Read Surveillance or Security?: The Risks Posed by New Wiretapping Technologies Online
Authors: Susan Landau
A decade ago cyberwar was a subject beloved by science fiction writers;
it has now become an area of intense interest on the part of defense agencies around the world. The reason is asymmetric warfare. Not only is a
computer with a network connection all that is needed to launch a cyberattack, but the U.S. heavy reliance on the network has made the nation
particularly vulnerable to cyberattacks. In cyberwar the asymmetry tilts
very much in favor of the attacker. This fact has escaped neither other
powers nor terrorist groups.
Although many believe that the Russia government was behind the
attacks on Estonia and Georgia, there is not only no "smoking gun" evidence;166 since 1998 Russia has been warning that information warfare may
be as destructive as nuclear weapons and appears to be seeking a prohibition on the development of cyberwarfare tools.167 The Russians are nonetheless believed to be developing cyberattack capabilities.168 China, on the
other hand, sees a great advantage to using its citizenry in a cyberwar.169
It is actively training members of the PLA, as well as private citizens, to
engage in cyberwar activities.
The United States would appear to have much more to lose than win
in an outright cyberwar (an undeclared action, such as occurred with the
trans-Siberian pipeline, could well be a different story). The nation is more
heavily dependent on cybersystems to run critical infrastructure than its
adversaries are, and there is evidence that the systems controlling the
power grid have been penetrated by intruders who have left code in for
future use.170 It is impossible to know what DoD cyberattack capabilities
are, and whether the United States could inflict more damage on its
enemies than attackers could.
What is clear is that the United States is losing on the civilian side of
the equation. With many poorly secured systems, highly professional
attackers, and a legal system that makes economic espionage illegal-while
its adversaries have very different laws-the United States is being weakened by the very information technologies that brought the nation such
wealth in the last decades of the twentieth century.
7.6 Who's Winning?
The race between criminals and law enforcement has always been a game
of leapfrog. The bad guys used telephones to conduct their activities, and
the police learned to wiretap. The crooks thwarted that by using pay
phones; in turn, law enforcement gained the use of roving wiretaps, in
which they did not have to spell out ahead of time the phone number
they would be tapping. Drug dealers moved to cell phones and pagers and
the police learned to exploit calling patterns.
The FBI believes that it is making some progress on organized-crime
efforts in cybercrime. The 2004 Council of Europe treaty, to which the United
States is a signatory, addresses extradition for certain types of computerrelated offenses and helps in this regard. But even more importantly,
"Simply the negotiations on the treaty showed the need for international
cooperation," explained Steve Chabinsky, deputy assistant director of the
FBI. The bureau has been witnessing increasing global cooperation on cybercrime. Fighting cybercrime, which means catching the bad guys even when
they attack people outside your country, is being seen as both "defending
[your] own interests and being a good global citizen." In recent years the
FBI has seen cooperation not just from European nations ranging from the
United Kingdom to the Ukraine, but from authorities in "Hong Kong, Egypt
and Turkey, really from across the globe," Chabinsky said.171 Where the FBI
is less sanguine is about risks within the U.S. supply chain. Here the bureau
has good reason to be concerned. Two examples show the range of problems.
Organized crime groups in Pakistan and China modified credit-card
readers while still in the factory. The readers were used to authenticating chipand-pin credit cards. In a chip-and-pin system, an embedded microchip is
used instead of the magnetic strip on the back of the credit card; the card
reader uses this to check that the card is genuine. Then the customer types
in a four-digit PIN, which is checked against the PIN encoded on the card
(the reader has decoded the PIN). If they match, the customer is legitimate.
The card readers had been modified at the factory so that, by first
hopping via a wireless connection to a local network, they transmitted the
secret details of the card to Pakistan.172 These data were used to clone credit
cards; the criminal gang then used the cards to siphon funds from customer accounts. The only visible difference between the corrupted readers
and legitimate ones was a few ounces in weight173 (this had MasterCard
investigators traveling around Europe weighing card readers to find corrupted ones). The tampered smartcard readers had been exported to Britain,
Ireland, the Netherlands, Denmark, and Belgium. It took investigators months to determine the cause of the problem. An extra chip had been
installed behind the card reader's motherboard. Its function: to transmit
customer card information to Lahore once the card data had been decrypted
by the smartcard reader.
Supply chains can be corrupted in many ways. In 2008 the FBI uncovered a major flow of counterfeit Cisco equipment into the United States;174
the fake material included routers, switches, and other networking equipment.175 Counterfeit equipment had been sold to the U.S. Naval Academy,
the U.S. Naval Warfare Center, the U.S. Undersea Warfare Center, a U.S.
airbase in Spangdahlem, Germany, the General Services Administration,
and Raytheon, a defense contractor, as well as various universities and
financial firms, among other institutions. Depending on what they did or
didn't do, the fakes could have wreaked serious havoc. All the problems
in fact seemed relatively minor176-a user's network was shut off when
using the equipment, a network upgrade failed, and there was a fire caused
by a faulty power supply.177 The situation could have been a great deal
worse. Confidential communications could have been dropped or delayed,
or copied and transmitted elsewhere.178
The Cisco incident raises a serious concern: Who is building U.S. information and communications technologies? Often it is not U.S. companies.
In early 2010, for example, there were three contenders to sell AT&T equipment for radio access in fourth-generation mobile phone technologies:17.
the French supplier Alcatel-Lucent, the Swedish provider Ericsson, and the
Chinese company Huawei. Even if there had been a U.S. provider of the
technology, with globalized supply chains, having a U.S. manufacturer
does not actually mean that the product is made in the United States.
(Recall that the iPod, the product of a quintessential American company,
has parts from China, Japan, Korea, the Philippines, and Taiwan.) If one
is buying Huawei technology-or Alcatel-Lucent or Ericsson180-risk mitigation is required. You study the source code carefully. What is in there
and why is it doing what it is doing? You study the updates. This is complicated, because updates can be frequent, especially at first. Where and
when is data exfiltrated? Is the system calling home simply to report a
malfunction? When it does so, exactly what data are being sent back? And
you ask the experts. In deciding which radio access technology to purchase,
AT&T had conversations with the NSA, which told the company "the
kinds of things we should be looking for." This is due diligence, and it is
necessary irrespective of whether the vendor is based in Shanghai or San
Francisco. It points to the complexities of securing our electronic
communications.
From the 1940s to the 1970s the U.S. government received copies of most
international telegrams sent from the United States.' In 1969 NSA began
monitoring communications containing information "on U.S. organizations or individuals who were engaged in activities which may result in
civil disturbances."' In a decade that saw hundreds of thousands of Americans marching to support civil rights and later to oppose U.S. involvement
in the Vietnam War, such surveillance involved wiretapping thousands of
U.S. citizens whose protests should have been legally protected under the
First Amendment to the U.S. Constitution.'
Instead, "ordinary citizens involved in protests against their government" and organizations that were "nonviolent and peaceful in nature"
were placed on NSA watchlists.4 Their electronic communications were
intercepted,5 and the government kept files on their political activities.
NSA was not the only U.S. intelligence agency surveilling the public. The
FBI had been wiretapping since at least the 1930s. Because a Supreme Court
decision had decreed there be no "interception and divulgence" of wired
communications, FBI electronic eavesdropping was conducted in secret
without warrants.
The hidden history of government communications interception of lawabiding citizens became public as a result of Watergate, the 1972 break-in
at the Democratic Party headquarters at the Watergate complex and the
investigations that ensued. These uncovered widespread intelligence-agency
surveillance of political and private activities conducted under the guise of
"national security." Recommendations proposed by the Church Committee, the Senate investigating committee studying these transgressions, were
put into law in the Foreign Intelligence Surveillance Act, which made clear
delineations between national-security investigations and law enforcement
ones. It looked as if warrantless surveillance of domestic communications
might be a thing of the past. That turned out not to be the case.
Indeed, despite strong opposition to intelligence-agency shadowing of
citizens engaged in protected First Amendment activities, such surveillance
continued. It continued in the investigations of a student group, the Committee in Solidarity with the People of El Salvador (CISPES), where the
government developed files on 2,300 individuals and 1,300 groups, including Oxfam America, the ACLU, and Amnesty International.6 It continued
with a ten-year investigation of the General Union of Palestinian Students,
a peaceful student group,' and a twenty-year investigation, prosecution,
and ultimate dismissals of a case against seven Palestinians and a Kenyan
in Los Angeles who in 1986 organized a public fundraiser for a Palestinian
organization. There were multiple such cases, but though Call Detail
Records were used in the CISPES investigations, it appears that warrantless
electronic surveillance was no longer being used. Then in late 2005 and
early 2006 the New York Times and USA Today revealed that the U.S. government was surreptitiously wiretapping Americans.
The papers released by Mark Klein, the technician who had worked in
AT&T's San Francisco switching facility, gave strong hints on how the
surveillance effort might be being carried out. According to the AT&T
documents, the secure room contained Narus Semantic Traffic Analyzers
and Logic Servers.10 Such analyzers are capable of examining traffic content
as well as headers. An experienced network designer, Scott Marcus, served
as an expert witness in the Hepting case; he concluded the Narus machines
were likely performing high-speed screening identifying potential data of
interest.11 Parameters were most likely determined by the NSA, with screening accomplished at carrier speeds of 10 gigabits/second. The selected
communications were sent to a central monitoring facility, presumably an
NSA site (this has never been acknowledged by the government). The level
of surveillance in this and other facilities seemed well beyond the Bush
administration's claims of limited surveillance in the NSA warrantless
wiretapping program.
Although the secret room was supposed to be secret, there was no reasonable chance it could be. It is one thing to wiretap a single line or set
of lines (investigating a conspiracy might lead to tapping multiple lines
within a single frame), but inherent in the problem of eavesdropping on
a wide swath of public communications is the wiretap architecture to
enable such surveillance. Optical fiber carrying the inter-ISP traffic had to
go through a splitter before part of it could end up in the secret room.
There was no way to hide the existence of the splitter from AT&T technicians working the floor. In fact, the technicians had to install and service
the splitting cabinet. That means that even though the documents about the cabinet were marked "AT&T proprietary," the fact that wiretapping was
occurring on so public a scale could not be expected to stay secret. Klein
reported that "it was known by the technicians [that the NSA was doing
this] within a few weeks" of setting up the room."12 That, in itself, was a
significant security violation for the surveillance program.
Wiretaps are a risky business: they are an architected security breach13
that can be subverted and put to nefarious use. No one knows this better
than the Greek government, the subject of that ten months of wiretapping
in 2004-2005.
The "Athens Affair" tapping occurred around the time of the 2004
Athens Olympics. Vodafone Greece had purchased telephone switches
from Ericsson, and an Ericsson update of the switch had included CALEAlike wiretapping software. Because Vodafone had not paid for such surveillance capabilities, the wiretapping system was not enabled in the update.
Neither was a system designed to audit the wiretapping. Someone-the
parties remain unknown as of this writing-surreptitiously entered the cell
phone network and turned on the wiretapping technology in four of the
Vodafone switches. Every time a call was made to or from one of the targeted lines, the wiretapping technology simply sent a duplicate stream of
digitized voice to a network of fourteen cell phones, prepaid and thus suitably anonymous. The harmful software hid the tapped numbers in memory
that was isolated from the rest of the switch's software, and the intruders
installed a rootkit that enabled them to return and update the surveillance
software as needed. For ten months the system wiretapped communications from selected phones. The system was only uncovered when some
SMS messages went awry. But the tappers got away.14