Bug-sweep firm tried to sell force device at centre of inquiry
Published 17/02/2014 | 02:30
The British consultancy firm which carried out a security sweep of the Garda Siochana Ombudsman Commission's headquarters offered to sell gardai equipment similar to one of the devices at the centre of the 'bugging' saga.
Officials from the Verrimus firm met garda technical experts while they were in Dublin for the sweep.
They brought with them the "international mobile subscriber identifier (IMSI) catcher" device which, in an ironic twist, was similar to one that created the third and most "credible threat" to the security of the Ombudsman's offices.
The Verrimus officials were in Dublin from September 23 to September 27 to carry out the security sweep, mainly at night, at the Ombudsman's offices to avoid any compromise by staff.
Their meeting with the garda experts took place at the force's headquarters on the afternoon of September 26.
The "IMSI catcher" device can simulate a UK mobile phone network and will pick up UK phones registered to that network.
This device was reported previously to be so sophisticated that it was only in the possession of government agencies.
This fuelled speculation that members of the Garda force might have been involved in bugging the Ombudsman's offices.
However, it has now emerged that the "IMSI catcher" is commercially available and the device was offered for sale by Verrimus to the gardai to add to the force's telecommunications network.
The device would have cost gardai between £80,000 and £100,000 sterling, depending on what was included.
But gardai said they were not interested and pointed out that they were satisfied with their existing equipment.
It is understood that during the meeting the Verrimus officials did not mention they were carrying out a security sweep at the Ombudsman headquarters.
In a briefing note to Justice Minister Alan Shatter last Monday, the Ombudsman said that during another visit on October 19 and 20, Verrimus detected a UK 3G network.
It pointed out that UK networks did not operate here, except in Border areas, and advised that such a network could only be simulated through the IMSI catcher device.
It explained that an IMSI catcher, in simulating a UK network, picked up UK phones registered to it and once a phone had been connected to the device, it could be forced to disable call encryption, making the call data vulnerable to interception and recording.
It is understood that the IMSI catcher identifies the numbers on sim cards in mobile phones and if used at the Ombudsman offices at Abbey Street, for example, could pick up hundreds of sim numbers in an area stretching as far as the quays and back into Capel Street.
None of the phones used by Ombudsman staff were connected to a UK network and it is not clear where the network might have been in use.
Two other potential threats were identified. The first was a wi-fi device located in the boardroom. This was installed in 2007/2008 but commission chairman Simon O'Brien said it had never been used and staff did not even know the password.
Without the password, the wi-fi device should not connect to the "outside world".
The other threat resulted from a security check on a conference call telephone unit located in the chairman's office.
Verrimus concluded in December there was no definitive evidence of unauthorised technical or electronic surveillance but said the existence of three technical and electronic anomalies could not be explained.
Tom Brady, Security Editor
Irish IndependentFollow @Independent_ie