Schneier on Security

This would be a result of blindly trusting spy equipment, never questioning whether it can be gaffed.

Trickier still would be steganographic signalling during an apparently innocuous phone call. A 5-minute phone call on a DS0 takes nearly 20 Mb. A very low rate channel using a staggered pattern on the lsb stream, XORed with the bit one place above to mask it with some noise and signal, and then written over the bottom bit -- would be extremely hard to detect, even by automated surveillance. Using a mere 1% of the bit stream to communicate would pass a 24 kB file. Data compression would improve the performance further.

That's awesome. The recorder responds to in-band signals. Reminds me of a Red Box - the device you can use to get free calls from pay phones.

Brilliant example!

For those of you who would like to know what Bob and Alice have been conspiring all these years, listen to the MP3 calls in the article.

And again, we have a government-mandated surveillance system that is easily thwarted, and the most likely people to do the thwarting are those that the system is allegedly designed to monitor. The least likely individuals to bother defeating this system, or even suspect they are being monitored, are average citizens. The government's response to this publication will tell us very clearly whether or not CALEA was really intended to do that which they so fervently insisted it was supposed to do.

Interesting concept, "criminal Darwinism" (sloppy criminals get caught). Now, what we need is law enforcement Darwinism.

I agree with James: the page is worth visting just to listen in and find out about what Alice and Bob have been up to.

But I don't agree with Timmy303: this isn't an "easy" hack. It required a lot of research and knowledge. How many criminal organizations have that much savvy?

Having said that, the high-level threats -- terrorists sponsored by the Iranians, for example, or rich Colombian drug lords -- are likely to evade this surveillance equipment. Which makes me wonder about all sorts of things...

It may have required a lot of research and knowledge to come up with, but it doesn't sound hard to do at all. Just send a tone down the line and it turns the tape off, right?

in-band signaling isn't as big of a problem as it sounds; what is a problem is using well-defined, well-published constant tones for signaling (i.e. the C-tone). AT&T hoped to avoid this dilemma by using non-DTMF tones for signals (e.g. the 2600 Hz for trunk disconnects), but as we all know, security by obscurity is usually worse than none at all. However, instead of using a single tone to signal an end-of-call, the wiretaps could be made to still use in-band signalling if they would just use a set of freqencies, and iterate through them after every call. Better yet would be to use pseudo-random numbers, seeded the same way at the tap and at the law enforcement agency to generate the next frequency.