Mobily seeks aid for data monitoring: US hacker

MITM expert claims Saudi telco made approach for solution to VoIP, messaging platforms

Tags: Mobily (www.mobily.com.sa)Saudi Arabia
  • E-Mail
Mobily seeks aid for data monitoring: US hacker Saudi’s telecoms regulator has previously directed operators to enforce rules on Web services such as Skype and Viber. (ITP Images)
By  Stephen McBride Published  May 14, 2013

A US hacker yesterday claimed he had been contacted by a representative of Saudi telecom operator Mobily, for help in creating a solution for the monitoring of encrypted telecom data.

Moxie Marlinspike, whose website profile describes a past as a "software engineer, hacker, sailor, captain, and shipwright", said in his blog that he had been emailed by Yasser D Alruhaily, who is listed on Yatedo.com as executive manager of Network & Information Security Governance at Mobily. Alruhaily allegedly cited a set of requirements for the monitoring of services such as WhatsApp, LINE, Viber and Twitter and said those requirements originated with "the regulator".

Saudi Arabia's telecom regulator, the Communications and Information Technology Commission (CITC), spoke out in early April against Web communication tools and directed the kingdom's telcos to act swiftly to ensure that the online services met "regulatory requirements", according to a Reuters report.

The report followed pledges by the CITC to block VoIP tools Skype and Viber and instant messaging system WhatsApp, if the companies behind the services did not provide Saudi authorities with the means of monitoring the heavily encrypted communications.

Hacker Moxie speculates he was contacted because of past success in the area of man-in-the-middle (MITM) tools, which transparently hijack HTTP network packets. He said he was shown detailed specifications by his alleged Mobily contact.

"A considerable portion of the document was also dedicated to a discussion of purchasing SSL vulnerabilities or other exploits as possibilities," he blogged.

When Moxie declined to take part in the project, citing privacy concerns, he allegedly received the following response (sic):

"I know that already and I have same thoughts like you freedom and respecting privacy, actually Saudi has a big terrorist problem and they are misusing these services for spreading terrorism and contacting and spreading their cause that's why I took this and I seek your help. If you are not interested than maybe you are on indirectly helping those who curb the freedom with their brutal activities."

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code