GSOC bugging - what technical details have been confirmed?

dalta5billion

Iwannahurl wrote: »

I know nothing about the technology, but a thought has occurred to me: could one simple explanation (though obviously a slightly paranoid one) for the UK 'identity' of the alleged IMSI-catcher be that it was a device designed, manufactured and sold by a UK company?

It has been alleged that the Metropolitan Police (Simon O'Brien's old firm) use technology of that nature, as manufactured and sold by Datong PLC, a Leeds-based company specialising in "high quality intelligence equipment".

That's what I was speculating above.

As I understand from the OpenBTS project, you can't simply use a consumer 3G modem to create a fake 3G/GSM base station.

So what we are speculating here, is that a UK intelligence service forgot to rename the broadcast name of the network.

Of course this is just as easily explained by the genuine 3G operator forgetting to reprogram some gear from the UK.

dalta5billion

http://www.irishtimes.com/news/politics/gsoc-briefing-paper-contains-more-than-shatter-d%C3%A1il-statement-1.1691878

Get. a. load. of that briefing.

Verrimus believe the UK network was an IMSI-catcher.

GSOC dismissed this as being possibly lawful surveillance.




What.



This is mass surveillance of all mobile users around Abbey Street. This is definitely illegal.

Let's see if we can get the DPC on this.

Dermot Illogical

dalta5billion wrote: »

Verrimus believe the UK network was an IMSI-catcher.

They would know, wouldn't they?
http://www.independent.ie/irish-news/bugsweep-firm-tried-to-sell-force-device-at-centre-of-inquiry-30015421.html

syklops

Dermot Illogical wrote: »

They would know, wouldn't they?
http://www.independent.ie/irish-news/bugsweep-firm-tried-to-sell-force-device-at-centre-of-inquiry-30015421.html

The plot thickens.

Verrimus to GSOC: We think there is an IMSI catcher operating in the area

Verimus to Gardai: For sale: IMSI catcher, one careful owner, good price only 80k!


Were Verrimus trying to pull a fast one?

Were Verrimus trying to frame the Gardai?

oscarBravo

What's interesting (to me) about the story is how quickly people jump to conclusions based almost entirely on information that (with the greatest of respect) has been dumbed-down to the point where it's impossible to evaluate it.

Dermot Illogical

https://twitter.com/verrimus

Verrimus seem to be confirming that they at least had this kit with them.
I wonder if they've discounted the possibility that they picked up their own equipment during the bug sweep?

Keyzer

Dermot Illogical wrote: »

https://twitter.com/verrimus

Verrimus seem to be confirming that they at least had this kit with them.
I wonder if they've discounted the possibility that they picked up their own equipment during the bug sweep?

Looks that way, seemingly they detected a UK 3G mobile which was put down to one of the Verrimus "security experts".

Call me cynical but I'd expect an "expert" to have the intelligence to realise this.

Statement on their site: "Verrrimus has a team of crack Ethical Hackers who can safely and accurately pinpoint vulnerabilities in your sysytems that will allow attackers to expoit those weaknesses." Spelling isn't their strong point though !!!

I'd love to see their report, findings and remediation suggestions.

Also appears that a device in GSOC was connected to a public wi-fi network. Would be interesting to know what that device was.
For an organisation like GSOC, I would expect external Wi-Fi networks to be completely off limits. I'd also go as far as to say that if GSOC have their own internal Wi-Fi be either heavily locked down or not implemented at all.

"It was found that an unused wi-fi device in the GSOC boardroom had been randomly connecting to a BitBuz wi-fi network but the security company did not trace where it was coming from."

Some more information coming into the public forum:

http://www.independent.ie/irish-news/gsoc-knew-cafe-wifi-was-cause-of-anomaly-30018274.html

mach1982

Keyzer wrote: »

Looks that way, seemingly they detected a UK 3G mobile which was put down to one of the Verrimus "security experts".

Call me cynical but I'd expect an "expert" to have the intelligence to realise this.

Statement on their site: "Verrrimus has a team of crack Ethical Hackers who can safely and accurately pinpoint vulnerabilities in your sysytems that will allow attackers to expoit those weaknesses." Spelling isn't their strong point though !!!

I'd love to see their report, findings and remediation suggestions.

Also appears that a device in GSOC was connected to a public wi-fi network. Would be interesting to know what that device was.
For an organisation like GSOC, I would expect external Wi-Fi networks to be completely off limits. I'd also go as far as to say that if GSOC have their own internal Wi-Fi be either heavily locked down or not implemented at all.

"It was found that an unused wi-fi device in the GSOC boardroom had been randomly connecting to a BitBuz wi-fi network but the security company did not trace where it was coming from."

Some more information coming into the public forum:

http://www.independent.ie/irish-news/gsoc-knew-cafe-wifi-was-cause-of-anomaly-30018274.html

Heard on the radio it was a Insomnia cafe's free wi-fi on ground floor of the GSCO building .

Keyzer

mach1982 wrote: »

Heard on the radio it was a Insomnia cafe's free wi-fi on ground floor of the GSCO building .

Yep but my question is what type of "unused" device was connected to this public wi-fi hotspot? And what else was that "unused" device connected to?

If it were a laptop, which was on and connected to the GSOC network also (wired or wireless) wouldn't that present a clear threat in regards someone network sniffing on the public wi-fi, finding the "unused" device, accessing it and then traversing the GSOC network?

Another question: was the "unused" device knowingly connected to this public wi-fi spot with a view to using it as a possible access point to the GSOC network? Would be interesting to see GSOC's internal security policies, specifically their network usage policy.

Blowfish

Keyzer wrote: »

Yep but my question is what type of "unused" device was connected to this public wi-fi hotspot? And what else was that "unused" device connected to?

If it were a laptop, which was on and connected to the GSOC network also (wired or wireless) wouldn't that present a clear threat in regards someone network sniffing on the public wi-fi, finding the "unused" device, accessing it and then traversing the GSOC network?

It wasn't an unused device, just the Wifi part was unused. They already mentioned that it was a 'media console' in a meeting room which wasn't itself connected to the GSOC network at all.

Honestly it just sounds like they had a large LCD TV in the meeting room for showing presentations etc, but whomever set it up enabled the Wifi, so it was automatically trying to connect to whatever network it could.

dalta5billion

Keyzer wrote: »

Looks that way, seemingly they detected a UK 3G mobile which was put down to one of the Verrimus "security experts".

Call me cynical but I'd expect an "expert" to have the intelligence to realise this.

Statement on their site: "Verrrimus has a team of crack Ethical Hackers who can safely and accurately pinpoint vulnerabilities in your sysytems that will allow attackers to expoit those weaknesses." Spelling isn't their strong point though !!!

I'd love to see their report, findings and remediation suggestions.

Also appears that a device in GSOC was connected to a public wi-fi network. Would be interesting to know what that device was.
For an organisation like GSOC, I would expect external Wi-Fi networks to be completely off limits. I'd also go as far as to say that if GSOC have their own internal Wi-Fi be either heavily locked down or not implemented at all.

"It was found that an unused wi-fi device in the GSOC boardroom had been randomly connecting to a BitBuz wi-fi network but the security company did not trace where it was coming from."

Some more information coming into the public forum:

http://www.independent.ie/irish-news/gsoc-knew-cafe-wifi-was-cause-of-anomaly-30018274.html

Seems incorrect.

Verrimus statement on that article states that they detected an 3G network broadcasting with the name of a UK network. https://twitter.com/verrimus/status/435721370631413760

Again, I'd suggest people look up DefCon talks on GSM and how easy it is to do mass surveillance.

syklops

Keyzer wrote: »

Yep but my question is what type of "unused" device was connected to this public wi-fi hotspot? And what else was that "unused" device connected to?

If it were a laptop, which was on and connected to the GSOC network also (wired or wireless) wouldn't that present a clear threat in regards someone network sniffing on the public wi-fi, finding the "unused" device, accessing it and then traversing the GSOC network?

Another question: was the "unused" device knowingly connected to this public wi-fi spot with a view to using it as a possible access point to the GSOC network? Would be interesting to see GSOC's internal security policies, specifically their network usage policy.

I think you found your project for college.

brooke 2

mach1982 wrote: »

Heard on the radio it was a Insomnia cafe's free wi-fi on ground floor of the GSCO building .

That was all debunked by security expert, Tom Clonan, on PK today.

Was very clear that this was 'disinformation' by Paul Williams.

Williams is a pathetic farce at this stage.

Phoebas

brooke 2 wrote: »

That was all debunked by security expert, Tom Clonan, on PK today.

Was very clear that this was 'disinformation' by Paul Williams.

Williams is a pathetic farce at this stage.

I didn't hear that - what exactly did he debunk and how did he debunk it?

Keyzer

syklops wrote: »

I think you found your project for college.

Hah !

What part though?

syklops

Keyzer wrote: »

Hah !

What part though?

An investigation of what actually happened, including a review of what hardware was used and exposed. As another poster suggested, look at some Def Con talks on GSM surveillance, and maybe even configure your own IMSI catcher and demonstrate how it works. We were told at the beginning the equipment used was available only to governments ergo it was government level surveillance. Building/configuring your own would put paid to that.

ifah

syklops wrote: »

As another poster suggested, look at some Def Con talks on GSM surveillance, and maybe even configure your own IMSI catcher and demonstrate how it works. We were told at the beginning the equipment used was available only to governments ergo it was government level surveillance. Building/configuring your own would put paid to that.

There has to be an opportunity to include a Raspberry Pi and some cool Lego case here ..... for info : https://www.southampton.ac.uk/mediacentre/features/raspberry_pi_supercomputer.shtml

Iwannahurl

Keyzer wrote: »

Yep but my question is what type of "unused" device was connected to this public wi-fi hotspot? And what else was that "unused" device connected to?

If it were a laptop, which was on and connected to the GSOC network also (wired or wireless) wouldn't that present a clear threat in regards someone network sniffing on the public wi-fi, finding the "unused" device, accessing it and then traversing the GSOC network?

Another question: was the "unused" device knowingly connected to this public wi-fi spot with a view to using it as a possible access point to the GSOC network? Would be interesting to see GSOC's internal security policies, specifically their network usage policy.

A potential threat, yes. I can see why Verrimus use neutral terms such as "anomaly" in this context.

Much is being made of Insomnia's free wi-fi, as if that was mistaken as being some sort of surveillance. My understanding is that what matters is the fact that GSOC equipment was trying to connect to external networks at all.

While such an anomaly might be entirely accidental and benign, it was presumably not possible to entirely rule out either malicious intent or an inherent vulnerability.

I guess that's just being prudent rather than paranoid.

oscarBravo

Bump.

The latest report makes for interesting reading. The first thing to note is that (shock, horror) the original Sunday Times story was completely and utterly full of crap. It also seems that there were benign probable explanations for two of the three anomalies, and the third remains completely unexplained - there's no convincing explanation, either hostile or benign - for the conference phone ringing after the alerting test.

Blowfish

So, interesting update on this. It turns out that AMX who make the conference room stuff that the GSOC were using at the time have a habit of sticking in backdoors.