traffic analysis of phone calls?

2003-07-12 Thread Steve Bellovin
Slightly off-topic, but a reminder of the sort of thing that ordinary
crypto doesn't hide.

http://www.silicon.com/news/59-51/1/5093.html?rolling=2

IT Myths: Colombian drugs gang's mainframe-assisted assassinations?
Did drugs barons really use multi-million pound systems to see who
was grassing to informants...?

Colombian drug running, police raids and the assassination of
informants isn't something that has an obvious link to mainframe
technology but in the first of our series investigating IT myths
this was certainly the most intriguing.

The story has it that Colombian drugs cartels in the 1990s were
using massive mainframe computer systems to analyse telephone
billing records they had 'borrowed' from phone companies to find
out which people in their cartels were on the blower to Colombian
police and US agents.





--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of Firewalls book)



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: traffic analysis of phone calls?

2003-07-12 Thread Don Davis
 Slightly off-topic, but a reminder of the sort of thing that
 ordinary crypto doesn't hide.

 http://www.silicon.com/news/59-51/1/5093.html?rolling=2

 IT Myths: Colombian drugs gang's mainframe-assisted assassinations?
 Did drugs barons really use multi-million pound systems to see who
 was grassing to informants...?

with similar import, here's cringely's article on
insecure CALEA workstations:

- don davis


http://www.pbs.org/cringely/pulpit/pulpit20030710.html

Not only can the authorities listen to your phone calls,
 they can follow those phone calls back upstream and
 listen to the phones from which calls were made.  They
 can listen to what you say while you think you are on
 hold.  This is scary stuff.

But not nearly as scary as the way CALEA's own internal
 security is handled. The typical CALEA installation on
 a Siemens ESWD or a Lucent 5E or a Nortel DMS 500 runs
 on a Sun workstation sitting in the machine room down
 at the phone company. The workstation is password
 protected, but it typically doesn't run Secure Solaris.
 It often does not lie behind a firewall. Heck, it
 usually doesn't even lie behind a door. It has a direct
 connection to the Internet because, believe it or not,
 that is how the wiretap data is collected and transmitted.






-

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


[IP] Russian mobile providers switch off encryption

2003-07-12 Thread R. A. Hettinga

--- begin forwarded text


Status:  U
User-Agent: Microsoft-Entourage/10.0.0.1309
Date: Fri, 11 Jul 2003 07:00:18 -0400
Subject: [IP] Russian mobile providers switch off
encryption
From: Dave Farber [EMAIL PROTECTED]
To: ip [EMAIL PROTECTED]
Sender: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
List-ID: [EMAIL PROTECTED]
List-Help: http://v2.listbox.com/[EMAIL PROTECTED]
List-Subscribe: mailto:[EMAIL PROTECTED], http://v2.listbox.com/subscribe/[EMAIL 
PROTECTED]


From: Alex French [EMAIL PROTECTED]
Subject: Russian mobile providers switch off encryption
To: Dave Farber [EMAIL PROTECTED]
Date: Fri, 11 Jul 2003 11:28:30 +0100

[For IP if you like]

http://www.themoscowtimes.com/stories/2003/07/10/012.html

Thursday, Jul. 10, 2003. Page 3

Police and FSB Listen In on Mobile Phone Calls
By Valeria Korchagina
Staff Writer

Mobile phone providers switched off their encryption systems for 24 hours
on a government order, allowing the Federal Security Service and the police
to eavesdrop on all calls.

An alert notifying callers that their conversations could be listened in on
popped up on cellphones around Moscow at 9 p.m. Tuesday and lasted until 9
p.m. Wednesday on an order by the Communications Ministry. The alert,
depending on the model of cellphone, is usually either an exclamation point
or an unlocked padlock.

The Communications Ministry said it issued the order at the request of the
Interior Ministry, Interfax reported Wednesday.

The Interior Ministry could not be reached for comment. The FSB refused to
comment.

The action taken to shut down the encryption system was conducted in
accordance to the existing law and in order to prevent crimes, Mobile
TeleSystems said in a statement Wednesday.

All cellular operators provide technical support to law enforcement
agencies as required under the law. We do not comment about the actions of
the special services -- they do their work in the best interests of Moscow
residents, Megafon said.

The decision to shut down encryption follows the double suicide bombings
that killed 14 people at the Krylya rock festival Saturday. A cellphone was
found on one of the female suicide bombers, and the FSB is examining its
SIM card for clues as to whether the bombers coordinated the attack with
accomplices, according to local media reports.

The last time Moscow callers saw the encryption alert on their cellphones
was during the Dubrovka theater crisis in October, when a group of 41
Chechen rebels took more than 800 people hostage. After a three-day
standoff, special forces piped gas into the theater to knock out the
captors and rescue the hostages. But more than 120 hostages died, most from
the effects of the gas.

The only court conviction in the theater tragedy was handed down last month
to Zaurbek Talkhigov, who was charged with using his cellphone to pass key
information about law enforcement activities during the crisis. The charge
was based on tapes of Talkhigov's cellphone conversations. A Moscow court
sentenced Talkhigov, 25, to 8 1/2 years in prison on June 20 and ordered
the tapes destroyed.

Mobile phone providers shut down their encryption systems in St. Petersburg
for security reasons during the city's 300th anniversary celebrations
attended by world leaders early last month.


--


-
You are subscribed as [EMAIL PROTECTED]
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

--- end forwarded text


-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: traffic analysis of phone calls?

2003-07-12 Thread Vin McLellan
Personal
(Use it if you'd like, but keep me out of it.)
Steve Bellovin wrote:

Slightly off-topic, but a reminder of the sort of thing that ordinary
crypto doesn't hide.
http://www.silicon.com/news/59-51/1/5093.html?rolling=2

IT Myths: Colombian drugs gang's mainframe-assisted assassinations?
Reminds me of a Supercomputer system admin I ran across in California in 
the mid-1980s -- a part time Deputy Sheriff -- who (at the request of a 
California state LEA, and with the approval of his boss) was banging away 
at the DES-encrypted records of a guy, alleged to be a bookkeeper or 
financial analyst for a Columbia drug cartel, who had been arrested in 
California.

The story he told me was that the Deputy had been asked to try to 
brute-force the encryption on the file after the NSA and DEA had refused to 
attempt it.

Using free cycles on his corporate machine, he was into the project for a 
couple of months when a guy from the NSA showed up and convinced his boss 
that his effort was counterproductive to national security -- apparently 
because it threatened the reputation of DES.

At the time, I was more impressed that the Columbian was using a PC crypto 
package that apparently did not have an operational weaknesses that was 
then common in almost all commercial encryption packages for PCs.

Hope all is well for you and yours.

_Vin



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]