

The Athens Affair - bl4k
http://spectrum.ieee.org/telecom/security/the-athens-affair/0

======
bl4k
Overview of AXE and Plex: <http://www.mrtc.mdh.se/publications/0802.pdf>

IMS user manual: <http://cryptome.org/ericsson-ims.zip>

You can also find AXE simulators online, and various other downloads, if you
are interested in developing your own rootkit.

My take is that a government was involved in this break-in. The AXE systems
have huge market share, so one well-written rootkit could be used over and
over again. I am surprised that there was no a manufacturer response here
asking network operators to perform independent checksum checks on all running
switches (ie. using tools from a disk that is trusted, not the local tools
which can be compromised). I am also surprised that the AXE OS doesn't have a
better default 'tripwire' system.

For it to happen on phone networks is scary - but rootkits for IOS (the cisco
os) have been available for a long time now so intercepting Internet data is
probably more common.

------
d_c
Fascinating!

They took advantage of the fact that the AXE allows new software to be
installed without rebooting the system, an important feature when any
interruption would disconnect phone calls, lose text messages, and render
emergency services unreachable. To let an AXE exchange run continuously for
decades, as many of them do, Ericsson's software uses several techniques for
handling failures and upgrading an exchange's software without suspending its
operation. These techniques allow the direct patching of code loaded in the
central processor, in effect altering the operating system on the fly.

Do they run erlang?

~~~
count
Apparently not on these boxes - AXE/PLEX is a non-Erlang system (and has been
around since the 70s).

------
sliverstorm
While it is morally objectionable, I can't help being impressed by what they
(whoever 'they' is) seem to have pulled off. I guess this must be kind of what
it's like when an opposing military leader pulls a really clever move on you.

