Telecom Whistleblower Discovers Circuit that Allows Access to All Systems on Wireless Carrier—Phone Calls, Text Messages, Emails and More

Babak Pasdar is a computer security expert who was hired in 2003 to help restructure the tech infrastructure at a major wireless telecommunications company. What he found shocked him. The company had set up a system that gave a third party, presumably a governmental entity, access to every communication coming through that company's infrastructure. This means every email, internet use, document transmission, video, text message, as well as the ability to listen to and record any phone call.

JUAN GONZALEZ: Another whistleblower has stepped forward with new information that could expose how the federal government is carrying out domestic spy operations.

Babak Pasdar is a computer security expert who was hired in 2003 to help restructure the tech infrastructure at a major wireless telecommunications company. What he found shocked him.

The company had set up a system that gave a third party, presumably a governmental entity, access to every communication coming through that company’s infrastructure. This means every email, internet use, document transmission, video, text message, as well as the ability to listen to and record any phone call.

It is also believed the system would allow the government to be able to trace the physical location of cell phone users. The secret system is known as the Quantico Circuit, named after the city in Virginia home to the FBI Academy.

AMY GOODMAN: Babak Pasdar has not named the company where he worked, but the publication Wired reports his claims are nearly identical to allegations made in a federal lawsuit filed against Verizon Wireless. Verizon Wireless is one of several major telecoms facing lawsuits over its role in the government’s spying program. Congress is still debating on whether to give Verizon and other telecoms immunity, even though their actions broke the law.

Babak Pasdar joins us here in our firehouse studio. He’s the CEO of the computer security firm Bat Blue Corporation. We’re also joined by Tom Devine, legal director of the Government Accountability Project, a public interest law firm dedicated to helping whistleblowers. The Government Accountability Project is representing Babak Pasdar.

Welcome to Democracy Now!, both. Babak Pasdar, tell us what you found, when you found it and where you found it.

BABAK PASDAR: Well, I was at one of the company’s data centers, the carrier’s data centers, and I was there to implement a new security system for them. I was in the process of migrating all the various sites that the organization had, both their affiliate sites as well as their branch offices, and I found this circuit. When I tried to migrate this site to implement security and controls around it, I was vehemently denied. I was told I absolutely could not do that. When I tried to at the least get some logging around it so that there would be some record of the transactions that were going across that circuit, I was denied that as well.

JUAN GONZALEZ: Now, what was—did this happen in the middle of working hours? Was this at night that you were doing this work? And were there any other company employees that you asked about the circuit?

BABAK PASDAR: There were two other consultants there that were long-term consultants for the organization, and they were my sole point of contact within the organization. And we all reported up to the director of security for the carrier.

AMY GOODMAN: Now, what exactly does this Quantico Circuit mean? What happens and where does it all go, this information?

BABAK PASDAR: Well, that I don’t know. But what the Quantico Circuit was was a high-speed circuit, a pipeline into a third party that provided this third party unfettered access into the heart of the carrier’s network. It had access to the billing system, fraud detection system, all the internet access systems, text messaging—I mean, just everything you can think of. So, in essence, somebody could identify billing records, find out behavioral information about various customers, tap into both data and voice conversations, just have total access.

JUAN GONZALEZ: And what do you discern from the—as you were saying, you tried to get a log of interaction with it, but you could not produce a log? What does that mean in terms of what your sense is of what was being done by that?

BABAK PASDAR: Well, everything that security folks do, security experts do, needs to have some transaction around it. We need to know what happened, when it happened, and be able to go back and recreate a scenario from a forensic standpoint, from an evidentiary standpoint, from just knowing exactly what happened when. Logging is critical to that. So whenever we implement a security system, we collect logs, we feed information to a system that preserves log of exactly what the transaction and where, who talked to whom and, you know, with what types of services. When—it’s just unheard of to have an organization, especially at carrier, implement a security system and not log the information.

JUAN GONZALEZ: So, in other words, what was occurring was that someone was deliberately trying to hide whatever transactions or whatever data was going through that particular line?

BABAK PASDAR: Well, they were behaving very unusual and not up to industry standards.

AMY GOODMAN: What was the reaction of your coworkers, of the people you were asking questions of, of the company?

BABAK PASDAR: Well, they were very squirrelly about it. They didn’t want to answer the questions. I thought that the whole situation was very unusual and suspicious, and that’s what raised my suspicions with regard to what the purpose of this connection was. We—I tried to escalate it to the organization’s management, and the director of security came down to the data center—it was at 7:00 or 8:00, 9:00 at night, it was just after hours definitely—and started wagging his finger in my face, saying that if I—you know, I had to forget about it, I had to move on, and if I couldn’t, he would get somebody that would.