Slashdot Mirror
Russians Order Mobile Phone Encryption Removed
PenguinRadio writes "The Moscow Times is reporting that Russian security officers (The FSB, formerly the KGB) ordered all mobile phone providers to switch off their encryption systems for 24 hours, so the police could eavesdrop on all calls. An alert, either an exclamation point or an unlocked padlock, was sent to the phones in question. This is the second time such an order was given - the last time was after the hostage crisis involving Chechnya fighters in a Moscow theater. At least the Russian has the courtesy to warn all their phone users that this was going on. Not sure what the standard FBI procedure is on something like this..."
The same had been done also in St.Petersburg (2nd largest city in Russia). it was not a terrorist attack but rather Bush visit there last May. Security of the summit had been cited as a reason to turn off encryption.
Russian laws require judge approval to eavesdrop on a communication. It is not known if such approvals had been granted in all these three cases.
No. Even a mobile-to-mobile call has to go through the network. When you call someone using a cell phone, you're not calling their phone directly, your call goes to an antenna, goes through a network, sometimes goes to another network if you're roaming, goes to another antenna, goes to the person you're calling.
You could get a seperate unit for you and the person you're calling like this one, but betting odds are that if someone really wants to know what you're talking about then it's going to be hacked anyway.
Right. And you are one of those loonies that send all their mail in postcards and cares not about privacy. Good for you.
Problem though is, if and when goverment officials have access, they (some of them) will use it. For their main job, perhaps; for their entertainment, certainly, for other enterprises, quite possibly. Not just to listen to "really really bad guys", but gradually smaller fish, down to figuring out if their wifes are cheating them, or what their neighbours are talking about. Or for more enterprenially oriented peons, ways to blackmail people, or to get to some other useful information; be it for job or for personal businesses.
Never underestimate possibilities that open, or blindly assume everyone uses those powers responsibly. Grow up, use your brains, learn more about basic human nature, and corruption power causes.
I like paying taxes. With them I buy civilization -- Oliver Wendell Holmes
They didn't really "issue" a warning. They turned off the encyrption - making the antenea act like it wasn't capable of performing encyrption. Then all of the phones, noticing they don't have their normal encyrption, just added one more icon to the screen.
They only issued a warning in the sense that Iowa issues a warning to all cell phone users that you are currently roaming. It's a function of the phone, not the KGB.
tbdean
Yeah, I just read an article by John Dvorak that claimed that the whole stink with the RIAA is making privacy and anonimity forefront issues for many internet users. He says that all this is only going to make it harder for the RIAA/government to catch downloaders, and it will aid in things like child porn rings and ... I dunno I forget his other examples ;].
It's a good article, check it out Not sure if /. already posted it, but its relevant and worth it.
This post was brought to you by the number 584811 and the characters / and .
So that's what the exclamation and unlocked padlock symbols mean. Whenever I go to China my phones always show those symbols and no one knows what they meant. I guess someone's eavesdropping.
> the Russian FSB (Front Side Bus?) FedeRAL'naya SLUzhba BezopPASnosty -- Federal Service [of] Security, is what it stands for, I have capitalized the syllables for stress, the "L" in Federal'naya is followed by an apostrophe to signify palatalization, like the first "n" in canyon. The FSB is analogous to the Department of Homeland Security, in that it oversees all national-level security operations. It does not stand for Front Side Bus.
Can *you* prove that *you* don't have weapons of mass destruction?
Good info on GSM technology in that link. I've always had a preference for GSM over the competing standards. It's always seemed like a more elegant solution, especially when it comes to using SIMs.
Seemed for quite a while that GSM was going to die in Canada, but with two networks now, we're going pretty strong. With the exception of the first (analog) phone I bought, everything else has been GSM and I love the convenience of just moving my SIM from phone to phone and never having to call the company to register a handset, transfer details, worry about programming, etc.
As posted, the GSM encryption is more than secure enough to stop casual evesdropping. It wouldn't stop law enforcement or government for long, but they can always just monitor at the cell cite, or have the service provider archive the data stream from suspect handsets anyway.
By contrast, my 900mhz cordless phone at home has absolutely no encryption and could be monitored (albiet at short range) by anyone with a scanner. Consequently, I'd rather use the cell for talking to banks, making purchases with credit cards, etc.
N.
"Nothing strengthens authority so much as silence." - Charles de Gaulle
At least the Russian has the courtesy to warn all their phone users that this was going on
No courtesy or warning is needed. GSM handsets automatically display the no-encryption icon when OTA (Over The Air) security is turned off by the operator.
V
Don't know if you're just trolling, but in case you're not: it's a takeoff on the work of Yakov Smirnoff, former Soviet Russian comedian currently located in Branson, Missouri USA. He was/is famous for his wry observations on Soviet life and his use of the "turnaround joke": e.g. "In Soviet Russia, the television watches you!"
There are two versions of A5: with full 64bit (for US, Germany etc) key and 54bit key (For Russia, Latvia, China etc).
Two months ago I requested my GSM company about their encryption technology. They replied: "Yes, we use good encryption. No, we cannot tell you which exactly".
Try to ask your GSM operator.
Close but no cigar.
The CCC stunt makes it possible to clone your SIM-card in the case where your operator have chosen to use an algorithm called COMP128. (It enables you to extract Ki from the SIM-card) but requires you know the PIN-code and have access to the card since it is a chosen plain-text attack that requires in average 100000 16 byte data words.
Ki is a 16 byte secret key known to the SIM-card and to your home operator. In the GSM system session keys are transferred from the operator to the SIM-card in the handheld at regular intervals and each time the phone is tiurned on. The session keys are encrypted using an algorithm that is in effect a hash function of the Ki and the session key generating a set of 12 byte encrypted session keys. The operator is free to chose the hash algorithm but originally this comp128 was passed along as a demonstration.
Data encryption is using the encrypted session keys and another algorithm.
It is left as an exercise to the interested reader to figure out why the SIM-card hash function f(16 bytes key,16 bytes Ki)->12 bytes data, is not usefull for data encryption :-).
Also, to activate the tap requires the cooperation of the network. This means a nasty trail of paperwork and inconvenient things like warrants. This is fine when you are chasing Chechnyans, but awefully inconvenient when all you want to do is to place a squeeze on an oligarch.
See my journal, I write things there
They didn't shut down the phone system, just the encryption!
The 'standard FBI procedure' would probably be the same, but without letting anybody know. So nobody would riot - most of the people wouldn't even notice the encryption shut off.
There are sites in Russia, like compromat.ru or flb.ru which regularly post transcripts of mobile phone calls between famous people. I have been able to follow the progress of friends/former colleagues in this way, and it's quite amusing. What is not amusing is the ease with which those calls can be tapped, even with encoding switched on. As the poster above says, someone is getting access to the signal after the tower, probably via a direct feed to the mobile operator's exchange.
In the case of those sites above, the tapping is done by various private security services, or maybe by the official security services, moonlighting on behalf of private firms. The output is then leaked to the press, via clearinghouse sites like the ones above, as part of various political/economic squabbles that define the Russian political landscape. The operators have to comply, as the security services are close to the Ministry of Communications, and if you start bleating about civil rights or due process, the Ministry will rapidly discover an irregularity in your license, and make your life hell. In any case, it's not hard for the Russian security services to get a court order, which would force the operator to give access.
So why switch off encoding, when you can get access to the conversations without it? It may be a timing thing, as you say - it may take time to set up a tap for a particular number. Or more likely, you don't know the number that you are trying to tap (it's very easy to get a prepaid SIM card, or to steal one) so you aim to find your target by eavesdropping. If you are looking to tap the phone of a senior politician or businessman, you already know the number you are tapping, so you don't need to go after their signal.
Pretty much every TV sold in the UK and Europe for the past 10 years, except real poverty-spec el-cheapo £69-out-of-CostCo TVs, scan at 100Hz.
I just picked up an LG VX10 yesterday, it's a great phone with killer reception - but i didn't know it was possible to build as totally non-intuitive and confusing a UI as it has (and i'm technologically proficent!)
Yes, it's mad offtopic, forgive me, it's early still..
Facts do not cease to exist because they are ignored. - Aldous Huxley
There is no need to turn off the encryption to listen in on calls. They can just use the Lawful Intercept feature which is a built-in in all mobile phone networks. All they need (in most countries) is a court order to enable it. I appreciate that turning off encryption on all calls would enable them to listen in to the calls much more easily, but honestly, how much manpower have they allocated to deal with the tapping of all these phones in that 24 hour window? Do they REALLY believe that this aids them in their investigative efforts?
Every carrier (land based or cellular) in the united states MUST be FBI compliant. That means if the FBI wants to tap your phone, all they need is a court order. And the carrier must own equipment capable of intercepting calls.
Apparently there are less than 100 wiretaps every year, but compliance was mandated by the FCC sometime in late 2001, early 2002. I know this because I worked on carrier class VoIP equipment that needed to meet this FCC requirement. (We ended writing up a perl script).
This means the FBI might not be able to listen to you speak on your cell phone from across the street, but they can listen sitting at their desk in their office.
-n
--Not sure what the standard FBI procedure is on something like this..." --
They use something called the "Mushroom Treatment". The axiom states, "Keep the public in the dark and feed them full of BS".
Then if the sh*t hits the fan, so to speak, the FBI falls back on denial.