« February 2007 | Main | April 2007 »

WARNING: THIS [CELL] PHONE IS TAPPED

Spy_site_block The past months have seen many reports on a new cell phone tapping tactic -- the "roving bug":

This new technique was supposedly used against an alleged mobster, John Ardito. According to reports, the FBI was able to send a signal to his cell phone that opened the mic on the phone and allowed them to listen in. Despite all the news reports, I'm not sure I'm ready to believe it and I'll explain why.

The interesting (and somewhat hard to believe part) is that the FBI could listen in without the phone making a call -- they weren't listening to his phone calls, but rather, they were listening to the ambient sounds and voices around the cell phone. That's right, while the phone is sitting in the tap target's pocket it can be instructed to open the microphone and allow listening.

Various surveillance experts and technical gurus find this hard to swallow -- suggesting that the phone would warm up during this event (since it's sending voice data to the intercept location), the tap target would notice, etc. I've learned that new technology can sometimes seem like magic, as such, you should never underestimate the power of smart people and the "magic" technology they create. Therefore, while I also find this form of tapping hard to believe, I know better than to write it off as fiction -- especially since the story has had time to bake and it has been covered, researched, and investigated by numerous media outlets. I've also seen the specs for the currently implemented tapping protocols for GSM, Cellular and SMS systems -- which makes a roving tap seem all the more possible.

The current GSM, Cellular and SMS phone tapping specifications for "lawful interception" (wiretapping) can be found here. These documents explain how the cellular network are setup to allow Law Enforcement Agencies (LEA) to tap a cellular telephone and the data or text it transmits. A picture might provide a better example:

Tapdiagram


 
























Here are some interesting quotes from those documents:

  • To be effective, interception must take place without the knowledge of either party to the communication. Therefore, decryption must also take place without either party being aware that it is happening.

  • No indication shall be given to any person except authorised [sic] personnel that the intercept function has been activated on a target.
  • The invocation of lawful interception shall not alter the operation of a target's services or provide indication to any party involved in communication with the target.
  • ...it shall be a national option as to whether the network provides the CC (Content of Communication) to the agency decrypted, or encrypted with a key available to the agency.

Looking through these documents, it's clear there is a very extensive system in place to allow cellular phone tapping, but so far, I've yet to see any proof of the "passive listening tap" that was allegedly used against John Ardito. And, no one has produced such a document, nor have they shown a phone with such a hidden function. I'd like to see a bit more demonstrative evidence, despite the fact that if the FBI did have such a function, they would probably keep it closely guarded.

As they say, the jury may still be out on this one.

Posted by jono2u on March 23, 2007 at 12:42 PM in Technology | | Comments (13)

|

"Fake" Security

I'm sure you've seen them -- those pop-up ads that make scary claims:

YOU MAY BE INFECTED!
CLICK HERE TO CLEAN YOUR SYSTEM NOW!

I just ran across one, a friend hit this site, was convinced he was infected and asked how to remove the infection.

My friend wasn't infected. It was a fraudlent anti-virus scan with fake results. This is often called "Scareware" and it amounts to using fear to sell products -- in fact, many of these products will cause more serious problems when you actually attempt to install their "fix" for these fake infections.

There are a couple types of these cons:

  • User is dropped on a fake Anti-virus/Anti-spyware scan that detects "false" infections
  • User is told their computer is not running properly, download X software to fix it
  • User is told their activities are being monitored and recorded, click here to prevent this

Here is an screen shot that shows one of the scanners apparently finding "errors":

Scan_2













In truth, this computer has none of these errors and this is a simple ploy to get you to install their software. In fact, this type of attack and fraud is so common this particular scanner has it's own Wikipedia entry: WinFixer

Here are some of the more interesting quotes:

They display false information with regards to a user's computer, thereby confusing said user into believing their PC is infected with viruses, spyware and/or other forms of malware.

Due to these problems, WinFixer and its sister applications are generally considered scareware spyware.

On September 29, 2006, a San Jose woman filed a lawsuit over WinFixer and related "fraudware" in Santa Clara County Superior Court.[9] KTVU (Channel 2 in Oakland, CA) carried a special report you can view at http://www.youtube.com/watch?v=zBUZHiKhsog.

The best way to protect yourself from these types of scareware attacks is simple: Only install/buy software from companies that are well respected and that you trust. If you aren't sure, use Google to do a quick background check on the company and see what it turns up.

Also, ZoneAlarm products with OSFW will protect you. This scareware often attempts to install to this location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Any process that attempts to write/change this registry key and is not in our SmartDefense Advisor Approved list will create a security alert. The alert below shows me attempting to change the "Run Key" using the Registry Editor:

Osfwalerts_2

Posted by jono2u on March 21, 2007 at 12:27 PM in PC Security | | Comments (9)

|

ID Theft Protection Gone Too Far?

ID Theft is obviously becoming more common, however, we must take care to ensure the solution is not worse than the disease. As I pointed out in another posting, some protections can go too far or be a hindrance to investigating ID Theft itself.

Here is a well researched article on ID Theft protections possibly going a bit too far. In this case, the buyer of a new car was instructed to provide a thumb print to a private company (the car dealer) to complete the transaction:

Imagine you’ve gone through a multiple week process to purchase an automobile.

You know the drill. Research every feature, pick your color, then, it’s negotiations for purchase price and for trade-in. Everything is done and agreed-upon, and excited, you are ready to hand over the check and collect your new car.

But wait!

You are handed a slip of paper and told to mark your right thumbprint in a box. The paper says clearly that it’s a request, for your protection, and to prevent your identity theft. [read the rest here]

Is this going too far to prevent ID Theft? How do we know what is or isn't too far when we want to be protected?

Posted by jono2u on March 21, 2007 at 08:46 AM in ID Theft | | Comments (4)

|