AT&T Won't Block Black Hat Eavesdropping Demo

← Back to Stories (view on slashdot.org)

AT&T Won't Block Black Hat Eavesdropping Demo

Posted by samzenpus on Wednesday July 28, 2010 @02:37PM from the enough-rope-to-hang-yourself dept.

snydeq writes "AT&T says it won't interfere with a highly anticipated talk on intercepting cell phone calls at the Black Hat conference this week. Hacker Chris Paget last week said that he plans to demonstrate on Saturday how to set up what's essentially a fake cell tower that allows him listen in on nearby mobile calls. But Tuesday, he wrote on his blog that he had 'heard that AT&T may be considering suing me to stop my talk.' AT&T, however, has insisted it has no plans to interfere with the talk."

32 of 126 comments (clear)

Min score:

Reason:

Sort:

AT&T Doesn't Care by OverlordQ · 2010-07-28 14:43 · Score: 4, Insightful

But what about the types of people that actually enforce the wiretapping and interception laws?

--
Your hair look like poop, Bob! - Wanker.
1. Re:AT&T Doesn't Care by Nikker · 2010-07-28 15:31 · Score: 3, Insightful
  
  As long as he only uses an informed and willing volunteer over a private connection would this demonstration really come under wiretapping laws? If they are going to send it through speakers infront of a crowd it would be more like an elaborate microphone than anything else.
  
  --
  A loop, by its nature, continues. If that didn't make sense, start reading this sentence again.
Rumour? by amirulbahr · 2010-07-28 14:43 · Score: 3, Informative

So he blogged that he heard that AT&T might sue him to stop the talk, AT&T deny the rumour, it makes headlines.
1. Re:Rumour? by bsDaemon · 2010-07-28 15:15 · Score: 3, Insightful
  
  Yeah. It's called "New Media." It's like news, but without the journalism degrees or standards of professionalism.
2. Re:Rumour? by chapstercni · 2010-07-28 15:44 · Score: 3, Insightful
  
  Yeah.. cause we can see how professional all those journalists are that have the degrees. They are impartial, and fact check everything.
3. Re:Rumour? by bsDaemon · 2010-07-28 15:58 · Score: 2, Insightful
  
  There are still plenty that do, although it's true that gone are the days of Cronkite. It's sad, really, but 24-hour news cycles mean they can't put as much time and effort into making sure that they cover relevant information accurately. That's not an excuse, more of an indictment. Do people even watch the evening news anymore?
4. Re:Rumour? by inKubus · 2010-07-28 17:45 · Score: 2, Funny
  
  Why does news only have to last 24 hours? Any story worth telling probably has at least a few years worth of action in it. Slow is better. Trust me.
  
  --
  Cool! Amazing Toys.
5. Re:Rumour? by GrumblyStuff · 2010-07-28 18:36 · Score: 2, Interesting
  
  I try but they always tack on some celebrity or sports shit and then I turn off the TV.
6. Re:Rumour? by houghi · 2010-07-28 20:06 · Score: 3, Insightful
  
  It's like news, but without the journalism degrees or standards of professionalism.
  So it's like news?
  
  --
  Don't fight for your country, if your country does not fight for you.
Glad AT&T is not being evil (this time) by onionman · 2010-07-28 14:43 · Score: 2, Insightful

Good to hear that AT&T is actually doing the "right thing" and hopefully learning from the research instead of attempting to suppress it.
1. Re:Glad AT&T is not being evil (this time) by DJRumpy · 2010-07-28 14:48 · Score: 2, Informative
  
  The right thing is to give these companies time to respond and to close potential security vulnerabilities before the information goes public. In this case, that obviously is not going to happen (by that I mean addressing vulnerabilities). I hate that they have to release this information in such a public way and wish they wouldn't, but I see the need for it all the same.
2. Re:Glad AT&T is not being evil (this time) by MessedRocker · 2010-07-28 14:51 · Score: 2, Insightful
  
  Sometimes the greatest incentive to change your ways is to have your foibles on public display.
3. Re:Glad AT&T is not being evil (this time) by ScrewMaster · 2010-07-28 14:51 · Score: 3, Informative
  
  Good to hear that AT&T is actually doing the "right thing" and hopefully learning from the research instead of attempting to suppress it.
  Time was when "research" and "AT&T" were damn near synonymous. But yeah, it's good that they're keeping the sharks in check.
  
  --
  The higher the technology, the sharper that two-edged sword.
4. Re:Glad AT&T is not being evil (this time) by klingens · 2010-07-28 16:59 · Score: 4, Informative
  
  There already was a public talk about this GSM vulnerability last december. Back then, the group cracking the protocol didn't have the hard/software to demultiplex the connections a GSM basestation has to handle in realtime. That problem is now solved and so the hack is fully functional. The rainbowtables needed to crack the protocol were publicly created for almost all of 2009. The GSM industry had PLENTY of time to react and get their shit together, instead they stonewalled, ignored and threatened the hacking group as Mr. Piaget described back in his December 2009 talk.
  The DECT industry group for cordless phones who use a similar encryption method but weaker as GSM had their protocol examined bofore that in 2008 or so by the same people. When the hackers approached the DECT people they were basically welcomed and both, DECT group and hackers, worked together on fixing the protocol, spec and especially implementations.
  Ironically the DECT industry group and the GSM association is made of largely of the same companies...
5. Re:Glad AT&T is not being evil (this time) by evilviper · 2010-07-28 17:32 · Score: 2, Informative
  
  Time was when "research" and "AT&T" were damn near synonymous.
  There was a time when Nuclear Power Plants and "Westinghouse" were nearly synonymous, yet now they're making cheap toasters that don't work.
  The "AT&T" of today only happens to use the same name as the "AT&T" of years ago. Other than that, they died out entirely, much like Polaroid. What's now calling itself AT&T is, in fact, SBC, and has all the baggage associated with that shiftless company.
  
  --
  Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Ya forget AT&T, ask the FBI by Sycraft-fu · 2010-07-28 15:02 · Score: 4, Insightful

I'm still not very convinced this is legal, and you want to be sure. While they might well say "It isn't like he caused any harm, just let it slide," they also might now. The law is the law and all that. Plus maybe some company pressures them in to it. Some provider who gets mad says "Hey, you need to charge this guy, he broke wiretapping laws!"
When you are doing something all on your own equipment in a controlled environment, then sure you are good to go. So having a lab with what you need and trying it on your own stuff, that is legal. However intercepting random people in the area of your tower? Don't think that is legal, doesn't matter if you are doing it as a demonstration or not.
1. Re:Ya forget AT&T, ask the FBI by msauve · 2010-07-28 15:13 · Score: 5, Insightful
  
  "I'm still not very convinced this is legal...So having a lab with what you need and trying it on your own stuff, that is legal."
  
  It's definitely NOT legal. If nothing else, he'll be transmitting without a license on frequencies he's not authorized to use. When you use a cell phone normally, it's transmitting under the carrier's license authorization. If he sets up his own "cell site," there's not a license to be found anywhere. It doesn't matter how much power is used, or how far the signal can travel, if it's an intentional radiator, it's illegal.
  
  --
  "National Security is the chief cause of national insecurity." - Celine's First Law
2. Re:Ya forget AT&T, ask the FBI by causality · 2010-07-28 15:41 · Score: 4, Interesting
  
  "I'm still not very convinced this is legal...So having a lab with what you need and trying it on your own stuff, that is legal." It's definitely NOT legal. If nothing else, he'll be transmitting without a license on frequencies he's not authorized to use. When you use a cell phone normally, it's transmitting under the carrier's license authorization. If he sets up his own "cell site," there's not a license to be found anywhere. It doesn't matter how much power is used, or how far the signal can travel, if it's an intentional radiator, it's illegal.
  I had the impression that you could, without a license, transmit on frequencies that require a license so long as it's extremely low power, to the point that beyond X number of feet (300?) no meaningful reception of your transmission is possible.
  
  Before CD players in cars were common, you could get standalone CD players that broadcast the audio in the FM band. The car's radio/tape-player could be set to FM and turned to that frequency to pick up the audio from the CD. This was acceptable because the transmitter is in the same vehicle as the FM radio, so tiny power levels were sufficient.
  
  I admit that I am not a lawyer and don't know much about FCC regulations. I get the impression they're not an agency with a sense of humor, and one you wouldn't want to have to deal with. Still, would cell frequencies be given some special treatment that is not given to FM radio frequencies?
  
  --
  It is a miracle that curiosity survives formal education. - Einstein
3. Re:Ya forget AT&T, ask the FBI by Vellmont · 2010-07-28 16:23 · Score: 4, Insightful
  
  "Hey, you need to charge this guy, he broke wiretapping laws!"
  
  That might be just a bit difficult to convince a jury, given that his "wiretapping" is going to be limited to a small area that likely includes just the conference room full of people their for expressly this purpose, for not particularly long. If anyone doesn't want to be "wiretapped" perhaps they can restrain themselves and not make any phone calls during that short period in that room.
  Why is it that some people are always so convinced "the law" is something like the laws of physics that's set in stone and not interpreted for a specific purpose?
  I'm guessing he'll be breaking FCC regulations. If someone wants to make some big complaint about the few minutes he'll be running his demo, well I'd help contribute to whatever pathetic fine they might try to assess. In reality this would never happen since the FCC has better things to do.
  
  --
  AccountKiller
4. Re:Ya forget AT&T, ask the FBI by EETech1 · 2010-07-28 17:33 · Score: 2, Interesting
  
  We have 3 pico (femto maybe) cells at my work that take cdma calls and data and route them into Verizon somehow (LAN?). We also have 4 Spotwave systems set up in other locations to re-transmit CDMA and GSM voice and data outside the building, so I'm quite sure it is legal to have the equipment, and transmit on Cell phone frequencies, because it is something that can be arranged by our help desk, and our telecom guy installs them and maintains them, as they are purchased, or leased by our company. Now being able to set it up wherever you want to, and start intercepting calls meant to be covered by another site, might be a different story! /sidenote: I used to have a spotwave system camping with me and set it up in places where there was poor coverage, and it was amazing how people would naturally collect in front of my rig over a weekend, as they all used to get their voicemails and texts as they walked by, and wow here is the only place in the campground my cell phone works! I used to unplug it if they collected to much and blabbered too loud. it was great fun to see them all lose their signals at once. Hello??? Hello??? Cheers!
5. Re:Ya forget AT&T, ask the FBI by GrumblyStuff · 2010-07-28 18:35 · Score: 2, Informative
  
  From what I've heard of jury duty and from people I know who have had jury duty, they strongly emphasis only whether or not the law was broken and will screen for anyone thinking. Guess if they can't get a plea bargin, they go for the next easiest thing.
6. Re:Ya forget AT&T, ask the FBI by msauve · 2010-07-28 22:00 · Score: 3, Informative
  
  I had the impression that you could, without a license, transmit on frequencies that require a license so long as it's extremely low power, to the point that beyond X number of feet (300?) no meaningful reception of your transmission is possible.
  Nope, not as a general rule. What you're thinking of are the small FM radio band transmitters (such as used for iPod to car radio), which the FCC allows under a specific rule (47 CFR 15.239) which limits their output. No such rule is available for someone wanting to operate their own cell site. It's illegal, regardless of how low the power or how short the range. Another poster mentioned a Faraday cage; still illegal (even though you'd be unlikely to get caught).
  
  --
  "National Security is the chief cause of national insecurity." - Celine's First Law
7. Re:Ya forget AT&T, ask the FBI by msauve · 2010-07-28 22:21 · Score: 2, Insightful
  
  Funny, the "cell site" I run and maintain broadcasts on said frequencies and is perfectly legal.
  The manufacturers/sellers claim that, but funny, they never cite the regulations which would support such a claim.
  
  This is a grey area - if they are legal, it's for the same reason you don't need a license to operate a cell phone, because it's communicating with a system licensed for that frequency band (the cell carrier). Wilson, probably the manufacturer with the best reputation in this market, says "Wilson cell phone boosters fully comply with FCC regulations for cellular devices and are FCC type accepted." Note that they're very careful not to claim that operation without a license is legal. FCC type acceptance only means that a device meets the technical specifications required for use with a particular service (spectral purity, max power output, etc.), it doesn't mean the device can then be used by anyone without a license. You can buy many transmitting devices without a license, but actually operating one is illegal without a license (e.g. ham radios, GPRS, "business band" FM, etc.).
  
  --
  "National Security is the chief cause of national insecurity." - Celine's First Law
8. Re:Ya forget AT&T, ask the FBI by msauve · 2010-07-29 08:07 · Score: 2, Informative
  
  The ones which are sold by carriers to consumers are authorized under the carrier's license, the same way the cell phones themselves are. 47 CFR 22.3:
  
  Authority for subscribers to operate mobile or fixed stations in the Public Mobile Services ... is included in the authorization held by the licensee providing service to them.
  
  --
  "National Security is the chief cause of national insecurity." - Celine's First Law
Re:I see AT&T's position by fuzzyfuzzyfungus · 2010-07-28 15:06 · Score: 3, Insightful

On the other hand, if they don't kill it, the presenter may well have just committed a number of crimes in front of a live audience, and probably a fair few cameras)...

If they don't, he'll just have some nastygrams to hang on his wall, and a story of being oppressed by the man, without any lingering consequences.

They might just be ignoring it entirely, figuring that the Streisand effect is not with them on this one; but the path of maximum vindictiveness actually requires them to let him go ahead...
Maybe it will help the network by Anonymous Coward · 2010-07-28 15:08 · Score: 2, Insightful

Too many problems with the iPhones - personal towers might be a good idea
Defcon != Blackhat by baeyogin · 2010-07-28 15:30 · Score: 2, Informative

Different conference. My understanding is that the EFF is involved, and signs are being posted around the perimeter. Either way, I won't be using a GSM enabled phone. Should be interesting.
1. Re:Defcon != Blackhat by Anonymous Coward · 2010-07-28 16:45 · Score: 2, Informative
  
  No, what baeyogin was saying is that the "Black Hat" conference takes place before DEFCON. They're both in Vegas, and Black Hat is the 28th-29th, while DEFCON comes afterwards.
  
  There's nothing 'non-' or 'un-blackhat' about DEFCON.
Re:We are living in very interesting times. by countertrolling · 2010-07-28 15:37 · Score: 2, Insightful

...critical systems are now running in a decentralized manner...
Not so. Your entire internet is still in the hands of a small group that can cut your connection at any time with a simple flip of a switch or drop of an anchor.

--
For justice, we must go to Don Corleone
Re:Words and Deeds are often different by nacturation · 2010-07-28 15:57 · Score: 2, Insightful

Just because one person at AT&T said they won't do anything about it, there is absolutely no guarantee that someone else doesn't have different plans.
The way I read it was: "Oh no, we won't interfere with the talk at all. But just wait until you see what we do after the talk!"

--
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
Remeber Adobe? by PinkyGigglebrain · 2010-07-28 16:31 · Score: 4, Insightful

Anyone else remember how Adobe got the FBI to arrest and charged Sklyarov?

It doesn't matter what some mediadroid says. All it would take is one phone call from the right person at AT&T to the right person in the DOJ.

AT&T could deny any and all prior knowledge when the Feds arrest the presenter for breaking some law or another. Hell, AT&T could even call for his release afterward knowing that history would repeat itself.

Considering how big AT&T is again there really isn't anything anyone can do even if they did move openly. Boycott? HA!, how many of us can afford to give up our cell phones, home phones and Internet connections in protest? AT&T knows they have most of us by the tender bits.
So let's see what calls we can pick up... by pinkushun · 2010-07-28 20:29 · Score: 3, Funny

Senator Stampingston: Gentlemen, it's clear that we're in a universally precarious situation. Dethklok has summoned a troll.
General Krosier: That's impossible, there's no such thing as trolls.
Senator Stampingston: Then how do you explain the dead unicorns?
Um... Okay, moving on to the next call...