Slashdot Mirror
Telco Networks Open to Attack?
Cally writes: "This post to NANOG summarises Dave Henderson's paper (.ppt: HTML in Google cache, grep for 'Now Really Public') from the Internetwork Interoperability Test Coordination Committee, about the state of security in the public switched (telephone) network: wide open and "very fragile with a tremendous number of vulnerabilities". Apparently, there's $12b in fraud per year, growing interest from blackhat groups, and more, better, intruder tools. We often hear talk of "information warfare attacks that could result in the draining of bank reserves and the cutting off of power sources" from budget-and-PR hungry, but clue-light, politicians and wonks these days. When an experienced engineer uses such language, it's more worrying." We've also had submissions of this AP article speculating about viruses hitting mobile phones.
Point 1: When a telco person says "switch", it means something totally different than what a data person means when they say "switch". This is a persistent annoyance.
You can't simply packet an ESS out of existence, because it doesn't know what a packet is. It's not connected to the internet. There are SS7 signaling links and X.25 control links, and maybe a few IP control links if you're lucky. None of them are connected to the internet. Your phone line is payload, not control.
Exactly how do you propose to access the switch in order to DoS it? There are switch dialins, but most are pretty secure, and good luck finding them. You're planning to do a lot of wardialing first?
Point 2: Telcos lie about bandwidth. When someone says they have a 10 Gigabit backbone, it means they own a couple OC192 circuits. Most of the channels in those circuits are probably not filled.
That's like saying I can move a thousand shipping containers a day, because there's a large river between me and my destination, and seaports at each end. Nevermind that I don't own any ships!
An OC192 circuit, for instance, can carry four OC48 signals, or 16 OC12 signals, or a mix thereof. Anything that adds up to 192 STS-1 payload envelopes, or equivalent concatenated payloads. You get the idea. Chances are, they're carrying one or two OC48s on the thing, and the rest is for future expansion. Each of those OC48s in turn is probably only 70% full.
You are correct about the vulnerability due to telecom's dependance on the GPS system. If the GPS network over the US were to go down, it would cause a lot of problems, but it would not crash the entire phone system nationwide. Many central offices, at least the larger ones, have a cesium clock for timing purposes(I'm an engineer at one of the big 4 telecoms and I'm very familiar with our BITS standards). These can go weeks without a slip but eventually they will start to lose sync. Sites that have only stratum 3 back ups are few and far between. Almost all sites that rely on GPS timing have at least a stratum 1 backup. From what I know of my company's and the others SOP's, the industry operates on the belief that if the GPS network goes, we expect it to be back up before the cesium clocks would begin to slip. Stratum 1 can go for a few days, so it would be my estimate that we would encounter problems with the phone networks, major disruptions would be avoided if GPS can be restored within a week. I believe that this theory follows the line of thaught that if the GPS network is down for longet than that, something nearly catostrophic would have to have happened...something so bad that having the phones screwd up would be the least of the country's problems. If something were to happen that takes out GPS sats, it would almost certainly take out a lot of other satellites. Now THAT would really screw us. If you remember what happened in the summer of 1998 what just one communication satellite went down, then you know what I mean. Almost all ATM and credit card transactions, as well as a lot of pagers (mine included) came to a screatching halt. Take out GPS and a dozen other satellites and things get really scary.