color enhanced copy of b/w picture in released documents

“This surveillance system lets FBI agents play back recordings even as they are being captured (like TiVo), create master wiretap files, send digital recordings to translators, track the rough location of targets in real time using cell-tower information, and even stream intercepts outward to mobile surveillance vans.

FBI wiretapping rooms in field offices and undercover locations around the country are connected through a private, encrypted backbone that is separated from the internet. Sprint runs it on the government’s behalf.”

Documents recently released to the EFF’s FOIA, suggest that the FBI’s wiretapping engineers have succeeded in tapping into our standard digital communication’s systems. As Randy Single writes in Wired, the FBI has quietly built a sophisticated, point-and-click surveillance system that performs instant wiretaps on almost any communications device, according to nearly a thousand pages of restricted documents newly released under the Freedom of Information Act. The redacted documentation leaves many questions, however. In particular, it’s unclear what role the carriers have in opening up a tap, and how that process is secured.

“The real question is the switch architecture on cell networks,” said Matt Blaze, a security researcher at the University of Pennsylvania . “What’s the carrier side look like?

Randy Cadenhead, the privacy counsel for Cox Communications, which offers VOIP phone service and internet access, says the FBI has no independent access to his company’s switches.

“Nothing ever gets connected or disconnected until I say so, based upon a court order in our hands,” Cadenhead says. “We run the interception process off of my desk, and we track them coming in. We give instructions to relevant field people who allow for interconnection and to make verbal connections with technical representatives at the FBI.”

The nation’s largest cell-phone providers — whose customers are targeted in the majority of wiretaps — were less forthcoming. AT&T politely declined to comment, while Sprint, T-Mobile and Verizon simply ignored requests for comment.

FBI Agent DiClemente, however, seconded Cadenhead’s description.

“The carriers have complete control. That’s consistent with CALEA,” DiClemente said. “The carriers have legal teams to read the order, and they have procedures in place to review the court orders, and they also verify the information and that the target is one of their subscribers.”

Despite its ease of use, the new technology is proving more expensive than a traditional wiretap. Telecoms charge the government an average of $2,200 for a 30-day CALEA wiretap, while a traditional intercept costs only $250, according to the Justice Department inspector general. A federal wiretap order in 2006 cost taxpayers $67,000 on average, according to the most recent U.S. Court wiretap report.

To security experts, though, the biggest concern over DCSNet isn’t the cost: It’s the possibility that push-button wiretapping opens new security holes in the telecommunications network.

Documents show that an internal 2003 audit uncovered numerous security vulnerabilities in DCSNet. In this internal audit, (pg 61/112pdf), commenced after discovering that no security audit had been concluded for four years, pointed out some very basic security breeches. Some were the direct results of budget cuts, such as limiting technical staff. Others were the result of putting high tech toys in front of those too green to understand the full implications…..The security assessment titled Operation Mayday, uncovered this nugget. Problem:

“Zipdrive attached to FBINet machine.


Recommended Action: Complete Trilogy User training. Remind users not to attach unauthorized devices to network. Remind users not to install unauthorized software. Treat future instances as security violations and report through appropriate channels with increasingly severe penalties for
repeat violations.

Remember, this accesses all your bank documents as well as your deepest, intimate conversations…..which due to lack of oversight over the past four years, if cached, is now open forever to the world……Other samples of Katrina-like misconduct or ineptitude: Problem:

Outdated or no disk encryption on laptop
computers.


Recommended Action: Install PointSec on all machines unless excepted. Provide written justification to SecD for consideration of any exceptions.


Problem-: Baton Rouge RA, CART laptop has no disk encryption.

Also in the report:

1. There is no anti-viral software loaded on the DCS-3000 machines. If malicious
code, viruses, and/or executables are introduced, there will be potential for risk to the system or compromise of data, thereby compromising evidence contained therein.


Current Status:
• Verified Closed: McAfee 4.5.1 installed with Virus updated 05/05/2006

Current Status:
• Verified Closed: Passwords require eight characters, complex etc.

3. Successive failed logon attempt lockout is not enabled. Without a lockout policy,
an unauthorized user would have infinite attempts to gain access to the system.


Current Status:
• Verified Closed: Accounts lock out after three attempts and must be reset by
admin.

5. Workstations associated with the system do not enforce adequate user permissions. Improperly configured machines do not adhere to the least privilege principle. This practice could potentially give a user access and rights not warranted for by their position.

In particular, the DCS-3000 machines lacked adequate logging, had insufficient password management, were missing antivirus software, allowed unlimited numbers of incorrect passwords without locking the machine, and used shared logins rather than individual accounts.

The system also required that DCS-3000’s user accounts have administrative privileges in Windows, which would allow a hacker who got into the machine to gain complete control.

WTF?

The flaws are appalling and show that the FBI fails to appreciate the risk from insiders. The system is insecure, essentially because the people who designed it and run it have an insecure attitude about the nature of threats to the system. Outsiders may be stopped by VPNs, firewalls, etc., but insiders may wander around the system nearly at will. Not so different from the situation that set up the Vodaphone/Greece fiasco.

As Steve Bellovin from Columbia points out:

“Instead of personal userids, the FBI relies on log sheets. This may provide sufficient accountability if everyone follows the rules. It provides no protection against rule-breakers. It is worth noting that Robert Hanssen obtained much of the information he sold to the Soviets by exploiting weak permission mechanisms in the FBI’s Automated Case System. The DCS-3000 system doesn’t have proper password security mechanisms, either, which brings up another point: why does a high-security system use passwords at all? We’ve know for years how weak they are. Why not use smart cards for authentication?”

Any wiretap system faces a slew of risks, such as surveillance targets discovering a tap, or an outsider or corrupt insider setting up unauthorized taps. Moreover, the architectural changes to accommodate easy surveillance on phone switches and the internet can in itself, introduce new and frightfully dangerous security and privacy holes.

So where does our safety lie? In a bill of goods sold to us and to Congress in order to protect us from “phantom” terrorists, we have allowed anyone and everyone to compromise our personal privacy. Most particularly, those very ones we trusted to defend us from our enemies………

Advertisements