People who think they are being wiretapped by the cops could disable the taps by sending a stream of text messages or making numerous VOIP calls to overwhelm the system's thin bandwidth, researchers in Pennsylvania postulate.
The researchers say they've found a vulnerability in U.S. law enforcement wiretaps, if only theoretical, that would allow a surveillance target to thwart the authorities by launching what amounts to a denial-of-service (DoS) attack against the connection between the phone company switches and law enforcement.
The University of Pennsylvania researchers found the flaw after examining the telecommunication industry standard ANSI Standard J-STD-025, which addresses the transmission of wiretapped data from telecom switches to authorities, according to IDG News Service. Under the 1994 Communications Assistance for Law Enforcement Act, or Calea, telecoms are required to design their network architecture to make it easy for authorities to tap calls transmitted over digitally switched phone networks.
But the researchers, who describe their findings in a paper (.pdf), found that the standard allows for very little bandwidth for the transmission of data about phone calls, which can be overwhelmed in a DoS attack. When a wiretap is enabled, the phone company's switch establishes a 64-Kbps Call Data Channel to send data about the call to law enforcement. That paltry channel can be flooded if a target of the wiretap sends dozens of simultaneous SMS messages or makes numerous VOIP phone calls "without significant degradation of service to the targets' actual traffic."
As a result, the researchers say, law enforcement could lose records of whom a target called and when. The attack could also prevent the content of calls from being accurately monitored or recorded.
The researchers tested their theory with a program they wrote that connected to a server over Sprint's 3G wireless network 40 times per second. The attack could also work with seven VOIP calls or 42 SMS messages sent per second, they say, but have not tested it on a real-world system.
"Because it's a black-box system, we don't know for sure" if the attack will work on a real system, one of the researchers told IDG.
According to Matt Blaze, UPenn professor of computer science and information and co-author of the paper, the vulnerability would apply equally to the FBI's DCSnet, which is an always-on surveillance network connecting the FBI's high-tech wiretapping facilities.
"[T]he Calea vulnerabilities are at the link between each telco switch and the collection function," Blaze explained in an e-mail to Threat Level, "while DCSnet is a distribution system internal to the FBI after the collection function."
See also:
