Forgot your password?
typodupeerror
Communications Security

Guide to DIY Wiretapping 183

Posted by CmdrTaco
from the do-you-hear-what-i-hear dept.
Geeks are Sexy writes "ITSecurity.com has a nice piece this week on how wiretapping works and how you can protect yourself from people who wants to snoop into your life. From the article 'Even if you aren't involved in a criminal case or illegal operation, it's incredibly easy to set up a wiretap or surveillance system on any type of phone. Don't be surprised to learn that virtually anyone could be spying on you for any reason.'" Maybe I'm on the wrong track here, but I guess I assumed that wiretapping now happened in secret rooms at the telco, and not by affixing something physically to a wire in your home, but I'll definitely be aware next time I hear a stranger breathing next time I'm stuck on hold.
This discussion has been archived. No new comments can be posted.

Guide to DIY Wiretapping

Comments Filter:
  • by Anonymous Coward on Thursday June 19, 2008 @11:18AM (#23857453)
    If someone is dumb enough to leave the microphone connected on an intercept phone, they deserve to get caught.
    • by Lost Penguin (636359) on Thursday June 19, 2008 @12:26PM (#23859153) Homepage
      You sneeze while on the phone with your friend, and hear "gesundheit".... twice.
    • by BadHaggis (1179673) on Thursday June 19, 2008 @03:03PM (#23862303)
      To the stranger listening on my phone.

      Please provide a transcript of the shopping list my wife just gave me. I think that I may have forgotten to write something down.

    • by Thelasko (1196535) on Thursday June 19, 2008 @03:50PM (#23863179) Journal

      If someone is dumb enough to leave the microphone connected on an intercept phone, they deserve to get caught.
      You raise a good point. Using a plain speaker is risky, because it can potentially double as a microphone. Telephones have a duplex coil which prevents this from happening.
      • Have you ever heard the expression a little knowlege [allexperts.com] is a dangerous thing? Your clue should have been the definition of the word duplex [tech-faq.com].
        • by Thelasko (1196535)
          I read your post. It didn't tell me anything I didn't already know. I was referring to the speaker acting as a microphone. [wikipedia.org] Take apart an old phone [wikipedia.org] and switch the speaker and the microphone and place a call. It will still work fine because the duplex coil determines which one is the speaker and which one is the microphone, not the nature of the devices. Without this isolation, assuming you are simply hooking a speaker up in parallel to the pair of copper wires, you will be able to hear the conversation,
          • "I read your post. It didn't tell me anything I didn't already know."

            So rather than mistakenly spreading misinformation, you are now loudly proclaiming your pride in intentionally spreading it. That's great. For the record, it turns out that the world doesn't revolve around you, and I actually don't care if you are proud to lack a clue. My post was specifically to prevent the viral spread of cluelessness. Embrace yours. It seems to really be working for you ;-)

        • by Thelasko (1196535)
          Wait, are you just arguing about what the device is called? Call it what you will, apparently Wikipedia calls both devices a hybrid coil. [wikipedia.org] The point is, you need to isolate the speaker or it will act like a microphone.
          • by camperslo (704715)
            An earpiece does act like a microphone, but has very low sensitivity. Most modern phones have a condenser microphone which is powered and uses amplification. Legacy phones had a carbon microphone, which varied resistance with the audio pressure. Those need current (DC) through them to produce an audio voltage, and also have MUCH higher output than dynamic (moving coil in magnetic field) types.

            The hybrid circuit in a phone really isn't about preventing the earpiece from acting as a microphone.

            Because of l
            • "When someone adds a load to the line by picking up another phone, the caller will get quieter, but your own voice will seem louder (to you, not to the caller)."
              All in all, you are accurate in your post. However, bear in mind that if I, or anyone with a clue, is tapping your line, it will be with a high impedance tap. You won't hear a thing. You won't detect a thing. You'll need counter-survellaince electronics to detect it.
    • by PPH (736903)
      Hello, NSA? I've had a few too many to drink. Could you please trace this call and tell me where I am?
  • It was.. (Score:2, Informative)

    by f8l_0e (775982)
    The official, albeit illegal kind do occur at the telco, at least these days. Before modern switching a residential tap would have be the way it was done.
    • Re: (Score:3, Insightful)

      by omeomi (675045)
      They are legal when they bother to get a judge to sign a warrant. It's only when they don't get a warrant that they're illegal.
      • Re: (Score:3, Interesting)

        by blcamp (211756)

        They are legal when they bother to get a judge to sign a warrant. It's only when they don't get a warrant that they're illegal.
        It's only illegal if someone (or an entity) gets caught, you're able to prove it court, are able to get a ruling in your favor in court, and are able thereafter to enforce remedial action.

        Good luck with all that.

        • Re:It was.. (Score:5, Insightful)

          by omeomi (675045) on Thursday June 19, 2008 @11:40AM (#23857995) Homepage
          It's only illegal if someone (or an entity) gets caught, you're able to prove it court, are able to get a ruling in your favor in court, and are able thereafter to enforce remedial action. Good luck with all that.

          Well, it's still illegal. Just because the powers that be think they can ignore laws, and have the power to keep from getting prosecuted doesn't change the legality. Maybe someday they'll be brought to justice. Doubt it, though.
          • Re:It was.. (Score:4, Insightful)

            by TheGratefulNet (143330) on Thursday June 19, 2008 @12:08PM (#23858705)
            Well, it's still illegal. Just because the powers that be think they can ignore laws, and have the power to keep from getting prosecuted
            doesn't change the legality. Maybe someday they'll be brought to justice.


            legality is only for those of us who are NOT in law enforcement or the government.

            you can talk all you want about constitution this or law that; but while you rot in prison being raped by other guys, tell me again how 'illegal'it was that they tapped you.

            laws are an abstract concept. being locked away is the farthest thing from being abstract.

            they all know this and this is why we are kept in fear (ie, in check).

            (lovely country/world we got here, huh?)
      • Even with a warrant, it's only legal if they told the judge the truth to get the warrant. There have been documented cases of agencies materially misrepresenting investigations in order to get warrants, too.
    • Re:It was.. (Score:4, Interesting)

      by N1ck0 (803359) on Thursday June 19, 2008 @11:38AM (#23857947)
      Of course you can still tap any POTS line the good old fashion way. Its just a matter of accounting for the voltage drop on the line. Although yes if you are the telco it is just easier to capture everything while it is in digital format on the switch. Now if you don't use analog, inline (some random place between the CO and customer) tapping can be a bit harder. You basically either have to record the signals on the line and decode it later, or toss a non-terminating CSU/test kit in the line without making too much of a disruption in the signal.
  • voltage drop (Score:5, Interesting)

    by omeomi (675045) on Thursday June 19, 2008 @11:24AM (#23857591) Homepage
    Most of the land line suggestions in that article don't seem to bother with taking care of the noticeable voltage drop caused by adding an extra phone to a call. You can tell when somebody else in your house picks up the phone while you're on it because the person on the other end gets quieter. The same thing would happen if you plugged a phone into the line outside your house. I thought professional surveillance systems did something to make up for this, so there's no noticeable change in volume when the wiretapper starts listening.
    • Re:voltage drop (Score:5, Insightful)

      by faloi (738831) on Thursday June 19, 2008 @11:28AM (#23857697)
      The downside to some of the audible cues is that, at least amongst people I know, the use of cordless phones is prevalent. And most of the people I know tend to immediately write off any abnormality (shifts in volume, clicking, etc.) in their conversation as being because of the phone. Which is probably the case. Either that or I need a better class of acquaintances.
      • by smooth wombat (796938) on Thursday June 19, 2008 @12:01PM (#23858499) Homepage Journal
        True story: I have a cordless phone and one time I was talking with my mom and the phone acted a bit weird. She sounded somewhat quieter and there seemed to be static. I shook the phone thinking there was a loose connection and the static was gone but her voice was still quieter.

        She asked me what was going on and I told her, "Eh, must be the wiretap on my phone."

        As far as I can tell, I have not had that problem since that time.

        *cue spooky music*
    • Re: (Score:2, Interesting)

      by f8l_0e (775982)
      If you were going to build your own tap, you could add a variable resistor inline to the hook switch. Before listening in on the call, you would dial the resistor up to its highest value, pick up the line, and then reduce the resistance until the audio was at a level you could understand. You could take it down to its minimum value as long as you did it slow enough that the volume drop wasn't noticeable. The professional taps would intercept as soon as the line was picked up though. You wouldn't notice
    • If your listening device uses capacitive coupling, then there's no current drain to draw down the nominal 50 volts across an on-hook POTS line. Radio Shack used to sell a little box that coupled like that and also would turn on a recorder when the line went off-hook. Also, since it's a listening only device, there's no risk of being overheard while breathing heavily.
    • Re: (Score:2, Interesting)

      by Ucklak (755284)
      It depends on your REN [wikipedia.org] number.
      Back in the days of modems, my REN was about 4.5.

      No matter what device they attach, it will modify your REN number and if it's higher than 4, you'll be able to tell.
      • Re:voltage drop (Score:5, Interesting)

        by bugnuts (94678) on Thursday June 19, 2008 @11:52AM (#23858287) Journal
        The Ringer Equivalence Number is just the number of phones the ringer can drive. More than that, and they won't have the voltage to ring.

        It has nothing to do with talking on the phone.

        What you'd want to do is use an inductive microphone or even an inductive loop around the actual cable. It doesn't touch it, and is very difficult to detect if it's nearby the cable... Search for the USS Halibut, and how it tapped a Soviet military underwater cable by using a nearby inductive coil which never interfered with the cable.
    • Re:voltage drop (Score:5, Interesting)

      by mollymoo (202721) on Thursday June 19, 2008 @11:52AM (#23858297) Journal

      If you use a normal phone, yes. Until recently I worked in telecoms and we were all issued with a near perfect bugging device - a butt phone with monitor mode. Monitor mode is high-impedance so undetectable without some clever kit. Connect it to the right pair, hit the button and you can listen in undetected at will. You can buy one [nimans.net] for a hundred quid ($200) or so, probably less if you shop around. Monitoring lines was standard practice, albeit briefly, when working on a line - you listen to make sure nobody is using the phone, then dial a test number using the line to make sure it's the right circuit, then do whatever you need to do. You aren't supposed to listen to people's conversations, merely ensure the line isn't in use, but that doesn't mean it didn't happen.

      Telecoms cabinets aren't all that secure, it's easy to break in and put a tap in one and with a little care it wouldn't be obvious to an engineer working in the cabinet there was anything amiss. You could make a tap with a microcontroller with an ADC and some external RAM. The hard part would be finding the right pair without access to the phone company records or target's premises.

    • Re: (Score:3, Informative)

      by Anonymous Coward
      The "professional" wiretap uses a buttset. These have bed-of-nails clips for monitoring without leaving any particularly obvious traces (a small hole is made through the sheath of the wire, that is all, no cutting or stripping is involved).

      They also have both a regular and monitor mode. The regular mode makes it work like a normal telephone, with about 600 Ohms impedance, causing a voltage drop. The monitor mode has 100+ kOhms impedance, which will cause a voltage drop low enough to be indistinguishable
    • Re: (Score:2, Interesting)

      by Kingston (1256054)
      A piezoelectric earpiece, like the type that used to be supplied with cheap radios, is perfect for this application. It has a very high input impedence and a tiny current draw. You would not be able to detect its use, there would be no drop in volume on the line.
    • by mdielmann (514750)

      Most of the land line suggestions in that article don't seem to bother with taking care of the noticeable voltage drop caused by adding an extra phone to a call. You can tell when somebody else in your house picks up the phone while you're on it because the person on the other end gets quieter. The same thing would happen if you plugged a phone into the line outside your house. I thought professional surveillance systems did something to make up for this, so there's no noticeable change in volume when the wiretapper starts listening.

      I've found that when sharing a phone call with someone (two of us on different phones in the house) that if you held down the mute button, the volume drop pretty much went away. It's worked for me as recently as a year or so ago. With some connections, it's the only thing that makes it possible for either person on the shared line to hear the conversation well.

    • by noidentity (188756) on Thursday June 19, 2008 @01:02PM (#23859943)
      It's even simpler in the USA to find out if the line is tapped. If the year is 2000 or later, it is.
  • by pegr (46683) *
    And I posted it back in August:

    http://slashdot.org/~pegr/journal/180007 [slashdot.org]

  • by Psmylie (169236) * on Thursday June 19, 2008 @11:25AM (#23857625) Homepage
    I'll hold off on trying any of their wiretapping suggestions until they release guides on "DIY Legal defense" and "How to Avoid Getting Buggered in a Federal Prison".

    Still, if you're feeling paranoid, by all means check your phones. It's true, nosy neighbors could indeed be spying on you. Never underestimate the average person's voyeurism urges...

    • by raddan (519638)
      The only reasonable thing to do, if you're worried about your communications being monitored, is to assume that they are being monitored. Relying on the fact that your phone is not tapped is just a bad idea, and this is why all security nowadays happens at the endpoints.
  • Hard lines went out when The Matrix went out of theaters. I know there is some frequency scanning intercept type things they can do, but I thought digital cells w/ voice privacy and all that were pretty good from phone to switch???
    • Re: (Score:3, Funny)

      by introspekt.i (1233118)
      Because how can you wiretap something with no wires? It must be completely immune to wiretapping XD.
    • by bugnuts (94678)
      Cellphones are easily tapped... with the right equipment. That's the catch, the equipment is very expensive (last I checked, a few years ago).

      Analog cellphones were incredibly easy to listen to with a scanner, but this is no longer the case since most is digital.

    • by Hyppy (74366)
      Did you bother to RTFA?

      Didn't think so. It's scary what you can do to someone's cell phone.
      • Re: (Score:3, Interesting)

        by DRAGONWEEZEL (125809)
        Every method I have seen so far requires physical access.
        Quite frankly, it's a threat, but no more than the famous slashdot meme: If you have physical access you have root.

        Who would abandon their celly? I take mine to the bathroom w/ me. I don't let strangers in my house, and it doesn't leave my pocket unless I am making/recieving a call.

        I think this is really just FUD to freak people out. Hey whats that? Why does my phoen blink? Oh, it's just a reply to a post on /.!
        • I'm sure if you're married you have the opportunity to pick up your partners phone pretty easily to install stuff on it. I leave my phone in the key cup by my front door - sure its not out of sight, but I don't carry my phone to the bathroom at home :).
    • There are a number of known attacks on the GSM encryption [wikipedia.org].
  • by chemosh6969 (632048) on Thursday June 19, 2008 @11:25AM (#23857635)
    It's the 90s bomb making/revenge/wiretapping text file guides all over again. Only this time it's Web 2.0
  • Not sure about strangers breathing, but I often hear several other conversations while on my cellphone (AT&T). If you can tap into other folks' lines by accident, I figure it's readily feasible to do so on purpose.
  • by Steauengeglase (512315) on Thursday June 19, 2008 @11:32AM (#23857795)
    Yes, because corporate espionage is so often carried out by nefarious time travelers from the 70s and 80s. This gem should also include look for men with wavy hair and bright rays from the nearest time gate.
  • From TFA
    "Listen to other people's calls through your own basic telephone by hooking up your phone to a part of the original line that runs outside the house of your target."

    I can just see the Darwin awards on this one when some idiot mistakes the main power line for a phone line when looking for the "red and green wires". ZAP
  • In theory, couldn't you use a current loop probe? [fluke.com] You wouldn't even have to connect any wires. Just the right signal processing and you're done.

    Disclaimer: I'm not an EE
    • by eakerin (633954)
      You're looking for an Inductive Amplifier. They are commonly used for tracing wires to pick up the tone from the tone generator you put on the other end of the wire.
  • by bugnuts (94678) on Thursday June 19, 2008 @11:40AM (#23857987) Journal
    They recommend Skype, which encrypts its traffic.

    But the computer is even more vulnerable than a phone to bugs. Tons of malware exists that can "own" a computer, which has given rise to an entire new security market. A phone is easy to tell if it has a bug ... you can simply open it up and look at it. Computers not so much.

    It also recommends using a cellphone for confidential calls. Just make sure neither provider uses ATT.
    • Re: (Score:3, Interesting)

      by WK2 (1072560)
      I agree that recommending Skype for security is a bad idea, but for entirely different reasons. I consider my computer safe. Nothing is perfect, but my computer is much safer than the mess at the phone company. However Skype is not secure. It is not even open source. Just like people can do weird stuff at the phone company, they can do weird stuff at Skype. The creators have gone on record saying that the encryption code probably will not stand up to crackers over time.
      http://en.wikipedia.org/wiki/Skype [wikipedia.org]
    • by hey! (33014)
      The problem is that computers are so darn useful, there's no way to make them so useful without making them useful for malware. The answer is, you build your own dedicated Skype phone that (a) only does Skype and (b) uses read only media for everything it can.

      Personally, I wouldn't worry about bugs planted inside a phone, except possibly of software variety. How long before this happens with a smart phone? It's much easier to tap the lines for analog phones.
  • by Anonymous Coward
    Just wanted to say thanks for these articles. Now every single one of our paranoid customers is going to call us up and demand an inspection of their line.

    I just want to get this off my chest for most people.... You aren't interesting enough to tap, nobody cares about your private business.
  • What a load of crap. (Score:5, Informative)

    by chill (34294) on Thursday June 19, 2008 @11:44AM (#23858105) Journal
    The 80s called and their want their wiretapping tech back.

    This is great if you're worried about the neighbor kid listening in, but not for anyone serious. Wiretapping is done at the telco level and you can't tell you're being tapped. In the digital age there is no clicking, breathing, voltage drops or any other indication. There is a big long checklist when implementing a CALEA node for making certain there is no way the target can tell they're being monitored.
    • by mollymoo (202721)
      Only if your definition of "serious" only includes law enforcement or government. Industrial espionage is pretty serious and shady private detectives can't just wave a court order at the telecoms company, they have to do it the old-fashioned way. But as far as clicking and the like goes, it would take a pretty clumsily designed device to be detectable that easily.
      • by drinkypoo (153816)
        These days major businesses (you know, people worth tapping) are bringing in a bigger interface for their phone system, or even using internet telephony. It's not a bunch of pairs of copper so much any more. I imagine it's not too hard to tap into something bigger (a PRI?) but IP telephony is regularly encrypted.
        • Re: (Score:3, Insightful)

          by idontgno (624372)

          Well then thank $DIETY that business conversations never occur outside the secure premises of a place of business. Certainly, what manager, executive, or board member [techlawjournal.com]* would use a home phone line to conduct confidential business.

          Dang, I left my sarcasm tags at home this morning.

          *Yes, the link is not about phone tapping, it's about pretexting. But note that some of the target phone numbers were home phone lines. If someone can be troubled to illegally access your home phone records for a business investigat

  • Maybe I'm on the wrong track here, but I guess I assumed that wiretapping now happened in secret rooms at the telco, and not by affixing something physically to a wire in your home, but I'll definitely be aware next time I hear a stranger breathing next time I'm stuck on hold.
    The type of surveillance you describe is indeed occuring, but it's not particularly selective in many cases. What's concerning is the fact that wiretapping occurs a lot more than people realize, for a variety of reasons, by private and public sector parties. As I'm sure you're aware, physical access is rarely required to accomplish the task these days.
  • "Maybe I'm on the wrong track here, but I guess I assumed that wiretapping now happened in secret rooms at the telco, and not by affixing something physically to a wire in your home."

    Wiretapping might happen in a telco if it was a legitimate government operation. If it's a rogue operation, a private investigator or just some stalker, they won't be using the telco company to do it.

  • WTF?? (Score:4, Interesting)

    by f8l_0e (775982) on Thursday June 19, 2008 @11:53AM (#23858333)
    The article also links to this product [toysrus.com]. They never had toys this fscking cool when I was a kid.
  • Sounds like a DIY one-way ticket to gitmo, if you ask me.
    • by drinkypoo (153816)

      Sounds like a DIY one-way ticket to gitmo, if you ask me.

      Well, they just instated Habeas Corpus at gitmo... and if they declare you to be a terrorist or enemy combatant, you can lose it here... And besides, isn't waterboarding similar to a spa treatment? You can catch up on your R&R and work on your skin at the same time!

      Just hope you look good in orange...

    • gitmo is reserved for people the feds can't charge with an actual crime. This activity will send you to federal "pound-me-in-the-ass" prison.
  • go walk with them on a beach. if this seems like too much effort, then whatever it is you have to talk about isn't that important to you, and therefore not worth the effort to ensure its privacy

    if you are upset at your government spying on you, then what strange notion of yours convinced you that an expansive public network would have no spying on it? i'm not talking about the government passing this law or that law about surveillance, i'm talking about the surveillance that woudl happen anyway, regardless
    • >go walk with them on a beach.

      Leaving your cell phone behind, or pulling the battery out, if you might be the target of a motivated eavesdropper.
  • by Anonymous Coward
    You mean there's a device you could attach to a phone line to listen to a call? Amazing!

    For people in the know, there's an easier method to listen in on calls which is only detectable by the phone company: a Direct Access Test Unit [wikipedia.org] or DATU. Find one of these "secret" numbers on the exchange your victim is on and you have the ability to snoop on their calls using the phone company's own test equipment. Messing with these numbers is also a very quick way to go to jail, but you sorta run that risk with an ille
  • by Chyeld (713439) <chyeld@gmai l . c om> on Thursday June 19, 2008 @12:07PM (#23858675)
    Couple of years ago, one of my neighbors narced on me because they thought I was playing video games too loud. This led to me getting a set of wireless headphones to listen to TV with.

    It completely surprised me the first time I put them on and couldn't get them to tune into the TV's transmitter because all the channels were full of wireless phone conversations.

    Sadly, none of my neighbors have any secrets worth listening to. And even worst, most of them seem to have no issues with taking the phone into the shitter with them :/

    In revenge, I've hooked up the transmitter to a cheap dvd player and leave anime porn running on a loop just before going to work, every few days....
  • possible != likely (Score:3, Insightful)

    by petes_PoV (912422) on Thursday June 19, 2008 @12:09PM (#23858737)
    Even if someone did try one of these amateurish techniques, they are unlikely to come up with anything they can use against you. Apart from the fact that most people simply aren't that interesting, do you really care if they hear you talking to Aunt Ethel. Most people use their mobile phones for any discrete communication - far less chance of someone in your own house picking up an extension, or hitting redial.

    This is old information which didn't ever work properly and is increasingly irrelevant today.

    Coming up next: how to get free long-distance by whistling down the phone ...

    • Your credit card number, if you still buy things over the phone. Somebody malicious could do worse things with your credit card number than just running up your bill.

      If you're in a position where someone might feel motivated to spy on you, for example being a spouse who's constantly "working late" or a reporter publishing damaging leaks, then you probably do have something to lose from having your privacy violated.

      Then there's the whole matter of principle. If I found a camera in my shower I'd be pretty ste
  • As a embedded software developer at a major telco equipment manufacturer I can verify that when the government wants a wiretap, they can do it easily at the telco. Several times telcos came to us and said "the government has asked for a wiretap how can we use your equipment to comply?" The process to do the wiretap was the same used to setup a conference bridge, which digitally duplicates the DS0 or T1. The government could then get a digital copy of all voice/data of the lines.
  • Remember how easy it was to listen on conversations over cellular phones back then? A piece of tinfoil or a soldered wire (some even allowed you to enter this mode via keypad) was all you needed to listen in on conversations. Not that I did any of this stuff... not me, no sir.
  • by javelinco (652113) on Thursday June 19, 2008 @12:19PM (#23858989) Journal
    I remember when I was younger, going around with a handset with roach clips at the end of the wire, opening phone boxes and plugging in. It was always a bit of a surprise when we tapped an active line, but MAN! So easy to do. I don't know if things are still setup the same way these days - I know the phone boxes around here are locked - not sure if the same key opens all of them anymore, but yeah - easy to tap a phone line? Sure, as long as you don't mind sitting in the bushes! I'm sure there is technology that can make it easier than that, these days.

    Oh, the above story? Not me, of course. When I say I, I'm talking about someone else I heard stories about, of course. I'd never do anything remotely approaching illegal, such as making long distance phone calls on other people's lines. That's crazy!
    • Re: (Score:3, Funny)

      by Sabz5150 (1230938)

      going around with a handset with roach clips at the end of the wire
      You beige boxing pothead :)
  • by Thelasko (1196535) on Thursday June 19, 2008 @12:36PM (#23859367) Journal
    Why would I want to wiretap myself?
    • by dkleinsc (563838)
      You may not want to tap your own conversations, but you might want to tap your home phone to catch your spouse arranging for a tryst with someone else.
  • by gatkinso (15975) on Thursday June 19, 2008 @01:45PM (#23860883)
    That won't help me: all my calls consist of heavy breathing.
  • More useful (Score:3, Informative)

    by Thelasko (1196535) on Thursday June 19, 2008 @01:51PM (#23861017) Journal
    Why only phone conversations, when a laser microphone can listen in on all conversations. They are also easy to build. [instructables.com]
  • First /. has the confession of a wi-fi thief who steals [slashdot.org] from his neighbors, and now we get a DIY guide on wiretapping.

    Obligatory quote from "Spy Game":

    Secretary: Feeling a little paranoid on our last day?
    Muir: When did Noah build the ark? Before the rain. Before the rain.
  • by Sloppy (14984) on Thursday June 19, 2008 @02:12PM (#23861391) Homepage Journal
    Countermeasure suggested by article:

    Use an encryption VoIP service like Skype: Skype is an especially difficult service to tap, because of its encryption strategy. Slate reporter David Bennahum writes that "the company has built in such strong encryption that it's all but mathematically impossible with today's best computer technology to decode the scrambled bits into a conversation." You're more protected with this system.

    I sometimes feel bad about flaming Skype [slashdot.org]. They really are more resistant to eavesdropping than most everything else, and it's nice they used AES256. They almost got it right.

    But saying it's mathematically impossible to crack 'em is bullshit, because Skype's design is flawed (in at least one way that we know of -- and there's a lot we don't know about it, because it's closed and hasn't been really audited by crypto-nerds -- that's Skype first problem). AES256 is useless if the key itself has been compromised by MitM, and Skype's design allows that (that's Skype's second problem). Skype depends on a central server [wikipedia.org] to introduce identities to one another, and that central point is potentially subject to compromise (or coercion). There's no reason VoIP users can't (in many cases, at least) cert each other directly, but unfortunately, that's not how Skype works.

    Skype can be tapped, and all this talk about how its heavy crypto prevents that, is a smokescreen. AES is believed to be a strong link in this chain, but don't forget that we're talking about a chain.

  • STU Phones? (Score:2, Interesting)

    by lbgator (1208974)
    The Government avoids spying by using STU phones [wikipedia.org]. If tapping stays in the news, I wonder if projects like OpenMoko [wikipedia.org] will incorporate similar techniques. It's good enough for gov't TS - so it is probably good enough for me chatting with my friend about what to do this weekend. It would only be a matter of time before cracking these streams would be easily doable, but at least there would be a small barrier to unfettered access.
  • About a year after 9-11, I was talking on my phone with my wife. Now, to really understand this story, you have to know that my wife is from Iran, her father was a former General or the Air Force there, and she knows multiple folks who had fairly high positions at one time in the government. And she calls home all the time. We spend 50-60 hours a month connected to Iran via phone.

    So I'm sitting in a bookstore, and she calls. Right in the middle of the call there is a strange squeaking noise, reminiscent
  • by Illbay (700081) on Thursday June 19, 2008 @03:24PM (#23862661) Journal
    You might be surprised. The obvious culprit is the government, but consider...

    There have been numerous instances of "terrorist sympathizers" who hunt around online for people who say things they don't like, about their religion, their objectives, etc. They attempt to shut the blog down, even to discover the identity of the blogger to cause further trouble.

    Can you imagine if this grew to further proportion, where you would be in danger of being "discovered" by some amateur terrorist or terrorists, who decided to make your life a living hell, or even to cut it short?

    Sure, you had Theo van Gogh [nytimes.com] killed because he made a film that "they" didn't like, but what if they start aiming a bit "lower" on the food chain, start cyberstalking and tapping the phone lines of some guy who's an outspoking blogger or letter-to-the-editor afficianado?

    How do you protect yourself at that level of obscurity?

  • If we talk about our jobs to anyone who doesn't have the exact same job, it only takes like 5 minutes before their eyes glaze over. Even if they used to have the same job. That's why we make the big bucks - a very, very small percentage of the population find the details of our industry interesting enough to simply stay awake through, let alone learn.

    Same goes for me. If I'm too pumped up from a programming breakthrough to get to sleep, I'll ask my Engineer or Project Manager friend what they did that day.

It is the quality rather than the quantity that matters. - Lucius Annaeus Seneca (4 B.C. - A.D. 65)

Working...