[ISN] Saudi Telecom Sought U.S. Researcher’s Help in Spying on Mobile Users

http://www.wired.com/threatlevel/2013/05/saudi-telecom-sought-spy-help/ By Kim Zetter Threat Level Wired.com 05.14.13 A prominent computer security researcher says he recently rejected a request by a Saudi telecommunications company to help it spy on mobile customers using social networking accounts such as Twitter. The security researcher, who goes by the name Moxie Marlinspike and who recently left Twitter where he worked on that company’s security team, said he was contacted via email earlier this month by an employee of Mobily, a mobile phone operator in Saudi Arabia, seeking his help with a surveillance project the company was developing. The employee, from Mobily’s network and information security department, told Marlinspike that Mobily wanted to intercept data for the mobile versions of four social media applications used in that country — Twitter, Viber, Line and WhatsApp — and asked his help in doing so. Equally disturbing was a document the employee provided Marlinspike, which discussed compelling a Certificate Authority in the United Arab Emirates or Saudi Arabia to produce SSL certificates that Mobily could use to intercept traffic. The document also discussed the possibility of purchasing information about security vulnerabilities and exploits that could be used to intercept traffic. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org