COMMSEC: A Surprise Encounter With a Telco APT

PRESENTATION SLIDES (PDF)

In 2005 an incredible story called the ‘Athens Affair’ exposed an advanced telco hack obviously carried out by a state actor. The sophistication of the attack came as a huge surprise in a pre-Snowden world. To this day the case was never solved, even though it involved phone tapping of government officials and resulted in the suspicious death of a key witness. Whoever did this was never heard from again. Until now.

During a routine security audit of a mobile network operator, suspicious activity was detected that led to the observation of a live session of what is believed to be the same offensive team that hacked the Vodafone network in Greece in 2004-2005.

This presentation will present the findings of this investigation, the methodologies used by the attacker, some of the tools involved, the protocols used by their C&C, and other interesting elements gathered from forensic analysis.

COMMSEC
Location: Track 4 / CommSec Date: April 14, 2017 Time: 3:00 pm - 3:30 pm Emmanuel ‘EMX’ Gadaix