From CSULA CS Wiki
Jump to: navigation, search

Many snooping systems rely on a cue called a C-tone to indicate that a target's telephone is idling on the hook. The absence of this sound, by contrast, tells the snoops that their target is starting up a conversation and audio recording should begin. So if a scientist (or target) generates a C-tone, which consists of two particular frequencies played together, many common wiretapping systems will simply stop recording—even if the C-tone sound is played quietly so that it won't interfere with the target's conversation.

So step 1 is that the existence of the C-tone is exploited by eavesdroppers to tell when to start recording.

Generating a C-tone is as easy as stocking up on duct tape. Most touch-tone phones have four rows and three columns of buttons. On some military phones, there's a fourth column that includes a C-tone button. Such devices can be purchased inexpensively on sites like eBay. Alternatively, a C-tone can be produced using parts for sale from Radio Shack or using software you can download for free from sites like this one (though in all of these cases, modifications may be needed to make the C-tone soft enough to talk over). As one of Blaze's grad students, Micah Sherr, joked, "If you're exceptionally skilled you could even get two people to sing harmoniously" and hit the right C-tone sound.

Step 2 is that the existence of C-tone triggered devices allow one to bypass them by generating artificial C-tones.

Blaze's team tested a range of wiretap systems in the lab, some used by law enforcement and others that were homemade. Older technologies, called loop extender systems, were particularly vulnerable to the C-tone ruse. But newer systems developed in accordance with the 1994 Communications Assistance for Law Enforcement Act were surprisingly susceptible as well. The Department of Justice may not have done the government any favors when it requested that new systems include the C-tone feature, perhaps so that the newer equipment would be compatible with the old. (Click here for diagrams of loop extender and CALEA systems and more on why they can be easy to fool.) A spokeswoman for the FBI said that according to the annual Federal Wiretap Report, which keeps track of the number of applications for interceptions that are granted or denied, roughly 90 percent of approved wiretap requests use CALEA systems. She acknowledged that many still have the C-tone feature but said that "practically none of the wiretaps done today is vulnerable to C-tone countermeasures." (The NSA—surprise!—declined to comment.) Blaze countered that unless the government has actively reconfigured or turned off the C-tone feature, its systems may still be susceptible. The good news for the snoops is that, if vulnerable, the CALEA systems can probably be fixed.

Step 3 is to bypass the use of the C-tone.