Slashdot Mirror
Does Wiretapping Require Cell Company Cooperation?
decora writes "Recently the dictator of Belarus, Alexander Lukashenko, accidentally admitted to wiretapping journalist Irina Khalip. Khalip is the wife of Andrei Sannikov, one of the many opposition presidential candidates who was imprisoned after the election in 2010. I am wondering how Lukashenko did this? Can a government tap a modern cellphone system without the company knowing? Or would it require cooperation, like when AT&T and others helped the NSA perform warrantless wiretapping on Americans?"
It's what they always do to neutralize opposition in politics. They'll find dirt and they'll use it.
If the government took the time to build a mainframe to crack the encryption keys, theoretically they could do it with little more than a partyvan equipped with a few dozen microwave radios or cell phones.
And isn't it the case now that stuff is embedded in all the major telecom hardware makers?
Dog is my co-pilot.
Just think about it for a minute. The only way a government or dictator could tap someone's phone without the phone company knowing would involve using secret agents (in the broadest sense) to plant bugs or intercept signals.
If there were ways to tap phones without doing this, using only the phone system, they would be common knowledge.
The easiest method is to use your influence (legitimate or otherwise) to get the phone company to cooperate, which is unsurprisingly the most common.
What was the point of this question?
I think the key word here is "dictator", as in you WILL do this wiretap....
Although it is a bit more difficult with current technology cell phones can be intercepted. The portable phones, even claiming to be frequency shifting can also be intercepted. And nothing is a worse bug than a baby monitor as those things have quite a signal output and are almost never secured. They can broadcast whispers from many rooms in the home as the sensitivity is great on their microphones. I think any serious radio hobbyist could talk if they were not frightened to admit eavesdropping. From what I know people should be encouraged to tap into communication streams. What you learn might scare you to death.
I am certain that none of the above remarks are factual and only some part of a bit of stew gone rancid or a fire in my imagination. I know nothing.
My opinion is if you aren't doing anything wrong you have nothing to worry about. If it helps put criminals and terrorists away....have at it!!!
Cinthia :)
http://www.car-shipping-quotes.net/site_map.html
if you have the money and contacts. Covered on slashdot as far back as 2003 at least ...
Basically GSM can be made to switch to A5/0 i.e. disable encryption by use of a commercially available "IMSI catcher" device. Originally these sent a spoofed degraded signal to the base station to make it think A5/0 was needed (it uses less bandwidth), these days it seems they just act as base stations. Cellphones automatically lock onto the strongest base station, and GSM security authenticates the handset only, so such rogue base stations are not technically difficult to make.
The "degraded signal" method implies that A5/0 also kicks in naturally in areas of bad reception and anyone with appropriate scanner hardware could monitor calls in that area. You'd still have to deal with the frequency hopping though.
A government can bribe or persuade an employee to perform the tap, or place an undercover worker in the telephone company in a position which can perform taps. So taps could be done without the telephone organization knowing about them.
GSM has horrible security and carriers aren't exactly doing their best to make their networks secure either. A while ago you needed relatively expensive equipment (around $1000-2000) to be able to sniff on the network, but it's now been done with a few very cheap phones. There's a very informative presentation (with video) here. For this to work, you need to be close to the person you want to eavesdrop on however.
http://www.wired.com/threatlevel/2010/07/intercepting-cell-phone-calls/
does that answer your summary?
GSM is not the most secure standard out there. Check the video from this presentation for a nice overview of exactly how fucked up GSM security is.
http://events.ccc.de/congress/2009/Fahrplan/events/3654.en.html
Long story short: It makes it easier, but it's not required. If they've got it, they can just copy the call at the switch level. If they don't, they can: Install software on the persons phone, sniff + break the radio waves, bribe a telco employee, plant software on the towers (see http://www.dmst.aueb.gr/dds/pubs/jrnl/2007-Spectrum-AA/html/PS07.pdf - really interesting read), or i'm sure they've got more methods.
Cell phone's aren't secure.
The simplest and most likely explanation is that the dictator originally told the cell company "if you want to do business in this country, I need the ability to wiretap". Another explanation is that depending on who you call, a cell call likely routes over land lines at some point (especially in a third world country). Anyone with physical access to the lines has the theoretical capability to tap.
Real programmers use "copy con program.exe"
It's very easy to tap a phone. Landlines are extremely simple to tap. You could do it with a little research on the web. Tapping a cellphone is slightly more complicated but still easy. In more modern countries it's getting a little more difficult as we all move towards soft-switches but in Belarus they still have PULSE dialing on their landlines. This means their switches are definitely hardware, and definitely at least 30-40 years old. Who owned the phone company 30-40 years ago? The USSR. I guarantee all their cellphone traffic travels through the same switch(s) installed by the USSR back in the day and all the equipment the KGB had installed at the time is likely still there. You make a call, it hits the cell tower, the cell tower has trunks that lead back to the switch and now they have you. It's a trivial matter to request that all incoming calls from a particular number get recorded.
I am sure all telecommunication companies in a state well known to be the opposite of a democracy will very willingly cooperateon all levels.
Ever since the world ended up going hell bent on terrorism laws (New World Order), all wire-tapping is legal with or without a warrant and you do not require any special permissions anymore if you work in law enforcement and a telecoms company need not know either.
It is better known as black boxing http://en.wikipedia.org/wiki/Black_box these systems have been in place since 1998 legally. The FBI changed it's code name from Carnivore to Magic Lantern after a bunch of hackers exposed the source code "cult of the dead cow" If I remember correctly.
Now you also have the likes of GCHQ and deep packet inspection http://www.theregister.co.uk/2009/05/05/gchq_mti_statement and they have been doing this since 1996.
The simple fact is you can be recorded for any half plausible excuse. Getting your location through a cell network takes about 5 seconds...... sadly each persons privacy is eroded and you do not have any choice.
Don't use Credit Cards, Cell Phones, Loyality Cards or the internet. Get out more and a pen and paper works better than spoken words!
All cows eat grass!
Governments everywhere are in different countries. They have different laws.
Is it tougher to tap a cellular line than a "land line"? No.
Is it tougher to tap a "land line" than a VoIP line? No.
If the entity wishing to tap your line either has the technical means or gets a court order to make someone else do it, they WILL EASILY be able to do so.
E
Is it actually useful? I mean, if you're the wife of a leader of an opposition party to a dictator, you must assume you are being tapped. I hope they have the common sense to avoid talking about anything remotely political on their phones.
Dilbert RSS feed
So it seems (relatively) trivial to me to write an app that handshakes with your friend when you meet in person, exchanging keys of sufficient bit length for high-grade encryption. Then when you want to talk privately, the app encrypts the audio. This would seem to be the (pretty much permanent) end to man-in-the-middle attacks of this sort.
So out of curiosity, can anyone link to said app yet?
"Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
Do you have laws against your guys using it against you?
Do you really think having those laws would really help?
Questions raise, answers kill. Raise questions to stay alive.
Reminds me of the Greek wiretapping scandal. In that version of the wiretapping scandal, a very technically sophisticated attacker (possibly an insider in the phone company) installed wiretap software into the phone network's routers. News broke after a top exec at the phone company hanged himself. Though surely there's a lot we don't know, it was almost certainly not official company policy to cooperate with government wiretaps on political opposition.
Belarus has moved to modern European hardware at least 20 years ago. In fact, most of the post-Soviet space has communication infrastructure that is incomparably more advanced than what is currently used in the USA. It is actually dumbfounding how archaic the US communications are compared to Europe.
In Canada our politicians are busy ensuring the complete erosion of private internet use as we know it. One of our current bills before parliament in Canada is essentially about to give make carriers to do this for the government. Basically they are installing lawful intercept systems for various law enforcement organizations to use. "This enactment requires telecommunications service providers to put in place and maintain certain capabilities that facilitate the lawful interception of information transmitted by telecommunications and to provide basic information about their subscribers to the Royal Canadian Mounted Police, the Canadian Security Intelligence Service, the Commissioner of Competition and any police service constituted under the laws of a province" http://www.parl.gc.ca/HousePublications/Publication.aspx?DocId=4007628&Language=e&Mode=1&File=19 And we are allowing it....
Of course, you can capture the actual GSM radio transmission off the air. There's no way to stop that. However, that GSM transmission will not be readable, since it is encrypted. You can decrypt it without provider's help, but that will take a considerable amount of time and computing power. In order to decipher it immediately, you will definitely need provider's cooperation. So, the answer is that it is impossible to perform real-time monitoring of GSM conversations without the provider's help. GSM is absolutely secure in that regard. It is not clear what Lukashenko meant by what he said. Did they monitor her phone in real-time? If so, then it immediately means that they had access to internal provider's information. If they were only able to do it later, then it is possible that they actually deciphered the communications without provider's participation.
Yes it requires cooperation, but no, that cooperation doesn't have to be voluntary.
In New Zealand (where I am) our government reminded all of our telcos of a law to have this lawful inception equipment installed by the end of 2010 (my understanding it was part of our international obligations, mostly at the behest of the US whose own agencies are not subject to our local [NZ] laws). Similar equipment is installed in many other countries. This allows the US to trace packets flying across the World in real time (bypassing the supposed protection of the TOR system).
Not only is cooperation from the phone company not required, but the phone company doesn't get to know when it's being used, and has no technical means to stop it or prevent it.
It's a legal requirement that the government is given the means to tap at will, and a legal requirement that their tapping cannot be discovered.
That's what is happening when telecom/network equipment vendors are touting the "lawful intercept" feature compliance of their latest product models.
Thing is people won't bother. It is amazing how lazy people are with security, physical, virtual, etc. Sure you could do encryption, this is more or less what the STU and STE phones the government use. The STU-III was more or less a phone, a digitizer, an encryption unit, and a modem. It encoded your voice and then could use analogue lines to send it out. The STE phones are all ISDN (or more recently IP) and handle everything digital, and are much more flexible.
You could almost certainly implement such a thing on smartphone software. Might be hard to do over voice lines since they are pretty low bandwidth and your encoding and decoding would lower it further. However you could do it over the data channel no problem.
For that matter you can buy STE units. Their crypto is kept on a card you put in them so the units themselves aren't classified. You couldn't get the crypto cards the government uses, but you could get one that uses AES or something similarly strong.
However people just aren't going to bother.
Unless it's encrypted, it's just radio traffic. Just need a scanner capable of decoding GSM or CDMA signals. You'll probably have to be within range of the tower communicating with their phone, but that's not too hard.
can be intercepted and decoded given enough time and/or money. It was once trivial to intercept cell calls (I could do it using off-the-shelf amateur radio equipment). It's become more difficult with digitized signals but I suspect that the technology to demodulate them is not beyond even former Soviet Bloc states. You don't need access to the cell company's hardware, either. These things are, after all, radios.
No one ever had to evacuate a city because the solar panels broke!
You should operate from the principle that anything going wireless can be intercepted and manipulated (this also goes for NFC, by the way - with the right kit you can kit such a credit card from about 30 meters).
There are a number of routes to intercept cell/mobile traffic:
- the telco itself has a legal obligation to provide intercept as part of their license. That is controlled by warrant, but we all know how hard it is to get those in some countries (your magic words are "terrorist", "pedophile" or "tax evader". If your manual says "communist" you really ought to get a new one). This tap happens generally inside the telco, and has a nationwide reach - and AFAIK it may even combine into an international one inside ECHELON.
Preventative measures: none, other than not using a cell for anything critical or confidential. Also valid for avoiding industrial and economic espionage.
Alternative option: install a secure comms agent, but I spent 6 months researching to find the only two that did the job properly without either issues with provenance or code quality. Even then, the next gotcha there is the legal environment (you need to screen your customers or may become accessory to crime), an issue none of the providers I looked at had dealt with in any satisfactory manner. You must ask that question - it's the weak spot of nearly all those "secure" app that they host the interconnect server (which holds the call records) in nations with, umm, "a "creative" view of law enforcement.
- you can infect the handset with an agent, generally done by people who are doing something illegal (intercept without a warrant breaks the law in many countries). Thank you smart phone, because you need an OS to do it, and it doesn't always involve a local install. Add a sniffer to something like Angry Birds and everyone will have it installed (not that I think AB has it, but it's an example). This has as advantage that you get hold of everything on the phone and it has a global reach, but is not so good for voice intercept as you need to maintain a data channel as well - much harder.
Prevention: Bluetooth ID hidden, don't let the phone out of sight (and if it happens, get a new phone); keep important data off the phone, don't install everything you see - or use a non-smart phone.
- you can locally intercept the traffic. This is the journalistic option as it's portable and cheap to build (sub $1k, your highest cost is a software radio, although I also heard something done with a couple of phones). Cell phone suppliers have "ignored" (*cough*) the part of the GSM spec that requires the phone to signal that it operates without encryption, so the strongest signal of the right provider simply wins - which is you.. You will end up with MP3s of any conversation that went through the fake cell.
Oh, something else: you can also track any mobile phone, anywhere. The signaling is not filtered between providers, so find yourself a nation with a telco where staff accepts "sponsorship" and you can track any phone you want, even in nations that do otherwise a good data protection job. Just so you know..
Wiretapping is just too easy now. It used to be quite difficult. Before electronic central offices, wiretapping required either a tap near the phone end of the circuit, or wiring to the appropriate circuit at the central office's main distributing frame. Telcos charged law enforcement for central office taps. Guliani writes, in his book about his days prosecuting the New York Mafia, that they were paying about a million dollars a year to New York Telephone for wiretaps, which were charged as private line extensions. On one occasion, the FBI didn't pay a bill on time, and the billing system billed the other party on the circuit, the one being wiretapped. This was a major motivation for CALEA.
In the crossbar era, it was possible to use the Automatic Line Insulation Test (ALIT) gear for wiretapping. This was a system that automatically tested each line every night, applying a test voltage and measuring leakage between the lines and to ground. Lines could also be tested remotely, on request, and the gear allowed listening in. But a central office would typically only have two sets of ALIT gear (three racks each), and using it for wiretapping interfered with routine maintenance. The FBI could sometimes get access to ALIT gear, but not local law enforcement. Only for short periods, too; the telco would keep demanding their test gear back.
All this was such a headache that wiretaps weren't used much. Now, all CO gear has remote wiretapping of large numbers of lines on demand at all times. It's also much easier to record and to monitor the recordings. Orwell would be so impressed.
Yes, governments can monitor cellphones without having control of the switching facilities. In fact, they are, right now.
In rural GTE land, then Verizon, and now Frontier, tone was an added feature on the monthly bill. It may still be but I haven't had a phone there for 5 years. The telco equipment comes setup for tone so if you don''t pay for tone they had to manually switch to pulse. I was fine having the minor delay in pulse simply to not let Verizon bleed a few more dollars out of their old lines. And people wonder why the US is behind so many other countries in broadband.
Why bother spying, i mean in the end whats the worst that can happen, you loose elections, and you still have billions of dollars. big deal.
Are they really that psychotically married to the idea of rule over the people?
I mean, get over it dumbass dictators, your a bunch of fukwits. That will get early dimmensure or some disease. You can take your billions when you died, might as well retire and live like Billy Maddison with all the cocaine you want.
Their rule over the people is one big illusion, 10million yes men, who would kill you for youre wealth if offered.
Liberty freedom are no1, not dicks in suits.
IAX encryption
As of asterisk version 1.2.4 (maybe before) there is a rather undocumented channel encryption feature included in chan_iax2. After successful authentication the whole channel including control data and voice data is encrypted with AES128. The encryption can be activated by adding the line
encryption=aes128
Liberty freedom are no1, not dicks in suits.
The term you need to google for is "lawful intercept".
In essence, in most countries any telco is legally obliged to provide a mechanism for law enforcement to intercept calls and metadata about calls. Assuming Wikipedia's correct, this mechanism may allow interception to take place without the telco even knowing about it. (see: http://en.wikipedia.org/wiki/Lawful_interception) and IIRC such a mechanism is baked right into the GSM standard.
So the answer to your question is: Wiretapping does not necessarily require co-operation.
Why not simply follow the guy around with a decent receiver?
- I've got bad karma because I won't parrot everyone else's opinion
What do you do when you're driving through Michigan, minding your own business, and you get stopped, because a policeman 'suspects' that you might be driving drunk or participating in prostitution? He can use the excuse that you drove to close to the center line, or your car doesn't look like it fits in the area that you're driving in.* While you're stopped, the policeman takes your phone and copies all the data off of it. It takes him about 90 seconds.
* This is not far-fetched. I have been stopped for the former. My wife has been stopped for the latter.
Aah, change is good. -- Rafiki
Yeah, but it ain't easy. -- Simba
You missed the joke. CinthIA = CIA. The woman whose voice is used for one of the numbers stations is known as Cynthia because of the station's supposed connection to the CIA.
You store your encryption keys in an encrypted file, and require a passcode/voice ident/etc to dial anyone you care about encrypting with.
Or you accept that end attacks are much harder to defeat than man-in-the-middle. You resync with anyone you need to encrypt with after each arrest.
"Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
this is exactly the kind of discussion that makes slashdot worthwhile
I'll have to ask them about this.
"Don't teach a man to fish, feed yourself. He's a grown man. Fishing's not that hard." - Ron Swanson
Every power that a government has is dangerous. Are you saying that they should have a capability to kill a large number of people in a short time, but not listen to cell phones? To whatever degree we trust a government to protect us from villains rather than be a villain, I would rather shift their powers towards later. What if communications of 9/11 highjackers were intercepted and we didn't go to two wars and make mountains out of naked unlawful combatants?