For those inquiring about VoIP calls etc...

[noel]

http://yro.slashdot.org/article.pl?sid= ... 7&from=rss

Wired News is reporting that the equipment found in the "secret" NSA room at AT&T wasn't some elaborate device designed by Big Brother. Rather, it is a commercially available network-analysis product that any company could acquire. From the article: "'Anything that comes through (an IP network), we can record,' says Steve Bannerman, marketing vice president of Narus, a Mountain View, California, company. 'We can reconstruct all of their e-mails along with attachments, see what web pages they clicked on, we can reconstruct their VOIP calls.'"

Emphasis is mine.

[Kelshara]

No surprise there. I'm still perfectly happy with my VoIP

[noel]

Please don't take it as though I'm stating VoIP is in any way bad. I love VoIP, and wouldn't want to go back to a normal landline. Someone asked the question though, and since it made the news I figured I'd post it here.

[Kelshara]

Yeah I remember the post and the question. Guess I'm not really surprised about this being an IT person and having played around with packetsniffing etc myself.

[Aabidano]

...we can reconstruct their VOIP calls.

I see this sort of thing on the news and people make a big deal it. This is nothing new. Go snag a copy of ethereal or Cain and Abel and anyone can do it, given proper access. Or a tape recorder and a switch if you want to tap wireline. Get a lawyer too while you at it, it's still illegal

*Edit - Please note running either one of those at work without reason to can get you fired at many, if not most businesses.

Access to the circut is usually the difficult part in any case, and VoIP makes access at the proper point critical. A normal landline you can be anyplace and get access, because the connection is fixed to a set path. VoIP isn't, you have to be pretty close to the endpoint to do it and not be noticed, or monitor constantly. Being undetectable is a requirement of the law surrounding the issue.

It's so easy to proxy, encrypt and\or hide the fact that the VoIP call is taking place in the first place you deserve to be caught if you do. It's not rocket science.

It's no different than a landline if you're at the providers facility or on a corporate campus\office from a sniffing or tapping point of view. From a home point of view it's a little more difficult but still not that hard in most cases.

I don't know what the big deal is.

*Another edit - Wasn't saying Noel was making a big deal, I'm in a couple VoIP security groups and these goobs get all worked up about it regularly as does the news.

[Sylvus]

I see this sort of thing on the news and people make a big deal it. This is nothing new. Go snag a copy of ethereal or Cain and Abel and anyone can do it, given proper access. Or a tape recorder and a switch if you want to tap wireline. Get a lawyer too while you at it, it's still illegal

Illegal, sure, if you're not the government. Even that's a slippery slope, as it *is* illegal and that's why it's been such a big deal in the news. Granted, I understand that most of us are completely moral, patriotic Americans with nothing to hide and we shouldn't care the slightest if the government is listening to our phone calls or watching the web sites we visit, I'm just saying why some people think it's a big deal

And yeah, while the end points you're listening on are a factor, they become less of a factor when the biggest telecom companies (read: ISPs) are in cahoots with those people who are doing the spying. I'll qualify my next statement by pointing out that programming is more my bailiwick and I'm merely a paper MCSE, but it's my understanding that most of your internet traffic goes through your ISP's pipes at some point.

[Moonwynd]

I designed and implemented a multi location Cisco VOIP/Call Manger solution at my organization last summer. All of our offices are on point to point fiber T's so everything stays internal.

IP traffic (packets) can be captured...but it's pretty darn hard to tap into fiber as opposed to regular copper.

Now VOIP like Vonage and the like go out over the public internet...capturing traffic is a heck of a lot easier to do in the unsecure world of the internet. Sylvus is correct....ISP's can access your IP packets as they do travel across their lines and network devices (routers).

And although the military does use some pretty advanced communication technology...there are still "wire dogs"...people that run copper POTS lines. The one thing that copper telephone line has over the other technology is that it is very reliable.

[noel]

I'd like to point out that the whole point of this is that the person doing the capturing *did* have the proper access.

I'd also like to point out that if you think capturing something on fiber is difficult, you lack imagination.

[Boogahz]

Also, the company (AT&T) was required to have the tech in place to capture the information per the info in my post on the other thread. It was basically required to be in place before any request was ever made.

[Moonwynd]

I'd like to point out that the whole point of this is that the person doing the capturing *did* have the proper access.

I'd also like to point out that if you think capturing something on fiber is difficult, you lack imagination.

I have a very vivid and active imagination. And I know capturing packets on fiber is not impossible...it is just not as easy as tapping into copper.

Oooh...I feel a vivid imagining coming on....

I am imagining that Noel can actually respond to a post without being condescending...

Whew...I told you had a very vivid imagination...

[noel]

First, there are devices that can actively tap fiber without breaking the fiber.
Edit: you already knew this, but I don't think I was condescending I just needed to learn to read!

Second, and much simpler is mirroring the fiber to an unused port and doing your capturing there. Remember we're talking about an individual that had the necessary access, but if we assume we don't want an outage, that's the easiest way to accomplish that.

Edit: Y'know... unless you're dealing with a campus network where the fiber is building to building, you're naive to think that your whole network is private. The reality is that yes, the network is private, but the T you connect to on one side most likely goes into a high end carrier switch running MPLS, or ATM with strict QoS policies. It's 100% true that your traffic is segregated and protected, but it's still going into a switch that there's a lot of other traffic going through besides yours. The NSA has nearly unlimited resources and if they need it, unlimited access. If they wanted your company's data they could get it.

[Aabidano]

And yeah, while the end points you're listening on are a factor, they become less of a factor when the biggest telecom companies (read: ISPs) are in cahoots with those people who are doing the spying..

..but it's my understanding that most of your internet traffic goes through your ISP's pipes at some point.

The service providers don't want to have to continue centralizing their traffic to support this. They lose the cost savings of getting away from switched circuts and it's makes the services they provide either less redundant or more expensive. Added to that, as soon as you cross a provider border they can't do much anyway. The capability to mirror a port has to be out near the customer edge.

...capturing packets on fiber is not impossible...it is just not as easy as tapping into copper.

While it's possible to do it without breaking the circut\media or accessing the box(es), it is detectable. If your network guys are on the ball this is something they would notice.

Anyhow, my problem is still not that they're doing this. The telecoms have always maintained all this information in a sliding window. No one is supposed to have access to it without court order, unless it involves non-US citizens. It's the availability and use of the information they gather that's at issue.

They aren't recording everyone's calls all the time, it's physically impossible. Think of just trying to save all the voice traffic on an OC-48, comprised of voice streams that are 20-80k\sec each. That NSA owned "stuff" has to be filtering and saving a small subset of what's passing. How wide the net is, who has access to it, and what it's used for are the distinctions.

An ISP I did some work at a while back had a cluster of high end Sun boxes, and are roomfull of storage just to deal with detailed billing records, let alone the contents of anything.