"Given that the company deals with wiretapping in the service of criminals and dictatorial regimes and is probably indirectly responsible for the deaths of many people, discriminatory treatment of employees and candidates is a petty crime.
Don't bother if you're a normal person." This is google translated reaction in Bulgarian web-site for quality of workplaces. In other comments is obvious that paying 3500 eur salary is tied to working on undefined and risky situations.
Interesting comment from Circles Bulgaria Ltd worker from 2019.
"The last opinions are very old, so I decided to write how things really are in the company.
For now, everything is pretty good, especially after the management has changed almost completely. They take very good care of their people, and the only downside is the lack of a home office, but this is not felt.
I don't know another company, or at least I think there are very few that take care of their people like that. The atmosphere is very positive and relaxed, and the projects we are working on are unique, once in a lifetime.
Don't pay any attention to the grumblers, there will always be some. The information about the projects on the Internet is very small, but believe me, there is no place to touch such work."
Well - this is "reputation cleaning review" probably from their HR department.
BGRabotodatel is something similar as GlassDoor where ex-employees or even customers rate some companies with insider information. But HR departments see this and make countermeasures because site is well indexed and occupy first results on Google. And new potential employees see that too.
SS7 is challenging to find info about, so I'll ask here:
How hard are these attacks to actually execute?
* Can someone with an SDR and no credentials start an attack?
* Do you need a femtocell registered with a carrier to attack SS7?
* Do you need to be a registered carrier to have the access required to attack a user?
The attacks described in the article assume the attacker is a nation-state, but is it possible for any random person with the right hardware to gain access to sensitive info via SS7?
That's far beyond, keys to server room is access to basically every phone on the network. For nearly a decade or so any kid in a mall kiosk can pull off sim cloning attacks. Yet we still use sms as a second factor.
The attacks are trivially easy. You need almost nothing. These are digital protocols on the wire so a SIP trunk would give you the same access as a cellular modem. An SDR would overly complicate things. It's almost as if the SS7 protocol was designed to support use by governments for collection and cyber-warfare.
Neither a SIP trunk nor a cellular modem confer access to SS7, which is used internally between telcos and is limited to access only by those telcos. The majority of VoIP providers, SMS aggregators, and other telephone-adjacent companies do not have SS7 access either as it is traditionally limited to wireline telcos, so they must contract a telco to perform those services for them. SS7 routing is strictly static and addresses are statically assigned, meaning that gaining unauthorized access to the network with a new device is usually not feasible (there would be no routes for traffic to reach it).
Instead, SS7 access is usually gained by either locating a crooked telco, or compromising a device within a telco.
While SS7 has essentially no security features, the primary security measure is the difficulty of accessing the SS7 network since it is entirely based on address management and routing by central authorities. This has been sufficient to slow the pace of SS7 vulnerabilities but not at all to stop them, as both crooked telcos and telcos with poor security practices can be found throughout the world.
SS7 is an old legacy standard that can be viewed in the same vain as DNS and it's associated legacy and subsequent mitigations and improvements over the years. For more perspective, 2G came along decades later and that had more thought, why it used cutting edge 56bit encryption, which today is akin to plain text.
I did not mean to imply that there was a conscious effort to enable cyber-warfare when developing the SS7 protocols. What I meant was that it's so damn easy to do all of the mischievous things needed for cyber, that it sure seems like SS7 was made for that!
If you look at anything from the 70's, very very few stand the test of time security wise and the ethos of security has become more mainstream at a technology level which see's today's technology that surpassed the wildest dreams of technology back then. Making many attack vectors non-viable to even state players back then, consumer accessible today.
Might be why I've grown to love and appreciate analogue systems that just work.
> For more perspective, 2G came along decades later and that had more thought, why it used cutting edge 56bit encryption, which today is akin to plain text.
It was not 56-bit, but 54-bit, not cutting edge even in the 80s. Remember that GSM's encryption was designed under the restriction of crypto regulations, weak security was deliberately used, just like how SSL had weak export ciphers thanks to the NSA. A few cryptographers behind GSM [0] have accused the GCHQ and the NSA for sabotaging GSM's security, or at least acknowledged the security was weakened due to political pressure.
> Jan Arild Audestad has been an employee of Telenor in many years and has also been a professor at Gjøvik Universty College and the Norwegian University of Science and Technology.
> — Originally we proposed that the encryption key length should be 128 bit, because we knew little about cryptographic systems, and how secure they were. The request was that the keys and algorithms should be secure at least for 15 years after the installation, Audestad tells.
> Audestad says that the British were not very interested in having a strong encryption. And after a few years, they protested against the high security level that was proposed.— They wanted a key length of 48 bit. We were very surprised. The West Germans protested because they wanted a stronger encryption to prevent spying from East Germany. The compromise was a key length of 64 bit – where the ten last bits were set to zero. The result was an effective key length of 54 bit.
> Aftenposten has spoken to several people who together with Audestad co-operated on building the GSM network.
> One of them is Peter van der Arend from Netherlands. He tells Aftenposten how he «fought» with the British about this case – especially in a meeting in Portugal.
> - The British argued that the key length had to be reduced. Among other things they wanted to make sure that a specified Asian country should not have the opportunity to escape surveillance.
> Van der Arend was very opposed to the British proposal.
> — The length was increased by the British – two bits at the time. They did not want to go further than 54 bits. And even though I argued against it, I eventually lost support from the others. And from that moment we had weaker security, and I am still angry about this.
> Thomas Haug, who was one of the most central persons in the making of GSM, also says that he was put pressure on by the British.
> — I was told by a British delegate that the British secret services wanted to weaken the security so they could eavesdrop more easily.
> Michel Mouly from France was one of the other central people in the making of GSM. He cannot confirm that the British were pushing for weaker encryption. But he confirms that the encryption was not as strong as planned, due to political pressure. Mouly also confirms that it would have been technological possible to have a much stronger encryption than what the result became.
Or have connections / bribery access to someone who does. In places where corruption is endemic, one can imagine this as a regular side biz for telco employees.
ss7 is only one access vektor of killchain.this comapny and thier solutions is infect iphone and android telephone.the cirkles solution is put at telekom headquarters thanks to autocratic goverment for spying. cirkles become authorised SS7 sender or recipient because acting like telco at telco access point{no need rogue access if u are telco}SS7 can tell target is in country or target is in other county but on national telekom network {in instanse, german company t-mobile has network in france}. once confirm target is in country, attacker has many option - most common is ask target phone where is located (baseband processor: not detect by target}, intercept phone call {not detect}, intercept text message {not detect -- uses for two faktor authroisation intersept}, send target message that looks like friend sent it {with viruss link}.[1]telekom in western country do not accept SS7 from eastern country where target does not currently travel.this is old SS7 attack and many commercial SS7 firewall to prevent attack[2]. femtocell is other cirkles product when close access require becaus no telekom access or for secret polise unit. same funktion. when attacker cant use cell network{because target is opsec} cirkles use information leak from many secure message platform. message is encrypt, but target metadata is not encrpyt, and can enumerated from secure message provider {e2e platforms is good encrypt, but bad privacy opsec.} cirkles know when target online, if target read message, when target typing, etc etc etc. more this information good for more targeting for NS0 grupo {email virus, secure message virus, sexy girl, new job, parcel delivery, etc etc etc}
“Using Internet scanning, we found a unique signature associated with the hostnames of Check Point firewalls used in Circles deployments. This scanning enabled us to identify Circles deployments in at least 25 countries.”
Search for Karsten Nohl. That man is a 'one man army' exposing weaknesses in telcos and their protocols and has been for years. So long that many of these "S7 (as called in Europe) or SS7 (USA) tricks" are not even abusable in many networks since he helped them mitigate the issues.
Former Circles Employee here. It's important to know that Circles has a big development team in Cyprus and they are doing lots of stuff. Ask me anything.
Can Circles users spy on mobile users from any country, or only handsets from the same country/network?
If I disable roaming on my mobile account, will my mobile service provider reject intercept requests?
Why is authentication optional in 4G and 5G?
Do SS7 network participants suffer fraud? For example, a small telco in a developing country could charge random foreign customers for international calls that never occurred.
They pretty much provide the core espionage platform services. They operate in a typical spy in a van scenarios with all the tools and hardware needed to perform hacking and exploiting.
See for example this article:
Given Australia is in the Five Eyes I doubt it needs to get this capability from a third-party provider. More reasonable to assume that there is a maligned private actor in AUS. I don't believe Circle's admission that they only do business with nation-states one bit.
This will break phone calls if your carrier does not support Voice over LTE (VoLTE), as the device will be unable to switch over to 3G to handle incoming/outgoing calls.
Yes. That's a necessary side effect of disabling 2G/3G. If that's an issue, you can either only disable 2G, or switch to a carrier that supports VoLTE.
isn't that just a regular GSM phone? According to https://www.techwalls.com/iphone-11-a2111-a2221-a2223-model-... there's only 3 variants of the iphone 11: the north american variant (with CDMA support), rest of the world variant, and a chinese variant.
It will not make much if your phone company doesn't do the same, and stops accepting roaming requests from rogue countries.
Somebody should also punch Google in the face for building in an "espionage API" into Android: reading sim card serial, imsi, and imei without even a notice. I doubt the thriving market of SS7 interceptions would be anywhere if not for Android creating a market for such data.
It would be better if telcos and their equipment vendors implemented some protections. Like the ability to disable roaming (and deny any related SS7 requests) at subscriber's request.
We have seen this vulnerability for years and nothing has been done to change it. Is it safe to say that is intentional? Obviously a valuable too if you want to spy on your citizens.
Do you mean the weakness of SS7? If so, the answer is, it would be easier to entirely build a new telco network and new cities than to overhaul the SS7 signalling network. I would have to write a book to explain the complexities (technical, bureaucratic, legal challenges). To sum up, SS7 will probably be with us in its current state long after our great great grand-children. It is best to just avoid using it if you can. POTS lines, SMS Text messages currently depend on it, but SMS could be changed to use data only if all the wireless carriers could agree to block SS7 for SMS or tear down their SMS gateways. There would need to be an agreed upon standard to re-route all the SMS messages. Landline calls and mobile to landline and mobile carrier to mobile carrier will still use SS7 for the foreseeable future and will always be vulnerable to interception. Mobile devices would have to solve this with some type of device validation, at least for mobile to mobile calls and home/business systems would need to implement that validation.
A great deal of technical patching could occur in the SS7 based on lesson's learned from the Internet. But the telco's are strapped for resources and interoperability concern that this won't occur with our a massive push by a third party to support it.
The idea of implement something like reverse-path forwarding on SS7 switches would for example greatly cut down on robo-calling.
That idea is great, but the SS7 network was never built to even understand those concepts. Some of the equipment could be updated, but a vast majority of systems would have to be replaced. Getting telco companies to agree to things like that is not even conceivable. It would take some international political groups to push for it. Maybe I am just jaded from my telco background, but even when an entire telco company agrees to implement a change, it rarely gets completed.
Digging should not be required in most cases. It would require replacing gear in most of the telco central offices. That probably sounds simple, but it is not. Much of this gear is ancient, most of the people that intimately understand it are no longer with us and most of the companies that made it no longer exist. The new equipment would have to be backwards compatible and run side-by-side with the old equipment for a couple decades. Many of the CO's are at physical capacity. Even if the new gear is a fraction of the size of old gear, there will be logistical issues in many places. That alone is a significant undertaking. The coordination required between telcos within countries and between countries would be significant.
> The idea of implement something like reverse-path forwarding on SS7 switches would for example greatly cut down on robo-calling.
SHAKEN & STIR [0] should (hopefully!) eliminate most of the issues which result from "spoofing" caller ID.
From "Combating Spoofed Robocalls with Caller ID Authentication" [1]:
> "[The FCC] adopted new rules requiring all originating and terminating voice service providers to implement caller ID authentication using STIR/SHAKEN technological standards in the Internet Protocol (IP) portions of their networks by June 30, 2021."
SMPP sort of fills the need for a standard way to send SMS between carriers. Although you still need to know which carrier to send it to, and have a working connection to them.
I think HD voice calls can't be made over SS7? So to the extent that carriers interconnect for those (which isn't a lot, but it's more than zero), that's a parallel system too.
The DNS encryption efforts only protect part of the DNS query/response transit across the Internet, the packets from the recursive resolver to the root servers are still unencrypted.
In addition, IP addresses are unencrypted and that can reveal a lot of information. Basically the planned SNI/DNS encryption is only going to be useful for websites hosted on global CDN providers and other centralised hosting.
https://bgrabotodatel.com/company/10131?__cf_chl_jschl_tk__=...