Friday, August 31, 2007

How FBI can wiretap - Eavesdrop your communications

Documents recently declassified under the Freedom of Information Act indicate that the FBI has constructed a point-and-click surveillance system capable of instantaneously tapping into almost any communications device. The Digital Collection System Network (DCSNet) links FBI wiretapping stations to switches run by landline operators, Internet-telephony providers, and cellular companies. The system consists of software that captures, filters, and stores phone numbers, calls, and text messages, and directly connects FBI wiretapping rooms throughout the nation to a wide-ranging private communications network. The outposts are connected via a private, encrypted backbone that is independent of the Internet and is run by Sprint for the government. Telecoms' installation of telephone-switching gear that meets wiretapping standards was mandated in 1994 with the passage of the Communications Assistance for Law Enforcement Act (CALEA), thus giving the FBI the ability to log directly into the telecom's network. CALEA's coverage was recently extended to require broadband ISPs and certain VoIP companies to enable their networks for federal wiretapping. Since telecoms became more wiretap-friendly, the volume of criminal wiretaps rose 60 percent from 1,150 to 1,839 in the past 10 years, and in 2005 92 percent of those wiretaps targeted cell phones, according to a 2006 report. CALEA wiretaps and the processing of all calls collected by DCSNet have racked up substantial costs, and security experts are worried that the system introduces new vulnerabilities to the telecommunications network. The declassified documents point to numerous flaws in DCSNet that Columbia University computer science professor Steven Bellovin finds appalling, especially because they indicate the FBI is ignorant of inside threats. "The underlying problem isn't so much the weaknesses here, as the FBI attitude towards security," he says.

For more information visit
Source URL http://www.wired.com/politics/security/news/2007/08/wiretap

No comments: