From BlackHat Convention: The "backdoors" that Cisco and other networking companies implement in their routers and switches for lawful intercept are front and center again at this week's Black Hat security conference. A few years ago, they were cause celebre in some VoIP wiretapping arguments and court rulings.
This time, an IBM researcher told Black Hat conference attendees that these openings can still expose information about us to hackers and allow them to "watch" our Internet activity. Backdoors are implemented in routers and switches so law enforcement officials can track the Internet communications and activity of an individual or individuals under surveillance. They are required by law[http://www.networkworld.com/news/2007/012307-us-govt-wiretapping-laws-and.html ] to be incorporated in devices manufactured by networking companies and sold to ISPs. In this report from Forbes[http://www.forbes.com/2010/02/03/hackers-networking-equipment-technology-security-cisco.html?feed=rss_technology_security ], IBM Internet Security Systems researcher Tom Cross demonstrated how easily the backdoor in Cisco IOS can be exploited by hackers. When they gain access to a Cisco router, they are not blocked after multiple failed access attempts nor is an alert sent to an administrator. Any data collected through the backdoor can be sent to anywhere -- not just merely to an authorized user, Forbes reports. What's more, an ISP is not able to perform an audit trail on whoever tried to gain access to a router through the backdoor - that nuance was intended to keep ISP employees from detecting the intercept and inadvertently tipping off the individual under surveillance. But according to IBM's Cross, any authorized employee can use it for unauthorized surveillance of users and those privacy violations cannot be tracked by the ISP. Cisco said it is aware of Cross's assertions and is taking them under consideration. To Cisco's credit, it is the only networking company that makes its lawful intercept architecture public, according to the recommendations of the IETF, the Forbes story states. Other companies do not, which means they may be susceptible to the same security flaws, or worse. On Feb 10, 2010, at 3:40 PM, Jack Unger wrote: > Not only don't they pay for it but they are also in favor of it > because it gives them JOBS... good, government JOBS. Thus government > gets even bigger with no real results to show for it and with a > further reduction in the rights granted citizens by the Bill of > Rights. <http://en.wikipedia.org/wiki/United_States_Bill_of_Rights>. > > jack > > > Tom DeReggi wrote: >> >> "a survey of state computer crime investigators found them to be >> nearly >> unanimous in supporting the idea. " >> >> Really? What an idiot, of course they are. They dont pay for it. >> >> Tom DeReggi >> RapidDSL & Wireless, Inc >> IntAirNet- Fixed Wireless Broadband >> >> >> ----- Original Message ----- >> From: "Mark McElvy" <mmce...@accubak.com> >> To: "Principal WISPA Member List" <w...@wispa.org>; "WISPA General >> List" >> <wireless@wispa.org> >> Sent: Monday, February 08, 2010 9:07 PM >> Subject: [WISPA] FBI wants records kept of Web sites visited | >> Politics >> andLaw - CNET News >> >> >> >>> http://news.cnet.com/8301-13578_3-10448060-38.html?tag=nl.e404 >>> >>> >>> >>> -------------------------------------------------------------------------------- >>> WISPA Wants You! Join today! >>> http://signup.wispa.org/ >>> -------------------------------------------------------------------------------- >>> >>> WISPA Wireless List: wireless@wispa.org >>> >>> Subscribe/Unsubscribe: >>> http://lists.wispa.org/mailman/listinfo/wireless >>> >>> Archives: http://lists.wispa.org/pipermail/wireless/ >>> >> >> >> >> -------------------------------------------------------------------------------- >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> -------------------------------------------------------------------------------- >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> >> >> > > -- > Jack Unger - President, Ask-Wi.Com, Inc. > Network Design - Technical Training - Technical Writing > Serving the Broadband Wireless, Networking and Telecom Communities > since 1993 > www.ask-wi.com 818-227-4220 jun...@ask-wi.com > > > > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > -------------------------------------------------------------------------------- > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
