Can mobile calls be intercepted?

Q. Can mobile calls be intercepted?
A. Yes

Q. Can mobile calls be tapped?
A. Yes

Q. How? Aren't GSM traffic encrypted?
A. Yes. But cracking the encryption is trivial. In fact, any government agency or even with enough resources can decrypt intercepted mobile calls in a matter of minutes. Didn't you listen to Skyper when he showed how to build gsm intercepter?

Q. What is the encryption used by Maxis?
A. A5/2, if memory served me correctly (this from two years ago, so it may have changed now). A5/1, A5/2, and A5/0 has been broken since 1998.

Q. Is it easy to intercept GSM traffic?
A. Yeah. You have a Nokia 3310? Pair that with some tools from gms hacking project and you get yourself a GSM receiver. There's a limitation though with these cheap tool - you can only intercept your own calls (for learning about GSM and your own amusement, of course). But no worries, you can get one of the USR (universal serial receiver) boxes for less that USD1000 from e-bay (these can tune-in to police bands as well).

Q. What about SMS?
A. SMS are stored in SMS-gateway servers, which acts sort of like SMTP servers on the telco network. IMHO, SMSes are not encrypted on the server. I also heard that telcos need to keep logs of SMSes for at least six months, but don't quote me on this. I also have a strong feeling that the SMS stored on the SMS-gateway are not encrypted - otherwise how else can Maxis provide SMS spam filtering (which does not work) for free?

Q. So that SMS between Najib and Shafee, where do you think it came from?
A. I put my bottom dollar that either Najib's and Shafee's handhone was stolen. It is far easier to steal a mobile device than hacking into a telco's network (I may be wrong), and less expensive to do. Handphone has weak or no security at all (unless you're talking about Blackberry), so it is far easier to steal and retrieve SMS messages from handphone.

Hacking a telco's network seems plausible, however it requires in-depth knowledge of the operational network of the particular telco. Telco's network can be broadly grouped into several categories: operational - these are the machines that handles calls, communication, and included BTS, BSS and other expensive equipments. You may find some RTP packets here. The second would be services - these includes web applications, online bill payment, etc etc. The third would be billing and accounting. You might find RTP traffic here as well. SMS servers most likely will belong to the operational network. If any of these servers are exposed to the Internet - that spells doom. So if the SMSes were leaked from the telco, there is a high possibility of an inside job as well.