Slashdot Mirror
Feds Have a High-Speed Backdoor Into Wireless Carrier
An anonymous reader writes "An unnamed U.S. wireless carrier maintains an unfiltered, unmonitored DS-3 line from its internal network to a facility in Quantico, Virginia, according to Babak Pasdar, a computer security consultant who did work for the company in 2003. Customer voice calls, billing records, location information and data traffic are all allegedly exposed. A similar claim was leveled against Verizon Wireless in a 2006 lawsuit."
If some guy said it, it must be true!
I don't need no instructions to know how to rock!!!!
This is precisely what this is.
NEWS FLASH: EVERY wireline and wireless carrier has facility like this between their central offices and Quantico, Virginia. I can tell you for an absolute fact that a medium-sized cable company operating in the Rocky Mountain region has similar facilities between their main office and the FBI Academy, because I helped install it.
Welcome to the world post-CALEA.
CALEA taps are on a per-warrant basis. They are explicitly ONE WAY. The LEA can NOT establish a connection back to the carrier. It must initiate the tap from the carrier side. The LEA can not input requests directly. They must pass them to the carrier to enter.
While a DS-3 might not be out of the question to the FBI, depending on the volume of traffic, I have yet to see an "unmonitored" line. Everything I've seen (and set up -- I do this for a living) is an IPSec tunnel from the carrier to the LEA with BER encoded ASN.1 for data and packetized native (to the carrier) encoded voice. And the line works one way only. Carrier --> LEA. The only packets flowing back are stateful connection packets.
In short, I think this story is B.S.
Yes, the FBI probably has a big line with no firewall. That is because the firewall(s) is/are on the carrier end. The carriers do extensive logging as well, so it doesn't surprise me that the FBI-end of the circuit isn't heavily logged. They log their REQUESTS and the carrier logs the connections.
Learning HOW to think is more important than learning WHAT to think.
While it is true that the connection is "one way", many large carriers do it with a conventional high-cap circuit, like a T-1 or DS-3, because it is easy.
It may appear to be unfiltered to the person making the connection. However, if it is anything like the T1 I hooked up where I worked, only the calls with active warrants are passed down the T1. That being said, the T1 hooks directly into the switch just like any other T1, and is configured to be a CALEA port in the switch itself. A wire-frame guy who isn't doing the programming/translations wouldn't know any better, so I think that's where this "idea" comes from.
If you helped install it, then you should learn to shut up on sites like this.
Make a roaring bluster about this and then fold like wet paper tigers when it comes time to put up or shut up..
Do you want to know why Bushco thinks it's above the law? Because until you fucking cowards grow a goddamn spine and stand up to their evil, corrosive attitude towards the rule of law THEY ARE.
Why is it that in 8 years, I have never, EVER heard of a major Democrat standing up and saying outright, without analogy, subtlety or tact, that thanks to Bush the terrorists have succeeded beyond their wildest dreams? That thanks to him, 19 insane religious fanatics have gone from "attacked three buildings and got their organization crushed like a bug for it's trouble" to "shook the rule of law, the foundation of the most powerful country in the world, to it's base?" That thanks to him and the Republican fear machine, bin Laden has changed and hurt American society in ways he never could have dreamed of? That thanks to him, the terrorists have won in every way that matters?