[IP] Security Flaw Allows Wiretaps to Be Evaded, Study Finds

To: ip@xxxxxxxxxxxxxx
Subject: [IP] Security Flaw Allows Wiretaps to Be Evaded, Study Finds
From: David Farber <dave@xxxxxxxxxx>
Date: Wed, 30 Nov 2005 06:54:22 -0500
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
Reply-to: dave@xxxxxxxxxx

November 30, 2005

Security Flaw Allows Wiretaps to Be Evaded, Study Finds

By JOHN SCHWARTZ and JOHN MARKOFF

The technology used for decades by law enforcement agents to wiretaptelephones has a security flaw that allows the person beingwiretapped to stop the recorder remotely, according to research bycomputer security experts who studied the system. It is also possibleto falsify the numbers dialed, they said.

Someone being wiretapped can easily employ these "devastatingcountermeasures" with off-the-shelf equipment, said the leadresearcher, Matt Blaze, an associate professor of computer andinformation science at the University of Pennsylvania.

"This has implications not only for the accuracy of the intelligencethat can be obtained from these taps, but also for the acceptabilityand weight of legal evidence derived from it," Mr. Blaze and hiscolleagues wrote in a paper that will be published today in Security& Privacy, a journal of the Institute of Electrical and ElectronicsEngineers.

A spokeswoman for the F.B.I. said "we're aware of the possibility"that older wiretap systems may be foiled through the techniquesdescribed in the paper. Catherine Milhoan, the spokeswoman, saidafter consulting with bureau wiretap experts that the vulnerabilityexisted in only about 10 percent of state and federal wiretaps today.


"It is not considered an issue within the F.B.I.," Ms. Milhoan said.

According to the Justice Department's most recent wiretap report,state and federal courts authorized 1,710 "interceptions" ofcommunications in 2004.

To defeat wiretapping systems, the target need only send the same"idle signal" that the tapping equipment sends to the recorder whenthe telephone is not in use. The target could continue to have aconversation while sending the forged signal.

The tone, also known as a C-tone, sounds like a low buzzing and is"slightly annoying but would not affect the voice quality" of thecall, Mr. Blaze said, adding, "It turns the recorder right off."


The paper can be found at http://www.crypto.com/papers/wiretapping.

The flaw underscores how surveillance technologies are notnecessarily invulnerable to abuse, a law enforcement expert said.

"If you are a determined bad guy, you will find relatively easy waysto avoid detection," said Mark Rasch, a former federal prosecutor whois now chief security counsel at Solutionary Inc., a computersecurity firm in Bethesda, Md. "The good news is that most bad guysare not clever and not determined. We used to call it criminalDarwinism."

Aviel D. Rubin, a professor of computer science at Johns HopkinsUniversity and technical director of the Hopkins Information SecurityInstitute, called the work by Mr. Blaze and his colleagues"exceedingly clever" - particularly the part that showed ways toconfuse wiretap systems as to the numbers that have been dialed.Professor Rubin added, however, that anyone sophisticated enough toconduct this countermeasure probably had other ways to foil wiretapswith less effort.

Not all wiretapping technologies are vulnerable to thecountermeasures, Mr. Blaze said; the most vulnerable are the oldersystems that connect to analog phone networks, often with alligatorclips attached to physical phone wires. Many state and local lawenforcement agencies still use those systems.

More modern systems tap into digital telephone networks and are moreclosely related to computers than to telephones. Under a 1994 lawknown as the Communications Assistance for Law Enforcement Act,telephone service providers must offer law enforcement agencies theability to wiretap digital networks.

But in a technology twist, the F.B.I. has extended the life of thevulnerability. In 1999, the bureau demanded that new telephonesystems keep the idle-tone feature for recording control in the newdigital networks, which are known as Calea networks because of theabbreviation of the name of the legislation.

The Federal Communications Commission later overruled the F.B.I. anddeclared that providing the idle tone was voluntary. The researchers'paper states that marketing materials from telecommunicationsequipment vendors show that the "C-tone appears to be a relativelycommonly available option."

When the researchers tried the same trick on newer systems that wereconfigured to recognize the C-tone, it had the same effect as onolder systems, they found.

Ms. Milhoan of the F.B.I. said that the C-tone feature could beturned off in the new systems and that when the bureau tested Mr.Blaze's method on machines with the function turned off, the effectwas "negligible."

"We were aware of it, we dealt with it, and we believe Calea hasaddressed it," she said.

Mr. Blaze, a former security researcher at AT&T Labs, said he sharedthe information with the F.B.I. His team's research is financed bythe National Science Foundation's Cyber Trust program, which isintended to promote computer network security.

The security researchers discovered the new flaw, he said, whiledoing research on new generations of telephone-tapping equipment.

In their paper, the researchers recommended that the F.B.I. conduct athorough analysis of its wiretapping technologies, old and new, fromthe perspective of possible security threats, since thecountermeasures could "threaten law enforcement's access to theentire spectrum of intercepted communications."

There is some indirect evidence that criminals might already knowabout the vulnerabilities in the systems, Mr. Blaze said, because of"unexplained gaps" in some wiretap records presented in trials.

Vulnerabilities like the researchers describe are widely known toengineers creating countersurveillance systems, said Jude Daggett, anexecutive at Security Concepts, a surveillance firm in Millbrae, Calif.

"The people in the countersurveillance industry come from thesurveillance community," Mr. Daggett said. "They know what ispossible, and their equipment needs to be comprehensive and needs tocounteract any form of surveillance."\


-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] Mac OS X security under scrutiny
Next by Date: [IP] IP Phone Providers Miss E911 Target
Previous by thread: [IP] Mac OS X security under scrutiny
Next by thread: [IP] IP Phone Providers Miss E911 Target
Index(es):
- Date
- Thread