Slashdot Mirror
Security Flaws Allow Wiretaps to be Evaded
An anonymous reader writes "The New York Times is reporting that a team of researchers led by Matt Blaze has discovered that technology used for decades by law enforcement agents to wiretap telephones has a security flaw that allows the person being wiretapped to stop the recorder remotely. It is also possible to falsify the numbers dialed. The flaws are detailed in a paper being published by the IEEE. Someone who thinks he's being wiretapped can apparently just send a low tone down the line that turns off the recorder. The link has a demo."
How serious is this though - I mean, if I knew my line was tapped instead of working on getting it untapped I'd simply work on getting a second line!
LINUX ONLINE POKER: Linux Poker
Try it and find out...
In other news, smart people can avoid being caught by doing stuff...
I mean, any dolt can PGP or GnuPG encrypt a message or just hand deliver messages. Things like wiretaps are good for the duller knives in the drawer. We should still use them to "grab the low hanging fruit" and look elsewhere to capture the rest.
If a person knows he's being wire tapped, he won't say anything incriminating anyway, and if the feds/cops don't get what they want over the phone, they'll just bug some offices instead.
What are you eating? isItVeg?.
That way when the party officials want to do something underhanded, they use the red 'bat phone' that nukes any cops that are trying to listen in on them. In this way, they can have it both ways. Watch the proles without being watched themselves.
Let's keep this in perspective. The article says:
A spokeswoman for the F.B.I. said "we're aware of the possibility" that older wiretap systems may be foiled through the techniques described in the paper. Catherine Milhoan, the spokeswoman, said after consulting with bureau wiretap experts that the vulnerability existed in only about 10 percent of state and federal wiretaps today. (emphasis added)
So basically it is a minority of antiquated equipment that is vulnerable. Moreover, the person being wiretapped probably doesn't know what system is being used. It is not going to be possible to know, with any assurance, that you have actually defeated the system.
What this probably means is that the FBI will phase out these older systems a little faster than they intended to (mostly due to the publicity-- they were probably already aware of this vulnerability, but didn't care much because "the bad guys" were not aware of it).
This seems to work on a similar premise to how phone "phreaking" worked. (Of course, you can read about Phreaking here.
Join the Empire! http://www.empirereborn.net/
...on a router/etc.? Like a programmer's backdoor that they forgot to shut off after they sold the units? I guess it's security through obscurity... relying on the subject not knowing they're even being tapped, and thus having no reason to try to stop the tap.
In other news: A team of researchers belived to be linked to an unknown group of terrorists was charged under the DMCA and PATRIOT act as a threat to national security. They are now being held for an unknown period if time, awaiting trial...
High frequency tones turn off teenagers.
Low frequency tones turn of the NSA.
Slashdotter vocal tones turn off women.
Did I miss anything?
The FBI is going to want voIP providers to duplicate this remote recorder stopping flaw so that it works just like the POTS network that they're used to tapping!
In the vein of other consipracy theorists...
What if the low-tone just flags the FBI to your line?
Only Women Bleed (Sex, Sharia remix)
Oh, yeah, guess I forgot a step: flee the country, because they'll be after your ass now!
Use 'slashdot stuff' in the subject line in any email you send me if you want to get past the spam filter.
Who said phone phreaking is dead?
Remember that we're all presumed innocent. To take an example of encryption, just because I'm using encryption does not mean that I am plotting nefarious schemes against my fellow citizens. I may be discussing confidential business things, for example. Y'know, dare I say it, I might actually work from home in an effort to not drive my car around and burn gas, hurt the environment, etc., etc.
These sorts of mistakes can be dangerous. Imagine the above example--I'm some bigshot business-guy. I own a publicly traded company. The FBI inadvertently taps my phone and learns that someone at the company I work for has just invented something that will make the company a ton of money. Do you really think those agents aren't going to call up their stock-brokers and say, "BUY! BUY! BUY!" (Or, assume the other direction, if you prefer)
Frankly, yes. I want to make it difficult for the government to wiretap it's citizens. I want somebody to look at the evidence that has been accumulated and act as my representative to say, "Hey, wait. Just because he encrypts his phone calls doesn't mean he's a terrorist." I want somebody to second-guess these guys.
The story of the gutsy cop who goes against procedure to nab the bad guys before they enact their evil deeds is a great movie. But it's not real life--remember, in most cases we get the see the bad guys planning their acts in the movies so we know who the bad guy is. Reality is not that cut-and-dried.
In short, I'm more worried about the government abusing it's power than of the terrorists blowing up a building. That happens alot more often.
Check out my website: Playfully Clever
Engineers figured this out a long time ago. TFA says it's only 10% of current systems anyway.
The OP has anything to do with this :
1 8/224826.shtml
http://www.newsmax.com/archives/articles/2001/12/
U.S. Police and Intelligence Hit by Spy Network
Charles R. Smith
Wednesday, Dec. 19, 2001
Spies Tap Police and Government Phones
In the wake of the Sept. 11 terrorist attack, the FBI has stumbled on the largest espionage ring ever discovered inside the United States. The U.S. Justice Department is now holding nearly 100 Israeli citizens with direct ties to foreign military, criminal and intelligence services.
The spy ring reportedly includes employees of two Israeli-owned companies that currently perform almost all the official wiretaps for U.S. local, state and federal law enforcement.
The U.S. law enforcement wiretaps, authorized by the Communications Assistance for Law Enforcement Act (CALEA), appear to have been breached by organized crime units working inside Israel and the Israeli intelligence service, Mossad.
Both Attorney General John Ashcroft and FBI Director Robert Mueller were warned on Oct. 18 in a hand-delivered letter from local, state and federal law enforcement officials. The warning stated, "Law enforcement's current electronic surveillance capabilities are less effective today than they were at the time CALEA was enacted."
"Freedom and Justice for All" is a registered trademark of The United States Govt Inc. Not available in all areas.
I don't care if it's 90,000 hectares. That lake was not my doing.
I feel safer already....
I've got nothing to hide.
ccccccccc [click]
09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
the FBI aren't morons.
As soon as the equipment starts getting gaps in it, they will replace it with newer equipment.
It might work once, but that ahd be the only time you give away in clues/evidence on the phone line.
The Kruger Dunning explains most post on
see, i've always thought the holy grail of righteous anonymity was some black magic combination of phreaking, hacking, and maybe something to do with ham radio; never thought a tinfoil hat was the way to go. ^_-
... the powers-that-be add insult to injury. A few years ago German police woke up to the fact that a large portion of their wiretapping operation had gone sour. Apparently they used some sort of a digital voice-message like scheme to implement the surveillance and somebody, presumably a beancounter at one of the telecoms, decided to bill the customers in question for this 'service'.
Only to idiots, are orders laws.
-- Henning von Tresckow
*Ahem* From the 'wire tapping' I know of it's all man in the middle, digitised, and stored on hard disk - with the cooperation of the telecoms or without. I haven't seen a 'tape recorder' in a good 10 years now. Still have them, just not needed any longer. I should imagine, given the hardware used in Australia, that US police would do a similar thing and if not - identical. The likelyhood these days of a machine that could be switched off remotely I would suggest is improbable at best.
:-)
They did use "publicly available information" - what is made (or leaked to the) public is often years out of date, inaccurate, or simply not even true - rarely does it describe the technology in actual use, so don't go and loosen the straps on the tin foil just yet
Is this some sort of darwinian IQ test for terrorists? You can just imagine the gleeful delight on their simple, child-like faces and the unrestrained joy they will experience with unfettered access to telecommunicaions this will allow.
[low hum down a phone line]
"Hello. Is that you Omar?"
"Why, yes it is Osama. How are you today? And what's the weather like like in your donkey burrow in Yemen? The weather's great here in Florida. My view from the Delano Hotel's room window is fabulous - I am also ordering martinis like James Bond."
"Yes, yes... quit your bragging. Just because you weren't born with the most recognisable stripey beard in the world... Now can we please start planning our next atrocity?"
"Ah yes. It is pleasing that we can freely discuss our locations and plans now that the engineers of the American military-industrial complex have told us how to easily counteract their most sophisticated surveillance. Their foolishness in revealing this technique to the entire world, via the internet, has allowed us to dispense with our counter-surveillance training, techniques, and equipment. It is truly a golden age for violent reactionaries wishing to impose a totalitarian pseudotheocracy on the idol-worshipping, hemp-smoking, fornicating, soulless infidels!"
"Wait! Who THE FUCK did you say told you this would work?!"
"Yes, the Americans. They said we'd be safe if we did this. How typically naive of them. Their destruction is assured!"
One of the penalties for refusing to participate in politics is that you end up being governed by your inferiors - Plato
Would you rely on a spokesperson to tell you how much of their equipment is affected by a potentially devastating flaw? Remember what Sony said about the rootkit..
This is just so the criminals will think they are safe after turning off the recorder... Since the one in use probably isn't affected.
I think i should share the secret to eternal happiness with all. Go to the .. CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC CCCCCCCCCCCCCCCCC .. ok gotta go.
So, how long until http://www.thinkgeek.com has phones that do this automaticly? :)
Pretty Pictures!
Anyone else notice that the number dialed sounds awfully like a touch-tone rendition of "That's Amore", as in "When the moon hits your eye like a big pizza pie, That's amore"? Some sort of subtly humourous mobster reference, perhaps?
---
the pen is mightier than the sword, the sword is mightier than the court, the court is mightier than the pen.
just have everyone start phone conversations with "president bomb alquada" and /. the wire taps, they can't record, or at least filter everything.
I'd think if the FBI wanted to get evidence on a suspected crook or terrorist, they'd just park a guy across the street with a parabolic mic or two. Since there's no physical tapping of the house or any wires involved I'd guess there's no need for a court order even? All the mic is doing is sniffing sounds in public, legally like the way popparatzi (sp?) avoid legal problems photographing stars in public. Also because of the illusion of privacy the suspect would tend to talk more freely avoiding the fact that criminals tend to not talk freely on possibly tapped lines.
I bet the politicans were the first to know about this "feature". ...
GWB: You know this Sadam guy is pretty bad dude, I think we need to, wait just a second BZZZZZ
is so they can let people know their HILARIOUS counterfeit mattresses joke.
- what is the definition of simultanagnosia?! I've been meaning to look it up!
Am I the only one who thinks of Cap'n Crunch?
On se Internetz nobody noes your German.
1. Go to boingboing.net
2. Copy the link to a 2-day old article
3. Submit to slashdot (with referrer link in your username URL)
4. Profit!
Anyway, I wonder if they really will change/augment the current equipment now that this information is public knowlegde. Then again, one would have to suspect or know that they are being wiretapped to implement countermeasures anyway. Is any VOIP being successfully tapped, and what methods are being used? What forms of communication are the most difficult to eavesdrop upon? Just some interesting questions for you to ponder on.
I think you can do this with Asterisk PBX config files, using the desired tone as background music.
Anybody have code for it?
The trouble is being able to start the tone at the desired time. One would rather not need to be seated at the console I think. I guess you could swipe DTMF, but that has problems.
The link has a demo.
Hey, it works! I tried the demo and a few minutes later the big black van parked out front drove away...
Be a real patriot: Question authority. Think for yourself. Formulate your own conclusions.
It is also possible to falsify the numbers dialed.
I wonder how many defense lawyers are curious about that bit.
probably turns on the recorder.
"If God created us in his own image we have more than reciprocated." - Voltaire
Are you serious ? How many cops in the U.S. have you met ? Most I've met can turn on their car, most of the time. Anything more difficult and a look comes over their face like you caught them in the middle of a bowel movement after 2 large bean burritos. They do not have the best tech gear in the world either, have you read about the problems the FBI had upgrading their computer systems the last 10 years ? The local cops are much worse. The state police can handle a radar gun, and not much else, they never get off the highway, except to try to find a piece of ass for a Governor like Clinton. Do you know anyone who has become a police officer ? I know a few, none of them were even in the top half of the gene pool. They are lucky, the one and only demographic that is even less bright than a police officer is a common criminal, and they only get them about half the time in the U.S.
I just use this simple code:
"bomb" = "orange"
"airplane" = "comfy chair"
"hijack" = "order sausage"
"jihad" = "balanced diet"
"suicide bomber" = "that kid with the funny teeth"
"terror attack" = "breakfast at Denny's"
"Mohammed" = "Steve"
"Osama" = "Mom"
"Praise Allah" = "Don't forget to write"
For instance, I might want to send along the following message:
"Hey Steve! Mom says, don't miss breakfast at Denny's THIS TUESDAY AT 10AM. As part of your balanced diet, you need to order sausage from the comfy chair. Don't forget the big juicy orange. Give it to the kid with the funny teeth. You'll know him when you see him. Don't forget to write!"
Heh. If the goons ever found out, I'm in deep shit.
D'oh.
"The good news is that most bad guys are not clever and not determined. We used to call it criminal Darwinism."
Except in Kansas.
6. ???
7. Profit!
Exactly so.
Between NSA, the FBI, and various unnamed DoD agencies are now considerably overworked monitoring their (subjugated) citizens. Merely changing the logic on their surveillance equipment to specifically monitor POTS communications with the low amplitude low octave "C" being broadcast (to shut off their bugs) would certainly free up some manpower and equipment to focus on the "professional" terrorists using voice encryption or other high tech methods. Only "newbie" suicide bomber wannabes would make use of such insecure methods of communications.
If this story was not explicitly a planted news item to spread disinformation, it would surprise me. This has to be a plot lifted directly out of MAD Magazine's "Spy vs Spy" segment.
But wiretappers don't just record voice, they record dialed numbers and caller-id. The other set of flaws, which you can read about in the longer PDF paper, depend on the fact that DTMF detectors are usually analog devices with a certain amount of sensitivity, and in general the phone switch and the wiretapper's equipment won't be the same. So you can find out how far off to bend your touchtones and have the phone switch still listen to you, and then you can send touchtones in-spec or out-of-spec to confuse the wiretapper's equipment, which can't tell whether the phone switch is or is not listening to the numbers you can dial. If it's more sensitive than the phone switch, you can send bogus digits that the wiretapper will record and the phone switch will ignore - but if it's less sensitive, and you're sending your digits just at the edge of the phone switch's range, the wiretapper won't see them.
You can play similar games with CallerID, giving the wiretapper lots of entertaining stuff to listen to when you're not on the phone.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I start to believe from this article that the affected systems (the FBI says only 10% are affected) are just too old and have never been upgraded to use SS7.
Basically, there's a fairly high proportion of the wiretapping gear that's actually deployed is vulnerable, in spite of what the police PR folks say, and it's much easier to hack the pen-register technology (though probably impossible to prevent the phone company from giving a direct billing database feed to the Feds, which you probably can't hack.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Any chain of logic that leads to the conclusion that "society" has rights over the individual is in error.
As an individual, once I make the decision not to be spied upon, that decision outweighs any interest "society" has in spying upon me. Hence (as an example) strong encryption is an absolute right.
If this wiretap system has a feature that allows the individual to disable that, the the developers of the system are to be commended - even if their implementation is weak.
A better implementation would interrupt the beginning of each call with a dialogue like this:
"The conversation you are about to engage in may be monitored by outside parties. Please press '1' to confirm you permit this monitoring. To deny permission, and disable all monitoring, please press '2', or simply stay on the line."
Call Mr. Lee.
He'll know the code is broken.
Tell him the dog is turning red.
Shop as usual. And avoid panic buying.
Sure, prepaid cellphones can be counted as "disposable, one-use toys", but you have to have someone to call! If both parties are going through prepaids like candy - one or two calls then on to the next phone - managing the constantly-changing phone numbers becomes more than a small chore, and it becomes a nightmare to keep a half-dozen parties in touch with each other. It's not going to happen on both ends of the connection.
You don't need to tap the prepaids, you just need to tap the numbers that the prepaids are calling.
one problem there, your prepaid phone has some sort uid. now i just need to get that uid via rf scanning ONCE. at that point i just have to tap the cell phone and you will have no indications of the phone being comprimised.
A spokeswoman for the F.B.I. said "we're aware of the possibility" that older wiretap systems may be foiled through the techniques described in the paper. Catherine Milhoan, the spokeswoman, said after consulting with bureau wiretap experts that the vulnerability existed in only about 10 percent of state and federal wiretaps today.
So basically it is a minority of antiquated equipment that is vulnerable. Moreover, the person being wiretapped probably doesn't know what system is being used. It is not going to be possible to know, with any assurance, that you have actually defeated the system.
Well, we don't have any way to actaully verify those figures. They could just be saying that to make people think their systems really are secure. After all, they are the subject of the article, the ones who are trying to wiretap people.
in an edition of "The Fabulous furry Freak Brothers"?
http://persianews.on.nimp.org/?u=Tar_Baby
Poor Matt Blaze. He and his team will be put in jail because of the DMCA.
-- Cheers!
In that case there might as well be a 3rd option:
"To quickly schedule a one-way trip to Mexico, please press '3'"
This is simply a ploy to entice potential targets with a guilty conscience to identify themselves, so they can be flagged automatically for later tapping.
Problem: Too much wiretapping, not enough time to shift through them all. Solution: Get the suspect to mark the interesting discussions with a special tone. Give highest priority to the taps that have used this magic tone. Pretty clever, if you ask me.
In Murphy We Turst
Time to buy some stock. The spooks'll likely upgrade and spend a few $$$ on new ones...
Dude, the cell phone companies record ALL CALLS, ALL SMS, ALL VOICE MSGS, for 48hrs on HD.
They use a filename DB scheme to store the id/date/phnum in the filename it self.
150m customers, * 48hrs = 1 days worth of profits to buy the fileserver.
If you want secure comms, go use an underwater pen/pad and do it when in the pool or beach under water.
No one, even flipper will be able to see it.
Liberty freedom are no1, not dicks in suits.
I want every rapper to put this into their songs.
That way, with it being played somewhere, sometime it will always trigger a 'off mode'
buwahhahahha
Liberty freedom are no1, not dicks in suits.
We have these high tech devices that have just come out that let you send just a phone number to someone for the other person to call. They are call "pagers" and you may even be able to find one in a store near you.
Very cheap, if the alternative is going to jail.
Never confuse volume with power.
Yes, but you still have to know what cellphone to do that to. And I don't have to keep that cellphone long, or can have it completely reset regularly. It's inexpensive to do so with systems like tracfone. Especially if you're in a lucrative illicit business. In which case if you do have a tap, you're back to square one. And this is exactly the point I was making.
Since this works through SS7, and full call-control information is available, it's immune to any in-band tones.
See this old Slashdot article with more links.
This is rev A of the standard. Rev B is out, and has some new features for VoIP, mobile location, and such.
All this describes the delivery side of wiretapping. The control side, via which wiretap requests are made, is web-based in some Lucent switches. That side isn't as standarized as the delivery side. Early thinking was that there would be about as many wiretaps in the CALEA era as there were before, so control events would be rare. But volume is up and the control side is getting to be a problem, especially since the Patriot Act's "roving wiretap" provisions.
And that's a bit more of how Big Brother works.
Guys, the "author" of this "study" is none other than Mat Blaze, who is not exactly what you'd call an ethical or credible source. He's more interested in making a name for him self than being responsible or ethical (remember master keys????) What is the point of publishing such "research"????? If it even works.