traffic analysis of phone calls?
Slightly off-topic, but a reminder of the sort of thing that ordinary crypto doesn't hide. http://www.silicon.com/news/59-51/1/5093.html?rolling=2 IT Myths: Colombian drugs gang's mainframe-assisted assassinations? Did drugs barons really use multi-million pound systems to see who was grassing to informants...? Colombian drug running, police raids and the assassination of informants isn't something that has an obvious link to mainframe technology but in the first of our series investigating IT myths this was certainly the most intriguing. The story has it that Colombian drugs cartels in the 1990s were using massive mainframe computer systems to analyse telephone billing records they had 'borrowed' from phone companies to find out which people in their cartels were on the blower to Colombian police and US agents. --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (2nd edition of Firewalls book) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: traffic analysis of phone calls?
Slightly off-topic, but a reminder of the sort of thing that ordinary crypto doesn't hide. http://www.silicon.com/news/59-51/1/5093.html?rolling=2 IT Myths: Colombian drugs gang's mainframe-assisted assassinations? Did drugs barons really use multi-million pound systems to see who was grassing to informants...? with similar import, here's cringely's article on insecure CALEA workstations: - don davis http://www.pbs.org/cringely/pulpit/pulpit20030710.html Not only can the authorities listen to your phone calls, they can follow those phone calls back upstream and listen to the phones from which calls were made. They can listen to what you say while you think you are on hold. This is scary stuff. But not nearly as scary as the way CALEA's own internal security is handled. The typical CALEA installation on a Siemens ESWD or a Lucent 5E or a Nortel DMS 500 runs on a Sun workstation sitting in the machine room down at the phone company. The workstation is password protected, but it typically doesn't run Secure Solaris. It often does not lie behind a firewall. Heck, it usually doesn't even lie behind a door. It has a direct connection to the Internet because, believe it or not, that is how the wiretap data is collected and transmitted. - - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: traffic analysis of phone calls?
Personal (Use it if you'd like, but keep me out of it.) Steve Bellovin wrote: Slightly off-topic, but a reminder of the sort of thing that ordinary crypto doesn't hide. http://www.silicon.com/news/59-51/1/5093.html?rolling=2 IT Myths: Colombian drugs gang's mainframe-assisted assassinations? Reminds me of a Supercomputer system admin I ran across in California in the mid-1980s -- a part time Deputy Sheriff -- who (at the request of a California state LEA, and with the approval of his boss) was banging away at the DES-encrypted records of a guy, alleged to be a bookkeeper or financial analyst for a Columbia drug cartel, who had been arrested in California. The story he told me was that the Deputy had been asked to try to brute-force the encryption on the file after the NSA and DEA had refused to attempt it. Using free cycles on his corporate machine, he was into the project for a couple of months when a guy from the NSA showed up and convinced his boss that his effort was counterproductive to national security -- apparently because it threatened the reputation of DES. At the time, I was more impressed that the Columbian was using a PC crypto package that apparently did not have an operational weaknesses that was then common in almost all commercial encryption packages for PCs. Hope all is well for you and yours. _Vin - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
