Feds Have a High-Speed Backdoor Into Wireless Carrier

An anonymous reader writes "An unnamed U.S. wireless carrier maintains an unfiltered, unmonitored DS-3 line from its internal network to a facility in Quantico, Virginia, according to Babak Pasdar, a computer security consultant who did work for the company in 2003. Customer voice calls, billing records, location information and data traffic are all allegedly exposed. A similar claim was leveled against Verizon Wireless in a 2006 lawsuit."

Wow!

[stratjakt (596332)]

If some guy said it, it must be true!

Ghorbaneh Shoma

[Jeremiah Cornelius (137)]

Babak, Agha!

CALEA

[jaredmauch (633928)]

It's very likely this is to meet the realtime reporting/relay requirements of the CALEA statue which governs lawful intercept of voice and data communications.

Re:CALEA

[faedle (114018)]

This is precisely what this is.

NEWS FLASH: EVERY wireline and wireless carrier has facility like this between their central offices and Quantico, Virginia. I can tell you for an absolute fact that a medium-sized cable company operating in the Rocky Mountain region has similar facilities between their main office and the FBI Academy, because I helped install it.

Welcome to the world post-CALEA.

Re:CALEA

[by Anonymous Coward]

If you helped install it, then you should learn to shut up on sites like this.

Re:CALEA

[MillionthMonkey (240664)]

I'm not impressed either. *I* helped install the secret surveillance system between DNC headquarters and the FBI Washington Field Office.

Re:

[Shotgun (30919)]

I've worked in telecom for years now writing code to operate the hardware.

Every single design for a new piece of telecom equipment includes provisions for lawful intercept. That provision working is more important than any other piece of the system. It can ship even if it is rebooting every 24 hours, but it won't ship if lawful intercept isn't working 100%.

Mod Parent Down As Simply Wrong

[macdaddy (38372)]

EVERY wireline and wireless carrier has facility like this between their central offices and Quantico, Virginia.

No they don't. We don't. None of our peer ILECs or CLECs do. The only case in which this would ever be the norm is if you are an RBOC, very large CLEC or very large wireless carrier and regularly field CALEA requests from the same law enforcement agency. Read that again just to make sure what I'd said registered. Even then it would have be be in excess of 23 simultaneous calls to justify m

Re:CALEA

[Adambomb (118938)]

well, the reason thats in CALEA that a legal wiretap must be reporting the details in real time to avoid the possibility of modifying the results of a wiretap from any side (IE: no '3 second broadcast delay' or situations like that).

Still horsepucky, but it IS part of CALEA as the above posters are mentioning.

Re:CALEA

[faedle (114018)]

Because the FBI Academy in Quantico is the clearinghouse for the FBI for all CALEA wiretaps, and acts as a "one-stop shop" for carriers wishing to comply with the law.

Use the Goog. It's your friend.

Re:CALEA

[Scrameustache (459504)]

Don't do evil shit and you won't have to worry.

If you have nothing to hide?
Seriously? You're going with that argument?

Re:

[IndustrialComplex (975015)]

He's saying that if you don't do anything to grab the attention of FBI agents (or as he calls it, "evil shit"), then you don't have to worry about those said FBI agents.

Prove it.

Re:CALEA

[bigdavesmith (928732)]

It's times like this I wish I could mod things 'wrong'

You think all those people in Chinese prisons who were arrested for speaking out against the government 'did evil shit'?

Not that we live in China, but thinking that this can't turn against you...

Re:CALEA

[eli pabst (948845)]

Once they feel confident enough to openly acting that way, then it's already too late.

You should seriously spend some time learning about the principles this country was founded on, because the concept of monitoring interpersonal communications of American citizens would have been an appalling affront to the people who founded it and gave their blood and lives for it. Frankly I find it shameful that so many Americans are willing (if not overjoyed) to hand over their Constitutional rights.

Re:CALEA

[bigdavesmith (928732)]

I'm not trying to be insulting, but I'm not sure you understand the reality of what you're trying to argue.

If there comes a time when the US government starts acting like China (having people tortured and killed because of their political views), we can take care of it with something called an "election".

Read the above quote. If the US ever starts killing people for expressing political views, you're going to fix that by... expressing your political views? Or are you assuming that even though the government is willing to kill people for their political views, they're going to keep the voting system fair and unbiased, so that people who don't like getting killed can vote and change the system?

I'm not trying to be a dooms-day preacher, saying that we're going to start killing our own citizens for exercising their freedom of speech, but the fact of the matter is, as seen in your circular logic (someone correct me if that's not what it is) in the quote above, that by the time it is a problem, you're not going to be able to fix it by voting.

I feel like I understand your argument; I'm not doing anything wrong in my house, so why do I care if the government puts cameras up and watches everything I do? Honestly, I don't care one bit. Until someone decides to pass a law that makes copying a CD illegal, or being gay (just an example... I'm not) illegal, or decides they don't want to count my vote in the next election because I'm a Democrat (again, just an example), or decides that I should be put in jail where my anti-government ideas can't influence other people. And by then, voting isn't going to do me much good.

Re:

[asuffield (111848)]

I'm not trying to be a dooms-day preacher, saying that we're going to start killing our own citizens for exercising their freedom of speech

That's an unlikely scenario anyway. Given the typical behaviour of the US, you're far more likely to start killing your own citizens because it's cheaper than figuring out whether they've done anything. That's more or less what's happening in Gitmo to non-citizens already; it is a small step to start doing it to your own citizens as well (while claiming that "of course"

Re:CALEA

[freedom_india (780002)]

we can take care of it with something

Why do i keep seeing the following poem on the US Holocaust Memorial:

First they came for the Socialists, and I did not speak out -
because I was not a Socialist.
Then they came for the Trade Unionists, and I did not speak out -
because I was not a Trade Unionist.
Then they came for the Jews, and I did not speak out -
because I was not a Jew.
Then they came for me - and there was no one left to speak for me.

I couldn't care less if there's some guy sitting in an office in Virginia listening to my phone calls.

Small drops make a ocean, small grains of sand make a beach.
Small steps like these make a totalitarian state make.

Do you think our Founders were stupid to abolish domestic spying?

It is people like you who form the remaining 22% support base for Bush & Co.
Perhaps if you are shown on your DVD player all (i mean ALL) that you have said, done and possibly non-being-able-to-do, i guess you will understand...Or probably you would shrug it off when Eva Longoria comes about in Desperate Housewives.

Re:CALEA

[Jah-Wren Ryel (80510)]

Don't do evil shit and you won't have to worry.

First problem - this system encourages lack of oversight - you know the checks and balances that our American system of government was founded on. In the past, not only did a wiretap require a court order, there was someone at the phone company who actually checked that the court order had been obtained before enabling the wiretap.

Now, while a court order is still legally required, it is no longer technically required. The FBI need only press a button to start wiretapping. Not only is there no one outside of the organization verifying that the FBI has a legitimate need to know, there is no one keeping records of the wiretaps other than the FBI itself. Our American system has been subverted in the name of safety.

Second problem - what the FBI can use, criminals can abuse. And I'm not talking about criminal behaviour by the FBI itself, I mean unauthorized users with the smarts to co-opt the backdoors that the FBI uses. See this paper from the January/February 2008 issue of IEEE Security and Privacy. [crypto.com]

Third problem - what's your definition of "evil shit?" Does it include breaking up with your boyfriend, the federal agent? [informationweek.com]

Re:CALEA

[BVis (267028)]

You're not serious.

Do you think this administration gives a flying fuck whether or not evidence is admissible in court?

Once the government started holding people indefinitely without trial, the whole concept of admissibility went right out the fucking window. Prisoners in Gitmo don't even have the right to know what the evidence against them is at all, much less whether or not it's admissible in a court of law. (Hell, they don't even have access to lawyers to tell them whether or not the evidence is admissible.)

Concern for this sort of infrastructure and its potential for abuse isn't tinfoil-hat paranoia, the abuse can and has happened. (If you haven't been paying attention, google 'warrant less wiretapping' for further information.)

The checks-and-balances part of the Constitution has been slaughtered in the name of 'protecting our citizens from the terrsts' and 'national security'. While the latter is nothing new, the former is a recent development.

Trusting this government (or any likely future one) with this kind of potential for abuse is kind of like putting a junkie in a room with a kilo of heroin and his 'works', and telling him only to shoot up if the withdrawal symptoms become impossible to bear. It doesn't matter IF they abuse the system, the problem is that they ARE the system, and will do whatever they feel is necessary to protect the system, and therefore themselves (and the multinational corporations that pull their strings.) Even when they DO get called on something that's obviously an abuse of the system (if not black-letter-law illegal) they stamp their feet, throw a tantrum, and refuse to do ANYTHING until the multinationals get immunity for their self-serving rape of their customers' privacy rights.

I've said it before, I'll say it again: If you can convince a judge that I'm obviously engaged in illegal activity, wiretap away. Until then, get the fuck off my phone lines. While I understand the need for expedience in an emergency situation, there is no reason for these lines to be active at all until there's a signed warrant. If you think that's too much bureaucracy or an unnecessary burden on law enforcement, go find another country, because this one requires it by Constitutional order. The only way we can avoid a police state (well, a more obvious one) is to not allow this sort of shit to go unquestioned.

Re:

[vertinox (846076)]

Don't do evil shit and you won't have to worry.

"If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged." -Cardinal Richelieu [wikipedia.org]

Re:CALEA

[chill (34294)]

CALEA taps are on a per-warrant basis. They are explicitly ONE WAY. The LEA can NOT establish a connection back to the carrier. It must initiate the tap from the carrier side. The LEA can not input requests directly. They must pass them to the carrier to enter.

While a DS-3 might not be out of the question to the FBI, depending on the volume of traffic, I have yet to see an "unmonitored" line. Everything I've seen (and set up -- I do this for a living) is an IPSec tunnel from the carrier to the LEA with BER encoded ASN.1 for data and packetized native (to the carrier) encoded voice. And the line works one way only. Carrier --> LEA. The only packets flowing back are stateful connection packets.

In short, I think this story is B.S.

Yes, the FBI probably has a big line with no firewall. That is because the firewall(s) is/are on the carrier end. The carriers do extensive logging as well, so it doesn't surprise me that the FBI-end of the circuit isn't heavily logged. They log their REQUESTS and the carrier logs the connections.

Re:CALEA

[faedle (114018)]

While it is true that the connection is "one way", many large carriers do it with a conventional high-cap circuit, like a T-1 or DS-3, because it is easy.

It may appear to be unfiltered to the person making the connection. However, if it is anything like the T1 I hooked up where I worked, only the calls with active warrants are passed down the T1. That being said, the T1 hooks directly into the switch just like any other T1, and is configured to be a CALEA port in the switch itself. A wire-frame guy who isn't doing the programming/translations wouldn't know any better, so I think that's where this "idea" comes from.

Re:CALEA

[statemachine (840641)]

If you read the article, you'll notice that it isn't some "wire-frame guy" but a security consultant hired to specifically address network security. So he'd have access to all the routers and their ACLs and other firewalling hardware, which would allow him to make such a judgement.

Re:CALEA

[webb75 (462705)]

Read the article next time:

" Because the data center was a clearing house for all Verizon Wireless calls, the transmission line provided the Quantico recipient direct access to all content and all information concerning the origin and termination of telephone calls placed on the Verizon Wireless network as well as the actual content of calls.

        The transmission line was unprotected by any firewall and would have enabled the recipient on the Quantico end to have unfettered access to Verizon Wireless customer records, data and information. Any customer databases, records and information could be downloaded from this center."

  Since the tech was at the telco & not at Quantico, he was referring to security on the telco side. There was no firewall on the telco side.

Talk is Cheap

[susano_otter (123650)]

Extraordinary claims require extraordinary evidence.

Re:Talk is Cheap

[tomhudson (43916)]

Extraordinary claims require extraordinary evidence.

The problem is that, with this administration, any claims of domestic spying are hardly "extraordinary". It's more like "business as usual" - to be assumed unless there's evidence to the contrary.

Re:Talk is Cheap

[monoqlith (610041)]

Hmmm. How about we try to get some?

Go to your Verizon Wireless-serviced cell phone, call a friend in a foreign country, and have a normal conversation, but make sure to throw in a few key "red flag" words and phrases here and there. Examples of "red flags" are:

"Bomb"
"Subways"
"Code Green"
"Statue of Liberty"
"Monuments"
"Airplanes"
"Buildings"
"I hate George Bush and think the Justice Department is a corrupt pile of shit"

Say goodbye to your friend once a few or all of these phrases have been sprinkled into your conversation. Then sit back in your favorite Barca lounger, take out your stopwatch, measure how many minutes it takes for one or more black SUVs to park across from your driveway.

Guess who!

[Ripit (1001534)]

FTA:

That suit names Verizon Wireless as the culprit.

"Can you hear me now?"

"Yes we can, perfectly clear."

In an unrelated story....

[Holistic Missile (976980)]

....Babak Pasdar, a computer security consultant, has not been seen nor heard from since he left a client site earlier today. His family life was stable and solid - his family suspects foul play. Federal officials suggest that no foul play was involved, and regret that they cannot waste their resources on a missing person who 'probably ran away to start a new life.'

Full story at eleven....

Cool

[nurb432 (527695)]

How do i get one to my house?

Re:

[chill (34294)]

A DS-3? With a really big check. :-) Depending on contract length I've seen them as cheap as $5,000 per month.

The NSA and FBI are both hiring in the Tech areas

[QuantumRiff (120817)]

If your interested in applying, call your mother and tell her.

And the loyal opposition, the Democrats, will...

[The Master Control P (655590)]

Make a roaring bluster about this and then fold like wet paper tigers when it comes time to put up or shut up..

Do you want to know why Bushco thinks it's above the law? Because until you fucking cowards grow a goddamn spine and stand up to their evil, corrosive attitude towards the rule of law THEY ARE.

Why is it that in 8 years, I have never, EVER heard of a major Democrat standing up and saying outright, without analogy, subtlety or tact, that thanks to Bush the terrorists have succeeded beyond their wildest dreams? That thanks to him, 19 insane religious fanatics have gone from "attacked three buildings and got their organization crushed like a bug for it's trouble" to "shook the rule of law, the foundation of the most powerful country in the world, to it's base?" That thanks to him and the Republican fear machine, bin Laden has changed and hurt American society in ways he never could have dreamed of? That thanks to him, the terrorists have won in every way that matters?

Opposition? You've been deceived...

[msauve (701917)]

there's little difference between the Democrats and the Republicans. They're both intent on maintaining and building government power. It's only their _priorities_ which are different. Ultimately, they're for the same end result. That's the great scam - they stay in power by making the plebes think they have some sort of say in their destiny.

Nonsense

[Mr2001 (90979)]

there's little difference between the Democrats and the Republicans. They're both intent on maintaining and building government power. It's only their _priorities_ which are different.

Oh, and their policies. You know, little things like health care, social security, abortion, welfare, environmental and industry regulations, taxes, teaching religion in schools... those things matter, at least to most of us.

But I guess if the only thing that matters to you is "government power", then yes, you might think they're the same, because you're ignoring all the substantial differences.

Re:Nonsense

[Mr2001 (90979)]

Most of us do care about those things but most of us are experienced enough to know that GOVERNMENT is the absolute worst entity to charge with making positive changes therein.

Experienced? No, that's not experience, it's ideology. Look at any country other than the US, and you'll find plenty of people with plenty of experience who believe that the government is quite capable of making positive change.

In fact, one might argue that the main reason the US government has been so bad at making positive change is that there are so many people here who believe, as a matter of principle, that government can't do anything well - and when those people are elected, they use their power to prove themselves right.

Government is really just an alternate way to get things done. Private industry and the free market are excellent at getting things done efficiently, but the other side of that coin is, they don't even try to get anything done that isn't going to be profitable. If you want something done, period, whether or not it's profitable, that's where government is useful. For example, look at phone and electrical service in rural areas: it didn't exist before the government stepped in, because it wasn't profitable to build phone infrastructure where there were only a few potential customers, but We The People decided that infrastructure was important enough that it should be built anyway.

I'd rather have a gov't stagnated and unable to do much than one that felt it had the mandate of heaven, even when literally killing their own citizens en masse.

Hey, so would I. No one likes mass murder.

On the other hand, I'd rather have a government that does good things, like make medical care and education available to people who can't afford to pay for it, than one that's stagnant and unable to do anything.

Re:And the loyal opposition, the Democrats, will..

[The Master Control P (655590)]

Do you seriously believe that President Gore or President Kerry would have initiated/continued the kind of blatant attacks on the rule of law & accountability that are so characteristic of the Bush administration? Would they have debased our ability to claim any moral high ground by condoning and supporting torture? Would they have used "national security" as a cover to try and build a corporate-sponsored surveillance state? Would they madly cling to policies under the banner of "stay the course," no matter how horribly and obviously wrong those policies were or turned out to be? Name the last Democratic president who said in an interview that this would be a lot easier in a dictatorship if he were the dictator.

The Democrats are no better than Bush? Then why is it Bush, and the party which routinely condemns "tax-and-spend liberals" and trumpets itself as the bringer of small government and fiscal responsibility, the one which has in 8 years saddled us and our children with more debt than every other president combined, and doubled the size of the federal budget whose cancerous growth he and the Republicans so vehemently denounce?

Neither party is at all better than the other? Since when have the Democrats proclaimed themselves to be the sole beacon of light, Moral Decency, and the Traditional American Family in the smothering night of evil secularism, only for one Democrat after another to turn out to be those gays or adulterers whom they so ardently and stridently insist are going to be the downfall of America?

What Democratic or Republican president before Bush has taken that fabled shining city upon a hill, and desecrated it such that his supporter's defense in a debate is no longer "Because we are better than they are," but "We aren't the worst human rights violator on Earth?"

No, the Democrats have a very long way to go before they are as bad as Bush has been, for both his party and the nation.

Re:

[The Master Control P (655590)]

You didn't answer any of my questions, but reiterated that you refuse to admit to the existence of a continuum of gray between black and white.

To every complex question, there is an answer that is simple, concise, and wrong - paraphrase of H.L. Mencken.

Why are people surprised by this?

[slashname3 (739398)]

I don't understand why people in general, and specifically the /. crowd, are surprised to learn about such accommodations? Anyone that knows even a little bit about networking should realize that unless they are encrypting their connections they are open to anyone along the line. What would be more interesting would be if there was a claim that they were breaking AES encryption in real time. That would be of interest. But since that is not the case there is nothing of real interest here. Nothing to see. Move along folks.

It doesn't add up

[Derling Whirvish (636322)]

My BS detector is pinging.

the transmission line provided the Quantico recipient direct access to all content and all information concerning the origin and termination of telephone calls placed on the Verizon Wireless network as well as the actual content of calls.

The contents of my cell phone calls made locally intracity west of the Mississippi DO NOT get routed through a single line on the east coast that terminates at Quantico. It's absurd to think that all of Verizon's cell calls are routed to that link. Occam's razor.

Re:

[danielsfca2 (696792)]

I thought about that myself, but think about this: Since it's just one-way (it's not like Big Brother is going to cut in and start talking on your calls), the excessive delay that would be caused by routing your call itself across the country and back again isn't a problem. So perhaps when the FBI decides to, they can, on demand, cause your call audio to be -reflected- to the east coast facility and from there, out to the FBI.

That wouldn't require anything more than an additional data stream just like a thr

Do the math

[thegameiam (671961)]

A GSM half-rate channel is 5.6Kbps (a fullrate channel is twice that, but let's look at the most extreme case). A DS3 = 45 Mbps. 45Mbps = 45000Kbps

45000Kbps / 5.6Kbps = 8037 simultaneous calls supported on a DS3, assuming 0% overhead, protocol, encryption, and that all calls are half-rate.

VZW and ATTW have subscriber counts in the millions.

Whatever the legality or circumstance of this, a single DS3 is hardly wholesale snooping.

Re:

[thegameiam (671961)]

For reference purposes, the AT&T, Sprint, and Verizon network backbones use NxOC-192 (10Gbps) and NxOC-768 (40Gbps) SONET circuits. Of course, that includes both voice AND data, but it should show the general irrelevance of a single DS3.

I've never seen an OC-24: the more common value in the US is an OC-48 (2.4Gbps). A good rule of thumb for getting the relative size of these pipes is that the number after the OC- represents roughly the number of DS3s which can be carried on the optical path. Of cours

network vcr's

[vic-traill (1038742)]

Okay, so the DS3 is a Very Bad Thing for a tonne of reasons.

BUT ... The linked .doc says that

The scope of uncontrolled "Quantico Circuit" access allowed the third party to obtain significant information about any mobile phone subscribers, including -- listening in and recording all conversations en-mass; { ... ]

Note the focus on 'phone' and 'conversations'. Aside from demonstrating ignorance on the difference between 'mass' and masse', this statement *directly contradicts* the linked .pdf, which states that the exposed 'Data network' transports all mobile data service traffic and related business app traffic but *not* the raw traffic of the 'Cell network', which was not examined in the audit.

Anyone else read this similarly?

Which is it? This, plus the lack of detail around the location of the 'network vcrs', which presumably are traffic copy mechanisms, the location of which will determine exactly what data is exposed by this mechanism, gives me less of a warm-and-fuzzy feeling with respect to the allegation's supporting documentation.

I am in no way supporting the existence of this no-ACL, no-logging circuit into what is allegedly a major carrier's mobile support network. The devil is in the details in this dialogue, however, and there is no excuse for direct contradictions and lack of important detail.

Feds need to read the fine print

[noidentity (188756)]

Sure, their backdoor is "high-speed*", but they'll find out it's just burst speed, and their favorite spying protocols get throttled by forged packets saying the party ended the phone call even though they really didn't. They should have listened to us about network neutrality!

Re:

[whoever57 (658626)]

Does anyone know what the status of any opportunistic encryption packages for Windows or Linux? Can this stuff be set up easily now?

OpenS/WAN supports opportunistic encryption.

Re:everyones an expert

[nyet (19118)]

You are user # 1,251,600.

You don't think that out of that 1.2 MILLION of mostly geeks many of us don't work in the datacom industry?

And that out of those, many of us see the stupid games the government plays with the second biggest near monopoly/cartel on the planet?

Re:

[freedom_india (780002)]

he should be on his way to prison for breaking his end of the deal

Exactly! That is what the British said about Paul Revere...
Now wait a second! whose side am i on....is this the Empire or USA?

he signed on to a job that had requirements, and he broke those requirements

Wasn't the president asked to mumble something during the oath taking about keeping the constitution sacred and to obey it???
Oh yeah, right, such oaths mean nothing, since its the President.

Re:

[freedom_india (780002)]

US law protects whistle blowers

What law? The one passed in 1970s? That was repealed by Bush last year.
Today no law protects Federal Whistleblowers.
If they squeak, the KGB, sorry FBI, descends on them like rocks.
Either that, or your husband is exposed as a spy, or your son is arrested for dealing in drugs.
Get real man!
We have a president who says we should thank companies for breaking the law!
And who treats the contitution as toilet paper to wipe cheney's a$$.

Re:

[mjwx (966435)]

870122
You have given hours of quality entertainment to the boys here at Langley.

Carry on patriot (and you probably should have that "red thing" looked at by a doctor).