[118598] in Cypherpunks
Re: Unplugged! The biggest hack in history
daemon@ATHENA.MIT.EDU (Greg Broiles)
Sun Oct 3 22:15:33 1999
Message-Id: <4.2.0.58.19991003183957.00b5aba0@mail.wenet.net>
Date: Sun, 03 Oct 1999 18:57:57 -0700
To: "Marcel Popescu" <mdpopescu@geocities.com>
From: Greg Broiles <gbroiles@netbox.com>
Cc: cypherpunks@cyberpass.net
In-Reply-To: <033301bf0dfb$7932fbc0$0200a8c0@marcu>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Reply-To: Greg Broiles <gbroiles@netbox.com>
At 04:03 PM 10/3/99 , Marcel Popescu wrote:
> > In early December 1994, Morris's "analog data-intercept device" finally
> > arrived from the FBI's engineering department. It was a $70,000 prototype
> > that Morris calls "the magic box."
>
>Er... someone please explain me, I'm lost here - is this a $70,000
>MODEM?!?!?
It's relatively difficult to wiretap data streams created with a pair of
high-speed modems; both devices transmit simultaneously but cancel out
their own contribution to the resulting waveform and thereby derive the
other waveform - which isn't a simple stream of binary data but a sandwich
of many smaller streams in different frequency "windows", where the use of
each individual window is dynamically negotiated depending on the
characteristics (loss & noisiness) of the circuit between the two devices.
Actually, this description of the complexity is (I think, but I'm a long
ways from being an audio/analog person) correct up through 33.6 modem
technology, I'm sure that the weird tricks used to do X2 and v.90 make this
an even uglier problem.
Once upon a time, when consumer modems ran at 300 bps (Bell 103 standard,
if I remember correctly), it was possible to make an audio tape recording
of a conversation between two modems and play it back into a receiving
modem, which would demodulate one side of the conversation - repeating that
process with the modem set to the opposite role would net you both sides of
the conversation. Early Hayes modems had parameter settings which made this
relatively simple; and even earlier more primitive modems had the
answer/originate settings in hardware, not software (viz, the VICmodem for
Commodores or the early Atari modems).
Times have changed - spending $70K for a box which would reconstruct data
streams for consumer-grade modems in 1994 isn't crazy. They've probably
spent 100 times that much since then adapting to current technology, where
(a) modems are faster and are using a wider variety of weird modulation
schemes, and (b) there are a lot of different layers in the stack which
need to be decoded - from a single analog signal to two analog signals into
many analog channels into multiple digital streams into a demultiplexed
single stream into packets in a PPP session into IP packets, which then
must be reassembled into TCP/UDP/ICMP packets and then collated by
host/port/session ID's.
It's much more efficient for them to get access to data higher up the
transport stack - which is why they want network providers to give them
access to the raw IP flow, or to get it from compromised applications
themselves.
Perhaps other readers with more current experience can correct the errors
in my comments above - I haven't done this myself since the Bell 103 days,
and have only followed written accounts of others' difficulties with the
process. The people who've worked on voice crypto hardware will surely have
more current knowledge about the complexities of going from analog to
digital and back again at realtime speed on consumer hardware within the
limited spectrum provided by the telephone network.
--
Greg Broiles
gbroiles@netbox.com
PGP: 0x26E4488C
