In 2005 an incredible story called the ‘Athens Affair’ exposed an advanced telco hack obviously carried out by a state actor. The sophistication of the attack came as a huge surprise in a pre-Snowden world. To this day the case was never solved, even though it involved phone tapping of government officials and resulted in the suspicious death of a key witness. Whoever did this was never heard from again. Until now.
During a routine security audit of a mobile network operator, suspicious activity was detected that led to the observation of a live session of what is believed to be the same offensive team that hacked the Vodafone network in Greece in 2004-2005.
This presentation will present the findings of this investigation, the methodologies used by the attacker, some of the tools involved, the protocols used by their C&C, and other interesting elements gathered from forensic analysis.