--- begin forwarded text
Delivered-To: clips@philodox.com
Date: Wed, 30 Nov 2005 13:48:25 -0500
To: Philodox Clips List
From: "R. A. Hettinga"
Subject: [Clips] Matt Blaze: Security Flaw Allows Wiretaps to Be Evaded
Reply-To: rah@philodox.com
Sender: clips-bounces@philodox.com
http://www.nytimes.com/2005/11/30/national/30tap.html?pagewanted=print
The New York Times
November 30, 2005
Security Flaw Allows Wiretaps to Be Evaded, Study Finds
By JOHN SCHWARTZ and JOHN MARKOFF
The technology used for decades by law enforcement agents to wiretap
telephones has a security flaw that allows the person being wiretapped to
stop the recorder remotely, according to research by computer security
experts who studied the system. It is also possible to falsify the numbers
dialed, they said.
Someone being wiretapped can easily employ these "devastating
countermeasures" with off-the-shelf equipment, said the lead researcher,
Matt Blaze, an associate professor of computer and information science at
the University of Pennsylvania.
"This has implications not only for the accuracy of the intelligence that
can be obtained from these taps, but also for the acceptability and weight
of legal evidence derived from it," Mr. Blaze and his colleagues wrote in a
paper that will be published today in Security & Privacy, a journal of the
Institute of Electrical and Electronics Engineers.
A spokeswoman for the F.B.I. said "we're aware of the possibility" that
older wiretap systems may be foiled through the techniques described in the
paper. Catherine Milhoan, the spokeswoman, said after consulting with
bureau wiretap experts that the vulnerability existed in only about 10
percent of state and federal wiretaps today.
"It is not considered an issue within the F.B.I.," Ms. Milhoan said.
According to the Justice Department's most recent wiretap report, state
and federal courts authorized 1,710 "interceptions" of communications in
2004.
To defeat wiretapping systems, the target need only send the same "idle
signal" that the tapping equipment sends to the recorder when the telephone
is not in use. The target could continue to have a conversation while
sending the forged signal.
The tone, also known as a C-tone, sounds like a low buzzing and is
"slightly annoying but would not affect the voice quality" of the call, Mr.
Blaze said, adding, "It turns the recorder right off."
The paper can be found at http://www.crypto.com/papers/wiretapping.
The flaw underscores how surveillance technologies are not necessarily
invulnerable to abuse, a law enforcement expert said.
"If you are a determined bad guy, you will find relatively easy ways to
avoid detection," said Mark Rasch, a former federal prosecutor who is now
chief security counsel at Solutionary Inc., a computer security firm in
Bethesda, Md. "The good news is that most bad guys are not clever and not
determined. We used to call it criminal Darwinism."
Aviel D. Rubin, a professor of computer science at Johns Hopkins University
and technical director of the Hopkins Information Security Institute,
called the work by Mr. Blaze and his colleagues "exceedingly clever" -
particularly the part that showed ways to confuse wiretap systems as to the
numbers that have been dialed. Professor Rubin added, however, that anyone
sophisticated enough to conduct this countermeasure probably had other ways
to foil wiretaps with less effort.
Not all wiretapping technologies are vulnerable to the countermeasures,
Mr. Blaze said; the most vulnerable are the older systems that connect to
analog phone networks, often with alligator clips attached to physical
phone wires. Many state and local law enforcement agencies still use those
systems.
More modern systems tap into digital telephone networks and are more
closely related to computers than to telephones. Under a 1994 law known as
the Communications Assistance for Law Enforcement Act, telephone service
providers must offer law enforcement agencies the ability to wiretap
digital networks.
But in a technology twist, the F.B.I. has extended the life of the
vulnerability. In 1999, the bureau demanded that new telephone systems keep
the idle-tone feature for recording control in the new digital networks,
which are known as Calea networks because of the abbreviation of the name
of the legislation.
The Federal Communications Commission later overruled the F.B.I. and
declared that providing the idle tone was voluntary. The researchers' paper
states that marketing materials from telecommunications equipment vendors
show that the "C-tone appears to be a relatively commonly available option."
When the researchers tried the same trick on newer systems that were
configured to recognize the C-tone, it had the same effect as on older
systems, they found.
Ms. Milhoan of the F.B.I. said that the C-tone feature could be turned off
in the new systems and that when the bureau tested Mr. Blaze's method on
machines with the function turned off, the effect was "negligible."
"We were aware of it, we dealt with it, and we believe Calea has addressed
it," she said.
Mr. Blaze, a former security researcher at AT&T Labs, said he shared the
information with the F.B.I. His team's research is financed by the National
Science Foundation's Cyber Trust program, which is intended to promote
computer network security.
The security researchers discovered the new flaw, he said, while doing
research on new generations of telephone-tapping equipment.
In their paper, the researchers recommended that the F.B.I. conduct a
thorough analysis of its wiretapping technologies, old and new, from the
perspective of possible security threats, since the countermeasures could
"threaten law enforcement's access to the entire spectrum of intercepted
communications."
There is some indirect evidence that criminals might already know about
the vulnerabilities in the systems, Mr. Blaze said, because of "unexplained
gaps" in some wiretap records presented in trials.
Vulnerabilities like the researchers describe are widely known to engineers
creating countersurveillance systems, said Jude Daggett, an executive at
Security Concepts, a surveillance firm in Millbrae, Calif.
"The people in the countersurveillance industry come from the surveillance
community," Mr. Daggett said. "They know what is possible, and their
equipment needs to be comprehensive and needs to counteract any form of
surveillance."
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
_______________________________________________
Clips mailing list
Clips@philodox.com
http://www.philodox.com/mailman/listinfo/clips
--- end forwarded text
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'