Hacking Wiretapping Systems

This is absolutely fascinating research by Matt Blaze on evading telephone wiretapping systems. Here's the paper. Here's a news article.

Posted on November 30, 2005 at 12:13 PM • 12 Comments

Comments

Roy OwensNovember 30, 2005 12:54 PM

This would be a result of blindly trusting spy equipment, never questioning whether it can be gaffed.

Trickier still would be steganographic signalling during an apparently innocuous phone call. A 5-minute phone call on a DS0 takes nearly 20 Mb. A very low rate channel using a staggered pattern on the lsb stream, XORed with the bit one place above to mask it with some noise and signal, and then written over the bottom bit -- would be extremely hard to detect, even by automated surveillance. Using a mere 1% of the bit stream to communicate would pass a 24 kB file. Data compression would improve the performance further.

Jonas GrumbyNovember 30, 2005 1:29 PM

That's awesome. The recorder responds to in-band signals. Reminds me of a Red Box - the device you can use to get free calls from pay phones.

James WalkerNovember 30, 2005 1:57 PM

Brilliant example!

For those of you who would like to know what Bob and Alice have been conspiring all these years, listen to the MP3 calls in the article.

Timmy303November 30, 2005 3:33 PM

And again, we have a government-mandated surveillance system that is easily thwarted, and the most likely people to do the thwarting are those that the system is allegedly designed to monitor. The least likely individuals to bother defeating this system, or even suspect they are being monitored, are average citizens. The government's response to this publication will tell us very clearly whether or not CALEA was really intended to do that which they so fervently insisted it was supposed to do.

Moshe YudkowskyNovember 30, 2005 4:54 PM

But I don't agree with Timmy303: this isn't an "easy" hack. It required a lot of research and knowledge. How many criminal organizations have that much savvy?

Having said that, the high-level threats -- terrorists sponsored by the Iranians, for example, or rich Colombian drug lords -- are likely to evade this surveillance equipment. Which makes me wonder about all sorts of things...

NPNovember 30, 2005 5:07 PM

It may have required a lot of research and knowledge to come up with, but it doesn't sound hard to do at all. Just send a tone down the line and it turns the tape off, right?

pinanoNovember 30, 2005 7:11 PM

in-band signaling isn't as big of a problem as it sounds; what is a problem is using well-defined, well-published constant tones for signaling (i.e. the C-tone). AT&T hoped to avoid this dilemma by using non-DTMF tones for signals (e.g. the 2600 Hz for trunk disconnects), but as we all know, security by obscurity is usually worse than none at all. However, instead of using a single tone to signal an end-of-call, the wiretaps could be made to still use in-band signalling if they would just use a set of freqencies, and iterate through them after every call. Better yet would be to use pseudo-random numbers, seeded the same way at the tap and at the law enforcement agency to generate the next frequency.

scapgoatMarch 7, 2011 5:02 AM

Electronic surveillance due to unknown reason. Mysterious that it can be subscribed so that employer, organizations and others will know about genuine but private and personal and will be gossip with fun? How to stop this non-sense?

residentMarch 7, 2011 5:19 AM

The town/city/borough known as executive town but has more than half of the residents with low average income. Some white arrogant call themselves as community leaders or town patriots have an ability to monitor some whom they hate out of which one being monitored is neither white not black with at least average living standard style, 25-30 years legal residency of town/city but some ethnic characteristics and hypersensitive to heat so she does not stay outdoors in summer like most residents do. Constant monitoring includes where she/her family shopped, how much she spent, the places she/her family is about to visit and visited what is her routine like i.e. if she did not come out and rested at home or did household chores what’s the reason of staying indoors? Is she hiding inside? She has not fought with anyone, has not kept anyone’s money but talks little. The group members (fake community leaders) include who may be newer with short residency than hers. The electronic communication chain will tell the town/city members where they can drive out to see her or stand at some place where she is etc.

unequalMarch 7, 2011 5:23 AM

Can there be a 24/7 monitoring employee or of a city resident and a phone number for a lay public to find out the GENUINE but private information of an innoncet? Who does it, why so, how it happens and how it can be stopped?

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..