Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Privacy Government Security United States IT

How To DDoS a Federal Wiretap 112

alphadogg writes "Researchers at the University of Pennsylvania say they've discovered a way to circumvent the networking technology used by law enforcement to tap phone lines in the US. The flaws they've found 'represent a serious threat to the accuracy and completeness of wiretap records used for both criminal investigation and as evidence in trial,' the researchers say in their paper, set to be presented Thursday at a computer security conference in Chicago. Following up on earlier work on evading analog wiretap devices called loop extenders, the Penn researchers took a deep look at the newer technical standards used to enable wiretapping on telecommunication switches. They found that while these newer devices probably don't suffer from many of the bugs they'd found in the loop extender world, they do introduce new flaws. In fact, wiretaps could probably be rendered useless if the connection between the switches and law enforcement are overwhelmed with useless data, something known as a denial of service (DOS) attack."
This discussion has been archived. No new comments can be posted.

How To DDoS a Federal Wiretap

Comments Filter:
  • Pithy Comment (Score:1, Offtopic)

    by Mikkeles ( 698461 )

    Great news! Thank you very much!

  • Of course, criminals have plenty of easier ways to dodge police surveillance. They can use cash to buy prepaid mobile phones anonymously, or reach out to their accomplices with encrypted Skype calls, said Robert Graham, CEO with Errata Security.

    Duh.

    • actually, it's not even an answer.

      "In fact, wiretaps could probably be rendered useless if"

      keyword: PROBABLY

      • Exactly. Any since they weren't able to get their hands on the actual HW/SW the feds use, their expectation of "probably" becomes even less trustworthy.
        • The obvious answer is this: if the feds try to use the patriot act or something similar to suppress the findings, they are ~definitely correct. If the feds ignore them, then they probably don't care, meaning what they actually use is probably different from what the researchers used.

          • How is that legal? I can publish detailed designs for a nuke, or how to get away with murder, but god help us all if I give info on how to DOS a wiretap.
            • How is that legal?

              More like "how is that not bullshit". I know we all spend time playing spot-the-fed, but does one really believe that they are that dumb? Even if the document is accurate, once it's on the Net it's about as easy to remove as crazy glue on the ass of a rhino - attempting to take it down not only confirms it, it leads more people to try it. As it is it's just filed as onemorepossibility in the "what if" files.

              At least this sounds plausible.

      • actually, it's not even an answer.

        "In fact, wiretaps could probably be rendered useless if"

        keyword: PROBABLY

        If we keep strengthening the encryption between the two endpoints, eventually wiretapping will become useless. ...and the feds will figure out how to tap the endpoints.

        ...you jolt awake at 4 AM. You listen, look around, and hear nothing through bedroom window you left open at bedtime on that hot summer night. As a matter of fact, you don't even hear the man packing up his endpoint-wiretapping-dart sniper rifle on the adjoining rooftop. You simply rub your temples to try and rid yourself of the sudden,

  • by MaerD ( 954222 ) on Thursday November 12, 2009 @02:25PM (#30077266)
    Wiretaps DDOS you!

    Ok, seriously? Overwhelm the signal to noise ratio and picking out the useful information becomes harder. It's just a question of how much and how long, not to mention how long after the fact is said information useful.
    Better yet, why would anyone who seriously wants to avoid a wiretap *use a phone*? It seems like discussing anything over an unencrypted medium is asking for trouble.
    • Re: (Score:2, Funny)

      Better yet, why would anyone who seriously wants to avoid a wiretap *use a phone*?

      To connect his acoustic coupler :-)

    • It seems like discussing anything over an unencrypted medium is asking for trouble.

      Er... isn't /. an unencrypted medium? Isn't this thread discussing something that would fall under the category of "anything?"

      (yes, I know what you meant, I just couldn't resist, I'm sorry.)

  • Buffering... (Score:5, Informative)

    by chill ( 34294 ) on Thursday November 12, 2009 @02:28PM (#30077332) Journal

    As someone who worked on a CALEA system for 18 months, implementing, testing and helping design, I can tell you one thing.

    The specs of all the systems are such that they DO NOT BUFFER the actual voice, only the data. I mean the numbers punched, busy signals, etc. Buffered voice would rapidly overwhelm the system, so it is just dropped if the link from the CO (central office) to the LE (law enforcement) goes down.

    Call data can be buffered for days, so that isn't dropped.

    This isn't a flaw, it was a design decision. Good luck DDoSing a major telco switching office.

    • Redundant Technology (Score:4, Interesting)

      by mikelieman ( 35628 ) on Thursday November 12, 2009 @02:45PM (#30077584) Homepage

      Given that the US Government had AT&T put optical splitters on the network backbones a while back, isn't this CAELA stuff obsolete? It still presumes that Warrants count and stuff and that they're not already copying all voice and data communications.

      • by vvaduva ( 859950 ) on Thursday November 12, 2009 @02:55PM (#30077786)

        Obsolete in the sense that it could be done better, or that new technology is already out and readily available to law enforcement? To me it looks like something that works well enough to catch bad guys. The paper deals with a lot of theoretical stuff that will be very hard to replicate in the real world; drug dealers, jihadists and even well-skilled technical people will have a really hard time overloading a major telco switch without access to expensive hardware and lots of resources which very few people have.

        • I don't need to waste my time making Law Enforcement MORE confused. Instead I lobby to change clauses in various laws till what I am doing is legal. Let the Sargent Stedenko's [imdb.com] work with that.
      • by chill ( 34294 ) on Thursday November 12, 2009 @03:30PM (#30078352) Journal

        Not really. That stuff is a firehose, and few jurisdictions are capable of handling anything like it. CALEA is for small town police depts as well as the FBI. Warrants are entered by the PD clerk, which are submitted to the CALEA system. The system is separate from accounting and everything else, so no one who isn't authorized has access to the info.

        The system then flags a number and whenever a call is made to or from that number, it is duplicated inside the switch and a stream sent to the CALEA system. This includes busy signals, party line calls, SMS, etc.

        The CALEA system establishes a secure tunnel (IPSec) inside the telco network to an IPSec gateway. We were working with Juniper boxes at the time. From there, the tunnels are broken out to the various law enforcement offices that have open warrants. One goes to the FBI, one to NYPD, etc. The entire internal network was GbE for the nodes and 10 GbE for trunks. Again, good luck DDoSing that.

        Tunnels to the various LEOs varied in size depending on the size of the department and how many active warrants they had. A minimum of 1.54 Mbps, IIRC. Pipes to the FBI in Quantico, LAPD, NYPD and a couple others were larger by default.

        • Re: (Score:1, Informative)

          by Anonymous Coward

          The entire internal network was GbE for the nodes and 10 GbE for trunks. Again, good luck DDoSing that.

          Exactly.

          The theory is that there is only a single 64k data channel from the Telco to the law enforcement agency. 64kbps is the amount of data assumed for a single voice call, so to say that they installed these things with the ability to only tap ONE phone call at a time is a little naive IMHO. More than likely they have been running full PRI trunks or loading it onto a nice fat fiber pipe for some time.
          In any case, it's actually a fairly moot point, because as long as you're saturating the 64k connection f

    • Re:Buffering... (Score:4, Interesting)

      by starfishsystems ( 834319 ) on Thursday November 12, 2009 @03:10PM (#30078042) Homepage
      I developed a similar system. This particular product is not restricted to voice, but supports any network device which can mirror its packet traffic.

      Under its present interpretation, CALEA applies to any sort of subscriber data. If law enforcement can clearly identify the subscriber and the intercept period, the network provider is obliged to supply all data carried for that subscriber during that period. That could be your voice traffic or web browsing or email or whatever. The plant has to be engineered accordingly, but that's essentially a capacity issue.

      On the other hand, it's important to note that there is no obligation upon the provider to interpret the supplied data. Such an obligation would be unreasonable and unenforceable. Instead, law enforcement is basically getting a raw PCAP file.

      I'll tell you what I found to be the most interesting aspect of this project. There is very strict language in CALEA against intercepting data except for the specified subscriber during the specified period. Of course we were careful to implement controls over that. But until I insisted on the point, nobody even considered that we might want to have controls to verify that the intercept request came from a bona fide court and that the intercept data would be sent to a bona fide law enforcement agency.
      • Re:Buffering... (Score:4, Informative)

        by chill ( 34294 ) on Thursday November 12, 2009 @03:52PM (#30078686) Journal

        Well, the company's lawyers got the FBI to sign off on the voice buffering bit, and yes it was mostly a capacity issue. Whether that'll change in the future is up to whether or not the gov't decides to pay for it. I think that was the main argument. "You want HOW MUCH DATA buffered? Excuse us while we break out the BIG calculator to prepare you a quote."

        No, we weren't interpreting data. Raw XML was passed over for control and signal data, and voice was sent as a raw codec stream. The codec was from Qualcom, and we did have to assist in making sure the FBI could receive and decode it properly. Only the FBI needed the help because they wrote their own code. All the other LEOs used off the shelf software from Qualcom.

        For a while, I had a laptop that could inject requests into the stream -- bypassing the warrant step -- create an arbitrary IPsec tunnel and feed a raw stream of XML+voice to any IP of my choosing. I used to work at the hotel at night debugging call data. We had a microcell network set up in one of the suites.

        Educational stuff.

    • by Kodack ( 795456 )

      Yes the data is buffered in several places but the voice is sent out to PSTN via a 3way calling feature of the DMS. Interrupting the voice portion of the call is possible just like war dialing to overload a phone number is possible. But that assumes they know the LEA's number to call, that they have enough skype bots to do it, and that the intercept target is only going to 1 phone number.

      A typical intercept involves several agencies and sometimes voice is sent to an agents cellphone as well. You can't be su

      • by chill ( 34294 )

        Not in this case. I was working on a cell network and it was 100% VoIP inside, outside and upside down. All the handsets had IPs as well as phone numbers. The link to the LEA was an IPsec tunnel from a Juniper VPN Concentrator to an IPSec-enabled endpoint at the LEA's office. PSTN has nothing to do with it. No, you CAN'T wardial it because it isn't a phone switch.

    • Good luck DDoSing a major telco switching office.

      That would take what? 10 Gbps?

      Believe me that is relatively easily doable. If you're highly motivated it would be much easier.

  • by dijjnn ( 227302 ) <<ude.ogacihcu.sc> <ta> <samohtwb>> on Thursday November 12, 2009 @02:29PM (#30077352)

    New best way to get your funding cut: publish a paper that outlines a way to use DDOS to hinder a federal investigation. Old best: come out of the closet & join the communist party.

    • Nah, I think joining this group [radiantempire.com] still beats that.

      (In case you're unsure: The tolerance and understanding part is the objectionable part. ;)

  • by Slightly Askew ( 638918 ) on Thursday November 12, 2009 @02:32PM (#30077408) Journal

    "...if the connection between the switches and law enforcement are overwhelmed with useless data, something known as a denial of service (DOS) attack...

    This just in, arrest warrants issued for 92% of American females between the ages of 12 and 17.

    • by The Evil Couch ( 621105 ) on Thursday November 12, 2009 @04:18PM (#30079092) Homepage
      Oh good. They've finally made reading Twilight a crime.
    • by citab ( 1677284 )

      "...if the connection between the switches and law enforcement are overwhelmed with useless data, something known as a denial of service (DOS) attack...

      This just in, arrest warrants issued for 92% of American females between the ages of 12 and 17.

      hmf! Try 12 and 97!!

    • This just in, arrest warrants issued for 92% of American females between the ages of 12 and 17.

      Well, such a warrant would be a great DDoS on law enforcement as a whole, wouldn't it? So one could argue that the teenagers won the battle...

  • ....In fact, wiretaps could probably be rendered useless if the connection between the switches and law enforcement are overwhelmed with useless data....

    Is it me or does this kinda read as: "If there is nothing useful going through the line, there is nothing to tap". Well no shit. If the caller can't complete the call or communicate with the person on the other end because of system overload, guess what, you won't be able to gather anything because the conversation never happened.
  • ...sort of off-topic, but something I mention to my geek friends out of work: the black market of crime has endless jobs available for you.

    Go into any barbershop in a shadier part of town and while you're getting a fantastic $12 haircut, mention to the oldest barber that you are working on security consulting to help people avoid getting into trouble with the law, especially in regards to keeping phone calls and information private.

    At $150 a pop to "consult" with a man in a nice suit, you can easily remind him that his phone and laptop aren't secure, even offer him advice on what he can do and what he can buy to keep his tracks concealed better.

    In reality, though, wiretaps aren't as important as having a good crew under you. A large percentage of black market consultants find themselves in jail because of the stool pigeon, not because of the wiretap information.

    • Go into any barbershop in a shadier part of town and while you're getting a fantastic $12 haircut, mention to the oldest barber that you are working on security consulting to help people avoid getting into trouble with the law, especially in regards to keeping phone calls and information private.

      I don't know, there aren't a whole lot of trees here, I'm going to have a hard time identifying the "shadier" part of town.

      At $150 a pop to "consult" with a man in a nice suit, you can easily remind him that his phone and laptop aren't secure, even offer him advice on what he can do and what he can buy to keep his tracks concealed better.

      A cheaper suit for starters.

      • I don't know, there aren't a whole lot of trees here, I'm going to have a hard time identifying the "shadier" part of town.

        If your town has a large selection of restaurants instead of trees, perhaps you can find the more unsavory parts of town?

    • by dougmc ( 70836 )

      At $150 a pop to "consult" with a man in a nice suit, you can easily remind him that his phone and laptop aren't secure, even offer him advice on what he can do and what he can buy to keep his tracks concealed better.

      I like the idea, but what happens when he gets nabbed anyways, because he fell for something that seemed so trivial you didn't even mention it. (Or any other a number of scenarios that may or may not be your fault.)

      Then he (or Guido) comes looking for you, once he's out of jail? Or the police come looking for you, his accomplice ...

      I imagine it's lucrative, but sounds risky.

      • So what you want to say is that he, unlike most consultants, would actually risk something if his advice isn't up to speed? Sounds like honest money to me. Unlike with most consultants...

    • "At $150 a pop to "consult" with a man in a nice suit, you can easily remind him that his phone and laptop aren't secure, even offer him advice on what he can do and what he can buy to keep his tracks concealed better."

      You better be giving him some damn good advice, or you might end up with some broken kneecaps if you're lucky, getting fished out of the river with cement shoes if not.
  • by jonaskoelker ( 922170 ) <(moc.oohay) (ta) (rekleoksanoj)> on Thursday November 12, 2009 @02:47PM (#30077608)

    Here's a bit of background the /. editors didn't give you.

    If you take a 2-second look at the paper (the pdf link in the summary), you see Matt Blaze's name.

    He's been doing other work on making law enforcement wiretapping not work. For instance, go to http://www.usenix.org/events/sec06/tech/ [usenix.org] and search the page for "Blaze"; you should find his talk (http://www.usenix.org/events/sec06/tech/mp3/blaze.mp3) and the Q&A session.

    He also gave essentially the same talk as the first (under a different title) at http://www.usenix.org/event/lisa05/tech/ [usenix.org] (again, search the page for "Blaze" or go straight to http://www.usenix.org/event/lisa05/tech/mp3/blaze.mp3 [usenix.org]).

    He also spoke at hotsec06, http://www.usenix.org/events/hotsec06/tech/ [usenix.org], with no recorded mp3, and at an e-voting panel, http://www.usenix.org/events/sec07/tech/ [usenix.org].

    As you might infer, this isn't the first time Mr. (Dr.?) Blaze has been studying wiretapping (or other security issues). He's also quite a good, entertaining speaker. I recommend giving him a listen.

    The short story (from the usenix talks): press the "C" key on your old 4x4-keypad phone. That's the in-band signal (doh!) used by law enforcement to mean "don't record now". Or, look up the tone frequency, then play it back at a much lower volume with a tone generator (your laptop might do) so it's more comfortable to talk over.

    • Re: (Score:3, Insightful)

      by coolsnowmen ( 695297 )

      What would that signal even exist? So that law enforcement could break the law by phone and not get caught?

      • [Why] would that signal even exist?

        Phone wiretap warrants are on people, not telephones. If you borrow my phone and the police is wiretapping me, they're not allowed to record any of your conversation (except they can listen in something like two seconds every minute to check it's still someone other than me talking).

        That might serve as one motivation. The real answer is that they didn't understand the "Don't trust the client" principle. Especially don't trust your clients if you suspect them to be criminals... oh well.

    • by dougmc ( 70836 )
      My old 4x4 keypad phone doesn't have a C key. Or do you mean the 2 key? Or * or #?

      And a minor nit -- each key doesn't emit one tone. It emits two tones -- one based on the horizontal location of the button and the other based on the vertical location of the button. If I recall correctly. (I imagine you know that already, however.)

      I guess I could go find his paper ...

      • by AJWM ( 19027 ) on Thursday November 12, 2009 @03:46PM (#30078598) Homepage

        My old 4x4 keypad phone doesn't have a C key.

        Probably because it's only a 3x4 keypad phone. You want a keypad like this [futurlec.com], the C is on the same row as the 7, 8 and 9.

        You may also want to review your counting skills. ;-)

        • Funny, my 4x4 keypad phone has 4 buttons labeled "Flash Override, Flash, Immediate, and Priority". I've never seen one with ABCD listed. You sure that isn't just some part for hobbyists?
      • by taniwha ( 70410 )
        the standard has 4 possible tones for each of the 2 dual-tones - one of those 8 tones is not used on a 4x3 keypad but is used for signaling (you phone sends it when it receives caller ID for example) those missing tones from the real 4x4 matrix are named A B C and D
      • Count your columns again. :-)

        The term 4x4 used here indicates the number of rows and columns on phone technician devices or specialty home-made phreaking tools...

      • each key doesn't emit one tone. It emits two tones -- one based on [each of row and column]

        That is indeed correct; it's also known as DTMF---dual tone multiple frequency. I think I meant to say something about that. Now I wonder why I didn't.

        Thanks for pointing this out, though! :)

    • Re: (Score:1, Funny)

      by Anonymous Coward

      It's a trap! That button actually STARTS the wiretap already placed on your phone. It's intended specifically to catch people who are trying to avoid law enforcement noticing their activities.

    • All this talk of 3x3's and 4x4's is making me hungry [flickr.com]!
    • What, no whistle included in a box of cereal?
    • The entire A,B,C,D column is @ 1633hz. Ergo, the 'C' key is 1633 Hz (column) + 852 Hz (row) -- two tones because of the D (dual) in DTMF. The full list is available here. [tech-faq.com]

  • Stupid (Score:3, Insightful)

    by Chicken_Kickers ( 1062164 ) on Thursday November 12, 2009 @02:55PM (#30077790)
    If spies/criminals/terrorists/politicians are stupid enough to use plain language over the phone to plan their dastardly deeds, then they deserve to be put into prison.
    • Re: (Score:1, Offtopic)

      If spies/criminals/terrorists/politicians are stupid enough to use plain language over the phone to plan their dastardly deeds, then they deserve to be put into prison.

      Indeed. And remember, Mary had a little lamb, the cow jumped over the moon, but most of all, I did it my way.

    • Re:Stupid (Score:4, Insightful)

      by Hurricane78 ( 562437 ) <deleted&slashdot,org> on Thursday November 12, 2009 @03:15PM (#30078116)

      Only a total retard would still think, that the point if this wiretapping is to catch criminals.

    • by mi ( 197448 )

      if spies/criminals/terrorists/politicians are stupid enough to use plain language over the phone to plan their dastardly deeds, then they deserve to be put into prison.

      I'd like to point out, that of the four groups you listed, the criminals and the terrorists deserve to be put into prison (or worse) regardless of whether they use plain language. Same applies to spies, unless they work for our side.

      Politicians planning dastardly deeds get little sympathy too...

    • I've seen supposed wiretap transcripts on news sites and such that I guess were released during the trial. Most of the time the criminals ARE using code words, it's just, you know, not real hard to figure out that your terror suspects aren't really opening a hair salon, and therefore probably aren't ordering 300 'bottles' of 'conditioner' that are 'guaranteed to go off'.

  • A couple things... (Score:5, Informative)

    by mea37 ( 1201159 ) on Thursday November 12, 2009 @02:59PM (#30077858)

    ...for those who didn't RTFA:

    First, this apparently applies to VoIP systems and cell phones, not analog land lines.

    Second, it is not a DDoS attack, as the headline claims. It is a DoS attack, though. That extra D means "distributed" and refers to situations where you bring many computers (say, a botnet for example) to the party so that your cumulative traffic-generation ability exceeds your target's capacity. Those techniques are not in play here. I guess Internet-based distributed attacks have become so common that people don't bother knowing what the acronyms really mean anymore.

    The channel you're trying to flood is a 64kbps data link between the phone company's switch and the law enforcement equipment. That is to say, the spec calls for 64kbps - so you don't really know if they have more than that in implementation. The idea is that if you program your system to rapidly make useless connections (such as text messages to random numbers) then you can flood this link and the equipment will lose track of the metadata describing an important message you send along during the flood. "Rapid" is on the order of 40 text messages per second; maybe you can program your equipment to do that.

    They have not been able to test this attack in practice, and they're making assumptions - some of which I doubt - about what the result would be. Seems like a lot of trouble to go to for the chance that maybe there'll be a random probability that the call you care about doesn't get logged - and even then you won't know after the fact whether it worked. Anyone who takes communications security seriously enough to apply that much effort, will apply it to doing something more certain to work.

    • Re: (Score:3, Informative)

      by Tmack ( 593755 )

      ...for those who didn't RTFA:

      First, this apparently applies to VoIP systems and cell phones, not analog land lines....

      VoIP and Cell systems are packetized data, just like normal analog phones are once they get to an RT or CO (read up on SS7). Most cell towers have VoIP connections back to a CO somewhere, and VoIP terminating on the POTS network first has to be converted to normal SS7 packetized traffic. This means the wire tap is tapping actual data packets from the SS7 channel (hence the mention of "only" 64kbps, which is actually a full ds0, same as a normal analog line). The attack mentioned (going from the way the summ

      • by mea37 ( 1201159 )

        All well and good, except that the attack you are describing is not what the article describes the researchers doing.

        I guess that's what happens when you respond to someone who read TFA with an assessment based on "the way the summary presented it".

    • That's an analog landline convention. They are talking about 3G which isn't getting to the world the same way a voice call would so there are no channels like there would be for say an analog call at 64kbps trunking and SS7 sent via a signaling link.

      I think if you sent so much information you saturated your available bandwidth that any messages not picked up by CALEA also would fail to be delivered. I don't know what 'device' they picked up to do this testing since CALEA is a standard not a box. But I'm gue

      • by mea37 ( 1201159 )

        Everyone seems to be jumping on the 64kbps number and assuming it refers to some piece of the system they're familiar with. Yet what TFA describes doesn't sound like the same thing to me. I'd be unsurprised to find that the 64kbps number looks familiar because they picked it to conform to what other pieces of the system are doing.

        In any case, they did not find flaws in some specific box they tested against. If you RTFA, you'll fnid that they specifically are addressing flaws they've inferred from the spe

  • by Anonymous Coward

    . . . if once you have the evidence you don't do anything with it, ala Nidal Hasan?

    I know the foundations of our legal system lie stem from the formerly great British Empire, but there's no reason why we have to follow them into becoming a pussified police state that spends more time acting like a nanny than a great power.

  • Encryption (Score:2, Interesting)

    by iamacat ( 583406 )

    Eventually, nobody will care about this because all communications will be encrypted end-to-end and wiretaps will be useless. Attempts to outlaw that would result in only criminals having encryption and honest people falling victim to wiretaps by criminals and foreign governments. Besides there are many ways to make encryption not look like encryption.

    This is quite all right for law enforcement, as many new ways to breach people's privacy are emerging at the same time - RFIDs, GPS phones, new hackable devic

    • by mi ( 197448 )

      Eventually, nobody will care about this because all communications will be encrypted end-to-end and wiretaps will be useless.

      Unless Obama (or some future President) is more successful with the future incarnation of Clipper [wikipedia.org], than Bill Clinton was.

      Attempts to outlaw that would result in only criminals having encryption ...

      Encryption really is so much like weaponry, that your statement — and its accuracy — are the same as "If guns are outlawed, only outlaws will have guns." Does not stop the politi

      • by iamacat ( 583406 )

        Encryption really is so much like weaponry, that your statement -- and its accuracy -- are the same as "If guns are outlawed, only outlaws will have guns." Does not stop the politicians from trying, though...

        If even 10% of encryption software owners use the product to kill defenseless civilians, or if accidents with a 5 year old boy finding a PGP CD-ROM in dad's drawer and accidentally killing his 3 year old system are widespread, I would certainly support strict licensing requirements and usage restrictions on encryption.

        • If even 10% of encryption software owners use the product to kill defenseless civilians, or if accidents with a 5 year old boy finding a PGP CD-ROM in dad's drawer and accidentally killing his 3 year old system are widespread, I would certainly support strict licensing requirements and usage restrictions on encryption.

          It's unlikely to reach even 0.01%, since almost every browser and email program supports encryption. Every time you conduct a transaction over https, you're using encryption. Same for email login using TLS, and possibly also for accessing your home wireless network. http://en.wikipedia.org/wiki/Https [wikipedia.org]

          Your proposal for restricting encryption is presumably made from ignorance. It would greatly hinder online banking, online shopping, or anything else requiring secure login or identification. Even a slashdot

          • by iamacat ( 583406 )

            So can you support the same 0.01% number regarding guns? I seldom use a gun while banking or shopping, but I guess your millage may vary.

    • by Idbar ( 1034346 )
      Also that implies that all the voice communications pass through some sort of entity. Couldn't just happen that you use your own asterisk server at home, and use some private extensions for calls you don't want to be listened?

      Enough proxies and encryption makes me think that system may be useless or just oriented to plain people and not the ones the government should really be worried about.
    • nobody will care about this because all communications will be encrypted end-to-end and wiretaps will be useless

      Useless? I think not. Just because the message is encrypted doesn't mean the calling and receiving party information isn't useful.

      I work for the FBI and see that Special Agent Trusted Dude makes an encrypted phone call to Known Terrorist...

      I work for the CIA and see that Dr. Intelligence Specialist made an encrypted call to Comrade Foreign Agent...

      I work for the DEA and see that Mr. Fine Upstand

  • by Kodack ( 795456 ) on Thursday November 12, 2009 @03:33PM (#30078384)

    The fact that these researchers worked off of the standard for delivery compliance aka CALEA, has given them the false impression that all they need to do prevent a wiretap is to overload the connection between the agency and the DMS (the switch your call goes through).

    What the J standard does not go into is the fact that at every step of the way there are checks to determine if data can be sent. If it cannot then it is stored until it is able to be sent. It is not uncommon for connections in the IP realm to come up and down so the system can buffer them both at the DMS, as well as at several points inbetween through the various offboard devices in the chain. Typically the data makes 2 stops between the DMS and the LEA.

    This is strictly for the data portion of the call, IE dialed digits, in the wirless world it would include MMS/SMS, GPRS, etc.

    The voice portion of the call is trunked from the DMS to the PSTN via a 3 way calling feature with 1 way audio. It basically dials the LEA's recording equipment every time the target makes a call, their equipment will record automatically when it answers the phone, like an answering machine. However the voice portion doesn't always have to go to a LEA. It can be configured to go to several phone numbers such as an agents mobile phone, a recording device, or other 3rd party.

    Now you could overload the agencies recording equipment if you knew what number to dial using a war dialer type of attack, but that would lead authorities to your door and it would not prevent other agencies and other monitoring centers from receiving that same data. Most bench warrants will have several involved agencies each receiving intercepts from a single target.

    Suffice to say that if you have a tap on your phone, it's going to get to the LEA and there isn't much you can do about it.

  • Great paper. Cisco is also nice enough to write up about their "Lawful" Intercept products. For example, in Configuring Lawful Intercept Support [cisco.com], they kindly warn the end-user that "To maintain VXSM performance, lawful intercept is limited to no more than 60 active calls." Thanks for the suggestion!
  • What is it lately with people using precise terms with only vague ideas about what they actually mean? Is this a side-effect of H1N1 or something?

    I mean, here we have someone talking about something an individual does all by themselves with one device, calling it a "distributed denial of service attack", when there's nothing "distributed" about it and it's just a denial of service attack.

    In other contexts, we have people talking about Blizzard's new selling of in-game WoW pets for $10 a pop, calling that a

    • Chillax broham.

      I believe they are talking about VOIP using the 3g side of their sprint phones. IE making a skype call over their wireless data. Assuming for a moment that Skype and other service providers don't have a CALEA setup (they are legally required to as they offer telecomm services and must comply with bench warrants), the fact is that any warrant on the targeted mobile would also capture all data. If one device were overloaded it would buffer until it was able to be sent.

      CALEA is bomb proof in the

  • I'm not sure that our average dumba$$ criminal out there would be thinking of this or as they article says, opt for encrypted Skype.

    For every mechanism the government tries to put into place to interdict in calls, there's always a way around it. In this case
    I'm not completely sure what the attack is, other than attack the control channel for signaling the surveillance system. Why not
    just capture all of the traffic and filter later, ala Echelon?

    • "I'm not sure that our average dumba$$ criminal out there would be thinking of this"

      Fun fact: you can write the word "ass" on Slashdot and they won't censor you. Or if you're that averse to the word in the first place, choose a different fucking word.

      • fornicate? copulate? screw? Is that better?

        It's not a question of incorrect word choice.
        Some of us live behind servers and systems, depending upon where we are at the time, that try to enforce political correctness, that's why we use terms like dumba$$. That way we don't have "tisk tisk" meetings with the dumba$$ boss. ;-)

  • 1. Criminals smart enough to even understand what this issue is about are probably smart enough to do something useful with their lives

    2. Otherwise if they are that smart and still engaged in crime, they're probably involved in major organized crime, in which case they already know (or should know) that wiretaps are a possibility so this brings nothing new to the table.

    3. Law enforcement is probably going to notice (at some point) that their systems are getting jacked with and the reaction will not be a mel

    • by PPH ( 736903 )

      3. Law enforcement is probably going to notice (at some point) that their systems are getting jacked with and the reaction will not be a mellow one.

      Or they are going to switch to a more capable technology.

      If you suspect that law enforcement is monitoring you, the best thing you can do is to make them think that their tap is in place and working just fine. Then you use an alternate communications channel. That keeps them busy listening to your calls about picking up a gallon of milk on the way home, or taking the kids to soccer practice. Instead of putting in a better bug.

You know you've landed gear-up when it takes full power to taxi.

Working...