Guide to DIY Wiretapping

Geeks are Sexy writes "ITSecurity.com has a nice piece this week on how wiretapping works and how you can protect yourself from people who wants to snoop into your life. From the article 'Even if you aren't involved in a criminal case or illegal operation, it's incredibly easy to set up a wiretap or surveillance system on any type of phone. Don't be surprised to learn that virtually anyone could be spying on you for any reason.'" Maybe I'm on the wrong track here, but I guess I assumed that wiretapping now happened in secret rooms at the telco, and not by affixing something physically to a wire in your home, but I'll definitely be aware next time I hear a stranger breathing next time I'm stuck on hold.

voltage drop

[omeomi]

Most of the land line suggestions in that article don't seem to bother with taking care of the noticeable voltage drop caused by adding an extra phone to a call. You can tell when somebody else in your house picks up the phone while you're on it because the person on the other end gets quieter. The same thing would happen if you plugged a phone into the line outside your house. I thought professional surveillance systems did something to make up for this, so there's no noticeable change in volume when the wiretapper starts listening.

Re:It was..

[blcamp]

They are legal when they bother to get a judge to sign a warrant. It's only when they don't get a warrant that they're illegal.

It's only illegal if someone (or an entity) gets caught, you're able to prove it court, are able to get a ruling in your favor in court, and are able thereafter to enforce remedial action.

Good luck with all that.

Re:voltage drop

[f8l_0e]

If you were going to build your own tap, you could add a variable resistor inline to the hook switch. Before listening in on the call, you would dial the resistor up to its highest value, pick up the line, and then reduce the resistance until the audio was at a level you could understand. You could take it down to its minimum value as long as you did it slow enough that the volume drop wasn't noticeable. The professional taps would intercept as soon as the line was picked up though. You wouldn't notice a drop in volume.

You don't need a phone to listen in..

[the_rajah]

If your listening device uses capacitive coupling, then there's no current drain to draw down the nominal 50 volts across an on-hook POTS line. Radio Shack used to sell a little box that coupled like that and also would turn on a recorder when the line went off-hook. Also, since it's a listening only device, there's no risk of being overheard while breathing heavily.

Re:It was..

[N1ck0]

Of course you can still tap any POTS line the good old fashion way. Its just a matter of accounting for the voltage drop on the line. Although yes if you are the telco it is just easier to capture everything while it is in digital format on the switch. Now if you don't use analog, inline (some random place between the CO and customer) tapping can be a bit harder. You basically either have to record the signals on the line and decode it later, or toss a non-terminating CSU/test kit in the line without making too much of a disruption in the signal.

Re:voltage drop

[Ucklak]

It depends on your REN [wikipedia.org] number.
Back in the days of modems, my REN was about 4.5.

No matter what device they attach, it will modify your REN number and if it's higher than 4, you'll be able to tell.

Re:How do you wiretap a cell phone?

[DRAGONWEEZEL]

Every method I have seen so far requires physical access.
Quite frankly, it's a threat, but no more than the famous slashdot meme: If you have physical access you have root.

Who would abandon their celly? I take mine to the bathroom w/ me. I don't let strangers in my house, and it doesn't leave my pocket unless I am making/recieving a call.

I think this is really just FUD to freak people out. Hey whats that? Why does my phoen blink? Oh, it's just a reply to a post on /.!

Re:voltage drop

[bugnuts]

The Ringer Equivalence Number is just the number of phones the ringer can drive. More than that, and they won't have the voltage to ring.

It has nothing to do with talking on the phone.

What you'd want to do is use an inductive microphone or even an inductive loop around the actual cable. It doesn't touch it, and is very difficult to detect if it's nearby the cable... Search for the USS Halibut, and how it tapped a Soviet military underwater cable by using a nearby inductive coil which never interfered with the cable.

Re:voltage drop

[mollymoo]

If you use a normal phone, yes. Until recently I worked in telecoms and we were all issued with a near perfect bugging device - a butt phone with monitor mode. Monitor mode is high-impedance so undetectable without some clever kit. Connect it to the right pair, hit the button and you can listen in undetected at will. You can buy one [nimans.net] for a hundred quid ($200) or so, probably less if you shop around. Monitoring lines was standard practice, albeit briefly, when working on a line - you listen to make sure nobody is using the phone, then dial a test number using the line to make sure it's the right circuit, then do whatever you need to do. You aren't supposed to listen to people's conversations, merely ensure the line isn't in use, but that doesn't mean it didn't happen.

Telecoms cabinets aren't all that secure, it's easy to break in and put a tap in one and with a little care it wouldn't be obvious to an engineer working in the cabinet there was anything amiss. You could make a tap with a microcontroller with an ADC and some external RAM. The hard part would be finding the right pair without access to the phone company records or target's premises.

WTF??

[f8l_0e]

The article also links to this product [toysrus.com]. They never had toys this fscking cool when I was a kid.

Re:voltage drop

[Kingston]

A piezoelectric earpiece, like the type that used to be supplied with cheap radios, is perfect for this application. It has a very high input impedence and a tiny current draw. You would not be able to detect its use, there would be no drop in volume on the line.

Re:Encrypted VOIP not secure...

[WK2]

I agree that recommending Skype for security is a bad idea, but for entirely different reasons. I consider my computer safe. Nothing is perfect, but my computer is much safer than the mess at the phone company. However Skype is not secure. It is not even open source. Just like people can do weird stuff at the phone company, they can do weird stuff at Skype. The creators have gone on record saying that the encryption code probably will not stand up to crackers over time.
http://en.wikipedia.org/wiki/Skype [wikipedia.org]

stop glossing over Skype's problem

[Sloppy]

Countermeasure suggested by article:

Use an encryption VoIP service like Skype: Skype is an especially difficult service to tap, because of its encryption strategy. Slate reporter David Bennahum writes that "the company has built in such strong encryption that it's all but mathematically impossible with today's best computer technology to decode the scrambled bits into a conversation." You're more protected with this system.

I sometimes feel bad about flaming Skype [slashdot.org]. They really are more resistant to eavesdropping than most everything else, and it's nice they used AES256. They almost got it right.

But saying it's mathematically impossible to crack 'em is bullshit, because Skype's design is flawed (in at least one way that we know of -- and there's a lot we don't know about it, because it's closed and hasn't been really audited by crypto-nerds -- that's Skype first problem). AES256 is useless if the key itself has been compromised by MitM, and Skype's design allows that (that's Skype's second problem). Skype depends on a central server [wikipedia.org] to introduce identities to one another, and that central point is potentially subject to compromise (or coercion). There's no reason VoIP users can't (in many cases, at least) cert each other directly, but unfortunately, that's not how Skype works.

Skype can be tapped, and all this talk about how its heavy crypto prevents that, is a smokescreen. AES is believed to be a strong link in this chain, but don't forget that we're talking about a chain.

STU Phones?

[lbgator]

The Government avoids spying by using STU phones [wikipedia.org]. If tapping stays in the news, I wonder if projects like OpenMoko [wikipedia.org] will incorporate similar techniques. It's good enough for gov't TS - so it is probably good enough for me chatting with my friend about what to do this weekend. It would only be a matter of time before cracking these streams would be easily doable, but at least there would be a small barrier to unfettered access.

Just get a freaking Bearcat scanner and scan...

[Anonymous Coward]

... from 30 to 50 MHz. Then scan some of the higher ranges.

Gotta love mixing old and new technologies. It's amazing how many people enter their credit card info into cordless phones. Baby monitors are also easy to pick up. Most conversations aren't worth listening to, though.

My Conversation with the NSA

[SiriusRegalis]

About a year after 9-11, I was talking on my phone with my wife. Now, to really understand this story, you have to know that my wife is from Iran, her father was a former General or the Air Force there, and she knows multiple folks who had fairly high positions at one time in the government. And she calls home all the time. We spend 50-60 hours a month connected to Iran via phone.

So I'm sitting in a bookstore, and she calls. Right in the middle of the call there is a strange squeaking noise, reminiscent of digital audio "static" noises, sort of a cross between a cd skip and a modem. Sudden it ends, and we are no longer on the phone alone. Somehow our conversation was crossed with another cell phone conversation.

The strange part is this. The other folks now joined to our conversation were also from Iran. They were speaking Persian.

After about 30 seconds or mass confusion, the call went dead. For about 5 minutes my wife's phone and mine refused to connect out to make a call. Full signal, no access. When we finally got back in contact with each other, she told me that the other people on the line were trying to meet at a restaurant on the other side of Dallas. One had just landed at DFW from Frankfurt, on his way home from Iran. She understood them, I don't know the language.

Now, what are the chances of 4 mobile phones, separated by 20 miles a piece, suddenly crossing conversations at the servers, and being the same fairly limited ethnic/nationality group that just happens to be on the "Axis of Evil" list?

I tell this story to my freinds under the title "My conversation with the NSA" Since then it is a running joke for my freinds to randomly yell "bomb", "assassinate", "Jihad" and "Mohamed" while talking to me on the phone.

Re:You don't need a phone to listen in..

[Em Adespoton]

Not recommended, but I used to use a 9VDC battery in a circuit to boost signal in the local circuit back when I was on a party line. It seemed to provide the boost needed and the telco never complained. I never did figure out why it worked, considering analog twisted copper does run AC.

Anyone in telecom....

[Flagg0204]

Especially in field operations knows how insecure our phone pedestals (the little green and brown enclosers along your neighborhood roadds) are. Typically they use just a standard hex wrench to open. Dress in the right clothing, grab your butt set and go to town. Commercial bldgs are not much different. If you can talk the lingo and have a tool bet, its not hard to use a little social engineering to get into building telco closets. Having worked in telco for many years I can't count how many times I have been let into bldgs by just saying "I am with xyz telecom, and tenant abc needs us to work on their phone". 9 times out of 10 I don't have to present ID, they don't call the tenant they simply unlock the door. I have worked in telco closets where I have tapped onto a copper pair to hear lawyers discussing divorce cases with a cleint. Or a stock broker discussing financials with one of their clients.