Risky Dialing: Trump Call Raises Security WorriesExperts Say Call Between Trump and Ambassador Could Have Been Intercepted
A phone call between President Donald Trump and a key ambassador - a revelation that came in the House impeachment hearing Wednesday - has raised concerns it could have been intercepted by Russian spies.
See Also: Encryption & Key Management
The acting ambassador to Ukraine, William B. Taylor Jr., testified that one of his staffers overheard a phone call made by Gordon Sondland, the U.S. ambassador to the European Union, to the president on July 26 in a restaurant in Ukraine.
The staffer, David Holmes, who worked as a political counselor in the U.S. embassy in Kiev, is due to testify in a closed-door session before House investigators on Friday, reports The Washington Post.
It's not yet clear what type of phones Sondland and Trump may have been using, or if they used an encrypted calling or messaging app such as WhatsApp or Signal. But some security experts say that if the call was made over the regular mobile network, it would be easy for spies to listen in.
"The use of private cell phones to discuss official diplomatic issues is a monumental security lapse, especially when either of the parties is overseas," says Jake Williams, founder of Rendition Infosec and a former operator with the National Security Agency. "In addition to the immediate threat, there's likely an increase in intelligence targeting as a result of calls like this."
Williams says it's possible the phones used by Trump and Sondland were already compromised by malware, along the lines of the type made by commercial interception specialist NSO Group (see: Facebook Sues Spyware Maker Over WhatsApp Exploit).
Taylor testified that his staffer overheard Sondland and Trump discussing "investigations," according to CNN.
Democrats have launched impeachment hearings that focus on whether Trump withheld aid to Ukraine unless the country began investigating Hunter Biden, the son of Democratic presidential candidate and former Vice President Joe Biden. Hunter Biden was on the board of Ukrainian energy company Burisma Holdings between 2014 and 2019.
Spying on Phones
There are a variety of ways phone calls can be intercepted. If spies have access to the telecom companies that a particular phone connects to, it would be possible to see call logs.
Other attacks involve Signaling System #7, which is what carriers use to exchange message between their Home Location Registers, which contain subscriber and routing data. SS7 is crucial to routing phone calls correctly if someone is away from their home network (see: Failed Fraud Against UK Bank Abused Mobile Infrastructure).
In 2015, Karsten Nohl showed how he could eavesdrop on a call merely by knowing the target's phone number using SS7. Access to SS7 can be bought for a few hundred euros a month, and some telecoms have left their equipment unsecured on the internet, according to Nohl's presentation. What makes matters worse: SS7 was designed in the 1970s, and there was no authentication required to make changes.
These types of risks pose dangers for U.S. officials traveling abroad, and especially in Ukraine. As noted by The Washington Post, a telephone discussion between two top U.S. officials was leaked on YouTube in 2014, which proved deeply embarrassing.
The call was between former Assistant Secretary of State for European and Eurasian Affairs Victoria Nuland and Geoffrey Pyatt, who was then ambassador to Ukraine. It is strongly believed the call was intercepted by Russia. Then White House Communications Director Jennifer Psaki called it a "new low" in Russian tradecraft.
Interception Virtually Certain
Itfthe call between Sondland and Trump was not encrypted, it's likely that it was intercepted by the Russians or another country, says James Lewis, senior vice president and director of the technology policy program at the Center for Strategic and International Studies.
"If the media reports are true, the Russians probably gave the tasking to an intern," Lewis says, referring to how trivial such interception would be.
Even if Sondland and Trump were using an encrypted app, there would be other possibilities to intercept the call, such as bugging the centerpiece on a table in a restaurant, Lewis says.
Depending on the sensitivity of what Sondland and Trump discussed, the call could be regarded as an operational security failure, says John Bambenek, a computer security lecturer at the University of Illinois and vice president of ThreatStop.
In locales such as Ukraine, there is good reason to be worried about pervasive Russian monitoring, he says. "It's very typical advice for business people traveling in Russia or China to restrict their phone calls to what truly needs to be discussed and do nothing sensitive."
Even putting faith in encrypted communication apps for such sensitive communications is risky, because there could be unknown vulnerabilities, he says. Also, even the metadata left by encrypted communications may be valuable to an adversary.
"These conversations should be done inside embassy walls," Bambenek says.