A study published in the November/December 2005 issue of IEEE Security and Privacy shows that many wiretapping systems used by law enforcement agencies are vulnerable to countermeasures that may be employed by the target of the wiretap.
The analysis found vulnerabilities in widely fielded interception technologies that are used for both “pen register” and “full audio” (Title III / FISA) taps. The vulnerabilities allow a party to a wiretapped call to disable content recording and call monitoring and to manipulate the logs of dialed digits and call activity. These countermeasures do not require cooperation with the called party, elaborate equipment, or special skill. . . .
We found exploitable vulnerabilities present in virtually all analog “loop extender” or “dialup slave” wiretap systems and in at least some systems based on the newer J-STD-025A CALEA interfaces. These systems depend on unsecured “in-band” signals that can be spoofed or manipulated by an interception target via his or her own telephone line. — Signaling Vulnerabilities in Wiretapping Systems
It’s true. With some simple equipment you can find or build from parts from any Radio Shack, you too can evade many wiretapping systems. It’s not only possible to confuse a dialed number recorder (DNR) into reporting the wrong digits dialed, obscuring the actual digits dialed entirely, it’s possible to cause the wiretapping equipment to completely stop recording audio.
The real kicker, though, is that law enforcement agencies asked for the misfeature which allows targets of wiretapping to disable recording to be carried over into newer CALEA-compliant wiretapping systems.
However, law enforcement isn’t worried.
A spokeswoman for the F.B.I. said “we’re aware of the possibility” that older wiretap systems may be foiled through the techniques described in the paper. Catherine Milhoan, the spokeswoman, said after consulting with bureau wiretap experts that the vulnerability existed in only about 10 percent of state and federal wiretaps today.
“It is not considered an issue within the F.B.I.,” Ms. Milhoan said. — New York Times
That’s right. It’s a non-issue because most wiretaps today are conducted with newer equipment which doesn’t have these specific problems. However, like any computer system, they’re likely to have other problems which criminals can exploit, which haven’t yet been made public.
And therein lies the danger. Security through obscurity is not workable. What do criminals know about these new wiretapping systems, and how many of them are exploiting the inevitable problems?
(Hat tip to Bruce Schneier.)
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works license.
Video published by this site is licensed under a Creative Commons Sampling+ license.
Bad Behavior has blocked 3475 access attempts in the last 7 days.
Facebook
Digg
del.icio.us
reddit.com
Newsvine
Ghost Freeman
Nov 30, 2005
For a second I thought it was the second/third coming of the Blue Box.
Jul 10, 2006
FBI proposes new Internet wiretap requirements - Homeland Stupidity
Chris
Feb 01, 2007
It just proves that STUPID leaders breed
STUPID law inforcement! I’m from England, and
this is SO unsurprising!!!