How To Evade A Wiretap
The technology used for decades by law enforcement agents to wiretap telephones has a security flaw that allows the person being wiretapped to stop the recorder remotely, according to research by computer security experts who studied the system. It is also possible to falsify the numbers dialed, they said. How To Evade A Wiretap
Someone being wiretapped can easily employ these “devastating countermeasures” with off-the-shelf equipment.
This has implications not only for the accuracy of the intelligence that can be obtained from these taps, but also for the acceptability and weight of legal evidence derived from it.
A spokeswoman for the F.B.I. said “we’re aware of the possibility” that older wiretap systems may be foiled through the techniques described in the paper. Catherine Milhoan, the spokeswoman, said after consulting with bureau wiretap experts that the vulnerability existed in only about 10 percent of state and federal wiretaps today.
“It is not considered an issue within the F.B.I.,” Ms. Milhoan said.
According to the Justice Department’s most recent wiretap report, state and federal courts authorized 1,710 “interceptions” of communications in 2004.
To defeat wiretapping systems, the target need only send the same “idle signal” that the tapping equipment sends to the recorder when the telephone is not in use. The target could continue to have a conversation while sending the forged signal.
The tone, also known as a C-tone, sounds like a low buzzing and is “slightly annoying but would not affect the voice quality” of the call. It turns the recorder right off.
The paper can be found at http://www.crypto.com/papers/wiretapping.
“If you are a determined bad guy, you will find relatively easy ways to avoid detection,” “The good news is that most bad guys are not clever and not determined. We used to call it criminal Darwinism.”A professor of computer science at Johns Hopkins University and technical director of the Hopkins Information Security Institute, called the technique “exceedingly clever” – particularly the part that showed ways to confuse wiretap systems as to the numbers that have been dialed. The professor added, however, that anyone sophisticated enough to conduct this countermeasure probably had other ways to foil wiretaps with less effort.
Not all wiretapping technologies are vulnerable to the countermeasures, the most vulnerable are the older systems that connect to analog phone networks, often with alligator clips attached to physical phone wires. Many state and local law enforcement agencies still use those systems.
More modern systems tap into digital telephone networks and are more closely related to computers than to telephones. Under a 1994 law known as the Communications Assistance for Law Enforcement Act, telephone service providers must offer law enforcement agencies the ability to wiretap digital networks.
But in a technology twist, the F.B.I. has extended the life of the vulnerability. In 1999, the bureau demanded that new telephone systems keep the idle-tone feature for recording control in the new digital networks, which are known as Calea networks because of the abbreviation of the name of the legislation.
The Federal Communications Commission later overruled the F.B.I. and declared that providing the idle tone was voluntary. The researchers’ paper states that marketing materials from telecommunications equipment vendors show that the “C-tone appears to be a relatively commonly available option.”
When the researchers tried the same trick on newer systems that were configured to recognize the C-tone, it had the same effect as on older systems, they found.
“We were aware of it, we dealt with it, and we believe Calea has addressed it,” she said.
The research was financed by the National Science Foundation’s Cyber Trust program, which is intended to promote computer network security.
The security researchers discovered the new flaw while doing research on new generations of telephone-tapping equipment.
In their paper, the researchers recommended that the F.B.I. conduct a thorough analysis of its wiretapping technologies, old and new, from the perspective of possible security threats, since the countermeasures could “threaten law enforcement’s access to the entire
spectrum of intercepted communications.”
There is some indirect evidence that criminals might already know about the vulnerabilities in the systems, because of “unexplained gaps” in some wiretap records presented in trials.