Sign up to save your podcasts
Or
Share Steve Bellovin, "Lawful Hacking: Using Existing Vulnerabilities for Wiretapping on the Internet"
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Steve Bellovin, "Lawful Hacking: Using Existing Vulnerabilities for Wiretapping on the Internet"
For years, legal wiretapping was straightforward: the officer doing the intercept connected a tape recorder or the like to a single pair of wires. By the 1990s, though, the changing structure of telecommunications � there was no longer just �Ma Bell� to talk to � and new technologies such as ISDN and cellular telephony made executing a wiretap more complicated for law enforcement. Simple technologies would no longer suffice. In response, Congress passed the Communications Assistance for Law Enforcement Act (CALEA), which mandated a standardized lawful intercept interface on all local phone switches. Technology has continued to progress, and in the face of new forms of communication � Skype, voice chat during multi-player online games, many forms of instant messaging, etc.� law enforcement is again experiencing problems. The FBI has called this �Going Dark�: their loss of access to suspects� communication. According to news reports, they want changes to the wiretap laws to require a CALEA -�like interface in Internet software. CALEA , though, has its own issues: it is complex software specifically intended to create a security hole � eavesdropping capability � in the already-�complex environment of a phone switch. It has unfortunately made wiretapping easier for everyone, not just law enforcement. Congress failed to heed experts� warnings of the danger posed by this mandated vulnerability, but time has proven the experts right. The so-�called �Athens Affair�, where someone used the built-�in lawful intercept mechanism to listen to the cell phone calls of high Greek officials, including the Prime Minister, is but one example. In an earlier work, we showed why extending CALEA to the Internet would create very serious problems, including the security problems it has visited on the phone system. This talk explores the viability and implications of an alternative method for addressing law enforcement�s need to access communications: legalized hacking of target devices through existing vulnerabilities in end-�user software and platforms.
View all episodes
By CERIAS <[email protected]>
4.1
77 ratings
For years, legal wiretapping was straightforward: the officer doing the intercept connected a tape recorder or the like to a single pair of wires. By the 1990s, though, the changing structure of telecommunications � there was no longer just �Ma Bell� to talk to � and new technologies such as ISDN and cellular telephony made executing a wiretap more complicated for law enforcement. Simple technologies would no longer suffice. In response, Congress passed the Communications Assistance for Law Enforcement Act (CALEA), which mandated a standardized lawful intercept interface on all local phone switches. Technology has continued to progress, and in the face of new forms of communication � Skype, voice chat during multi-player online games, many forms of instant messaging, etc.� law enforcement is again experiencing problems. The FBI has called this �Going Dark�: their loss of access to suspects� communication. According to news reports, they want changes to the wiretap laws to require a CALEA -�like interface in Internet software. CALEA , though, has its own issues: it is complex software specifically intended to create a security hole � eavesdropping capability � in the already-�complex environment of a phone switch. It has unfortunately made wiretapping easier for everyone, not just law enforcement. Congress failed to heed experts� warnings of the danger posed by this mandated vulnerability, but time has proven the experts right. The so-�called �Athens Affair�, where someone used the built-�in lawful intercept mechanism to listen to the cell phone calls of high Greek officials, including the Prime Minister, is but one example. In an earlier work, we showed why extending CALEA to the Internet would create very serious problems, including the security problems it has visited on the phone system. This talk explores the viability and implications of an alternative method for addressing law enforcement�s need to access communications: legalized hacking of target devices through existing vulnerabilities in end-�user software and platforms.