[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: German home banking (fromn RISKS)



At 07:34 PM 1/24/96 -0600, Andrew Loewenstern wrote:
>>  Don't high speed modems transmit and receive on the same frequencies,
>>  using echo cancelation to decode the receive signals?  Does that
>>  make it impossible to eavesdrop on high-speed (i.e. V32bis) modems?
>
>No, and a lot of crackers and phone phreaks found out the hard way.  You can  
>buy protocol analysers off-the-shelf that will give a dump of the entire  
>communication by just passively listening in (or possibly playing back a  
>recording).

Assuming it were possible, it would have to have a rather good quality, 
although DAT should be adequate, I should think. 


>  I have seen units that could decode all of the popular Blue Book  
>protocols for consumer equipment such as faxes and high-speed modems as well  
>as ISDN, T1, DS3, ATM, 

Hey!  Justa sec!  ISDN is basically digital (broadband),  so (obviously) is 
T1, likewise DS3 and ATM.  Except for ISDN, unidirectional signals (at least 
at one time...), I think.  This is NOTHING compared to the difficulty of 
doing simultaneous bidirectional analysis in a 3 khz bandwidth of 28 kbps
each way!


Maybe you're far more familiar with what equipment is available for 
telephone analysis than I am, but I have serious doubts that the capacities 
you list above are even close to what the other guy asked about.
 

etc...  Most are programmable and some are full-blown  
>computers running stripped down versions of Unix and can also be controlled  
>over the network from RealComputers.  With multiple analysers and a little  
>custom software you could easily perform MITM attacks.  The hardest part is  
>getting in the middle.
>
>Modulation, comm-protocols, and compression techniques are not a replacement  
>for honest to goodness crypto.

Agreed, but let's not underestimate the amount of effort involved.  This is 
important, because of that "Digital Telephony" bill crapola they're trying 
to foist on us.  Their argument will be, we presume, that "we've gotta be 
able to bug all these lines because of all the drug dealers talking on the 
phone.  Well, unless the government is proposing installing the capability 
of bugging data the vast majority of data calls (including those that, 
hypothetically, use Clipper) then they're NOT going to get any traffic they 
claim to want to hear.  We should ask, "How much will it  cost to even 
UNDERSTAND a data phone call, let alone decrypt it, and if it's too high 
let's give up while we're behind."