Exploiting Internet Surveillance Systems

Presented at DEF CON 18 (2010), July 30, 2010, 3 p.m. (50 minutes).

For many years people have been debating whether or not surveillance capabilities should be built into the Internet. Cypherpunks see a future of perfect end to end encryption while telecom companies are hard at work building surveillance interfaces into their networks. Do these lawful intercept interfaces create unnecessary security risks? This talk will review published architectures for lawful intercept and explain how a number of different technical weaknesses in their design and implementation could be exploited to gain unauthorized access and spy on communications without leaving a trace. The talk will explain how these systems are deployed in practice and how unauthorized access is likely to be obtained in real world scenarios. The talk will also introduce several architectural changes that would improve their resilience to attack if adopted. Finally, we'll consider what all this means for the future of surveillance in the Internet - what are the possible scenarios and what is actually likely to happen over time.

Presenters:

  • Tom Cross / Decius - Security Researcher   as Decius
    Decius works in the computer security industry. His job consists mostly of having meetings with people and filling out forms. He used to do a lot of patch reversing but he doesn't have time any more. He has spoken at Blackhat Federal, Electronic Frontier Forums, H.O.P.E., Summercon, Phreaknic, Interz0ne, and Outerz0ne. He likes beer, particularly if it is from Bavaria.

Links:

Similar Presentations: