The GSOC Bugging Scandal of 2014

Sono Topolino

The recent GSOC revelations got me thinking about the most bizarre scandal in recent memory involving the Garda Ombudsman. In February 2014, the Sunday Times reported that a UK security contractor, Verrimus, had prepared a report for GSOC that found strong evidence that their offices had been bugged. A hastily arranged government inquiry concluded that no bugging had occurred, but also could not explain the anomalies that Verrimus attributed to bugging. For its part, Verrimus stood by its findings. The most significant direct casualty of the scandal was Simon O'Brien, the Chairman of GSOC, who was pressured into resigning by the government - although it arguably contributed to the resignation of Martin Callinan and Alan Shatter.

It is very strange to me that this scandal was effectively swept under the carpet. Despite the utterly explosive implications of it, it was quickly forgotten and treated as "just another Garda scandal".

L1011

Some of the stuff in the report didn't wash with anyone with basic IT Security knowledge (they seemed to have very little knowledge of the very concept of public Wifi networks, from memory), but there was still concerning elements.

IT Security audits exist to tell you you've problems; people feel they are a waste of money if they don't. Sometimes what they tell you is bibble.

Sono Topolino

https://www.boards.ie/discussion/comment/120508965#Comment_120508965

I really want to know who owned the IMSI catcher/Stingray.

LambshankRedemption

Ive not read the original Verrimus Report, but from the Cooke report, it suggests the original report had gaping flaws. For example:

The author of the report then expresses the opinion that the WEP security in question is considered wholly insecure and easily hacked even by an untrained individual with free software and instructions found on the Internet. Once a WEP access point has been accessed, it is possible for a hacker to access, control and intercept any device or data on that network. The significance of this opinion is then illustrated by two diagrams which contrast a secured WLAN (i.e. a wireless local access network) and an insecure WLAN.

Well no. Transport Layer Security exists to prevent that. As does encryption in its many forms. Yes accessing the WAP is trivial for someone who knows what they are doing but it is not the same as remote access. They need to be pretty close to achieve anything.

The view is then expressed that if this area of vulnerability is taken in conjunction with the possibility that unauthorised access to the conference microphones in the room could be obtained via the insecure access point identified above, “an attacker could have unrestricted audio feed in this room as and when required.”

Err... How does one turn an unsecured Wireless access point into a microphone? Yes the unsecured WAP could enable data exfiltration, but it can not be turned into a microphone.

Thats all just from a quick scan of the Cooke Report, the result of the investigation into the Verrimus report. Ive not seen the Verrimus report but it sounds like it is about as grounded in the real world as the first Harry Potter book.

Sono Topolino

https://www.boards.ie/discussion/comment/120509718#Comment_120509718

Access to the network gives allows to scan the network and determine which devices are are on it and identify and exploit vulnerabilities. Considering that GSOC is a government agency, it was probably using Windows XP or something dreadfully outdated and insecure. It's also clear from the above quotes that they're discussing someone:

1. Gaining unauthorised access to the network;
2. Tampering with the conference microphone (which is connected to the network); and
3. Exfiltrating data from the conference microphone via the device with unauthorised access to the network.

Also I would just note that this would have appeared much more sinister to GSOC at the time, considering that the Gardaí appeared to have a good knowledge of the state of GSOC investigations - including details of confidential reports etc (if I recall correctly). If they weren't being bugged, the Gardaí definitely had a human intelligence source (or several) in the organisation.

zg3409

My memory of it is indeed they already suspected bugging or employee passing info to gardai.

However a lot of gsoc are not gsoc and actual gardai. So their real bosses are not gsoc. They have gardai "on staff" as go betweens and so it would be easy for them based in the same office to bug etc. Even sticking in a USB stick and copying data would not be that hard.

Again the report was a bit vague. The UK phone network found could easily not have been a stingray or imsi catcher. It could easily gave been a misconfigured phone mast or someone testing 3g/4g/5g equipment somewhere in the city. They did not identify the location of the "mast" and it may have been miles away. If you were running a dodgy phone network it's unlikely you would identify as a UK network as roaming might appear on the phone display (if you were allowed to join it). There are often testing networks running and indeed Ireland has special rules to allow future network testing to encourage R&D in phone networks with fast turn around for approval in terms of weeks for permission compared to months for other countries. We have big international companies researching phone networks in Dublin.

I think they found no smoking gun and they included lots of maybe in the report. The report was only made public/leaked months and months later for some reason.

That said I can imagine gardai management would have great interest in what gsoc are investigating and indeed the whole set up of gsoc was resisted for decades and gsocs powers and budget was greatly restricted by the regulations to ensure they could not be that effective. I expect the gardai have access to world class phone bugging, audio bugging and network bugging/virus. Indeed as shown in high profile gangland cases they have installed audio bugs inside suspect cars in many cases and they have asked for expanded power to legally bug homes and use that in court cases. Back in the 90s they had gps suspect car tracking and there has been scandles of journalists landlines being bugged by politicians. Even "enthusiasts" can buy bugging and tracking systems very hard to detect and prove and may not be detected in a sweep like happened at gsoc.