Fooling a wiretap

[marykmusic]

No, I haven't tried it yet, but here's the story on it: <!--EZCODE LINK START--><a href="http://www.crypto.com/papers/wiretapping/" target="top">Signaling Vulnerabilities in Wiretapping Systems </a><!--EZCODE LINK END--><br><br>Some stuff: <br><br><!--EZCODE ITALIC START--><em>We found exploitable vulnerabilities present in virtually all analog "loop extender" wiretap systems and in at least some systems based on the newer J-STD-025A CALEA interfaces. The vulnerabilities arise from the use of unsecured "in-band" signals that can be spoofed or manipulated by an interception target via his or her own telephone line. <br><br>In the most serious countermeasures we discovered, a wiretap subject superimposes a continuous low-amplitude "C-tone" audio signal over normal call audio on the monitored line. The tone is misinterpreted by the wiretap system as an "on-hook" signal, which mutes monitored call audio and suspends audio recording. Virtually all conventional analog loop extender interception systems appear to be vulnerable to this countermeasure. CALEA systems that implement backward compatibility features requested by the Justice Department in 1999 are vulnerable as well. Audio examples (in MP3 format) of a wiretap subject employing C-tone countermeasures can be found below. <br><br>Loop extender systems are susceptible to other countermeasures as well. In particular, a subject can employ a simple computer-aided dialing procedure (which we call "confusion/evasion dialing"<!--EZCODE EMOTICON START ;) --><img src=http://www.ezboard.com/images/emoticons/wink.gif ALT=";)"><!--EZCODE EMOTICON END--> that prevents the dialed outgoing telephone numbers from being recorded accurately by the tap. Wiretap subjects can also falsely indicate the ending times for calls they make and receive and can inject false records of outgoing and incoming calls (appearing to be to or from any numbers they choose) into pen register logs. <br><br>Our analysis was based entirely on information obtained from published sources and equipment purchased openly in the retail and surplus markets. It is therefore possible (and perhaps even likely) that similar countermeasures have already been discovered and actively employed by motivated wiretap targets, e.g., in organized crime. Currently fielded telephone interception systems should be evaluated with respect to these vulnerabilities and re-configured or modified where possible to reduce their susceptibility. In addition, the possibility of these or similar countermeasures should be considered in analyzing previously collected wiretap evidence and intelligence.</em><!--EZCODE ITALIC END--> <br><br>Of course, "they" probably know all about this... --MaryK <p></p><i></i>