DPL-Surveillance-Equipment.com

These are new product announcements from my main website (Open 24/7/365). We have a life-time warranty / guarantee on all products. (Includes parts and labor). Here you will find a variety of cutting-edge Surveillance and Security-Related products and services. (Buy/Rent/Layaway) Post your own comments and concerns related to the specific products or services mentioned or on surveillance, security, privacy, etc.

Tuesday, March 07, 2006

How to Evade a Wiretap





The technology used for decades by law enforcement agents to wiretap telephones has a security flaw that allows the person being wiretapped to stop the recorder remotely, according to research by computer security experts who studied the system. It is also
possible to falsify the numbers dialed, they said.

Someone being wiretapped can easily employ these "devastating countermeasures" with off-the-shelf equipment.

PROFESSIONAL
WIRE TAP DETECTOR


This has implications not only for the accuracy of the intelligence that can be obtained from these taps, but also for the acceptability and weight of legal evidence derived from it.

A spokeswoman for the F.B.I. said "we're aware of the possibility" that older wiretap systems may be foiled through the techniques described in the paper. Catherine Milhoan, the spokeswoman, said after consulting with bureau wiretap experts that the vulnerability existed in only about 10 percent of state and federal wiretaps today.

"It is not considered an issue within the F.B.I.," Ms. Milhoan said.

According to the Justice Department's most recent wiretap report, state and federal courts authorized 1,710 "interceptions" of communications in 2004.

To defeat wiretapping systems, the target need only send the same "idle signal" that the tapping equipment sends to the recorder when the telephone is not in use. The target could continue to have a conversation while sending the forged signal.

The tone, also known as a C-tone, sounds like a low buzzing and is "slightly annoying but would not affect the voice quality" of the call. It turns the recorder right off.

The paper can be found at http://www.crypto.com/papers/wiretapping.

The flaw underscores how surveillance technologies are not necessarily invulnerable to abuse, a law enforcement expert said.

"If you are a determined bad guy, you will find relatively easy ways to avoid detection," "The good news is that most bad guys are not clever and not determined. We used to call it criminal Darwinism."

A professor of computer science at Johns Hopkins University and technical director of the Hopkins Information Security Institute, called the technique "exceedingly clever" - particularly the part that showed ways to confuse wiretap systems as to the numbers that have been dialed. The professor added, however, that anyone sophisticated enough to conduct this countermeasure probably had other ways to foil wiretaps with less effort.


Not all wiretapping technologies are vulnerable to the countermeasures, the most vulnerable are the older systems that connect to analog phone networks, often with alligator clips attached to physical phone wires. Many state and local law enforcement agencies still use those systems.

More modern systems tap into digital telephone networks and are more closely related to computers than to telephones. Under a 1994 law known as the Communications Assistance for Law Enforcement Act, telephone service providers must offer law enforcement agencies the ability to wiretap digital networks.

ADVANCED TRANSMITTER
(BUG) DETECTOR


But in a technology twist, the F.B.I. has extended the life of the vulnerability. In 1999, the bureau demanded that new telephone systems keep the idle-tone feature for recording control in the new digital networks, which are known as Calea networks because of the abbreviation of the name of the legislation.

The Federal Communications Commission later overruled the F.B.I. and declared that providing the idle tone was voluntary. The researchers' paper states that marketing materials from telecommunications equipment vendors show that the "C-tone appears to be a relatively commonly available option."

When the researchers tried the same trick on newer systems that were configured to recognize the C-tone, it had the same effect as on older systems, they found.

Ms. Milhoan of the F.B.I. said that the C-tone feature could be turned off in the new systems and that when the bureau tested the method on machines with the function turned off, the effect was "negligible."


"We were aware of it, we dealt with it, and we believe Calea has addressed it," she said.

The research was financed by the National Science Foundation's Cyber Trust program, which is intended to promote computer network security.

The security researchers discovered the new flaw while doing research on new generations of telephone-tapping equipment.

WIRELESS CAMERA FINDER

In their paper, the researchers recommended that the F.B.I. conduct a thorough analysis of its wiretapping technologies, old and new, from the perspective of possible security threats, since the countermeasures could "threaten law enforcement's access to the entire
spectrum of intercepted communications."

There is some indirect evidence that criminals might already know about the vulnerabilities in the systems, because of "unexplained gaps" in some wiretap records presented in trials.

Vulnerabilities like the researchers describe are widely known to engineers creating countersurveillance systems.




"The people in the countersurveillance industry come from the surveillance community," "We know what is possible, and our equipment needs to be comprehensive and needs to counteract any form of surveillance."







DPL-Surveillance-Equipment.com

Phone: (1800) 548-2939 Ext. 01
Local: (818) 344-3742
Fax (775) 249-9320

Monty@DPL-Surveillance-Equipment.com

MSN
MontyHenry@Earthlink.net

AOL Instant Messenger
DPLSURVE32

Skype
Montyl32

Yahoo Instant Messenger
Montyl32

Alternate Email Address
montyl32@yahoo.com

Join my Yahoo Group!

My RSS Feed

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

<< Home