Telephone Defenses Against the Dark Arts

Friday, March 14th, 2008

James Atkinson of Granite Island Group has elevated professional paranoia to an art form.  In “Telephone Defenses Against the Dark Arts”, Jim delivered over two hours of solid, technical information- and held the audience’s attention to the very end of his engaging and informative presentation. After an introduction to the terminology and fundamentals of traditional telephone systems, Jim quickly went into the myriad of exposures in telephone systems and infrastructure.   The telephone companies’ near total lack of concern for security and privacy was made very clear as Jim showed images and recounted stories of systems and equipment left wide open or “secured” by a single common bolt through a door.  The layout and space available in telephone company boxes by the side of the road make very low tech eavesdropping simple; wiring is labeled and there is plenty of room to put a recorder inside the cabinet.  Several photos of compromised equipment were shown, with enough explanation to make it clear that you do not have to be an expert to eavesdrop on telephone conversations.

As the session continued, focus moved through numerous weak points in telephone security; addressing the telephone on the desk to the telephone company Central Office and everything in between.  The number of potential points of compromise is staggering, but it was also made clear that most IT people already have the skills needed to handle routine inspections.  Many simple listening devices can be found with a flashlight, a ladder, and a lot of patient investigation.  Tape recorders in suspended ceilings, stray wires in connection boxes and shiny things where they don’t belong are just a few of the things which can be found without any special skills or equipment.  (But I’m a tool junkie, so when he started talking about the Fluke 289 meter and Fluke 199c oscilloscope I added them to my wishlist). 

Once the X-rays of telephone equipment and close-ups of modified circuit boards came out (notice that there’s supposed to be a diode there, but someone replaced it with a capacitor…) we were headed into real spy vs. spy territory.  Tracking down covert channels requires identifying, mapping, and physically and electronically testing every conductor out of an area.  Even the conduit and grounds can be used to carry signal, and they have to be checked.  This is the type of work best left to the pros, but Jim showed and explained some of the techniques used to detect signals in wired and wireless eavesdropping systems.  Done properly, it takes the pros a few days per room to sweep for listening devices.

 VoIP (in)security has been beaten to death in many venues before, Jim didn’t dwell on it in this talk, but did remind the audience of some of the basic flaws and some best practices in VoIP.  He stressed were that using VoIP on a cable Internet connection was a very bad idea (shared medium, you neighbors might be able to listen to your conversations with tools we know and love such as Wireshark, Cain and Able, VoIPong, etc.).  Jim also stressed network segmentation, keeping the voice and data networks separate to minimize eavesdropping from computer systems on a shared network.

If you are interested in more information, the Granite Island Group’s website has thousands of pages of references and documentation on the topic, including a good FAQ.

- Jack Daniel

Posted in SOURCE Boston, security | 4 Comments »