Original Source: http://www.forbes.com/sites/andygreenberg/2011/07/01/federal-wiretaps-nearly-doubled-in-the-last-year/

2010, it seems, was a landmark year for federal snooping. According to the U.S. courts systems’ annual report on law enforcement wiretaps, federal law enforcement requested 1,207 intercepts placed on phones and electronic communications last year, nearly double the 663 requested in 2009.

Overall, wiretaps jumped 34%, including a smaller increase in the number of state-requested law enforcement eavesdropping. The total comes to 3,194 requests, up from 2,376 in 2009 and just 1,190 in the year 2000.

The steady rise in legal snooping over the last decade has been driven largely by the war on drugs, according to the report. Drug cases comprised 84% of the wiretaps requested in 2010, compared with 75% in 2000.

Even as wiretaps have risen steadily for the last decade, however, federal wiretaps have only grown marginally until the last year, from 479 in 2000 to 663 in 2009. The subsequent doubling between 2009 and 2010 is an unprecedented spike.

Federal and state wiretap requests granted over the last decade. (Click to enlarge.)

It’s also worth noting, as I did when last year’s version of this report was released, that encryption still isn’t posing much of a threat to law enforcement’s eavesdropping activities. The report states that cops came across encryption in only six of the 3,194 cases they pursued in 2010, and even in those cases, “did not prevent officials from obtaining the plain text of the communications.”

That tiny usage rate of encryption, and the implication that law enforcement found other ways to circumvent or break it, seems to contradict long-running fears from law enforcement that encryption would make their job tougher. As FBI director Louis Freeh said in a 1997 congressional hearing: “Uncrackable encryption will allow drug lords, spies, terrorists and even violent gangs to communicate about their crimes and their conspiracies with impunity. We will lose one of the few remaining vulnerabilities of the worst criminals and terrorists upon which law enforcement depends to successfully investigate and often prevent the worst crimes.”

But a decade’s worth of statistics seem to show the opposite, argues Chris Soghoian, a privacy researcher with the Center For Applied Cybersecurity Research. He points out that the FBI continued over the last year to claim that encryption hampered law enforcement, pushing for backdoors into all Internet communications. He asks, “Perhaps this means encryption isn’t the boogeyman that the FBI makes it out to be?”

The full report is here: http://www.forbes.com/sites/andygreenberg/2011/07/01/federal-wiretaps-nearly-doubled-in-the-last-year/


Original Source: http://www.forbes.com/sites/firewall/2010/04/30/encryption-cant-stop-the-wiretapping-boom-2/

As encryption technologies have outpaced the mathematical methods of breaking crypto schemes, law enforcement has feared for years that scrambled messages between evildoers (or law-breaking activists) would thwart their snooping. But it seems that either lawbreakers aren’t using encryption, or those privacy tools simply don’t work.

In an annual report published Friday by the U.S. judicial system on the number of wiretaps it granted over the past year (see full document below), the courts revealed that there were 2,376 wiretaps by law enforcement agencies in 2009, up 26% from 1,891 the year before, and up 76% from 1999. (Those numbers, it should be noted, don’t include international wiretaps or those aimed at intelligence purposes rather than law enforcement.)

But in the midst of that wiretapping bonanza, a more surprising figure is the number of cases in which law enforcement encountered encryption as a barrier: one.

According to the courts, only one wiretapping case in the entire country encountered encryption last year, and in that single case, whatever privacy tools were used don’t seemed to have posed much of a hurdle to eavedroppers. “In 2009, encryption was encountered during one state wiretap, but did not prevent officials from obtaining the plain text of the communications,” reads the report.

Matt Blaze, a crypto-focused computer science professor at the University of Pennsylvania, points out that the numbers should put to rest the government’s decades-old concern that widely available encryption technology would unleash a wave of untrackable criminal conspiracies of cypherpunk mafioso.

“This counters the predictions of almost the entire US government law enforcement and national security crypto debate,” says Blaze. “It’s been argued that the widespread availability of encryption would cripple law enforcement. None of those predictions have borne fruit.”

In 1997, for instance, the Senate debated technology that would require encryption-makers to  build in a backdoor for law enforcement. FBI director Louis Freeh argued that “Uncrackable encryption will allow drug lords, spies, terrorists and even violent gangs to communicate about their crimes and their conspiracies with impunity. We will lose one of the few remaining vulnerabilities of the worst criminals and terrorists upon which law enforcement depends to successfully investigate and often prevent the worst crimes.”

So why hasn’t that happened? Because even uncrackable encryption can be circumvented, says Blaze. Cell phones, for instance, the major target of wiretapping, have their wireless signals encrypted by default. But law enforcement agencies aren’t likely to be intercepting calls out of the air and trying to decode them. Far simpler to go to AT&T, Verizon, T-Mobile or Sprint and demand real-time access to the decoded data.

Encrypted VoIP calls pose a different scenario, and technologies like Phillip Zimmermann’s Zfone may pose more of a threat to law enforcement. But even those cryptographic safeguards can be skirted in other ways, potentially by exploiting vulnerabilities at the endpoints, when the data is decrypted. “The endpoints of encryption systems are programmable computers, and they almost always have security flaws,” says Blaze.

Privacy- and security-focused encryption advocates (like Symantec, which just purchased encryption firm PGP for $300 million) will have to ponder just how law enforcement got around the encryption in the one case where it was “encountered.” Does the FBI, for instance, have secret technology for cracking the public key encryption used in private emails?

But a more fundamental question for cypher-geeks may be why, in 99.99% of cases,  law enforcement doesn’t even consider encryption a barrier.

Here’s the complete report, including a county by county breakout of wiretaps and which resulted in the most arrests (Two cases in Maricopa County, Arizona top the list).Annual Report on Wiretapping in the U.S.

Original Source: http://www.theregister.co.uk/2011/08/10/gprs_cellphone_call_snooping/

A cryptographer has devised a way to monitor cellphone conversations by exploiting security weaknesses in the technology that forms the backbone used by most mobile operators.

Karsten Nohl, chief scientist of Berlin-based Security Research Labs, said the attack works because virtually all of the world’s cellular networks deploy insecure implementations of GPRS, or general packet radio service. Some, such as those operated by Italy’s Wind or Telecom Italia, use no encryption at all, while Germany’s T-Mobile, O2 Germany, Vodafone, and E-Plus use crypto that’s so weak that it can easily be read by unauthorized parties.

He plans to release software on Wednesday at the Chaos Communication Camp 2011 that allows hobbyist hackers to snoop on GPRS traffic that uses no encryption. He will also demonstrate ways to use cryptanalysis to decrypt GPRS traffic that’s protected by weaker ciphers.

“The interception software to be released tomorrow puts GPRS operators with no encryption at an immediate risk,” he told The Register on Tuesday evening. “All other GPRS networks are affected by the cryptanalysis that will be presented but not released at tomorrow’s conference. Those operators will hopefully implement stronger encryption in the time it takes others to re-implement our attacks.”

Nohl characterized most of the cryptographic protection offered by GPRS as “hopelessly out-dated.” For one thing, a lack of mutual authentication allows rogue base stations to harvest data from unsuspecting mobile phone users. And for another, short encryption keys make attacks with rainbow tables feasible.

What’s more, virtually all of the world’s networks that use GPRS use no encryption at all, or use weak encryption. (A stronger 128-bit encryption scheme is available but isn’t used by any carrier, Nohl said.) That makes it possible to passively monitor data with a Motorola C-123 phone he and fellow researcher Luca Melette modified or to crack the encrypted traffic they capture using a method they’ve recently refined.

Over the past two years, Nohl has released a steady stream of research and open-source software and hardware designs intended to pressure carriers to upgrade the security of their networks.

In 2009, he coordinated the release of a 2-terabyte rainbow table to crack calls made on networks using GSM, or global system for mobile communications. A few months later, he augmented that work with low-cost hardware that cracked the secret channel-hopping code used to prevent interception of radio signals as they travel between cellphones and base stations.

In 2010, he bundled many of the various tools he helped develop into a comprehensive piece of software that gave amateurs the means to carry out many of the attacks. That same year, other cryptographers cracked the encryption scheme protecting 3G phone calls before the so-called Kasumi cipher had even gone into commercial use.

The attacks to demonstrated Wednesday generally work by passively intercepting unencrypted traffic, by using a fake base station to force encrypted traffic to be downgraded into an unencrypted state, or to be cracked using rainbow tables.

Mobile operators vulnerable to the GPRS attacks told The New York Times they planned to monitor Wednesday’s presentation. None of their statements addressed why their networks fail to use strong encryption to protect GPRS traffic. ®

This article was updated to correct details about the cracking of the Kasumi cipher and to clarify that the tool demonstrated Wednesday intercepts data, not calls.

Original Source: http://www.guardian.co.uk/world/2006/may/18/usa?INTCMP=SRCH

A US government eavesdropping programme that listens in on the phone calls and emails of thousands of American citizens is perfectly legal, the White House’s nominee for head of the CIA said today.
Michael Hayden, the former director of the National Security Agency (NSA), told a congressional committee that there had been no question of refusing when President Bush requested the controversial programme in October 2001. “The math was pretty straightforward. I could not not do this,” he said.

The wiretaps, which were set up without official court warrants, were needed to gain an understanding of al-Qaida activity in the US, Mr Hayden said.

“We have a very strong oversight regime,” he said. “Targeting decisions are made by people in the US government most knowledgeable about al-Qaida, al-Qaida communications, tactics and procedures.

“There is a probable cause standard. Every targeting is documented. No one has said there has been a targeting decision made that hasn’t been well-founded.”

Mr Hayden was being grilled by the senate intelligence committee considering his nomination as director of the CIA, following the departure of Porter Goss earlier this month.

In his role as director of the NSA he had been responsible for overseeing the wiretap programme, which has attracted widespread criticism in the US and was characterised as illegal by former president Jimmy Carter in February.

The secretive NSA is responsible for intercepting and analysing vast quantities of electronic communications, and is believed to be the largest of America’s intelligence agencies despite the fact that its existence was little discussed until the late 1990s.

Last week USA Today reported that the NSA had collected a massive database of the call records of tens of million Americans, having had the information provided by US phone companies.

Democratic senator Carl Levin queried Mr Hayden’s sanguine view of the wiretapping issue. “It’s not hard to see how Americans could feel that their privacy has been intruded upon if the government has … a database of phone numbers calling and being called by tens of millions of Americans who are not suspected of any wrongdoing.”

But Mr Hayden said that security was the primary issue. “Clearly the privacy of American citizens is a concern constantly,” he said. “We always balance privacy and security.”

He said that intelligence-gathering had now become a political football, and promised that he would “speak truth to power” – an allusion to concerns that the desire to justify the 2003 Iraq war caused a decline in the independence of intelligence reports.

The CIA’s prestige has taken several blows in recent years, from the initial failure to pre-empt the September 11 attacks, to the politicisation of intelligence before the Iraq war, to the appointment of former US ambassador John Negroponte as director of intelligence in 2005.

The newly-created post meant that Mr Negroponte had overall leadership of the US intelligence community, a position that had previously gone to the CIA director. Mr Hayden served as Mr Negroponte’s deputy after he left the NSA in 2005.
guardian.co.uk, Thursday 18 May 2006 20.03 BST

Original Source: http://news.cnet.com/2100-1029-6140191.html

The FBI appears to have begun using a novel form of electronic surveillance in criminal investigations: remotely activating a mobile phone’s microphone and using it to eavesdrop on nearby conversations.

The technique is called a “roving bug,” and was approved by top U.S. Department of Justice officials for use against members of a New York organized crime family who were wary of conventional surveillance techniques such as tailing a suspect or wiretapping him.

Nextel cell phones owned by two alleged mobsters, John Ardito and his attorney Peter Peluso, were used by the FBI to listen in on nearby conversations. The FBI views Ardito as one of the most powerful men in the Genovese family, a major part of the national Mafia.

The surveillance technique came to light in an opinion published this week by U.S. District Judge Lewis Kaplan. He ruled that the “roving bug” was legal because federal wiretapping law is broad enough to permit eavesdropping even of conversations that take place near a suspect’s cell phone.

Kaplan’s opinion said that the eavesdropping technique “functioned whether the phone was powered on or off.” Some handsets can’t be fully powered down without removing the battery; for instance, some Nokia models will wake up when turned off if an alarm is set.

While the Genovese crime family prosecution appears to be the first time a remote-eavesdropping mechanism has been used in a criminal case, the technique has been discussed in security circles for years.

The U.S. Commerce Department’s security office warns that “a cellular telephone can be turned into a microphone and transmitter for the purpose of listening to conversations in the vicinity of the phone.” An article in the Financial Times last year said mobile providers can “remotely install a piece of software on to any handset, without the owner’s knowledge, which will activate the microphone even when its owner is not making a call.”

Nextel and Samsung handsets and the Motorola Razr are especially vulnerable to software downloads that activate their microphones, said James Atkinson, a counter-surveillance consultant who has worked closely with government agencies. “They can be remotely accessed and made to transmit room audio all the time,” he said. “You can do that without having physical access to the phone.”

Because modern handsets are miniature computers, downloaded software could modify the usual interface that always displays when a call is in progress. The spyware could then place a call to the FBI and activate the microphone–all without the owner knowing it happened. (The FBI declined to comment on Friday.)

“If a phone has in fact been modified to act as a bug, the only way to counteract that is to either have a bugsweeper follow you around 24-7, which is not practical, or to peel the battery off the phone,” Atkinson said. Security-conscious corporate executives routinely remove the batteries from their cell phones, he added.

FBI’s physical bugs discovered
The FBI’s Joint Organized Crime Task Force, which includes members of the New York police department, had little luck with conventional surveillance of the Genovese family. They did have a confidential source who reported the suspects met at restaurants including Brunello Trattoria in New Rochelle, N.Y., which the FBI then bugged.

But in July 2003, Ardito and his crew discovered bugs in three restaurants, and the FBI quietly removed the rest. Conversations recounted in FBI affidavits show the men were also highly suspicious of being tailed by police and avoided conversations on cell phones whenever possible.

That led the FBI to resort to “roving bugs,” first of Ardito’s Nextel handset and then of Peluso’s. U.S. District Judge Barbara Jones approved them in a series of orders in 2003 and 2004, and said she expected to “be advised of the locations” of the suspects when their conversations were recorded.

Details of how the Nextel bugs worked are sketchy. Court documents, including an affidavit (p1) and (p2) prepared by Assistant U.S. Attorney Jonathan Kolodner in September 2003, refer to them as a “listening device placed in the cellular telephone.” That phrase could refer to software or hardware.

One private investigator interviewed by CNET News.com, Skipp Porteous of Sherlock Investigations in New York, said he believed the FBI planted a physical bug somewhere in the Nextel handset and did not remotely activate the microphone.

“They had to have physical possession of the phone to do it,” Porteous said. “There are several ways that they could have gotten physical possession. Then they monitored the bug from fairly near by.”

But other experts thought microphone activation is the more likely scenario, mostly because the battery in a tiny bug would not have lasted a year and because court documents say the bug works anywhere “within the United States”–in other words, outside the range of a nearby FBI agent armed with a radio receiver.

In addition, a paranoid Mafioso likely would be suspicious of any ploy to get him to hand over a cell phone so a bug could be planted. And Kolodner’s affidavit seeking a court order lists Ardito’s phone number, his 15-digit International Mobile Subscriber Identifier, and lists Nextel Communications as the service provider, all of which would be unnecessary if a physical bug were being planted.

A BBC article from 2004 reported that intelligence agencies routinely employ the remote-activiation method. “A mobile sitting on the desk of a politician or businessman can act as a powerful, undetectable bug,” the article said, “enabling them to be activated at a later date to pick up sounds even when the receiver is down.”

For its part, Nextel said through spokesman Travis Sowders: “We’re not aware of this investigation, and we weren’t asked to participate.”

Other mobile providers were reluctant to talk about this kind of surveillance. Verizon Wireless said only that it “works closely with law enforcement and public safety officials. When presented with legally authorized orders, we assist law enforcement in every way possible.”

A Motorola representative said that “your best source in this case would be the FBI itself.” Cingular, T-Mobile, and the CTIA trade association did not immediately respond to requests for comment.

Mobsters: The surveillance vanguard
This isn’t the first time the federal government has pushed at the limits of electronic surveillance when investigating reputed mobsters.


In one case involving Nicodemo S. Scarfo, the alleged mastermind of a loan shark operation in New Jersey, the FBI found itself thwarted when Scarfo used Pretty Good Privacy software (PGP) to encode confidential business data.

So with a judge’s approval, FBI agents repeatedly snuck into Scarfo’s business to plant a keystroke logger and monitor its output.

Like Ardito’s lawyers, Scarfo’s defense attorneys argued that the then-novel technique was not legal and that the information gleaned through it could not be used. Also like Ardito, Scarfo’s lawyers lost when a judge ruled in January 2002 that the evidence was admissible.

This week, Judge Kaplan in the southern district of New York concluded that the “roving bugs” were legally permitted to capture hundreds of hours of conversations because the FBI had obtained a court order and alternatives probably wouldn’t work.

The FBI’s “applications made a sufficient case for electronic surveillance,” Kaplan wrote. “They indicated that alternative methods of investigation either had failed or were unlikely to produce results, in part because the subjects deliberately avoided government surveillance.”

Bill Stollhans, president of the Private Investigators Association of Virginia, said such a technique would be legally reserved for police armed with court orders, not private investigators.

There is “no law that would allow me as a private investigator to use that type of technique,” he said. “That is exclusively for law enforcement. It is not allowable or not legal in the private sector. No client of mine can ask me to overhear telephone or strictly oral conversations.”

Surreptitious activation of built-in microphones by the FBI has been done before. A 2003 lawsuit revealed that the FBI was able to surreptitiously turn on the built-in microphones in automotive systems like General Motors’ OnStar to snoop on passengers’ conversations.

When FBI agents remotely activated the system and were listening in, passengers in the vehicle could not tell that their conversations were being monitored.

Malicious hackers have followed suit. A report last year said Spanish authorities had detained a man who write a Trojan horse that secretly activated a computer’s video camera and forwarded him the recordings.

Read more: http://news.cnet.com/2100-1029-6140191.html#ixzz1WM1hvrYH

Original Sourcehttp://memeburn.com/2011/07/microsoft-and-skype-set-to-allow-backdoor-eavesdropping/

Skype and Microsoft have managed to leapfrog common sense and build a backdoor into your favourite VOIP application. It is called Lawful Interception and is part of a new patent which Microsoft filed back in 2009, but is now preparing to unleash itself into our world due to its recent approval.

Lawful Interception means that government agencies can, without your permission, begin tracking your Skype conversations. Calls can be covertly recorded and used against you in any circumstance. It is legal, it is frightening and it is coming to a voice over IP application near you.

I understand where Microsoft is coming from. They are obliged, by law, to provide some sort of tracking tool for the authorities who require these specific services. The US law, set by CALEA (Communications Assistance for Law Enforcement Act), states that all telecommunications operators must enable their hardware and software for surveillance tracking. What is hard to understand is why Microsoft is so willing to open up its software for backdoor exploits. This creates a situation which welcomes exploits and willingly turns your computer into a revolving door for hackers.

Microsoft claims that Legal Intercept gently smoothes over the holes which exist in our current telecommunications setup. POTS or Plain Old Telephone Services uses a different monitoring system and one which is far too archaic for VOIP. If Microsoft manages to successfully implement Legal Intercept then it may just hold the rights to the world’s most powerful monitoring system. This is obliviously one of Microsoft’s main goals for its invasive system.

If you are feeling powerless, join the club. You could uninstall Skype, because it remains one of the best, if not the best, VOIP application. After years of use, are we now expected to sit back and relax as our privacy is invaded? India is not as impartial as I am and have warned Skype that if it does not fix its laws relating to Legal Interception then Skype will risk being blocked in India; as this is a market of 1.2-billion potential users, Microsoft will have to work hard to please the Indian telecommunication committees and remain in its good graces.

Legal Interception is not only pervasive in Skype, but will soon be in your email accounts too. The Egyptian government, famous for breaking the privacy laws of its citizens, recently ended a five-month trial of the Legal Interception application in conjunction with Gmail, Hotmail, Yahoo and various other webmail providers. The software then has the further option of planting its own version of a Trojan horse executable which can be passed on to any computer via social sharing, or portable drives. In yet another irritating blow, Legal Interception will also allow targeted ads based on our user preferences to invade our screens.

Skype has more than 200-million users and, since its inception, it has been exceptionally secretive regarding its security protocols and have refused to reveal any details to the public. It has effectively asked its users to trust it, no matter what it throws at them. Microsoft cannot deny the FBI or the CIA the ability to tap calls. It is therefore placed in the precarious position of infuriating either the user or the government which wishes to track the user.

In a Nutshell: You can uninstall Skype if anonymous tracking enrages you. Otherwise, enjoy a more monitored VOIP existence. Regardless of the steps we take to cover our activities, nothing can keep us out of the spotlight of the tracking tools.