[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: German home banking (fromn RISKS)
At 07:34 PM 1/24/96 -0600, Andrew Loewenstern wrote:
>> Don't high speed modems transmit and receive on the same frequencies,
>> using echo cancelation to decode the receive signals? Does that
>> make it impossible to eavesdrop on high-speed (i.e. V32bis) modems?
>
>No, and a lot of crackers and phone phreaks found out the hard way. You can
>buy protocol analysers off-the-shelf that will give a dump of the entire
>communication by just passively listening in (or possibly playing back a
>recording).
Assuming it were possible, it would have to have a rather good quality,
although DAT should be adequate, I should think.
> I have seen units that could decode all of the popular Blue Book
>protocols for consumer equipment such as faxes and high-speed modems as well
>as ISDN, T1, DS3, ATM,
Hey! Justa sec! ISDN is basically digital (broadband), so (obviously) is
T1, likewise DS3 and ATM. Except for ISDN, unidirectional signals (at least
at one time...), I think. This is NOTHING compared to the difficulty of
doing simultaneous bidirectional analysis in a 3 khz bandwidth of 28 kbps
each way!
Maybe you're far more familiar with what equipment is available for
telephone analysis than I am, but I have serious doubts that the capacities
you list above are even close to what the other guy asked about.
etc... Most are programmable and some are full-blown
>computers running stripped down versions of Unix and can also be controlled
>over the network from RealComputers. With multiple analysers and a little
>custom software you could easily perform MITM attacks. The hardest part is
>getting in the middle.
>
>Modulation, comm-protocols, and compression techniques are not a replacement
>for honest to goodness crypto.
Agreed, but let's not underestimate the amount of effort involved. This is
important, because of that "Digital Telephony" bill crapola they're trying
to foist on us. Their argument will be, we presume, that "we've gotta be
able to bug all these lines because of all the drug dealers talking on the
phone. Well, unless the government is proposing installing the capability
of bugging data the vast majority of data calls (including those that,
hypothetically, use Clipper) then they're NOT going to get any traffic they
claim to want to hear. We should ask, "How much will it cost to even
UNDERSTAND a data phone call, let alone decrypt it, and if it's too high
let's give up while we're behind."