Monday, November 26, 2007

Cell phone spying

A couple of days ago, Larisa Alexandrovna addressed the federal government's acquisition of cell phone data to track terrorists and drug dealers. She argued that this spying had nothing to do with fighting terror:
Because every counterterrorism expert will tell you that those who pose any threat to our national security are not stupid enough to use cell phones that can be tracked.
Indeed. For a while now, I've been under the impression that the real hipsters in terror circles had all switched to VOIP technology, which is easier to encrypt and much tougher to track.
The advent of prepaid calling cards and the proliferation of Voice over IP telephony have made mobile phones almost irrelevant.

In a case study, a prominent telecom company A discovered that several thousand dollars worth of phone time had been purchased using stolen credit cards. Despite extremely heavy security, this company still succumbed to the effective measures of people who were clearly bent on obtaining airtime. The subsequent tracking of IP’s indicated that not only had the orders been placed using heavy IP masking, but that they originated from hacked computers and the traced ended in Lebanon. Careful analysis of the Call Records (CDR’s) indicated that hundreds of phone calls had been made using the same prepaid account to a number of high threat countries such as Ethiopia, Somalia, UAE, and a few European countries.
I've heard -- but cannot verify -- that the NSA now has the means (or soon will have) to trace VOIP usage. Perhaps a more tech-savvy reader can tell me more about this...?

3 comments:

Anonymous said...

I've heard -- but cannot verify -- that the NSA now has the means (or soon will have) to trace VOIP usage. Perhaps a more tech-savvy reader can tell me more about this...?


This may be apropos, or may not.

Skype encryption stumps German police

Thursday, November 22, 2007; 12:29 PM

WIESBADEN, Germany (Reuters) - German police are unable to decipher the encryption used in the Internet telephone software Skype to monitor calls by suspected criminals and terrorists, Germany's top police officer said on Thursday.

Skype allows users to make telephone calls over the Internet from their computer to other Skype users free of charge.

Law enforcement agencies and intelligence services have used wiretaps since the telephone was invented, but implementing them is much more complex in the modern telecommunications market where the providers are often foreign companies.

"The encryption with Skype telephone software ... creates grave difficulties for us," Joerg Ziercke, president of Germany's Federal Police Office (BKA) told reporters at an annual gathering of security and law enforcement officials.

"We can't decipher it. That's why we're talking about source telecommunication surveillance -- that is, getting to the source before encryption or after it's been decrypted."

Experts say Skype and other Voice over Internet Protocol (VoIP) calling software are difficult to intercept because they work by breaking up voice data into small packets and switching them along thousands of router paths instead of a constant circuit between two parties, as with a traditional call.

Ziercke said they were not asking Skype to divulge its encryption keys or leave "back doors open" for German and other country's law enforcement authorities.

"There are no discussions with Skype. I don't think that would help," he said, adding that he did not want to harm the competitiveness of any company. "I don't think that any provider would go for that."

Ziercke said there was a vital need for German law enforcement agencies to have the ability to conduct on-line searches of computer hard drives of suspected terrorists using "Trojan horse" spyware.

These searches are especially important in cases where the suspects are aware that their Internet traffic and phone calls may be monitored and choose to store sensitive information directly on their hard drives without emailing it.

Anonymous said...

Normally, I would expect cryptogon to be the best starting point for that type of information. I checked, and did not find much.

Here are a couple of teaser nuggets:

http://blog.wired.com/27bstroke6/2007/05/reminder_monday.html

http://cryptogon.com/archives/2004_03_01_blogarchive_month.html

http://cryptogon.com/?p=877

dqueue said...

Here's an August, 2006 mention of someone being popped via Skype. Reader comments to Schneier's post remain skeptical about the capability, and the original Haaretz article has gone missing...