Forgot your password?
typodupeerror
Security Government The Courts News

Security Flaws Allow Wiretaps to be Evaded 191

Posted by samzenpus
from the it's-coming-from-inside-the-house dept.
An anonymous reader writes "The New York Times is reporting that a team of researchers led by Matt Blaze has discovered that technology used for decades by law enforcement agents to wiretap telephones has a security flaw that allows the person being wiretapped to stop the recorder remotely. It is also possible to falsify the numbers dialed. The flaws are detailed in a paper being published by the IEEE. Someone who thinks he's being wiretapped can apparently just send a low tone down the line that turns off the recorder. The link has a demo."
This discussion has been archived. No new comments can be posted.

Security Flaws Allow Wiretaps to be Evaded

Comments Filter:
  • by matr0x_x (919985)
    How serious is this though - I mean, if I knew my line was tapped instead of working on getting it untapped I'd simply work on getting a second line!
    • by ndansmith (582590) on Wednesday November 30, 2005 @08:16PM (#14152669)
      Likely the powers-that-be would know about your new line and tap it as well. It is better to let them think they are tapping you, when in reality you are circumventing the system.
      • But sometimes... (Score:5, Interesting)

        by Savage-Rabbit (308260) on Wednesday November 30, 2005 @08:34PM (#14152789)
        ... the powers-that-be add insult to injury. A few years ago German police woke up to the fact that a large portion of their wiretapping operation had gone sour. Apparently they used some sort of a digital voice-message like scheme to implement the surveillance and somebody, presumably a beancounter at one of the telecoms, decided to bill the customers in question for this 'service'.
        • by Anonymous Coward
          somebody, presumably a beancounter at one of the telecoms, decided to bill the customers in question for this 'service'.

          Smart move if you can get away with it.

          LI (lawful intercept) costs many millions every year. The general trend (amongst the larger police states at least) has been to "mitigate" this cost by simply legislating that the carriers must provide these services and must provide them at no cost to the requestor. This leaves the carriers eating a great whacking cost for the privilege being throw
          • The problem here was that customers who had their phones tapped (specifically mobile phones I believe) found a charge on their bill to a number that they did not call. Further investigation revealed that it belonged to the German secret service, who were naturally displeased with the whole thing.

            Supposedly, a similar thing happened in the U.S. and Canada a while back. In this case, the respective governemnts did pay for the wiretapping service but due to a bug in the telcos software, the customer was char

      • the powers-that-be... It is better to let them think they are tapping you, when in reality you are circumventing the system.

        Better hope then that the powers-that-be don't read Slashdot
    • Or you could just watch your mouth on the phone.
  • by RY (98479) on Wednesday November 30, 2005 @08:12PM (#14152645) Homepage Journal
    Try it and find out...
  • In other news... (Score:5, Insightful)

    by ThatGeek (874983) on Wednesday November 30, 2005 @08:16PM (#14152667) Homepage
    In other news, smart people can avoid being caught by doing stuff...

    I mean, any dolt can PGP [pgp.com] or GnuPG [gnupg.org] encrypt a message or just hand deliver messages. Things like wiretaps are good for the duller knives in the drawer. We should still use them to "grab the low hanging fruit" and look elsewhere to capture the rest.

    If a person knows he's being wire tapped, he won't say anything incriminating anyway, and if the feds/cops don't get what they want over the phone, they'll just bug some offices instead.
    • Re:In other news... (Score:3, Informative)

      by The Snowman (116231) *

      Seriously, if I were planning a crime or terrorist act, you bet your ass I would encode all communication in some way -- whether it be encrypted emails or just a word code system over the phone that changes each time. This is similar to the Cold War days, when spies would leave innocent-looking messages in public places. Essentially, a non-computerized version of steganography.

      Where there is a will, there is a way. Where there is a stupid or lazy criminal, there is a prison sentence.

      • by ikkonoishi (674762) on Wednesday November 30, 2005 @08:44PM (#14152844) Journal
        Attn. Agent Snowman:The cows have jumped the moon. I repeat the cows have jumped the moon. It is too late to close the barn door.
      • by s20451 (410424)
        The corollary to your post (and the counter-argument to the grandparent) is that a person planning nefarious acts should send everything in plaintext.

        Sending encrypted e-mails, for example, when nobody else in the world is doing so, is like putting a huge sign on your front lawn saying, "INTRIGUING SECRETS ARE GOING ON IN HERE!".

        Remember that cryptography is only one link in the information security chain, and that everything has to get back to plaintext eventually. Once the feds are interested in your dat
        • I don't even know if they need to get that high-tech. Generally, it's enough to know that suspicious person A sent a message to suspicious person B. The contents can be recovered by searching the place or just monitoring A & B's daily activities. Traffic analysis is a powerful technique.

          • Generally, it's enough to know that suspicious person A sent a message to suspicious person B. The contents can be recovered by searching the place or just monitoring A & B's daily activities. Traffic analysis is a powerful technique.

            Perhaps an organization could use the AA*s to work around this ? Person A shares some files that have names that vaguely represents some movies or songs produced at some point in history. Person B infiltrates AA*s and sends the command to act by sending a Cease and Desi

          • "Generally it's enough to know that suspicious person A sent a message to suspicious person B."

            Well, there's ways to get around that. You can set up a chain of nym servers that have everything PGP encrypted and headers stripped as it bounces all over the world. VERY hard to trace...

            If you're really paranoid...you don't even have the emails come to you via email...last stop has each message, still encrypted, and posted to a USENET group...they would have a hard time finding who got the message from there

        • there is nothing stopping them from parking a truck across the street and harvesting your info using TEMPEST.

          Or just breaking into your house and copying the contents of your hard drive. MI5 used to do it in the 60's and 70's all the time to keep upto date with communist party goings on. Highly illegal of course and it wouldn't be admissable in court but once they know what (and when) your doing it would be easy to catch you in the act, so to speak. If 'they' want to know what your doing chances are they'

      • Call Mr. Lee.
        He'll know the code is broken.
        Tell him the dog is turning red.
    • by PlayfullyClever (934896) <playfull@playfullyclever.com> on Wednesday November 30, 2005 @08:59PM (#14152909) Homepage Journal
      Or just use a pre paid cell phone.

      The only groups these wiretaps hurt are the law-abiding citizens. The smart (read: dangerous) criminals have it all figured out-- Prepaid cell phones.

      Pre-paid cell phones are literally disposable, one-use toys to the bad guys. You don't even need a fake ID, just cash, and not all that much at that. How can they tap your phone when you use a different phone for each call? The best they could do is tap all the pre-paid phones and listen to every conversation out there -- good luck with that! (wanna bet the NSA is big into voice recognition?)
      • But for how long will this be an option? Where I live, even pre-paid phones have to be registered, before they are activated!

      • Who ya gonna call? (Score:3, Insightful)

        by Chris Tyler (2180)
        Sure, prepaid cellphones can be counted as "disposable, one-use toys", but you have to have someone to call! If both parties are going through prepaids like candy - one or two calls then on to the next phone - managing the constantly-changing phone numbers becomes more than a small chore, and it becomes a nightmare to keep a half-dozen parties in touch with each other. It's not going to happen on both ends of the connection.

        You don't need to tap the prepaids, you just need to tap the numbers that the prepai
        • We have these high tech devices that have just come out that let you send just a phone number to someone for the other person to call. They are call "pagers" and you may even be able to find one in a store near you.

          Very cheap, if the alternative is going to jail.
      • Re:In other news... (Score:3, Interesting)

        by woolio (927141) *
        wanna bet the NSA is big into voice recognition?

        At a recent IEEE conference, I noticed a large number of researchers' topics concerned voice recongition and voice synthesis.

        Although I'm not sure for who they were working or from where the funding came. (Plus, it was an international conference).
      • Dude, the cell phone companies record ALL CALLS, ALL SMS, ALL VOICE MSGS, for 48hrs on HD.
        They use a filename DB scheme to store the id/date/phnum in the filename it self.

        150m customers, * 48hrs = 1 days worth of profits to buy the fileserver.

        If you want secure comms, go use an underwater pen/pad and do it when in the pool or beach under water.
        No one, even flipper will be able to see it.

    • Re:In other news... (Score:4, Informative)

      by Phil Karn (14620) <karn@@@ka9q...net> on Wednesday November 30, 2005 @10:37PM (#14153485) Homepage
      You don't understand the problem. Extremely incriminating evidence can be obtained through traffic analysis, knowing who you talk to and when, without acquiring the actual content of your communications. That's what a "pen register" is -- traffic analysis of a telephone. Encrypting your calls or your emails won't help much if, for example, they can see you're talking to known terrorists.
      • Encrypting your calls or your emails won't help much if, for example, they can see you're talking to known terrorists.

        So simply encrypt the address or phone number too, and no one will know who you're talking to. See, security is easy if you think logically :).

    • Re:In other news... (Score:5, Interesting)

      by X (1235) <x@xman.org> on Wednesday November 30, 2005 @10:43PM (#14153538) Homepage Journal
      Actually, you might want to talk to a certain mafioso who used PGP to protect his communications, only to find out that the FBI didn't even need a court order to tap his keyboard. :-(
    • Yep. It's not as though the exploit allows the cops to think nothing's wrong. Surely, the cops will be curious when their wiretaps go:

      Caller: Yo. It's me.
      >CARRIER LOST

      Furthermore, the FBI has insane bugging technologies. Forget wiretaps. If they really want to get you, they'll stick parabolic or laser mikes all around you. Or bug your car and office or simply follow you around and take pictures of all your friends who they then bug and wiretap. Or what they really do is catch an associate on a felony and
  • by Anonymous Coward on Wednesday November 30, 2005 @08:17PM (#14152674)
    That way when the party officials want to do something underhanded, they use the red 'bat phone' that nukes any cops that are trying to listen in on them. In this way, they can have it both ways. Watch the proles without being watched themselves.
    • by Anonymous Coward
      The cops may not be able to listen in, but now you're talking directly to Batman, so you're just as busted.
  • RTFA and all that (Score:5, Insightful)

    by kebes (861706) on Wednesday November 30, 2005 @08:18PM (#14152678) Journal
    Let's keep this in perspective. The article says:

    A spokeswoman for the F.B.I. said "we're aware of the possibility" that older wiretap systems may be foiled through the techniques described in the paper. Catherine Milhoan, the spokeswoman, said after consulting with bureau wiretap experts that the vulnerability existed in only about 10 percent of state and federal wiretaps today. (emphasis added)

    So basically it is a minority of antiquated equipment that is vulnerable. Moreover, the person being wiretapped probably doesn't know what system is being used. It is not going to be possible to know, with any assurance, that you have actually defeated the system.

    What this probably means is that the FBI will phase out these older systems a little faster than they intended to (mostly due to the publicity-- they were probably already aware of this vulnerability, but didn't care much because "the bad guys" were not aware of it).
    • Re:RTFA and all that (Score:4, Informative)

      by bhsx (458600) on Wednesday November 30, 2005 @08:30PM (#14152754)
      RTWFA... The tried to force the Calea networks to keep the C-tone timeout. Congress didn't allow the force, but most Calea networks keep it anyway. Those that keep the C-tone are vulnerable to the same exploit.
      In other words: Most of the time, in current conditions, this will work.
      • wouldn't it make more sense to just use encrypters on the phone ? so they can listen to these buzzing sounds in their black minivan all night long if they want to ...

        i know i would use them if the feds would try to snoop me. (and no, these are not so easy to hack/crack as it seems on the tv :p)

        now i'm gonna have to check when was the last time when i used a wire phone .. can't remember ^^.

      • I want every rapper to put this into their songs.

        That way, with it being played somewhere, sometime it will always trigger a 'off mode'

        buwahhahahha

    • I see nothing in that quote that goes on record to state that, even as recently as a month ago, anything less than 100% of wiretaps had these vulnerabilities.

      Do you see that word "today"? (emphasis added)
    • by billstewart (78916) on Wednesday November 30, 2005 @10:39PM (#14153507) Journal
      The shorter HTML version [nyud.net] mainly talks about attacks on the voice eavesdropping parts, while the Longer PDF paper for IEEE [nyud.net] has even more technical detail and talks about attacks on dialed-number-recording Pen Registers and CallerID, which the Feds and Local Police are able to wiretap without the same level of court order that a voice wiretap requires. (I've done the NYUD-automatic-caching versions of the URLs, rather than the raw URL, to protect against Slashdotting.)

      Basically, there's a fairly high proportion of the wiretapping gear that's actually deployed is vulnerable, in spite of what the police PR folks say, and it's much easier to hack the pen-register technology (though probably impossible to prevent the phone company from giving a direct billing database feed to the Feds, which you probably can't hack.)

    • A spokeswoman for the F.B.I. said "we're aware of the possibility" that older wiretap systems may be foiled through the techniques described in the paper. Catherine Milhoan, the spokeswoman, said after consulting with bureau wiretap experts that the vulnerability existed in only about 10 percent of state and federal wiretaps today.

      So basically it is a minority of antiquated equipment that is vulnerable. Moreover, the person being wiretapped probably doesn't know what system is being used. It is not going to
  • by PurifyYourMind (776223) on Wednesday November 30, 2005 @08:18PM (#14152684) Homepage
    ...on a router/etc.? Like a programmer's backdoor that they forgot to shut off after they sold the units? I guess it's security through obscurity... relying on the subject not knowing they're even being tapped, and thus having no reason to try to stop the tap.
    • by billstewart (78916) on Wednesday November 30, 2005 @10:31PM (#14153441) Journal
      It's not a backdoor, it's a design feature that's being phreaked. Analog Wiretaps can't use the phone switch standard signalling method to detect whether a phone's on-hook or off-hook, because they're patched around the switch, so the equipment transmits a tone whenever the phone's on-hook to tell the recorder not to bother recording. And because it's running on phone-quality wire, it's an in-band tone, usually one of the extra four Touch-Tone tones, which means that the phone's user can send the tone themselves to tell the wiretapper's recorder that they're not there. The recorder _could_ have been built to do voice detection, but it's an old design and this is a cheaper and dumber way to implement it.

      But wiretappers don't just record voice, they record dialed numbers and caller-id. The other set of flaws, which you can read about in the longer PDF paper, depend on the fact that DTMF detectors are usually analog devices with a certain amount of sensitivity, and in general the phone switch and the wiretapper's equipment won't be the same. So you can find out how far off to bend your touchtones and have the phone switch still listen to you, and then you can send touchtones in-spec or out-of-spec to confuse the wiretapper's equipment, which can't tell whether the phone switch is or is not listening to the numbers you can dial. If it's more sensitive than the phone switch, you can send bogus digits that the wiretapper will record and the phone switch will ignore - but if it's less sensitive, and you're sending your digits just at the edge of the phone switch's range, the wiretapper won't see them.

      You can play similar games with CallerID, giving the wiretapper lots of entertaining stuff to listen to when you're not on the phone.

    • To get a feeling for old skool phreaking, you can read some parts of the Anarchist's Cookbook [isuisse.com]. Most of it is out of date, but it gives you an idea. A similar thing that you could do is to stop traces [textfiles.com] (it's actually in a PDF version of the Anarchist's Cookbook that I found some time, but this is the same thing), but I don't think it still works.

      I would never do phreaking. I have no will to do it, and I respect the laws of my country (America). I'm sure that over 90% of the phreaking stuff in the A.Cookbook d
  • In other news... (Score:5, Insightful)

    by Psionicist (561330) on Wednesday November 30, 2005 @08:18PM (#14152688)
    In other news: A team of researchers belived to be linked to an unknown group of terrorists was charged under the DMCA and PATRIOT act as a threat to national security. They are now being held for an unknown period if time, awaiting trial...
    • Except of course they're not in jail because of this. The US isn't nearly so eeevil as some think. We're imperfect, of course.
  • by dada21 (163177) * <adam.dada@gmail.com> on Wednesday November 30, 2005 @08:19PM (#14152691) Homepage Journal


    High frequency tones turn off teenagers.

    Low frequency tones turn of the NSA.

    Slashdotter vocal tones turn off women.

    Did I miss anything?
  • by MillionthMonkey (240664) on Wednesday November 30, 2005 @08:19PM (#14152692)
    The FBI is going to want voIP providers to duplicate this remote recorder stopping flaw so that it works just like the POTS network that they're used to tapping!
  • A spokeswoman for the F.B.I. said "we're aware of the possibility" that older wiretap systems may be foiled through the techniques described in the paper. Catherine Milhoan, the spokeswoman, said after consulting with bureau wiretap experts that the vulnerability existed in only about 10 percent of state and federal wiretaps today.

    Would you rely on this? Particularly given the probability that, if it is a FBI wiretap, it is only going to work one time out of ten?

    There is some indirect evidence that crimina

    • Would you rely on a spokesperson to tell you how much of their equipment is affected by a potentially devastating flaw? Remember what Sony said about the rootkit..
    • Exactly so.

      Between NSA, the FBI, and various unnamed DoD agencies are now considerably overworked monitoring their (subjugated) citizens. Merely changing the logic on their surveillance equipment to specifically monitor POTS communications with the low amplitude low octave "C" being broadcast (to shut off their bugs) would certainly free up some manpower and equipment to focus on the "professional" terrorists using voice encryption or other high tech methods. Only "newbie" suicide bomber wannabes would ma
  • by kcbrown (7426) <slashdot@sysexperts.com> on Wednesday November 30, 2005 @08:22PM (#14152713)
    Seems to me there's a, um, more permanent solution:

    1. connect disposable phone to phone line
    2. call some unimportant number
    3. connect 50,000 volt source to the phone line
    4. ZAAAAAP!!!!
    5. Watch feds exit the van across the street. You know, the one with the smoke billowing out of it.

    Oh, yeah, guess I forgot a step: flee the country, because they'll be after your ass now!

    • Actually I was pondering this once. Me and my friend went to a public auction and bought a box of random junk for like 5 bucks right. In this box is a 8500v Pulse transformer. What it's for is finding the break in a dead line underground. It pulses the power and your little detector will beep till the break in the line is found.

      Well ... I wonder what would happen if I connected it to a cable system or even a phone system ;)

      What kinda protection do those lines offer to stupid amounts of power going thr
  • by PlayfullyClever (934896) <playfull@playfullyclever.com> on Wednesday November 30, 2005 @08:25PM (#14152730) Homepage Journal
    Remember that we're all presumed innocent. To take an example of encryption, just because I'm using encryption does not mean that I am plotting nefarious schemes against my fellow citizens. I may be discussing confidential business things, for example. Y'know, dare I say it, I might actually work from home in an effort to not drive my car around and burn gas, hurt the environment, etc., etc.

    These sorts of mistakes can be dangerous. Imagine the above example--I'm some bigshot business-guy. I own a publicly traded company. The FBI inadvertently taps my phone and learns that someone at the company I work for has just invented something that will make the company a ton of money. Do you really think those agents aren't going to call up their stock-brokers and say, "BUY! BUY! BUY!" (Or, assume the other direction, if you prefer)

    Frankly, yes. I want to make it difficult for the government to wiretap it's citizens. I want somebody to look at the evidence that has been accumulated and act as my representative to say, "Hey, wait. Just because he encrypts his phone calls doesn't mean he's a terrorist." I want somebody to second-guess these guys.

    The story of the gutsy cop who goes against procedure to nab the bad guys before they enact their evil deeds is a great movie. But it's not real life--remember, in most cases we get the see the bad guys planning their acts in the movies so we know who the bad guy is. Reality is not that cut-and-dried.

    In short, I'm more worried about the government abusing it's power than of the terrorists blowing up a building. That happens alot more often.
    • by Cecil (37810) on Wednesday November 30, 2005 @09:31PM (#14153078) Homepage
      The FBI inadvertently taps my phone and learns that someone at the company I work for has just invented something that will make the company a ton of money. Do you really think those agents aren't going to call up their stock-brokers and say, "BUY! BUY! BUY!"

      Listen, I hate the concept of a police state and wiretapping as much as the next guy, but this is a dumb defense. The SEC investigates transactions like that for a reason. "Gee, these two FBI agents who've never bothered to invest more than $10,000 in any single company, suddenly bought $400,000 worth of shares of this company at the perfect time and made $15,000,000. They might've been ridiculously lucky. Or more likely they might've had insider information. Let's look a little closer, shall we?"

      The stock market is like the world's biggest casino, and the SEC is certainly no less watchful and no less hesitant to break your legs if you try to cheat them.
      • The SEC is a nongovernmental agency without the full authority of the people of the united states. It would certainly initiate an investigation, but it would be unable to subpoena any information relevant to an ongoing criminal investigation. Hopefully, others in the FBI would take it from there, but if the crooked agents laundered the money well, that investigation would be at least as difficult as the one against the potentially crooked CEO that started the whole thing.
        • The SEC would ask the DOJ and FBI to investigate the matter. The FBI and DOJ can investigate, and possibly prosecute it without blowing the case that ended up with the agents accidentally tapping the phone line of the CEO.

          Also why do you assume that the CEO is doing anything wrong, he simply makes a hypothetical case (one which I doubt would happen because I would hope that the agents have more of a moral fiber then that) that the CEO is overheard by agents that tapped the wrong phone line. He could be ov

    • I had a related thought -- namely, that given the gov't climate of the day, this story oughta be filed under "privacy" rather than under "security". :/

    • I own a publicly traded company.

      You here demonstrate you have no idea what a publicly traded company actually is.
  • Engineers figured this out a long time ago. TFA says it's only 10% of current systems anyway.
  • I wonder if .... (Score:5, Interesting)

    by jesusfingchrist (853886) on Wednesday November 30, 2005 @08:29PM (#14152752) Homepage
    The OP has anything to do with this :

    http://www.newsmax.com/archives/articles/2001/12/1 8/224826.shtml [newsmax.com]

    U.S. Police and Intelligence Hit by Spy Network

            Charles R. Smith
            Wednesday, Dec. 19, 2001

    Spies Tap Police and Government Phones

    In the wake of the Sept. 11 terrorist attack, the FBI has stumbled on the largest espionage ring ever discovered inside the United States. The U.S. Justice Department is now holding nearly 100 Israeli citizens with direct ties to foreign military, criminal and intelligence services.

    The spy ring reportedly includes employees of two Israeli-owned companies that currently perform almost all the official wiretaps for U.S. local, state and federal law enforcement.

    The U.S. law enforcement wiretaps, authorized by the Communications Assistance for Law Enforcement Act (CALEA), appear to have been breached by organized crime units working inside Israel and the Israeli intelligence service, Mossad.

    Both Attorney General John Ashcroft and FBI Director Robert Mueller were warned on Oct. 18 in a hand-delivered letter from local, state and federal law enforcement officials. The warning stated, "Law enforcement's current electronic surveillance capabilities are less effective today than they were at the time CALEA was enacted."
  • by Jeremi (14640) on Wednesday November 30, 2005 @08:30PM (#14152756) Homepage
    1. Make up fake story about how to disable phone tapping via special tone
    2. Get story published on Slashdot (etc)
    3. If the people you are wiretapping start sending the tone, you now know they suspect they are being monitored
    4. Better yet, having used the tone, they now think they can talk freely
    5. gather evidence!
    • First, the aluminum foil helmet study folks tell us we can't wear our helmets anymore, and now this news comes out as a trap... I think we're being followed!
  • Double-edged sword (Score:4, Insightful)

    by jemenake (595948) on Wednesday November 30, 2005 @08:30PM (#14152758)
    Someone who thinks he's being wiretapped can apparently just send a low tone down the line that turns off the recorder
    Of course nobody would actually play that tone over the phone unless they were trying to foil wiretaps, right? How long do you think it'll be before the feds try to ammend the Patriot Act to allow them to listen just for that tone even on lines that they don't have a wiretap warrant for? Imagine picking up any phone in the U.S., playing the tone into it, and immediately getting your conversation recorded.... simply by virtue that you've already demonstrated your "guilty mind".

    I feel safer already....
    • Actually that sounds like a good idea, now the feds will have 30,000 hours of geeks talking about upgrading linux on there new athlon. The .gov will spend millions trying to go through all the tapes, most calls will never be listened to. All of the sudden the 'real' terrorist they should have been listening to in the first place will blow something up.

      Moral of the story, dont waste your time with a person just because they want a little privacy.
    • Of course nobody would actually play that tone over the phone

      What if Barry White makes a call - does that count as a low tone?
  • I've got nothing to hide.
    ccccccccc [click]

  • see, i've always thought the holy grail of righteous anonymity was some black magic combination of phreaking, hacking, and maybe something to do with ham radio; never thought a tinfoil hat was the way to go. ^_-
  • Limited Value (Score:4, Insightful)

    by digitalchinky (650880) <dtchky@gmail.com> on Wednesday November 30, 2005 @08:37PM (#14152810)
    *Ahem* From the 'wire tapping' I know of it's all man in the middle, digitised, and stored on hard disk - with the cooperation of the telecoms or without. I haven't seen a 'tape recorder' in a good 10 years now. Still have them, just not needed any longer. I should imagine, given the hardware used in Australia, that US police would do a similar thing and if not - identical. The likelyhood these days of a machine that could be switched off remotely I would suggest is improbable at best.

    They did use "publicly available information" - what is made (or leaked to the) public is often years out of date, inaccurate, or simply not even true - rarely does it describe the technology in actual use, so don't go and loosen the straps on the tin foil just yet :-)
  • by garyok (218493) on Wednesday November 30, 2005 @08:44PM (#14152846)
    Is this some sort of darwinian IQ test for terrorists? You can just imagine the gleeful delight on their simple, child-like faces and the unrestrained joy they will experience with unfettered access to telecommunicaions this will allow.

    [low hum down a phone line]

    "Hello. Is that you Omar?"

    "Why, yes it is Osama. How are you today? And what's the weather like like in your donkey burrow in Yemen? The weather's great here in Florida. My view from the Delano Hotel's room window is fabulous - I am also ordering martinis like James Bond."

    "Yes, yes... quit your bragging. Just because you weren't born with the most recognisable stripey beard in the world... Now can we please start planning our next atrocity?"

    "Ah yes. It is pleasing that we can freely discuss our locations and plans now that the engineers of the American military-industrial complex have told us how to easily counteract their most sophisticated surveillance. Their foolishness in revealing this technique to the entire world, via the internet, has allowed us to dispense with our counter-surveillance training, techniques, and equipment. It is truly a golden age for violent reactionaries wishing to impose a totalitarian pseudotheocracy on the idol-worshipping, hemp-smoking, fornicating, soulless infidels!"

    "Wait! Who THE FUCK did you say told you this would work?!"

    "Yes, the Americans. They said we'd be safe if we did this. How typically naive of them. Their destruction is assured!"
  • ThinkGeek (Score:3, Funny)

    by Leroy_Brown242 (683141) on Wednesday November 30, 2005 @08:54PM (#14152895) Homepage Journal
    So, how long until http://www.thinkgeek.com [thinkgeek.com] has phones that do this automaticly? :)

    • by r00t (33219)
      I think you can do this with Asterisk PBX config files, using the desired tone as background music.

      Anybody have code for it?

      The trouble is being able to start the tone at the desired time. One would rather not need to be seated at the console I think. I guess you could swipe DTMF, but that has problems.

      • " I think you can do this with Asterisk PBX config files, using the desired tone as background music."

        Oh, good call.


        "The trouble is being able to start the tone at the desired time."

        Nothing some silence at the beggining of the MP3 or whatever couldn't fix. But does it really need to start at the right time? Isn't the presence of the tone enough?

        • The presence of the tone is enough for the equipment, but you'd want to have a short, friendly, and innocent-sounding chat before you activate it. Completely 100% empty calls would be suspicious.
  • quick fix (Score:2, Funny)

    by Anonymous Coward
    just have everyone start phone conversations with "president bomb alquada" and /. the wire taps, they can't record, or at least filter everything.
  • I bet the politicans were the first to know about this "feature".
    GWB: You know this Sadam guy is pretty bad dude, I think we need to, wait just a second BZZZZZ ...
  • is so they can let people know their HILARIOUS counterfeit mattresses joke [crypto.com].
  • If you think in-band signaling is a smart idea I have a statue in NYC to sell to you.

    Am I the only one who thinks of Cap'n Crunch [wikipedia.org]?

  • demo link (Score:4, Funny)

    by BushCheney08 (917605) on Wednesday November 30, 2005 @09:47PM (#14153174)
    The link has a demo.

    Hey, it works! I tried the demo and a few minutes later the big black van parked out front drove away...
  • Any chain of logic that leads to the conclusion that "society" has rights over the individual is in error.

    As an individual, once I make the decision not to be spied upon, that decision outweighs any interest "society" has in spying upon me. Hence (as an example) strong encryption is an absolute right.

    If this wiretap system has a feature that allows the individual to disable that, the the developers of the system are to be commended - even if their implementation is weak.

    A better implementation would interr
  • by tsa (15680)
    Poor Matt Blaze. He and his team will be put in jail because of the DMCA.
  • This is simply a ploy to entice potential targets with a guilty conscience to identify themselves, so they can be flagged automatically for later tapping.
  • Clever plan (Score:3, Funny)

    by heikkile (111814) on Thursday December 01, 2005 @03:19AM (#14155006) Homepage
    Problem: Too much wiretapping, not enough time to shift through them all. Solution: Get the suspect to mark the interesting discussions with a special tone. Give highest priority to the taps that have used this magic tone. Pretty clever, if you ask me.
  • Time to buy some stock. The spooks'll likely upgrade and spend a few $$$ on new ones...
  • by Animats (122034) on Thursday December 01, 2005 @03:49PM (#14160465) Homepage
    It's not well known, but most wiretapping in the US is actually done by Verisign. [verisign.com] It's a commercial service they sell. Verisign runs most of the SS7 signalling network used to control the phone system. So they put in a back door that lets them route calls to or from specific phones to their wiretapping center in Northern Virginia. From there, the wiretapping is fed out to law enforcement, the intelligence community, and other interception customers, using T1 lines.

    Since this works through SS7, and full call-control information is available, it's immune to any in-band tones.

    See this old Slashdot article [slashdot.org] with more links.

"Out of register space (ugh)" -- vi

Working...