OverviewAnd, just in case those links go missing, you can get every downloadable item that was in the article here, here, and here.
In a research paper appearing in the November/December 2005 issue of IEEE Security and Privacy, we analyzed publicly available information and materials to evaluate the reliability of the telephone wiretapping technologies used by US law enforcement agencies. The analysis found vulnerabilities in widely fielded interception technologies that are used for both "pen register" and "full audio" (Title III / FISA) taps. The vulnerabilities allow a party to a wiretapped call to disable content recording and call monitoring and to manipulate the logs of dialed digits and call activity. These countermeasures do not require cooperation with the called party, elaborate equipment, or special skill. Preliminary drafts of the paper have been made available to the law enforcement community; contact the authors at the above email address.
We found exploitable vulnerabilities present in virtually all analog "loop extender" or "dialup slave" wiretap systems and in at least some systems based on the newer J-STD-025A CALEA interfaces. These systems depend on unsecured "in-band" signals that can be spoofed or manipulated by an interception target via his or her own telephone line.
In the most serious countermeasures we discovered, a wiretap subject superimposes a continuous low-amplitude "C-tone" audio signal over normal call audio on the monitored line. The tone is misinterpreted by the wiretap system as an "on-hook" signal, which mutes monitored call audio and suspends audio recording. Most loop extender systems, as well as at least some CALEA systems, appear to be vulnerable to this countermeasure. Audio examples (in MP3 format) of this countermeasure can be found below.
Put the information to good use...
--WP