TETRA Crypto troubles in Slovenia

Post Reply
User avatar
cartman
Posts: 2179
Joined: Wed Aug 13, 2008 12:54 pm
Location: Liverpool, NSW, Australia

TETRA Crypto troubles in Slovenia

Post by cartman » Fri May 01, 2015 9:34 am

The translation is passable ... you can get the gist that not all is well with the TETRA system due to programming shortfalls

http://translate.google.com.au/translat ... rev=search

The Police respond

http://www.tetra-applications.com/30385 ... n-slovenia
Professional Scanner nut. Ibis bin chicken of radio scraps
Scanners:
Uniden 325P2, Whistler TRX-1, GRE PSR800 x 2, Uniden 780 x 3, Uniden 796, Uniden 396 x 2, Uniden 246,
Software:
DSD v2.368, Unitrunker, Trunkview

User avatar
cartman
Posts: 2179
Joined: Wed Aug 13, 2008 12:54 pm
Location: Liverpool, NSW, Australia

Re: TETRA Crypto troubles in Slovenia

Post by cartman » Wed Jun 08, 2016 6:26 pm

Followup to the above story

http://www.radiocomms.com.au/content/pu ... 1000111447

Convicted for finding TETRA network flaws
By Critical Comms Staff
Wednesday, 25 May, 2016

In a bizarre case of trying to do the right thing but losing out instead, a Slovenian researcher has received a 15-month suspended prison sentence for publicly disclosing security flaws in the country’s police TETRA network — after being repeatedly ignored when he tried to inform them of the problem.

As reported by the International Business Times, Dejan Ornig, 26, was studying at the University of Maribor’s Faculty of Criminal Justice and Security in 2012 when he and other students were asked to analyse network vulnerabilities in Terrestrial Trunked Radio (TETRA). Ornig allegedly discovered that the Slovenian authorities had incorrectly configured the TETRA protocol, meaning that unencrypted sensitive military and police data was being sent over the internet and open to anyone to intercept. Upon his discovery, Ornig reportedly took the information to the police, on more than one occasion, but no action was taken by them.

No doubt believing this was an important national security issue, by February 2015 the cybersecurity researcher decided to hand the information over to a Slovenian newspaper, Podcrto.si. The newspaper also attempted to contact the Slovenian Ministry of Defence with evidence that military communications were not being protected, but received no follow-up.

Police go on the attack

After the story went public in April 2015, Slovenian police attempted to talk down the article’s claims and finally proceeded to fix their network’s vulnerabilities. That same month they also decided to raid Ornig’s home, confiscating his computer and a cheap device he had reportedly used to intercept traffic data as it passed between their radios and the TETRA base stations. Police then charged him with several counts of attempting to hack into their system.

To top matters off, they also allegedly accused him of impersonating a police officer (because they came across a fake police badge in his house) and charged him with illegally recording one of his former employers after finding a video on his computer. Ornig is believed to have done so because he thought his supervisor at the time was trying to get him fired — the video apparently does provide evidence of this person clearly insulting him.

According to other news reports from Podcrto.si, the district court of Ljubljana criticised Ornig for illegally accessing the TETRA network in 2014, and to avoid going to prison he must not repeat the alleged crimes over the next three years. Unfortunately for this good Samaritan, he will now always have a police record against his name.

Note to self: when uncovering a national security threat, try to do so anonymously.
Professional Scanner nut. Ibis bin chicken of radio scraps
Scanners:
Uniden 325P2, Whistler TRX-1, GRE PSR800 x 2, Uniden 780 x 3, Uniden 796, Uniden 396 x 2, Uniden 246,
Software:
DSD v2.368, Unitrunker, Trunkview

User avatar
Bigfella237
Posts: 1895
Joined: Fri Feb 26, 2010 3:11 pm
Location: In geosynchronous orbit above the Far South Coast of NSW, Australia

Re: TETRA Crypto troubles in Slovenia

Post by Bigfella237 » Wed Jun 08, 2016 9:50 pm

Poor bastard, what a joke. They ask him to evaluate their system and then ignore his response, if he was in America he could (and should) be suing their asses off by now!

User avatar
rustynswrail
Posts: 646
Joined: Thu Mar 11, 2010 10:18 pm
Location: Blue Mountains

Re: TETRA Crypto troubles in Slovenia

Post by rustynswrail » Wed Jun 08, 2016 9:55 pm

cartman wrote:Note to self: when uncovering a national security threat, try to do so anonymously.[/i]
Or better still, shut up and say nothing.

R
Amateur Radio, when all other cures for insomnia fail!

User avatar
cartman
Posts: 2179
Joined: Wed Aug 13, 2008 12:54 pm
Location: Liverpool, NSW, Australia

Re: TETRA Crypto troubles in Slovenia

Post by cartman » Thu Jun 09, 2016 7:37 am

Bigfella237 wrote:Poor bastard, what a joke. They ask him to evaluate their system and then ignore his response, if he was in America he could (and should) be suing their asses off by now!
Most if not all European countries take a very dim view on radio scanning above HF
We are fortunate to live in one of about 3 countries that have a relaxed attitude to our hobby
Professional Scanner nut. Ibis bin chicken of radio scraps
Scanners:
Uniden 325P2, Whistler TRX-1, GRE PSR800 x 2, Uniden 780 x 3, Uniden 796, Uniden 396 x 2, Uniden 246,
Software:
DSD v2.368, Unitrunker, Trunkview

Post Reply