Slashdot Mirror
Does Wiretapping Require Cell Company Cooperation?
decora writes "Recently the dictator of Belarus, Alexander Lukashenko, accidentally admitted to wiretapping journalist Irina Khalip. Khalip is the wife of Andrei Sannikov, one of the many opposition presidential candidates who was imprisoned after the election in 2010. I am wondering how Lukashenko did this? Can a government tap a modern cellphone system without the company knowing? Or would it require cooperation, like when AT&T and others helped the NSA perform warrantless wiretapping on Americans?"
It's what they always do to neutralize opposition in politics. They'll find dirt and they'll use it.
If the government took the time to build a mainframe to crack the encryption keys, theoretically they could do it with little more than a partyvan equipped with a few dozen microwave radios or cell phones.
And isn't it the case now that stuff is embedded in all the major telecom hardware makers?
Dog is my co-pilot.
Just think about it for a minute. The only way a government or dictator could tap someone's phone without the phone company knowing would involve using secret agents (in the broadest sense) to plant bugs or intercept signals.
If there were ways to tap phones without doing this, using only the phone system, they would be common knowledge.
The easiest method is to use your influence (legitimate or otherwise) to get the phone company to cooperate, which is unsurprisingly the most common.
What was the point of this question?
I think the key word here is "dictator", as in you WILL do this wiretap....
Although it is a bit more difficult with current technology cell phones can be intercepted. The portable phones, even claiming to be frequency shifting can also be intercepted. And nothing is a worse bug than a baby monitor as those things have quite a signal output and are almost never secured. They can broadcast whispers from many rooms in the home as the sensitivity is great on their microphones. I think any serious radio hobbyist could talk if they were not frightened to admit eavesdropping. From what I know people should be encouraged to tap into communication streams. What you learn might scare you to death.
I am certain that none of the above remarks are factual and only some part of a bit of stew gone rancid or a fire in my imagination. I know nothing.
My opinion is if you aren't doing anything wrong you have nothing to worry about. If it helps put criminals and terrorists away....have at it!!!
Cinthia :)
http://www.car-shipping-quotes.net/site_map.html
if you have the money and contacts. Covered on slashdot as far back as 2003 at least ...
Basically GSM can be made to switch to A5/0 i.e. disable encryption by use of a commercially available "IMSI catcher" device. Originally these sent a spoofed degraded signal to the base station to make it think A5/0 was needed (it uses less bandwidth), these days it seems they just act as base stations. Cellphones automatically lock onto the strongest base station, and GSM security authenticates the handset only, so such rogue base stations are not technically difficult to make.
The "degraded signal" method implies that A5/0 also kicks in naturally in areas of bad reception and anyone with appropriate scanner hardware could monitor calls in that area. You'd still have to deal with the frequency hopping though.
A government can bribe or persuade an employee to perform the tap, or place an undercover worker in the telephone company in a position which can perform taps. So taps could be done without the telephone organization knowing about them.
GSM has horrible security and carriers aren't exactly doing their best to make their networks secure either. A while ago you needed relatively expensive equipment (around $1000-2000) to be able to sniff on the network, but it's now been done with a few very cheap phones. There's a very informative presentation (with video) here. For this to work, you need to be close to the person you want to eavesdrop on however.
Some govd agencies have special phones that can be put any IMEI on then. So, just clone the IMEI of the evil jornalist on there.
http://www.wired.com/threatlevel/2010/07/intercepting-cell-phone-calls/
does that answer your summary?
Researching gmail hammering this system I find a /. script running inside gmail page.
My lawyer will be in touch.
see how some phones run custom software from the cell company's it's very likely.
The operative word in your question is Know. There are always things that we know and thinks that we don't Know. But there are always things that we wish not to know.
In the case of wiretapping by a government without legal consent, or the knowledge of the phone company involved, then often there will be persons in the indirect employ of said government who are also in a position of trust in connection with the phone network. Thus it has always been prudent in almost all countries to have a part of the telecoms industry who serves a higher master but wears the common dress.
In summary, never let your right hand know what your left is doing!
To summary the summary, 'Plausible Deny-ability!' as AT&T would say.
GSM is not the most secure standard out there. Check the video from this presentation for a nice overview of exactly how fucked up GSM security is.
http://events.ccc.de/congress/2009/Fahrplan/events/3654.en.html
Long story short: It makes it easier, but it's not required. If they've got it, they can just copy the call at the switch level. If they don't, they can: Install software on the persons phone, sniff + break the radio waves, bribe a telco employee, plant software on the towers (see http://www.dmst.aueb.gr/dds/pubs/jrnl/2007-Spectrum-AA/html/PS07.pdf - really interesting read), or i'm sure they've got more methods.
Cell phone's aren't secure.
The simplest and most likely explanation is that the dictator originally told the cell company "if you want to do business in this country, I need the ability to wiretap". Another explanation is that depending on who you call, a cell call likely routes over land lines at some point (especially in a third world country). Anyone with physical access to the lines has the theoretical capability to tap.
Real programmers use "copy con program.exe"
It's very easy to tap a phone. Landlines are extremely simple to tap. You could do it with a little research on the web. Tapping a cellphone is slightly more complicated but still easy. In more modern countries it's getting a little more difficult as we all move towards soft-switches but in Belarus they still have PULSE dialing on their landlines. This means their switches are definitely hardware, and definitely at least 30-40 years old. Who owned the phone company 30-40 years ago? The USSR. I guarantee all their cellphone traffic travels through the same switch(s) installed by the USSR back in the day and all the equipment the KGB had installed at the time is likely still there. You make a call, it hits the cell tower, the cell tower has trunks that lead back to the switch and now they have you. It's a trivial matter to request that all incoming calls from a particular number get recorded.
I am sure all telecommunication companies in a state well known to be the opposite of a democracy will very willingly cooperateon all levels.
Look at what happened to Greece some years ago. Everyone was wiretapping into the primeminister's and other officials cell phones through Vodafone, without the government knowing - nor Vodafone - or so they claim.
As for the "I am wondering how Lukashenko did this? " question, it's difficult to beat that one in stupidity. He is a freaking dictator, he can do what he wants. He wouldn't need the company cooperation - he can just force them to do it or bring his own people to do it. Or they go to jail. I suggest that you take a look at the definition of dictatorship.
Ever since the world ended up going hell bent on terrorism laws (New World Order), all wire-tapping is legal with or without a warrant and you do not require any special permissions anymore if you work in law enforcement and a telecoms company need not know either.
It is better known as black boxing http://en.wikipedia.org/wiki/Black_box these systems have been in place since 1998 legally. The FBI changed it's code name from Carnivore to Magic Lantern after a bunch of hackers exposed the source code "cult of the dead cow" If I remember correctly.
Now you also have the likes of GCHQ and deep packet inspection http://www.theregister.co.uk/2009/05/05/gchq_mti_statement and they have been doing this since 1996.
The simple fact is you can be recorded for any half plausible excuse. Getting your location through a cell network takes about 5 seconds...... sadly each persons privacy is eroded and you do not have any choice.
Don't use Credit Cards, Cell Phones, Loyality Cards or the internet. Get out more and a pen and paper works better than spoken words!
All cows eat grass!
Maybe most people here are from the mighty US, so they have to be informed:
In parts of Europe - especially not at the 4 or 5 countries most non-europeans know - the government still owns companies like phone networks, internet service providers, cell phone providers, telelephony network operators etc.
Also, and this will be surprising, there are still countries that only have one of those and is fully owned by the public - the government.
Thus, the dictator or prime minister is pretty much able to do whatever he wants. He actually hired the company's CEO and owns the company.
Governments everywhere are in different countries. They have different laws.
Is it tougher to tap a cellular line than a "land line"? No.
Is it tougher to tap a "land line" than a VoIP line? No.
If the entity wishing to tap your line either has the technical means or gets a court order to make someone else do it, they WILL EASILY be able to do so.
E
The encryption used by GSM uses certain keys (Ki - K sub I) that should be known only to the Telecom and SIM provider. If you were to get those keys, you could pick the call out of the air and decrypt it on the fly.
Is it actually useful? I mean, if you're the wife of a leader of an opposition party to a dictator, you must assume you are being tapped. I hope they have the common sense to avoid talking about anything remotely political on their phones.
Dilbert RSS feed
Of course any state or mafia-sized entity can afford the real-time decoders. Have you not been paying attention?
Signals Intelligence: http://en.wikipedia.org/wiki/Signals_intelligence
You pay your guys to do it. They pay their guys to do it.
Do you have laws against your guys using it against you?
So it seems (relatively) trivial to me to write an app that handshakes with your friend when you meet in person, exchanging keys of sufficient bit length for high-grade encryption. Then when you want to talk privately, the app encrypts the audio. This would seem to be the (pretty much permanent) end to man-in-the-middle attacks of this sort.
So out of curiosity, can anyone link to said app yet?
"Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
yup - http://www.whispersys.com/
Reminds me of the Greek wiretapping scandal. In that version of the wiretapping scandal, a very technically sophisticated attacker (possibly an insider in the phone company) installed wiretap software into the phone network's routers. News broke after a top exec at the phone company hanged himself. Though surely there's a lot we don't know, it was almost certainly not official company policy to cooperate with government wiretaps on political opposition.
Belarus has moved to modern European hardware at least 20 years ago. In fact, most of the post-Soviet space has communication infrastructure that is incomparably more advanced than what is currently used in the USA. It is actually dumbfounding how archaic the US communications are compared to Europe.
In Canada our politicians are busy ensuring the complete erosion of private internet use as we know it. One of our current bills before parliament in Canada is essentially about to give make carriers to do this for the government. Basically they are installing lawful intercept systems for various law enforcement organizations to use. "This enactment requires telecommunications service providers to put in place and maintain certain capabilities that facilitate the lawful interception of information transmitted by telecommunications and to provide basic information about their subscribers to the Royal Canadian Mounted Police, the Canadian Security Intelligence Service, the Commissioner of Competition and any police service constituted under the laws of a province" http://www.parl.gc.ca/HousePublications/Publication.aspx?DocId=4007628&Language=e&Mode=1&File=19 And we are allowing it....
Of course, you can capture the actual GSM radio transmission off the air. There's no way to stop that. However, that GSM transmission will not be readable, since it is encrypted. You can decrypt it without provider's help, but that will take a considerable amount of time and computing power. In order to decipher it immediately, you will definitely need provider's cooperation. So, the answer is that it is impossible to perform real-time monitoring of GSM conversations without the provider's help. GSM is absolutely secure in that regard. It is not clear what Lukashenko meant by what he said. Did they monitor her phone in real-time? If so, then it immediately means that they had access to internal provider's information. If they were only able to do it later, then it is possible that they actually deciphered the communications without provider's participation.
You are trying too hard. "Lawful interception" is part of the standard http://en.wikipedia.org/wiki/Lawful_interception , and as a government you state that every network operator needs tp purchase their network with this option. Done.
Lawful interception separates law enforcement and operator personnel, so the operator does not know what is intercepted.
I'm sorry, but it's tough to compare two things and claim that they're incomparable.... you can say that someone's beauty is incomparable, or somesuch, but you can't supply something that you're ... incomparable to.... sort of like someone saying "I died, I literally died!"... nope.
Yes it requires cooperation, but no, that cooperation doesn't have to be voluntary.
In New Zealand (where I am) our government reminded all of our telcos of a law to have this lawful inception equipment installed by the end of 2010 (my understanding it was part of our international obligations, mostly at the behest of the US whose own agencies are not subject to our local [NZ] laws). Similar equipment is installed in many other countries. This allows the US to trace packets flying across the World in real time (bypassing the supposed protection of the TOR system).
Not only is cooperation from the phone company not required, but the phone company doesn't get to know when it's being used, and has no technical means to stop it or prevent it.
It's a legal requirement that the government is given the means to tap at will, and a legal requirement that their tapping cannot be discovered.
That's what is happening when telecom/network equipment vendors are touting the "lawful intercept" feature compliance of their latest product models.
You are all stupid. This article is stupid. The comparison between belarus and the us is idiotic. The wireless carriers in belarus are all Russian. He does not have to ask permission to get access to anything he wants.
End of story.
You are comparing a totalitarian dictatorship with a country with laws and courts.
Move on. Nothing to see here.
Thing is people won't bother. It is amazing how lazy people are with security, physical, virtual, etc. Sure you could do encryption, this is more or less what the STU and STE phones the government use. The STU-III was more or less a phone, a digitizer, an encryption unit, and a modem. It encoded your voice and then could use analogue lines to send it out. The STE phones are all ISDN (or more recently IP) and handle everything digital, and are much more flexible.
You could almost certainly implement such a thing on smartphone software. Might be hard to do over voice lines since they are pretty low bandwidth and your encoding and decoding would lower it further. However you could do it over the data channel no problem.
For that matter you can buy STE units. Their crypto is kept on a card you put in them so the units themselves aren't classified. You couldn't get the crypto cards the government uses, but you could get one that uses AES or something similarly strong.
However people just aren't going to bother.
Unless it's encrypted, it's just radio traffic. Just need a scanner capable of decoding GSM or CDMA signals. You'll probably have to be within range of the tower communicating with their phone, but that's not too hard.
You use something called a triggerfish which does a man in the middle attack on the phone (for mobiles). You need to be in the area.
It was on The Wire and it is real (and no, they won't sell YOU one).
...but the encryption is weak on GSM so a brute force attack is possible now.
can be intercepted and decoded given enough time and/or money. It was once trivial to intercept cell calls (I could do it using off-the-shelf amateur radio equipment). It's become more difficult with digitized signals but I suspect that the technology to demodulate them is not beyond even former Soviet Bloc states. You don't need access to the cell company's hardware, either. These things are, after all, radios.
No one ever had to evacuate a city because the solar panels broke!
You should operate from the principle that anything going wireless can be intercepted and manipulated (this also goes for NFC, by the way - with the right kit you can kit such a credit card from about 30 meters).
There are a number of routes to intercept cell/mobile traffic:
- the telco itself has a legal obligation to provide intercept as part of their license. That is controlled by warrant, but we all know how hard it is to get those in some countries (your magic words are "terrorist", "pedophile" or "tax evader". If your manual says "communist" you really ought to get a new one). This tap happens generally inside the telco, and has a nationwide reach - and AFAIK it may even combine into an international one inside ECHELON.
Preventative measures: none, other than not using a cell for anything critical or confidential. Also valid for avoiding industrial and economic espionage.
Alternative option: install a secure comms agent, but I spent 6 months researching to find the only two that did the job properly without either issues with provenance or code quality. Even then, the next gotcha there is the legal environment (you need to screen your customers or may become accessory to crime), an issue none of the providers I looked at had dealt with in any satisfactory manner. You must ask that question - it's the weak spot of nearly all those "secure" app that they host the interconnect server (which holds the call records) in nations with, umm, "a "creative" view of law enforcement.
- you can infect the handset with an agent, generally done by people who are doing something illegal (intercept without a warrant breaks the law in many countries). Thank you smart phone, because you need an OS to do it, and it doesn't always involve a local install. Add a sniffer to something like Angry Birds and everyone will have it installed (not that I think AB has it, but it's an example). This has as advantage that you get hold of everything on the phone and it has a global reach, but is not so good for voice intercept as you need to maintain a data channel as well - much harder.
Prevention: Bluetooth ID hidden, don't let the phone out of sight (and if it happens, get a new phone); keep important data off the phone, don't install everything you see - or use a non-smart phone.
- you can locally intercept the traffic. This is the journalistic option as it's portable and cheap to build (sub $1k, your highest cost is a software radio, although I also heard something done with a couple of phones). Cell phone suppliers have "ignored" (*cough*) the part of the GSM spec that requires the phone to signal that it operates without encryption, so the strongest signal of the right provider simply wins - which is you.. You will end up with MP3s of any conversation that went through the fake cell.
Oh, something else: you can also track any mobile phone, anywhere. The signaling is not filtered between providers, so find yourself a nation with a telco where staff accepts "sponsorship" and you can track any phone you want, even in nations that do otherwise a good data protection job. Just so you know..
Wiretapping is just too easy now. It used to be quite difficult. Before electronic central offices, wiretapping required either a tap near the phone end of the circuit, or wiring to the appropriate circuit at the central office's main distributing frame. Telcos charged law enforcement for central office taps. Guliani writes, in his book about his days prosecuting the New York Mafia, that they were paying about a million dollars a year to New York Telephone for wiretaps, which were charged as private line extensions. On one occasion, the FBI didn't pay a bill on time, and the billing system billed the other party on the circuit, the one being wiretapped. This was a major motivation for CALEA.
In the crossbar era, it was possible to use the Automatic Line Insulation Test (ALIT) gear for wiretapping. This was a system that automatically tested each line every night, applying a test voltage and measuring leakage between the lines and to ground. Lines could also be tested remotely, on request, and the gear allowed listening in. But a central office would typically only have two sets of ALIT gear (three racks each), and using it for wiretapping interfered with routine maintenance. The FBI could sometimes get access to ALIT gear, but not local law enforcement. Only for short periods, too; the telco would keep demanding their test gear back.
All this was such a headache that wiretaps weren't used much. Now, all CO gear has remote wiretapping of large numbers of lines on demand at all times. It's also much easier to record and to monitor the recordings. Orwell would be so impressed.
Yes, governments can monitor cellphones without having control of the switching facilities. In fact, they are, right now.
In rural GTE land, then Verizon, and now Frontier, tone was an added feature on the monthly bill. It may still be but I haven't had a phone there for 5 years. The telco equipment comes setup for tone so if you don''t pay for tone they had to manually switch to pulse. I was fine having the minor delay in pulse simply to not let Verizon bleed a few more dollars out of their old lines. And people wonder why the US is behind so many other countries in broadband.
Cell phones use radio waves, which are comprised of radio-frequency energy. Its in the air folks. Figure it out...
Why bother spying, i mean in the end whats the worst that can happen, you loose elections, and you still have billions of dollars. big deal.
Are they really that psychotically married to the idea of rule over the people?
I mean, get over it dumbass dictators, your a bunch of fukwits. That will get early dimmensure or some disease. You can take your billions when you died, might as well retire and live like Billy Maddison with all the cocaine you want.
Their rule over the people is one big illusion, 10million yes men, who would kill you for youre wealth if offered.
Liberty freedom are no1, not dicks in suits.
Here's a link to a wikipedia article on a wiretap "hack" that targeted members of the Greek government - http://en.wikipedia.org/wiki/Greek_wiretapping_case_2004-2005. It's interesting to see how the phone monitoring facilities built in to the mobile network equipment for use by government/police were hacked and used by a third party (probably the US government, but who knows !). So there's always facilities for the local government to monitor phone traffic - you must assume that *all* your conversations are public. However, I really feel sorry for the poor bastard who listens to my boring drivel !
Just another API. I'd bet that Belarus wasn't the one to request that such accessibility be implemented. They just so happened to stumble upon it and make use of it. I remember reading a few years ago that NYC now gives UPS (greatly) reduced price tickets for double parking, provided they don't contest any of the tickets. Same deal, different playing field. Requests by a government to a service provider would take manual effort and time, and therefore a fee. Since every request for records by the government is rubber stamped by the receiver anyway, why not build an API? So much cheaper. Plus, you can sue them if they make a fradulent/wrong/whatever request. Once the API is there, of course, give it to every country, not just the one that deemed it necessary in the first place. It would be politically incorrect not to do so. Plus, it would cause an international trade squabble. You think having to poop scoop after your dog is bad? Try dealing with one of those. And thus, warrantless wiretapping is born. And the only thing anyone from the public ever asks is some idiot reporter asking "What's an API?", but they promptly realize that their time would be better spent emptying the minibar, so nevermind.
I'd like to remind everyone that if the person you're talking to is *soooooo important*, then you can surely meet in person, or they aren't actually that important at all, so stop wasting your time already. You don't need to be glued to your phone 24/7, talking about what your dinner the previous night looked like in the toilet this morning. The only ones that benefit from always being on the damn phone are douchebags that like to let everyone know that they're important. Remember, your best friends wake up next to you in jail.
IAX encryption
As of asterisk version 1.2.4 (maybe before) there is a rather undocumented channel encryption feature included in chan_iax2. After successful authentication the whole channel including control data and voice data is encrypted with AES128. The encryption can be activated by adding the line
encryption=aes128
Liberty freedom are no1, not dicks in suits.
The term you need to google for is "lawful intercept".
In essence, in most countries any telco is legally obliged to provide a mechanism for law enforcement to intercept calls and metadata about calls. Assuming Wikipedia's correct, this mechanism may allow interception to take place without the telco even knowing about it. (see: http://en.wikipedia.org/wiki/Lawful_interception) and IIRC such a mechanism is baked right into the GSM standard.
So the answer to your question is: Wiretapping does not necessarily require co-operation.
the proliferation of corporate parasites sucking at the teat will be much harder to get rid of.
Why not simply follow the guy around with a decent receiver?
- I've got bad karma because I won't parrot everyone else's opinion
I have worked for a top 5 telecom vendor.
You can wiretap a GSM phone on your own - this requires you to be in proximity of your target, if you are an individual. If you are a government it is easier to request this from the telecom operator ( think of several hundred individual phones which need to be tapped) . It is mandatory for telecom operators to offer a LAWFULL Interception Gateway so the telecom vendors design this in their products. In the civilized world , the government provides the operator with a judge order and the operator starts tapping the phone , This process is automated , the operator has limited knowledge of the tapping , does not possess the actual recordings and is covered legally by having the judge order. Also , in the old tdm system with the central telephone switches it very easy for the switch operator to monitor the calls .
To summarize - unless you are securing all the chain between the two callers you cannot have a guarantee of call privacy.
Guys, if you think that a gov will not spy on you just because its own laws say that that is illegal, you're retarded.
Is it encrypted?
Is it WELL encrypted?
How is the traffic being routed?
Is it prone to side-channel attacks?
Are their undisclosed vulnerabilities, or back doors? (the dreaded "unkown" unknowns, zero days, etc)
What do you do when you're driving through Michigan, minding your own business, and you get stopped, because a policeman 'suspects' that you might be driving drunk or participating in prostitution? He can use the excuse that you drove to close to the center line, or your car doesn't look like it fits in the area that you're driving in.* While you're stopped, the policeman takes your phone and copies all the data off of it. It takes him about 90 seconds.
* This is not far-fetched. I have been stopped for the former. My wife has been stopped for the latter.
Aah, change is good. -- Rafiki
Yeah, but it ain't easy. -- Simba
You missed the joke. CinthIA = CIA. The woman whose voice is used for one of the numbers stations is known as Cynthia because of the station's supposed connection to the CIA.
You store your encryption keys in an encrypted file, and require a passcode/voice ident/etc to dial anyone you care about encrypting with.
Or you accept that end attacks are much harder to defeat than man-in-the-middle. You resync with anyone you need to encrypt with after each arrest.
"Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
this is exactly the kind of discussion that makes slashdot worthwhile
I'll have to ask them about this.
"Don't teach a man to fish, feed yourself. He's a grown man. Fishing's not that hard." - Ron Swanson
Corporations should not be manufacturing defective devices with back doors.
This is a dangerous game we are playing here. Because a modern cell phone (smart phone) is practically a computer and/or has access to our private networks at times. Allowing our corporations to create defective computing devices in order to allow law enforcement to more easily break in to these devices if they need to is simply too much risk for the citizen to bear. Besides the trust and privacy issues of allowing ones own government (who works for the people I remind you) to listen in to your most personal communications and view your most private information... we are also accepting that these back door defects could be hijacked by those without real permission or worse... by criminal elements or those who wish you real harm.
Its unfortunate that new/current technology is making law enforcement more difficult ***which I highly doubt*** ... but making the information of every citizen accessible in a convenient way is just not the answer.
As a society, we should reject these law which weaken consumer products and furthermore, we should make it illegal to manufacture and import any product which does have such a "back door". Immediate sanctions to any country trying to import this crap in a product or on a chip. Because that sort of mass surveillance ability is too much power and consequently too much risk.
I just want to convince you that this statement is FALSE: "We will be safer is we carry weaker tools"