[TSCM-L] {4914} Surreptitious Video Surveillance Act of 2010

From: <ber..._at_netaxs.com>
Date: Mon, 19 Apr 2010 18:04:34 -0400

>From - Sat Mar 02 00:57:19 2024
Received: by 10.220.107.86 with SMTP id a22mr799756vcp.9.1271955899629;
        Thu, 22 Apr 2010 10:04:59 -0700 (PDT)
X-BeenThere: tscm-l2006_at_googlegroups.com
Received: by 10.220.68.217 with SMTP id w25ls25234930vci.1.p; Thu, 22 Apr 2010
        10:04:55 -0700 (PDT)
Received: by 10.220.85.203 with SMTP id p11mr1385661vcl.4.1271955894712;
        Thu, 22 Apr 2010 10:04:54 -0700 (PDT)
Received: by 10.220.85.203 with SMTP id p11mr1385660vcl.4.1271955894676;
        Thu, 22 Apr 2010 10:04:54 -0700 (PDT)
Return-Path: <ber..._at_netaxs.com>
Received: from webmail1.paetec.net (webmail1.paetec.net [209.92.1.171])
        by gmr-mx.google.com with ESMTP id l27si114887vcr.6.2010.04.22.10.04.53;
        Thu, 22 Apr 2010 10:04:54 -0700 (PDT)
Received-SPF: neutral (google.com: 209.92.1.171 is neither permitted nor denied by best guess record for domain of ber..._at_netaxs.com) client-ip 9.92.1.171;
Received: from webmail1.paetec.net (webmail1 [127.0.0.1])
        by webmail1.paetec.net (8.13.8/8.13.8) with ESMTP id o3MH4rxb010763
        for <tscm-..._at_googlegroups.com>; Thu, 22 Apr 2010 13:04:53 -0400
Received: (from apache_at_localhost)
        by webmail1.paetec.net (8.13.8/8.13.8/Submit) id o3MH4qfv010762
        for tscm-..._at_googlegroups.com; Thu, 22 Apr 2010 13:04:52 -0400
X-Authentication-Warning: webmail1.paetec.net: apache set sender to ber..._at_netaxs.com using -f
Received: from 96-25-2-221.par.clearwire-wmx.net
 (96-25-2-221.par.clearwire-wmx.net [96.25.2.221]) by webmail.uslec.net
 (Horde Framework) with HTTP; Thu, 22 Apr 2010 13:04:52 -0400
Message-ID: <20100422130452.31472ubcak61wpgk_at_webmail.uslec.net>
Date: Thu, 22 Apr 2010 13:04:52 -0400
From: "ber..._at_netaxs.com" <ber..._at_netaxs.com>
To: tscm-l2006_at_googlegroups.com
Subject: [TSCM-L] {4917} First Public Demo of Sub-$2K Mobile Phone
        Interception Kit Posted on YouTube
References: <380-22010411922434779_at_M2W137.mail2web.com>
 <014f01cae0e9$52883360$6401a8c0_at_oem>
In-Reply-To: <014f01cae0e9$52883360$6401a8c0_at_oem>
MIME-Version: 1.0
User-Agent: Internet Messaging Program (IMP) H3 (4.3.4)
X-Original-Authentication-Results: gmr-mx.google.com; spf=neutral (google.com:
        209.92.1.171 is neither permitted nor denied by best guess record for domain
        of ber..._at_netaxs.com) smtp.mail¾r..._at_netaxs.com
X-Original-Sender: ber..._at_netaxs.com
Reply-To: tscm-..._at_googlegroups.com
Precedence: list
Mailing-list: list tscm-..._at_googlegroups.com; contact tscm-..._at_googlegroups.com
List-ID: <tscm-l2006.googlegroups.com>
List-Post: <http://groups.google.com/group/tscm-l2006/post?hl_US>,
        <mailto:tscm-..._at_googlegroups.com>
List-Help: <http://groups.google.com/support/?hl_US>, <mailto:tscm-..._at_googlegroups.com>
List-Archive: <http://groups.google.com/group/tscm-l2006?hl_US>
Sender: tscm-..._at_googlegroups.com
List-Subscribe: <http://groups.google.com/group/tscm-l2006/subscribe?hl_US>,
        <mailto:tscm-..._at_googlegroups.com>
List-Unsubscribe: <http://groups.google.com/group/tscm-l2006/subscribe?hl_US>,
        <mailto:tscm-..._at_googlegroups.com>
Content-Type: text/plain; charset=windows-1252; DelSp=Yes; formatowed
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Although part of a PR press release from a company hawking "secure"
cellphone products, the threat described and the YouTube videos linked
to are real and verified as legit.

-Ed


> PALO ALTO, CA – April 22, 2010 –The first public demonstration of a =
 
> GSM interception has been posted on the internet, providing concrete
> evidence of a threat that affects 80% of the world’s mobile phone
> voice calls. In addition, all the interception software required has
> been loaded on a bootable CD and made publicly available on the
> internet, bringing non-specialist criminal phone tapping closer to
> reality.
>
> A recent posting by Nigel Stanley of Bloor Research, reveals a video
> of hacker Chris Paget performing the first public demonstration of
> GSM mobile phone call interception. Paget demonstrates the use of
> equipment needed to intercept and record live GSM calls using a
> laptop, free open source software and an off-the-shelf radio
> receiver costing $1,400.
>
> This follows Paget promoting the video via his Twitter account last
> week to his 1000+ followers, which has generated requests for more
> details about how the attack was achieved.
>
> Paget has also released OpenBootTS, a bootable CD that delivers all
> the software required for GSM interception in an “out-of-the-box”
> software solution to hackers that significantly lowers the technical
> knowledge required to intercept GSM mobile phone calls. Installed on
> a standard laptop, and connected to the off-the-shelf radio receiver
> with a USB cable, hackers are able to intercept, record and redirect
> mobile phone calls within an area defined by the strength of the
> antennae used.
>
> Although the software is flexible enough to be configured for
> several different types of interception, Paget’s demonstration
> showed standard GSM phones in the vicinity being fooled into
> connecting to the cellular network through his radio receiver rather
> than nearby legitimate cellular base station antennae. Normal GSM
> calls were then passed undetected through this equipment where they
> were secretly recorded.
>
> While organizations in the past may have dismissed GSM interception
> threat as unrealistic, this demonstration provides overwhelming
> evidence of a mounting threat. In a second video Paget demonstrates
> the same interception but uses an off-the-shelf Android smartphone
> to run the software instead of a laptop.
>
> In his blog, Stanley comments, “For many people the only risk of
> their mobile phone conversation being intercepted was when they
> decided to bellow into their phone on a crowded train. Now we all
> need to face the fact that our calls can be intercepted with little
> effort.”
>
> In December 2009, Chris Paget’s hacker colleague Karsten Nohl
> announced that he had completed the computation of a GSM Codebook –
> a large lookup table of encryption keys used to scramble GSM calls
> used in 80% of all mobile phone calls – and published it free on the =
 
> internet for use by any hackers wanting to crack GSM phone calls.
>
> Furthermore, one of the foremost encryption experts in the world –
> Adi Shamir, known for inventing the RSA algorithm (‘S’ in RSA) – =
 
> revealed on 6th December at ASIACRYPT 2009 in Tokyo that the 3G
> mobile encryption standard (A5/3) was shown to be vulnerable for the
> first time to a theoretical attack that can be practically
> implemented.
>
> A March 2010 survey by the Ponemon Institute of the attitudes of
> seventy five companies and 107 senior executives in the United
> States found that despite increasing awareness of this threat, many
> companies are failing to put in place comprehensive protection
> measures. For example, only 14% have deployed technological
> solutions to personnel travelling to high risk locations and a
> surprising 83% not even providing employee training to raise
> awareness about the risks of using cell phones in high risk areas.
>
> Simon Bransfield-Garth, CEO Cellcrypt Limited, commented:
>
> “This demonstration combined with several other public announcements =
 
> over the past few months have clearly demonstrated that GSM, which
> makes up some 80% of the world’s mobile phone calls, is vulnerable
> to interception. Anyone that discusses valuable or confidential
> information on their mobile phone is now at increased risk and
> should seriously be considering how to make those calls more secure.”
>
> “Originally reserved to governments or law enforcement
> organizations, the financial expenditure and technical knowledge
> required to intercept a GSM mobile phone call has fallen
> dramatically over the past few months. Organizations need to start
> taking serious steps to put in place security strategies that
> protect their sensitive conversations.”
>
> Dr. Larry Ponemon, Chairman & Founder, Ponemon Institute:
>
> “The issue of phone interception is often thought to be restricted
> to government agencies but recently it has become clear that such
> equipment is now entering the mainstream,” said Dr. Larry Ponemon,
> Chairman & Founder, Ponemon Institute. “The free release of both the =
 
> GSM encryption codebook and the complete basestation software stack
> has brought interception into the realm of a graduate IT student and
> $2,000 of readily available equipment, substantially increasing the
> scale of the threat to the enterprise.”
>
> About Cellcrypt
>
> Cellcrypt is the leading provider of technology to secure mobile
> voice calls on everyday smartphones. Founded in 2005, Cellcrypt’s
> R&D innovation resulted in Encrypted Mobile Content Protocol (EMCP),
> an Internet Protocol (IP) based technology that optimises delivery
> of encrypted data between mobile devices over wireless networks.
>
> Cellcrypt’s products are undergoing security certification to the
> FIPS 140-2 standard approved by the US National Institute of
> Standards and Technology (NIST), operate over data-enabled networks
> including 2G (GPRS/EDGE), 3G (HSPA, CDMA/EV-DO), Wi-Fi® and
> satellite, and are optimised to run on Nokia® Symbian and
> BlackBerry® smartphones. Cellcrypt is a BlackBerry Alliance Partner
> and Inmarsat Connect Partner.
>
> Today, Cellcrypt solutions are used routinely by governments,
> enterprises and senior-level executives worldwide. Cellcrypt is a
> privately-held, venture-backed company with headquarters in London,
> UK and offices in USA and Middle East.
>
> For more information please visit: www.cellcrypt.com
>
> For media enquiries please contact:
>
> Jill Tsugawa/Jaime Tero
>
> Grant Butler Coomber
>
> Tel: +1 415 989 9803
>
> E-Mail: jillt_at_gbc-usa.com/jaimet_at_gbc-usa.com
>
>
> Notes to Editors
>
>
>
> Bloor Research
> Blog:http://www.computerweekly.com/blogs/Bloor-on-IT-security/2010/04/mob=
ile-phone-hacking-for-1000.html
>
> Chris Paget Twitter:www.twitter.com/ChrisPaget
>
>
>
> Equipment Required
>
> GSM Radio Receiver ($1400): http://www.ettus.com/
>
> GSM OpenBTS basestation software:http://sourceforge.net/projects/openbts/
>
> GSM OpenBootTS basestation software bootable
> CD:http://sourceforge.net/projects/openbootts/
>
> GSM codebook encryption tables:http://reflextor.com/torrents/
>
>
>
> Equipment in Action
>
> Interview describing equipment (select second segment bookmark):
> http://revision3.com/hak5/shmoocon2010
> Live interception with software on a laptop:
> http://www.youtube.com/watch?v=o6aKuDSg_CQ
>
> Live interception with software on a smartphone:
> http://www.youtube.com/watch?v=ed1HxX38H5E
>
> Recent news of advances in mobile phone call hacking, include:
>
> Announcement on 27th December 2009 that a codebook that cracks A5/1
> GSM encryption – used in 80% of cell phones – had been computed and =
 
> published on the web. Free for criminals to use, this lowers the
> cost of cell phone eavesdropping below $10,000
>
> o BBC: http://news.bbc.co.uk/1/hi/technology/8429233.stm
>
> o New York Times: http://www.nytimes.com/2009/12/29/technology/29hack.h=
tml
>
> o Financial Times:
> http://www.ft.com/cms/s/0/54ca8e66-f485-11de-9cba-00144feab49a.html
>
> Announcement on 12th January 2010, that a practical method for
> cracking A5/3 encryption used in 3G mobile phone calls was published
> by leading cryptographer, Adi Shamir (the ‘S’ in RSA)
>
> o The Register: http://www.theregister.co.uk/2010/01/13/gsm_crypto_crac=
k
>
> o Threatpost:
> http://threatpost.com/en_us/blogs/second-gsm-cipher-falls-011110

--
You received this message because you are subscribed to the Granite Island =
Group "TSCM-L Professionals List" group which is the oldest, and the larges=
t TSCM group on Earth. To post to this group, send E-Mail to TSCM-..._at_googl=
egroups.com, to contact the list owner and moderator please send an E-Mail =
message to jm..._at_tscm.com.

This group is sponsored by Granite Island Group http://www.tscm.com/ to imp=
rove the profession of hunting spies, and to educate others in the craft of=
 technical counter-intelligence. Granite Island Group performs bug sweeps l=
ike it's a full contact sport; we take no prisoners, we don't play fair, an=
d we give no quarter. Our professional goal is to simply, and completely st=
op the spy.
 
Granite Island Group Offers World Class, Professional, Ethical, and Compete=
nt Bug Sweeps, and Wiretap Detection using Sophisticated Laboratory Grade T=
est Equipment.

Subscription settings: http://groups.google.com/group/tscm-l2006/subscribe?=
hl=en
Received on Sat Mar 02 2024 - 00:57:19 CST