Denial-of-Service Attack Against CALEA
The researchers say they’ve found a vulnerability in U.S. law enforcement wiretaps, if only theoretical, that would allow a surveillance target to thwart the authorities by launching what amounts to a denial-of-service (DoS) attack against the connection between the phone company switches and law enforcement.
[…]
The University of Pennsylvania researchers found the flaw after examining the telecommunication industry standard ANSI Standard J-STD-025, which addresses the transmission of wiretapped data from telecom switches to authorities, according to IDG News Service. Under the 1994 Communications Assistance for Law Enforcement Act, or Calea, telecoms are required to design their network architecture to make it easy for authorities to tap calls transmitted over digitally switched phone networks.
But the researchers, who describe their findings in a paper, found that the standard allows for very little bandwidth for the transmission of data about phone calls, which can be overwhelmed in a DoS attack. When a wiretap is enabled, the phone company’s switch establishes a 64-Kbps Call Data Channel to send data about the call to law enforcement. That paltry channel can be flooded if a target of the wiretap sends dozens of simultaneous SMS messages or makes numerous VOIP phone calls “without significant degradation of service to the targets’ actual traffic.”
As a result, the researchers say, law enforcement could lose records of whom a target called and when. The attack could also prevent the content of calls from being accurately monitored or recorded.
The paper. Comments by Matt Blaze, one of the paper’s authors.
Clive Robinson • November 20, 2009 8:02 AM
@ Bruce,
“if only theoretical, that would allow a surveillance target to thwart the authorities”
Hmm “theoretical” is not the way I would put it the simple answer is it is actually a real problem that the authorities already have in a number of juresdictions (ie there is a limit on bandwidth thus simultanious targets).
The real question is the possability of explotation by those under watch.
As the old saying goes,
“A quart into a pint pot will not go”
Thus at the simplest level it only requires too many simultanious target activities on a single switch for the wire tap channel to be blocked.
However for pen and tap there is a work around in that the CO records all of the information for billing purposes and as Matt notes this info is usually of more interest in the long term.