018.8555753. ISBN 978-953-290-087-3. S2CID 54442783. Archived from the original on 25 September 2023. Retrieved 1 November 2023.
  3. ^ a b Galpin, Richard (24 March 2006). "Death muddies Greek spy probe". BBC. Retrieved 24 November 2007.
  4. ^ a b c d Bryan-Low, Cassell (21 June 2006). "Vodafone, Ericsson Get Hung Up In Greece's Phone-Tap Scandal". The Wall Street Journal. Archived from the original on 8 February 2018. Retrieved 24 November 2007.
  5. ^ Samatas, Minas. The Greek Olympic phone tapping scandal: A defenceless state and a weak democracy. Surveillance and democracy.
  6. ^ "Watergrec: à qui profite l'écoute?" (in French). Le Figaro. 3 February 2006. Archived from the original on 16 July 2011. Retrieved 24 November 2007.
  7. ^ a b c d Bamford, James (28 September 2015). "A death in Athens: Did a Rogue NSA Operation Cause the Death of a Greek Telecom Employee?". The Intercept. Archived from the original on 29 September 2015. Retrieved 4 October 2015.
  8. ^ "Death muddies Greek spy probe". BBC. 24 March 2006. Archived from the original on 15 October 2023. Retrieved 19 October 2020.
  9. ^ "Vodafone Greece rogue phone taps: details at last". Heise Security. 16 July 2007. Retrieved 24 November 2007.
  10. ^ a b c d e Cherry, Steven; Goldstein, Harry (July 2007). "An Inside Job". IEEE Spectrum Magazine. Archived from the original on 1 January 2008. Retrieved 24 November 2007.
  11. ^ Leyden, John (11 July 2007). "Greek mobile wiretap scandal unpicked". The Register. Archived from the original on 12 October 2012. Retrieved 24 November 2007.
  12. ^ Smith, Helena (23 June 2006). "Death of Vodafone engineer linked to Greek Watergate". The Guardian. Retrieved 24 November 2007.
  13. ^ Doward, Jamie (24 November 2007). "Vodafone faces court case in 'bugging' row". The Guardian. Retrieved 25 November 2007.
  14. ^ Bamford, James (29 September 2015). "A Death in Athens: Did a Rogue NSA Operation Cause the Death of a Greek Telecom Employee?". Archived from the original on 29 September 2015. Retrieved 19 October 2020.
  15. ^ Athens, Philip Pangalos, in. "Suicide mystery in Greek spy scandal". The Times. ISSN 0140-0460. Retrieved 19 October 2020.{{cite news}}: CS1 maint: multiple names: authors list (link)
  16. ^ "European Court of Human Rights ruling prompts reopening of Vodafone employee's suicide case". 17 November 2017. Retrieved 19 October 2020.[permanent dead link]
  17. ^ Smith, Helena (5 August 2007). "Family of dead Vodafone engineer vow to clear son's reputation". The Observer. ISSN 0029-7712. Retrieved 19 October 2020.
  18. ^ "Greek mobile wiretap scandal unpicked". www.theregister.com. Retrieved 19 October 2020.
  19. ^ "Le mystère s'épaissit autour du «Watergrec»". Le Figaro.fr. 10 February 2006. Archived from the original on 5 November 2023. Retrieved 19 October 2020.
  20. ^ "Ελευθεροτυπία, ""Δεν αυτοκτόνησε ο Κώστας Τσαλικίδης""". Archived from the original on 4 April 2012. Retrieved 7 September 2011.
  21. ^ "The Greek wiretapping scandal and the false promise of intelligence cooperation in the information era". Kedisa.gr.
  22. ^ Poropudas, Timo (16 December 2006). "Vodafone fined EUR 76 million in Greece". Nordic Wireless Watch. Archived from the original on 5 March 2016. Retrieved 25 November 2007.
  23. ^ Carr, John; Judge, Elizabeth (20 October 2007). "Phone-tapping scandal in Greece costs Vodafone new €19m fine". The Times. London. Archived from the original on 12 June 2011. Retrieved 24 November 2007.
edit