Skip to content or view screen version

Nokia Siemens 'lawful intercept' monitoring centre in Iran

Danny | 22.06.2009 20:14 | Other Press | Technology

After press reports of Nokia Siemens providing the Iranian government with 'deep packet inspection' equipment, the company issued a very odd denial today, while retrospectively announcing the sale of their Intelligence Solutions business to a German investment firm in March.

The mainstream media have been reporting that Nokia Siemens sold Iran their deep-packet inspection system. Nokia Siemens report that they only sold them 'lawful-interception' software for voice calls. According to the company,
"The restricted functionality monitoring center provided by Nokia Siemens Networks in Iran cannot provide data monitoring, internet monitoring, deep packet inspection, international call monitoring or speech recognition..."

The 'restricted functionality' phrase is telling as it implies that the system they sold has this functionality but that it had been disabled. Nokia Siemens did sell such kit so the company have a duty to explain technically how it 'restricted funcationality'. That's irrelevant just now though since all those features can be farmed off to machines running existing off the shelf applications or their own bespoke versions. The next thing the company states though seems to totally undermine it's initial denial.
"Nokia Siemens Networks provided equipment to Iran last year under the internationally recognized concept of "lawful intercept". That relates to intercepting data for the purposes of combating terrorism, child pornography, drug trafficking and other criminal activities carried out online, a capability that most if not all telecom companies have".

So Nokia Siemens did provide equipment for intercepting data online and combating online criminal activities, such as homosexuality?

Network engineers in Iran have seemingly reported signs of deep packet inspection, and the suddenly slow speed of internet connection times to Iran have been cited as further proof. The connection time is explainable many other ways, such as normal traffic being greatly increased or the fact that the government is throttling the bandwidth. I don't know any way safe way to test for dpi occuring, short of risking arrest by burying an incriminating message and waiting for the police, which in Iran just now could mean the death penalty for spying. If you are properly encrypted then you will be safe online, it is voice calls that sink most people. Even if the newtwork engineers were motivated just now, they will be sinking under a sea of data. The fact Iranians were using page reload apps to DDoS government sites suggests the government engineers aren't either able or willing to fight back.

The Nokia Semeins statement also aid "On March 31st, 2009 Nokia Siemens Networks and Perusa Partners Fund I L.P., a private investment firm advised by Munich based Perusa GmbH, successfully closed the sale of Nokia Siemens Networks’ Intelligence Solutions business to Perusa".

This too is strange, because investment funds aren't renowned for buying blue-chip high-tech divisions. Nokia Siemens aren't noticably suffering stock problems, they are still bidding for other companies. Perusa haven't bought anything like this before, they seem to be asset strippers. Also odd is that apart from todays announcement from Nokia Seimens, there is no mention of that online, even on Nokia and Perusa Gmbhs own websites.

I did find this industry bumph on cryptome though, again strange since it suggests Nokia Seimens were the main sponsor of a market show in February, only to sell that business in March. That would be suspicious even if they hadn't only announced that today, once they have been criticised in the press. Notice they describe themselves as a trusted reliable mainstay in the market.

" Following are sponsors of:
Intelligence Support Systems for Lawful Interception, Criminal Investigations and Intelligence Gathering, 24-29 February 2009, Dubai.
 http://www.issworldtraining.com/ISS_MEA/sponsors.cfm

Nokia Siemens Networks

Our track record gives evidence of our deep understanding of security issues inside military, MOI and other security-sensitive organizations. We believe ourselves to be the best experts in the global field of intelligence solutions. And we are proud of our excellent, long term customer relationships which are based on mutual trust, reliability and stability

In our worldwide Monitoring Center projects, training, service and consultancy have always been a mainstay. As we strive to become the global number one in unreserved customer satisfaction, we have now formalized these aspects into our '24/365 Lifecycle Management'.

Making the world safer...
...with trend-setting intelligence solutions "



 http://www.nokiasiemensnetworks.com/global/Press/Press+releases/news-archive/Provision+of+Lawful+Intercept+capability+in+Iran.htm

 http://cryptome.info/0001/li-biz-mania.htm

 http://online.wsj.com/article/SB124562668777335653.html

Danny

Comments

Hide the following 3 comments

Per USA

22.06.2009 23:34

The Wall Street Journal article is reported on Indymedia Athens and Michael Moore. Someone has even set up a face book page calling for a boycott of Nokia Siemens, to which someone has commented 'Any Info on Perusa Partners Fund Ltd'?  http://www.facebook.com/topic.php?uid=94947302987&topic=10156
I don't use facebook, so I'll post here in the hope they get to read my reading. I've no original information but I'll summarise when I think this smells fishy.

Nokia Siemens Networks have developed a monitoring centre that can provide high levels of surveillance and interception of data. They heavily promoted this and sponsored an industry conference as recently as February. NSN previously sold a feature-limited version to Iran last year. In March Nokia Siemens sold the entire division, all the technology and copyright, to a German investment fund, Perusa Partners, that can legally export all that technology to Iran without risk of action in the US.
Neither company announce that in a press release or anywhere on their websites, until Nokia-Siemens rebuttal of complicty with Iranian censorship yesterday (22nd of June 09) . Perusa certainly list investments made just before and after that supposedly happened and still haven't mentioned it.
So who are the Perusa 'Partners', where does the money lead? Perusa portray themselves as a high risk fund:

»How we differ from others. «
Of course we like to purchase profitable, easy to manage companies, too.
Unlike classic financial investors, we do not shy away from companies being in a state of change. We rather look for suitable solutions together with the management. Our long-term experience and our funds allow us to help you out.
 http://www.perusa-partners.de/english/our_investment_focus.php

They have different funds for different companies that they own. It is a 'closed end' fund registered in Guernsey, one of many dodgy British tax havens. I think that means only Perusa and maybe someone in Guernsey know who own the Nokia Siemens 'monitoring' tech now. 'Closed End funds' seem inherently nefarious to me but I have no financial expertise so do your own research. I like this quote though because it reads like a deliberate misdirection

"Mr. Roome said he did not consider the Iranian monitoring center to be dual-use technology".
 http://actdcmetro.wordpress.com/2009/04/13/

It's true it's not dual use. The Iranian government use this just like the British and US government use similar tools, it is not 'dual-use' technology. It's only use is population control. NSN claim they never exported this technology to Iran except in a cut-down version, but can Perusa claim the same since then? Who are Perusas customers and owners? If this fund was owned by Iran then how would we as citizens know? If this kit is ubiquitious among governments then where lies the morality? After the Tehran deaths can the individual developers be shamed into issuing safety guidelines for activist communications monitored by their systems?

Danny


Nokia have been rolling this out everywhere

23.06.2009 05:13

The Network Monitoring system from Nokia and Siemens is not new. It is a source of excitement in some parts of the telecommunications industry.

"Zain in Saudi Arabia and Nokia Siemens Networks signed a contract to roll out a state-of–the-art greenfield mobile network in the Kingdom of Saudi Arabia. Nokia Siemens Networks will supply a full turnkey 2G and 3G mobile network, including core and radio networks, operations and business support systems, applications and a full suite of services, including managed services."

In Saudi Arabia, the control systems will be embedded in the telephony infrastructure. Dr. Marwan Al-Ahmadi, CEO of Zain, was quite gushing about the system. Zain (formerly MTC) is a leading emerging markets player in the field of mobile telecommunications. The company was established in 1983 in Kuwait as the region’s first mobile operator. It has grown to become the 4th largest telecommunications company in the world in terms of geographic presence. Present in 22 countries spread across the Middle East and Africa.

When this was mentioned in January 2008, people were sceptical. The major component that Nokia supply - and continue to supply - is the vague product of "implementation". The business systems, once established, can be communicated to a third party. The third party then commences with business as usual.

Currently, Nokia are negotiating with Jupiter Network Inc. to introduce the same kind of technologies:

"Headquartered in the Netherlands, the joint venture will be dedicated to managing and executing the Carrier Ethernet portfolio roadmap, and extends the previously announced partnership enhancement designed to deliver to service provider customers a fully interoperable Carrier Ethernet solution for mobile backhaul, business services and residential broadband networks. The planned solution will enable customers to monetize their networks through a faster time-to-market for new revenue-generating services and by improving network efficiency, which in turn will drive down transport costs.

This planned structure will allow both companies to contribute the necessary products and support to enable meeting the end-to-end portfolio needs of some 200 joint service provider customers worldwide. The planned solution consists of Juniper Networks MX Series Ethernet Services Routers, Nokia Siemens Networks A-series Carrier Ethernet Switches as well as the end-to-end “point-and-click” network management system."
( http://www.globalsecuritymag.com/Juniper-Networks-and-Nokia-Siemens,20090604,9837)

It really is not rocket science. Nokia sell network monitoring and management systems. Realistically, Nokia sell to Buyers. Such as Iran, China and Holland:

"China Mobile Group Jiangsu Ltd (Jiangsu Mobile) has tapped Nokia Siemens Networks' solution to ensure reliable telecommunications service, provide a secure data experience to customers and help the operator realize new opportunities in its full service operation era.
With customer demand for converged services increasing each day, IP networks are emerging as the preferred platform. However, traditional IT security solutions are insufficient to address the challenges that come with an all IP network, and this posed a significant challenge for operators."
( http://www.eetasia.com/ART_8800552951_480800_NT_81f29c5a.HTM)
( http://www.cn-c114.net/576/a287781.html)

A frequent problem for Indymedia contributors is lack of technical skills. It is a difficult problem as it allows press releases to pass by without critical comment. Nokia and Siemens have been selling into this "Security" market for years. The truth is that this security "product" is nonexistent. It is a series of technologies that Nokia write manuals for. These manuals and training are specifically written to "conform" to standards such as BS7799 and then related to Nokia hardware. It is the total package that is being sold. The total package locks down the network for profit reasons.
( http://www.devicemanagement.org/content/view/331504/92/)
But, it could also be for reasons of State.
( http://business.rediff.com/report/2009/may/22/nokia-siemens-takes-bsnl-to-court.htm)

People might wonder why the patterns of repression around the globe seem similar. The truth is that communication is an obvious battleground. The technologies being offered to the state are standardised. This means repression is, non obviously, facilitated and driven by those technologies in fairly standardised ways. The key elements are already in place once a sector merger is announced:
( http://www.cbronline.com/news/nokia_siemens_networks_to_acquire_nortels_assets_in_650m_deal_090619) ( http://www.channelregister.co.uk/2009/06/20/nsn_nortel_cdma_wireless_acquisition/)

I am not not so much presenting that the any Government (for example China or Iran) as a repressive regime. That is a political argument. I am pointing out that the infrastructure is, in some ways, inherently conducive to repressive strategies. It locks customers in. This is intended. The aquisition of Nortel, an equipment maker, ensures that Nokia and Siemens have access to hardware production and design that gives them an opportunity to design "next generation security". This will lock the future into a commerically motivated security model. Last generation security is always copyable by other providers. That is the nature of standardised hardware and standardised security. It encourages consolidation
( http://news.zdnet.co.uk/communications/0,1000000085,39285889,00.htm) and it encourages the roll out of identikit systems: ( http://www.redorbit.com/news/technology/715889/
nokia_wins_usd_230_million_managed_services_deal_with_vodafone/index.html)

The truth is harsh for Indymedia. Either Indymedia promotes technology and science as basic political survival skills or, the next Iran will be in Bristol. People who do not undestand science and technology are being stomped on and the political "cogniscenti" express suprise. It would be less of a suprise if people actually took science seriously instead of listening to half baked nonsense.

People whine about the BNP. The harsh truth for antifascism is that the BNP have such a limited set of beliefs and ideals that the "network management solutions" approach facilitates the growth of BNP presence. Ignore the fact that I just mentioned the BNP. The harsh truth is that people of the Left have ignored science and technology for so long that it has become the colony of the right, the far right and the extreme far right. Technology has become the justification for the behaviour by making Technology users passive authoritarians. The Nokia strategy has been in the public sphere for years. Make reliable technology and then sell "services" as added value. Not really to much different to the rise of the "new right" across Europe.

Complaining that comparisons to the BNP are "unhelpful" is just a symptom. Iran is just a symptom. The underlying cause is related to the nature of businesses that sell "services" without accountability. In all the links above (not all to "repressive" regimes) there is a common theme: the left never once made remark on the impact of the sale. Currently Nokia is aquiring Nortel. A Canadian equipment manufacturer. Is that in the public interest? Nobody asks the question because it is just about "gadgets". Too busy "embracing" the technology.







@Danny


echo

25.06.2009 13:12

"The Network Monitoring system from Nokia and Siemens is not new. It is a source of excitement in some parts of the telecommunications industry."

Which makes it more suspicious that they suddenly announce they sold this division to a fund months ago. I do think Nokia-Siemens and the Perusa Partners need a financial journalist on their case.

"Either Indymedia promotes technology and science as basic political survival skills or, the next Iran will be in Bristol".

Well, folk have to take some responsibility for their own security, and that means being aware of their technical capabilities. If people use text messages to communicate then they are asking for problems -

Lily Mazaheri, a human rights and immigration lawyer who represents high-profile Iranian dissidents, said she had suspected that the government had increased its capability to monitor its perceived enemies. Recently, one of her clients was arrested because of instant messaging he had participated in with Ms. Mazaheri, she said : “He told me he had received a call from the Ministry of Intelligence, and this guy when he went to the interrogation, they put in front of him printed copies of his chats with me. He said he was dumbfounded, and he was sent to prison.”
 http://actdcmetro.wordpress.com/2009/04/13/

"A frequent problem for Indymedia contributors is lack of technical skills."

I'm out of date but I used to be an electronics engineer, and moved into IT a long time ago because it was easier and better paid . To begin with that meant rolling out PCs and Unix boxes to replace mainframes and terminals, and the job was all about connectivity, functionality. Once managers had got the concept, they began asking about the ability to police their users. I don't mean police the systems, which had to be done to ensure functionality, their requests always were about policing users. Who had accessed what, when, that sort of thing, useful information only for middle management napoleons. Functionality that was built to control equipment soon evolved to control people.

I always prided myself on never working for a defence company, but some of my IT employers were morally dubious. I turned down a job with a call centre management software company, as that was solely about controlling workers. Their gear allows napoleons to monitor how long an operator spends on the phone on average, over a week, how many breaks they took, what calls they initiated, what applications they ran.

NMS stands for Network Management Software. On an IP network the SNMP protocol normally provides the communication with remote devices, although telecom devices generally use competing protocols. Until SNMP v3 came out in 2004, you could break into any system you were already on by setting your NIC promiscuous and sniffing SNMP passwords. You could upload firmware and reset a box remotely if you knew what you were doing, but most hackers just wanted bandwidth. On small networks lots of devices came with it it ready to use, with proxies available for anything else, and few people bothered to change the basic security information. I came across one small network suffering limited internal bandwidth because the admin had set everything to report back all information to his PC. The limited functionality it added didn't make up for the security risk so I'd often disable it on small networks, and if I ever needed a router reset remotely I'd just phone and ask the person sitting next to it to turn it on and off. On a large or complex system some sort of NMS provides extra control with fewer support staff.

"It is a series of technologies that Nokia write manuals for".

The Nokia Siemens system is more than just manuals, it is the proxy code, the Management Console code, the integration, and the support. A monitoring centre though is more than that though, the ability to locate callers or browsers in real time is the extension of workplace rules to an entire society.

Danny