A Bad Week For Govt Snoops

November 13, 2009

* How to Deny Service to a Federal Wiretap

It turns out that the standard sets aside very little bandwidth — 64K bits per second — for keeping track of information about phone calls being made on the tapped line. When a wire tap is on, the switch is supposed to set up a 64Kbps Call Data Channel to send this information between the telco and the law enforcement agency doing the wiretap. Normally this channel has more than enough bandwidth for the whole system to work, but if someone tries to flood it with information by making dozens of SMS messages or VoIP (voice over Internet protocol) phone calls simultaneously, the channel could be overwhelmed and simply drop network traffic.

That means that law enforcement could lose records of who was called and when, and possibly miss entire call recordings as well, Sherr said.

Of course, criminals have plenty of easier ways to dodge police surveillance. They can use cash to buy prepaid mobile phones anonymously, or reach out to their accomplices with encrypted Skype calls, said Robert Graham, CEO with Errata Security. Luckily for the cops, criminals usually don’t take their communications security that seriously. “Most criminals are stupid,” he said. “They just use their same cell phone.”

* Microsoft Police Forensics Tool Leaked

The police-only forensics tool made by Microsoft to capture forensics data from a live system has been leaked online. The tool, Coffee, has been the subject of much speculation by the tech media who now finally has a chance to see it. According to reports, it grabs process information, network data, user passwords, and all sorts of information. Could the methods needed to gather that data be exploited by others? Given Microsoft’s security history the answer is most likely.

Coffee is hosted on Cryptome. User guide here.

The Riseup Collective just released a PDF zine on Digital Security for Activists, which is a combination of personal stories and practical advice. Worth checking out.

ssd banner

This is old news, having gone live several months ago, but the EFF’s Surveillance Self-Defense site is an excellent resource on the technologies and legalities of government surveillance and practical measures you can take to defend yourself. Definitely worth checking out if you haven’t seen it yet.

Surveillance Self-Defense.

FBI Spyware **Updated**

April 18, 2009

spywareSome more details have emerged about the spyware that the FBI has used in a number of cases to gather evidence. It’s safe bet to say they use software like this for political surveillance and not just criminal investigations.

What does the software do? According to Wired:

The software’s primary utility appears to be in tracking down suspects that use proxy servers or anonymizing websites to cover their tracks.

Naturally, quite a few radicals use anonymizers specifically to deter government surveillance. Wired also has more details:

it gathers and reports a computer’s IP address; MAC address; open ports; a list of running programs; the operating system type, version and serial number; preferred internet browser and version; the computer’s registered owner and registered company name; the current logged-in user name and the last-visited URL.

After sending the information to the FBI, the CIPAV settles into a silent “pen register” mode, in which it lurks on the target computer and monitors its internet use, logging the IP address of every server to which the machine connects.

The documents shed some light on how the FBI sneaks the CIPAV onto a target’s machine, hinting that the bureau may be using one or more web browser vulnerabilities. In several of the cases outlined, the FBI hosted the CIPAV on a website, and tricked the target into clicking on a link.

The Wired article suggests that the Feds routinely seek out search warrants in order to use this spyware, but given the continued expansion of state surveillance powers and their documented willingness to regularly break their own rules, this shouldn’t be assumed.

One question to wonder is: if details on this spyware were to come to light, would non-US based security software vendors enable their programs to detect it?

UPDATE (4/19): Wired also posted the actual documents, and they note the feds also talk about engaging in wireless hacking.

Image credit: Sophos


Get every new post delivered to your Inbox.