The British security firm which carried out a surveillance sweep at the Garda Ombudsman’s offices yesterday described reports regarding two of the three “technical anomalies” it detected as “wholly inaccurate”.
Verrimus issued a statement after the Irish Independent published what it described as “revelations”, in which it stated two of the anomalies could be innocently explained.
The story said an external wi-fi that was connected with a wi-fi device within GSOC was simply a coffee shop wi-fi located in a premises partly underneath the ombudsman’s offices.
It said the external wi-fi was not a potential threat, as identified by Verrimus.
Secondly, the report stated that the detection of a British 3G mobile network came from the mobile phones of Verrimus’s own experts.
In a response, Verrimus said the reports were “wholly inaccurate”.
It said: “A mobile phone cannot create a 3G base station, so it is impossible that Verrimus operators’ phones were the source.”
It said the 3G base station created a fake mobile country code and fake mobile network code, which it said was detected.
In the report — compiled by GSOC for the Oireachtas — it said that this device was an International Mobile Subscriber Identity catcher.
It simulated a British mobile phone network and picked up British phones registered to that network.
Once connected phones on that network can be forced to disable call encryption, making the call data vulnerable to interception and recording.
The report said Verrimus indicated this level of technology was “only available to Government agencies”.
In relation to the wi-fi, the firm said that any such device which sits on a secure internal wireless network “should not be attached and communicate with any device outside its own network” — meaning the GSOC wi-fi should not have been connected with the external wi-fi detected in the sweep.
The company said that if it was connected, this would enable information to be transmitted outside the secure network “to the person or organisation that forced the device to function outside of its secure network”.
In the GSOC report, the company said the wi-fi in the GSOC boardroom had a password and that without this password, it should not have been able to connect with the external wi-fi.
The report said GSOC did not have this password and that it never activated the device. “Its connection to an external network was, therefore, a concern,” the GSOC report said.
GSOC yesterday issued a statement in which it repeated the findings of the report and referred commentators to the Verrimus statement.
© Irish Examiner Ltd. All rights reserved