Whistle-blower describes NSA back door to telecom’s cell phone data
Another whistle-blower has come forward claiming that he has witnessed the NSA’s back door access to a telecom’s cellular data stream. The witness refuses to identify the telecom involved. It is known that he works for a network security firm which provided consultant work for this telecom starting in 2003. Here are the talking points of from his testimony, you can read the full affidavit here.
In September 2003 Babak Pasdar led a “Rapid Deployment” team that worked with the telecom’s long term consultants to radically restructure its network and security environment. The work provided an intimate insight into the carrier’s network infrastructure and systems. This included its computer network, and business systems such as billing, fraud detection, web applications, sales and customer service, among others. The job directly involved data communications for mobile phones such as text messaging, Internet Access, e-mail, and web access. Indirectly, it allowed him to diagnose the network access of all mobile communications, including mobile-mobile and mobile-landline calls. The team reported directly to the telecom’s Director of Security.
1. The “Quantico Circuit“
Mr. Pasdar stumbled upon a high-speed digital line called the “Quantico Circuit.” He repeatedly asked the long term consultants questions like where the line went, to whom, and if this is what it seemed to be? (Quantico, Virginia is the company town for a major national military base.) They repeatedly winked, smiled, asked his question back, and refused to answer or explain.
2. Intentional, extraordinary, uncontrolled access
The long term consultants were adamant that the Quantico Circuit was to be uniquely exempt from all security measures and access control. This violated all standard security protocols, and any legal duty to protect its customers’ privacy. It was highly unusual for any third party to have unfettered access in any form to the inner workings of a major telecom or any similar organization. Even the telecom’s own branch offices were firewalled, with strictly limited and controlled access to specified data center systems. By contrast, the Quantico Circuit had uncontrolled, blanket access to all systems.
3. Illegal “refusal to know” syndrome
The long term consultants were equally adamant that the client wanted the network structured so usage logs could not be created for information transmitted through the Quantico Circuit. There could not be any record of what data or communications were removed. This defied basic professional standards, and created potential liability as broad as the network’s customer base. Standard industry practice is that when an organization recognizes information’s relevance for liability litigation, it is responsible to ensure that any data deletion practices are suspended and that any and all relative information is preserved. Failure to do so could be considered destruction of evidence, and create telecom liability for breach of duty to its customers.
4. Secrecy enforced by threats
When Mr. Pasdar persisted in advocating minimal access controls or at least usage logging, the long term consultants called the corporate Director of Security. He immediately traveled to the worksite, chastised Mr. Pasdar and informed Mr. Pasdar that he hadn’t seen anything, that nothing would happen, and that he would drop the issue or be replaced. Mr. Pasdar did not argue, but he has been haunted since by the implications and consequences if the Quantico Circuit went to the government, as it appeared.
5. Scope of information vulnerable to surveillance.
The scope of uncontrolled “Quantico Circuit” access allowed the third party to obtain significant information about any mobile phone subscribers, including –
>listening in and recording all conversations en-mass;
>collecting and recording mobile phone data use en-mass;
>obtaining the data they accessed from their mobile phone (Internet access, e-mail, web);
>trending their calling patterns and other call behavior;
>identifying inbound and outbound callers;
>tracking all in and outbound calls
>tracing the user’s physical location
6. Vulnerability to en masse surveillance
The Quantico Circuit could monitor in real-time and transfer information on over 2200 simultaneous conversations. Through the use of “Network VCRs” all conversations and data / Internet usage for mobile users over days or weeks could be recorded en masse - structuring in vulnerability to an indefinite record of every part of every customer’s life that involves mobile phone communications.
2 Comments