Software engineer Moxie Marlinspike over at Thought Crime says he’s no stranger to unsolicited emails from individuals seeking help with surveillance efforts, due to some of the software he has created. While the programmer says he ignores most of them, one he received earlier this month caught his eye, and a short while later he discovered that Saudi Arabia telecom Mobily is working on a project to intercept mobile traffic.
The email, says Marlinspike, appeared in his inbox one day with the alluring subject line: Solution for monitoring encrypted data on telecom. Though he wasn’t interested in helping, he did respond to the agent’s email, initiating a correspondence that the programmer says lasted for a week. The end result was revelation of telecommunication company Mobily’s current project for intercepting data from mobile applications, with particular emphasis on Line, Viber, Twitter, and WhatsApp.
Reportedly, Mobily’s Executive Manager of Network & Information Security Yasser D. Alruhaily is at the helm of the project, which was initiated by someone referred to as “the initiator.” Marlinspike believes “the initiator” to be the Saudi government, but it doesn’t sound like that information was ever explicitly provided.
In one of the emails from Mobily that were published, it is revealed the telecom company is looking for information on how to go about intercepting traffic from mobile apps, whether a workaround exists for accomplishing that task, and if there are any other places it could approach in regards to the project. Marlinspike goes on to specify that one document they provided indicates using SSL certificates for interception, as well as SSL exploits and vulnerabilities.
Word has it a WhatsApp interception prototype is up and working.
So, what is compelling such an action? Terrorism, according to a message Marlinspike posted from Mobily. The telecom company, after being informed that he wouldn’t help them, said that Saudi Arabia has a “big terrorist problem” with those responsible using the aforementioned mobile apps – and others – to transmit information. The telecom company then goes on to say that because of this its actions are not only necessary, but Marlinspike’s refusal to help is indirectly aiding terrorist activities.
SOURCE: Thought Crime