[IP] Phreaking the Wiretappers

To: ip@xxxxxxxxxxxxxx
Subject: [IP] Phreaking the Wiretappers
From: David Farber <dave@xxxxxxxxxx>
Date: Tue, 18 Apr 2006 12:44:12 -0400
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
References: <6.2.0.14.2.20060418091629.03ae1ee8@xxxxxxxxxxx>
Reply-to: dave@xxxxxxxxxx



Begin forwarded message:

From: Ross Stapleton-Gray <ross@xxxxxxxxxxxxxxxxxx>
Date: April 18, 2006 12:20:36 PM EDT
To: Dave <dave@xxxxxxxxxx>
Subject: Phreaking the Wiretappers

Matt Blaze et al. on research on methods to compromise wiretaps. Thearticle in Govt Computer News (appended below): http://www.gcn.com/online/vol1_no1/40428-1.htmlThe NSF grant abstract: http://www.nsf.gov/awardsearch/showAward.do?AwardNumber=0524047


Wiretaps vulnerable to phreaking

04/17/06 -- 04:04 PM
By William Jackson,

You can’t always believe what you hear

Researchers at the University of Pennsylvania have found that it isnot at all difficult for bad guys to outwit law enforcement wiretapson their phone lines.

A team of graduate students working with a National ScienceFoundation grant set out to determine just how trustworthy the mostcommon types of telephone wiretaps used by police and intelligenceagencies are, said Professor Matt Blaze.

The results of these taps are accepted uncritically by courts, Blazesaid at the 2006 International Conference on Network Security beingheld in Reston, Va.

“It turns out, it can fail in all sorts of unexpected ways,” he said.“Either party can disrupt a wire tap or introduce misleadinginformation into the legal record.”

The techniques exploit vulnerabilities in the single signaling andaudio channel used in analog telephone systems.

Blaze said the project was an attempt to establish some baselines fornetwork security by assessing how easy it is to conduct reliableeavesdropping on the century-old protocols used in analog voice phonesystems. End-to-end cryptography often is seen as the most certainway to secure a communications channel. But almost nobody uses thatfor voice conversations because of the complexity. And, as it turnsout, it is not necessary.

The most common technology for tapping a phone line is a loopextender, which is a one-way bridge from the target subject’s localloop to the phone line of the listening station. The great majorityof wiretaps are pen register taps, which record only the telephonenumbers dialed by the target and when the calls are made. Only about10 percent of taps actually record the content of calls. Both typesuse the same equipment.

But the caller can game the police equipment by using a notebookcomputer to fine-tune the pulse tones generated to dial a number. Bytuning them properly, the correct numbers will be accepted byswitching equipment at the caller’s central telephone office, buttones often will be misinterpreted on the police equipment, producingmeaningless numbers.

Techniques similar to the old phreaking tricks used to steal longdistance service can be used to turn off a wiretap recorder remotely.A signaling tone can be sent on the line that will fool policeequipment into thinking the phone is back on the hook, causing therecorder to shut off. Blaze played a demonstration tape in which theparticipants were able to continue a conversation after the policeequipment had “hung up.” The same technique can be used to blockpolice equipment from recording the number being dialed and to injecta phony number later.

The 1996 Communications Assistance for Law Enforcement Act requiredvendors to include a wiretap interface in telephone switchingequipment, which would theoretically thwart these tricks. But mostvendors made their switches backward compatible to work with legacyloop extender equipment that police continue to use. Thisreintroduced the same vulnerabilities when using a CALEA interface.


This is an object lesson for software developers, Blaze said.

“We have to [be] careful about how backward compatibility can meancompatibility with old bugs,” he said.

Blaze said there is no concrete evidence that these techniques havebeen used to thwart legitimate wiretaps. But he said court recordsshow that anomalies in recorded conversations often are accepted asinevitable by police and the courts, leaving open the question of howtrustworthy those recordings are.


© 1996-2006 Post-Newsweek Media, Inc. All Rights Reserved.



-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] Smithsonian letter from 200 concerned
Next by Date: [IP] "Computer nerd" hacker could face torture by US Government
Previous by thread: [IP] Smithsonian letter from 200 concerned
Next by thread: [IP] "Computer nerd" hacker could face torture by US Government
Index(es):
- Date
- Thread