[118602] in Cypherpunks
Re: Unplugged! The biggest hack in history
daemon@ATHENA.MIT.EDU (Vin McLellan)
Sun Oct 3 23:38:08 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
To: cypherpunks@algebra.com
From: Vin McLellan <vin@shore.net>
Message-Id: <E11Xyi6-00054n-00@nautilus.shore.net>
Date: Sun, 3 Oct 1999 23:22:46 -0400
Reply-To: Vin McLellan <vin@shore.net>
The Wall Street Journal reported:
>> In early December 1994, Morris's "analog data-intercept device" finally
>> arrived from the FBI's engineering department. It was a $70,000
>> prototype that Morris calls "the magic box."
Marcel Popescu wrote:
>Er... someone please explain me, I'm lost here - is this a $70,000
>MODEM?!?!?
I think this is one of those wonderful confusions that occur when
someone is trying to keep methods and technique secret.
(Although I'm a little confused over why SA Morris and the DoJ would
want to foster such confusion, when I suspect the actual facts would help
support their demand for CESA and/or deeper access at the telecom vendor's
site. <sigh>)
The assumptions that a data-link tap works the same as a wiretap for
voice has led a lot of people to say silly things. Many law enforcement
officials (and many C'punks and civil libertarians) seem to presume that --
with a warrant and a wire, or with a wire and no warrant -- an LEA
eavesdropper will get the same results from a passive tap on a data link
that he routinely gets from a voice wiretap.
Truth is, a passive tap on a data-link between two v90 56kbps
modems is usually collecting garbage. This is plaintext, folks. No
encryption.
Even going back a couple of years, the best modems -- say v.34 (33.6
kbps) -- posed a similar problem.
A 56kbps (v.90 or x2) modem is pushing the wire circuit for high
efficiency, and it is taking a lot of chance trying to push data through.
The protocol presumes it has two synchronized 56kb modems constantly
monitoring their exchange with error checking. It also presume there are a
lot of requests for packets to be retransmitted again.
A third-party with the equivalent of a sniffer on the line doesn't
have the option of requesting another transmission when it misses something.
Without being a party to the 56kbps transmission protocol, they'd only get
bits and pieces, so to speak.
I presume this is what the FBI learned in the embarrassing failure
of their first attempt to wiretap a data-link in New York sometime around
'94, a event mentioned in a brief aside in the WSJ article.
The WSJ report never mentioned the speed of the POTS data-link in
either the NY case or the Phonemasters case of recent legend and hype, but
the challenge of an "active network" attack -- probably a man-in-the-middle
attack on the kid's phone line and the data-link it carried -- is the only
reason I can think of why FBI Engineers would need a $70,000 "magic box" to
tap a data link.
It is, of course, much more efficient for LEA eavesdroppers to get
their tap in a some higher level of the transport stack, which is why they
are so eager to get legislation which would allow them to use as evidence
information they obtain by installing corrupt applications on a target's PC.
Suerte,
_Vin
"Cryptography is like literacy in the Dark Ages. Infinitely potent, for good
and ill... yet basically an intellectual construct, an idea, which by its
nature will resist efforts to restrict it to bureaucrats and others who deem
only themselves worthy of such Privilege."
_A Thinking Man's Creed for Crypto _vbm
* Vin McLellan + The Privacy Guild + <vin@shore.net> *
