I'll start by saying that I approve of security testing networks and the telco industry could do with more of it. I agree that security can be lax sometimes.
Sure, Telco SS7 networks and the equipment within them are just like any other in that there can be bugs that cause it to go down.
However, there are much higher barriers for entry to get an SS7 network link (c.f. a connection to the internet) and you're not going to keep it for very long if all you're doing is sending out SS7 messages crashing HLRs left, right and center.
I'm assuming that the packet he's talking about is a fuzzing attack and only affects a particular vendor's HLR and may have even been fixed by now. So if everyone in the world used the same vendor, all used the same software version and you had unfettered access to all of them, then yes, you could crash all of the HLRs in the world.
And really?... "World's HLR". Well I'm glad someone is nice enough to host a HLR for the world. And apparently crashing the "World's HLR" will stop one country's communication. Oh noes! Which one is it?! I hope it's not mine! And I'd be interested to see how crashing a HLR stops my landline and my internet connection from functioning.
The question I had is whether the femtocell claim is true - those are much easier to get access to. I'd like to believe that they're correspondingly more locked down but there is rather a long track record of telcos botching basic security design.
It's not the end of the world though. You're browsing on your android phone and suddenly it dials an unexpected number and you can see that it starts 900XXXXXXX or 976XXXXXXX. Most people are going to hang up pretty quickly. Sure, you might be out of pocket for up to $10 (I don't actually know how much mobile carrier charge for the connection charge), but it's not the same as losing all your data.
A more common attack vector to make money on compromised accounts would be setting up a call forward to an international number and then dialing the subscribers phone number. Illegal low cost calling cards often steal service by doing this. If there was a way to also retrieve the user's phone number, I can imagine a system where you dial the calling card company, input your code and the number you want to dial.... It tells you that it's trying to connect you and that it may take a couple of minutes... It snares the next person caught out on the website, sets their call forward to the number you want to dial, then dials that subscriber for you and connects. So then it's charging the wireless subscriber for your international call, and even if they then disable the call forward on their account, until you hang up, it's still charging them for the call forward.
When you say "Imagine if comments were displayed like this instead", you realise that you can simply modify the colour scheme of your editor to make it so, right?
And I still don't think that solves your "problem". Even if they appear brighter colours, then it's still very easy to phase them out so that you're just focused on the code. It's only when the comment colours begin to hurt your eyes that I find it distracting.
I was interested in how they were detecting monitors and whether they were just picking out any anomalous peers (say ones that don't accept connections). I was also wondering if the paper was going to be obviously flawed and funded by some copyright agency with the aim of articles such as the one we just read being created. I still wouldn't rule it out, but I feel that the methodology was sound.
To summarize for others indicators were:
1. The proportion of a subnet that has been seen in BitTorrent swarms. Monitoring agencies may use a large proportion of their subnet for monitoring.
2. The length of time a peer spends in a swarm. Monitors may spend more
time in the swarm than regular ﬁle-sharers.
3. The number of diﬀerent (IP, port, infohash) combinations per IP address.
Monitoring agencies may operate many clients from a single IP address.
4. Whether a peer reported by a tracker accepts incoming connections. Monitors may block all incoming connection attempts. (((This was discarded as an unreliable indicator)))
5. The number of swarms in which IP addresses from a particular subnet appear. Monitoring agencies may monitor many torrents from their subnet.
6. The number of times the same (IP, port) pair is observed concurrently in different swarms.
we found 1,139 IP addresses that were in the top ﬁrst percentile for all four features (((1,2,3 and 5)))
IP addresses assigned to a company named
Checktor , which oﬀers commercial BitTorrent monitoring services, and 16 addresses assigned to a medium-sized computer security consultancy company that
does not publicly acknowledge monitoring BitTorrent. Another subnet, which we
saw in over 500 swarms, belongs to a company that advertises itself as providing
“intellectual property advice”
We also found two subnets assigned to hosting companies
We speculate that copyright enforcement companies are using
these hosting companies as a front to disguise their identities. We also identiﬁed
a number of IP addresses allocated to large ISPs, such as Vodafone, Etisalat and
This feature (((6))) found IP addresses assigned to Peer Media Technologies  (a well-known copyright enforcement agency) monitoring seven Harry
Potter ebook and movie torrents, and the INRIA research institution , which
had been overlooked by features 1–5 because so few torrents were being monitored, and because a very small proportion of INRIA’s subnet was being used
I didn't read too much further into their methodology for detecting "direct monitoring" other than to see a pretty graphic showing peer lying about their download completion.