Mobily seeks aid for data monitoring: US hacker
MITM expert claims Saudi telco made approach for solution to VoIP, messaging platforms
A US hacker yesterday claimed he had been contacted by a representative of Saudi telecom operator Mobily, for help in creating a solution for the monitoring of encrypted telecom data.
Moxie Marlinspike, whose website profile describes a past as a "software engineer, hacker, sailor, captain, and shipwright", said in his blog that he had been emailed by Yasser D Alruhaily, who is listed on Yatedo.com as executive manager of Network & Information Security Governance at Mobily. Alruhaily allegedly cited a set of requirements for the monitoring of services such as WhatsApp, LINE, Viber and Twitter and said those requirements originated with "the regulator".
Saudi Arabia's telecom regulator, the Communications and Information Technology Commission (CITC), spoke out in early April against Web communication tools and directed the kingdom's telcos to act swiftly to ensure that the online services met "regulatory requirements", according to a Reuters report.
The report followed pledges by the CITC to block VoIP tools Skype and Viber and instant messaging system WhatsApp, if the companies behind the services did not provide Saudi authorities with the means of monitoring the heavily encrypted communications.
Hacker Moxie speculates he was contacted because of past success in the area of man-in-the-middle (MITM) tools, which transparently hijack HTTP network packets. He said he was shown detailed specifications by his alleged Mobily contact.
"A considerable portion of the document was also dedicated to a discussion of purchasing SSL vulnerabilities or other exploits as possibilities," he blogged.
When Moxie declined to take part in the project, citing privacy concerns, he allegedly received the following response (sic):
"I know that already and I have same thoughts like you freedom and respecting privacy, actually Saudi has a big terrorist problem and they are misusing these services for spreading terrorism and contacting and spreading their cause that's why I took this and I seek your help. If you are not interested than maybe you are on indirectly helping those who curb the freedom with their brutal activities."