Whistleblower: Cellular carrier giving FBI unfettered access
By Ryan Paul
March 06, 2008
Computer security analyst Babak Pasdar says that a major mobile telecommunications
carrier has a built-in backdoor that provides an undisclosed third-party with
unfettered access to its internal technical infrastructure, including the ability
to eavesdrop on all calls through its network. In an affidavit that describes
the circumstances and basis for the allegations, Pasdar provides evidence which
could indicate that the FBI is on the other side of the secret line, engaging
in warrantless surveillance of mobile communications.
Pasdar discovered evidence of the backdoor when he was part of a rapid deployment
team that was brought in to facilitate a large-scale network security hardware
migration for the mobile carrier. During the migration, Pasdar was instructed
not to migrate the traffic for one particular DS-3, which was referred to as
the "Quantico Circuit" by consultants who worked closely with the
carrier (the FBI Academy is based in Quantico, Virginia).
According to Pasdar, the consultants informed him that the Quantico Circuit
is supposed to have no firewalls of any kind and no access control—it
is given complete access to everything in the carrier’s internal network and
there is no way to tell conclusively what has been accessed through it. The
consultants indicated that they knew who was at the other end of the Quantico
Circuit, but they refused to divulge this information to Pasdar.
When Pasdar insisted that the Quantico Circuit should at least have the minimum
level of security access logging if not access control, the consultants called
the company’s Director of Security, who threatened Pasdar, telling him that
he would be replaced if he didn’t forget about the circuit and continue with
In the affidavit, Pasdar says that the absence of access control systems and
basic access logging for the Quantico Circuit represents a deviation from industry-acceptable
use scenarios and notes that such a serious breach of security would generally
be considered a breach of organizational policy. He also points out that even
the internal offices and systems of the carrier don’t have the same level of
unfettered access to the network as the Quantico Circuit.
Although Pasdar has refused to name the carrier, and those working for the
carrier who have knowledge of the Quantico Circuit’s user aren’t saying what
they know, Wired’s Threat Level blog connected the pieces and points
us to the 2006 wiretapping lawsuit against the telcos, which alleges that Verizon
"has engaged and maintained and still does maintain a high speed data transmission
line from its wireless call center to a remote location in Quantico, Virginia,
the site of a U.S. government intelligence and military base." The lawsuit
also asserts that "the transmission line provided the Quantico recipient
direct access to all content and all information concerning the origin and termination
of telephone calls placed on the Verizon Wireless network as well as the actual
content of calls."
Providing any third party with unfettered network access to such a broad spectrum
of sensitive consumer data would seem to constitute a very clear violation of
the Communications Act, which broadly forbids disclosure of such information.
The lack of access controls and logging undermines safeguards against abuse
by enabling the recipient of the data to operate entirely outside the realm
of accountability. This is particularly disturbing if the recipient of the Quantico
Circuit is the FBI, because the agency has a long history of intelligence abuses
and has been found to have a serious lack of meaningful internal oversight.
Source URL: http://arstechnica.com/news.ars/post/20080306-whistleblower-cellular-carrier-giving-fbi-unfettered-access.html