Yes, it's been done on 70 million passwords. See http://www.cl.cam.ac.uk/~jcb82/doc/B12-IEEESP-analyzing_70M_anonymized_passwords.pdf

The rules of academic publishing are that you have to cite relevant related work. This includes both fresh results and old classics. Where possible, we tried to cite the most recent studies. Some studies that are appear dated indicate a research opportunity to update the corresponding area. Also, it would be wrong to dismiss a paper because of its age. Some of the older studies we cite present theoretical frameworks of enduring value and importance, demonstrated by the thousands of citations they have received over the years. For instance, the 2003 study by Venkatesh and his colleagues on the user acceptance of information technology, which we cite, has received almost five thousand citations. It would be wrong to ignore it, just because of its age.

You have a point here. And you haven't mentioned the huge cost associated with procurement processes for proprietary software, especially in the public sector. These can drag on for months. In contrast, acquiring an open-source product is often simply a matter of a one-click download. Even if the organization's legal has trouble understanding open source licenses, this is a hurdle you have to overcome just once.

The article cited refers to software planted on the phone exchange, not the towers. The rogue wiretapping software was essentially a rootkit, complete with a backdoor for future access and detection countermeasures.

Very well put. I didn't have space to explain this in the submission's summary, but this is the gist of the paper.