Whistleblower: Cellular carrier giving FBI unfettered access

462

By Ryan Paul
March 06, 2008

Computer security analyst Babak Pasdar says that a major mobile telecommunications carrier has a built-in backdoor that provides an undisclosed third-party with unfettered access to its internal technical infrastructure, including the ability to eavesdrop on all calls through its network. In an affidavit that describes the circumstances and basis for the allegations, Pasdar provides evidence which could indicate that the FBI is on the other side of the secret line, engaging in warrantless surveillance of mobile communications.

Pasdar discovered evidence of the backdoor when he was part of a rapid deployment team that was brought in to facilitate a large-scale network security hardware migration for the mobile carrier. During the migration, Pasdar was instructed not to migrate the traffic for one particular DS-3, which was referred to as the “Quantico Circuit” by consultants who worked closely with the carrier (the FBI Academy is based in Quantico, Virginia).

According to Pasdar, the consultants informed him that the Quantico Circuit is supposed to have no firewalls of any kind and no access control—it is given complete access to everything in the carrier’s internal network and there is no way to tell conclusively what has been accessed through it. The consultants indicated that they knew who was at the other end of the Quantico Circuit, but they refused to divulge this information to Pasdar.

When Pasdar insisted that the Quantico Circuit should at least have the minimum level of security access logging if not access control, the consultants called the company’s Director of Security, who threatened Pasdar, telling him that he would be replaced if he didn’t forget about the circuit and continue with the migration.

In the affidavit, Pasdar says that the absence of access control systems and basic access logging for the Quantico Circuit represents a deviation from industry-acceptable use scenarios and notes that such a serious breach of security would generally be considered a breach of organizational policy. He also points out that even the internal offices and systems of the carrier don’t have the same level of unfettered access to the network as the Quantico Circuit.

Although Pasdar has refused to name the carrier, and those working for the carrier who have knowledge of the Quantico Circuit’s user aren’t saying what they know, Wired’s Threat Level blog connected the pieces and points us to the 2006 wiretapping lawsuit against the telcos, which alleges that Verizon “has engaged and maintained and still does maintain a high speed data transmission line from its wireless call center to a remote location in Quantico, Virginia, the site of a U.S. government intelligence and military base.” The lawsuit also asserts that “the transmission line provided the Quantico recipient direct access to all content and all information concerning the origin and termination of telephone calls placed on the Verizon Wireless network as well as the actual content of calls.”

Providing any third party with unfettered network access to such a broad spectrum of sensitive consumer data would seem to constitute a very clear violation of the Communications Act, which broadly forbids disclosure of such information. The lack of access controls and logging undermines safeguards against abuse by enabling the recipient of the data to operate entirely outside the realm of accountability. This is particularly disturbing if the recipient of the Quantico Circuit is the FBI, because the agency has a long history of intelligence abuses and has been found to have a serious lack of meaningful internal oversight.

Related Stories:
* Unpaid bills lead phone companies to hang up on FBI wiretaps

* ISP blunder exposes entire domain’s worth of e-mail to FBI

Source URL: http://arstechnica.com/news.ars/post/20080306-whistleblower-cellular-carrier-giving-fbi-unfettered-access.html

Previous articleMr. Yukihisa Fujita MP to attend the Sydney Truth Now Conference!
Next articleDHS Holds Cyber Storm II Exercise to Further Cyber Security Preparedness and Response Capabilities

Since 2004, 911Truth.Org has educated the public about the suppressed realities of the September 11 attacks.

We worked with the 9/11 Families to pressure the Bush administration to convene an investigation into the deadliest attacks on US soil since Pearl Harbor. We attended many of the commission hearings and questioned commissioners and bird-dogged elected officials to get answers to the Unanswered Questions that remain so to this day.

We reported the contradictions, lies and omissions on the public record. 911Truth.Org staff have given hundreds of interviews on radio and mainstream network TV.

We cover a wide range of 9/11-related issues in publishing academic papers, original research, and opinion pieces.

We wish to thank our donors who have kept us on the web since 2004! We appreciate your continued support!

We continue to update the website to make the nearly 3000 articles easier to find, read and share. Thanks for visiting us!