The convenience of the telephone is an
essential part of modern life, but it also has a down side that is too often overlooked.
Telephones -- or the people who use them -- are responsible for the wholesale compromise
of much sensitive information that should be better protected.
The telephone can be turned against us in two
- The telephone system can be penetrated and
manipulated electronically so that the microphone in the telephone handset picks up room
conversations and transmits them down the phone line to a receiver even when the telephone
handset is hung up. This is discussed below under Penetrating
|The security and intelligence services of
many friendly as well as unfriendly countries have active communications intercept
programs targeted against U.S. Government offices and selected U.S. businesses and
academic research programs. For information on how to protect yourself against these
operations, see Countermeasures in the
Introduction to this module on Intercepting Your Communications.
When you pick up a telephone to make a call
or send a fax, you generally have no idea through what channel the call will be routed.
Automatic switching equipment routes the call by land line, by land-based microwave relay
towers, or via satellite depending on which method is available and most efficient at the
Most long distance calls travel at least part of the
way via the airwaves by satellite or between land-based microwave towers -- and
anything in the air can be intercepted. The technology for monitoring microwave and
satellite communications used to be so expensive and complicated that it required a major
government investment. Now, any reasonably well-financed group or individual can do it
with readily available, off-the-shelf equipment.
The advent of digital communications has
brought a large increase in the number of simultaneous digital voice or data transmissions
over a single communications media. However, technological advances in high-speed computer
search engines have kept up with this increase in volume. Therefore, it is still easy to
sort through the billions of telephone calls and fax and data transmissions to identify
targeted phone numbers or do key-word searches to pick out calls that mention watch-listed
topics. Manpower requirements for processing the voluminous intercept material are greatly
reduced by doing the initial screening by computer. Communications intercepted in the
United States may be relayed back to another country for analysis and translation of
Heres how intercepting telephone and
fax communications works. 1
Let's suppose your signal has traveled by
land line or land-based microwave to a long-haul switching station. The telephone
company's computer searches for the most efficient path to send the signal and picks out a
satellite connection. Your call is relayed to a ground station where it is transmitted by
a transponder up to a satellite and then relayed down to a distant ground station. The
call then goes via land line or land-based microwave to a switching station where it is
unlinked from the other signals, passed over cable to the recipient's telephone, and
converted back into voice or a fax message.
All this happens within a fraction of a
second. More satellites are being put up all the time to meet the increasing demand for
The downlink from the satellite is easily
intercepted. It is not a narrow beam, but a microwave signal that goes out in many
directions. The higher the satellite, the larger the area on earth from which that radio
wave can be received and, therefore, intercepted. For many satellites, the satellite
"footprint," or area in which the satellite signals can be received on earth, is
a couple thousand miles in diameter. The footprint can be reduced by lowering the
satellite orbit or increasing the size of the satellite antenna, but the signals can still
be received over a wide area.
Anyone within this footprint with a satellite
dish and some readily available equipment can pick up the signal in the same way that a
backyard satellite dish pulls in television signals. Interception of satellite signals can
be done from embassies or other foreign-owned buildings, from ships at sea off the coast,
or from a foreign base. Satellite communications to and from most areas of the United
States are vulnerable to interception from one or more of these locations.
Land-based microwave used to be a major means
of transmitting long distance communications across the country. Now, long haul
communications increasingly go via satellite or fiber optic land lines. Land-based
microwave is used mainly for traffic over short distances or between a local phone office
and the nearest major satellite or land line link.
Land-based microwave transmissions are
relayed from one tower to another. The towers are placed at about 25 to 30-mile intervals,
because the signals go mainly in a straight line and don't follow the curvature of the
earth. (You can often see the towers as you drive along an interstate highway.)
Like satellite communications, land-based
microwave communications are easily intercepted by anyone within range using readily
available equipment. One security weakness of all microwave transmissions, whether
land-based or via satellite, is that the beams have "side lobes" or
"spill" along the full distance between relay points. Using a well-aimed
parabolic dish antenna, it is possible to intercept the signal from the side if there is
direct line of sight to a section of the beam.
Many foreign embassies, consulates, trade
offices, and foreign-owned office buildings and residences in the United States are
located in areas that provide opportunities to intercept land-based microwave as well as
satellite signals. Rooftop antennas of foreign offices in Washington DC, New York, San
Francisco and elsewhere sometimes indicate which countries are actively monitoring U.S.
A tap on a phone line allows an eavesdropper
to monitor or record all conversations on that line. Telephone taps come in many
varieties. Contrary to some popular belief, a sophisticated phone tap is unlikely to be
noticed by the phone user and may not be apparent even to a professional technical
security countermeasures team using the latest equipment.
Consider the miles of telephone lines between
your phone and the telephone companys central office. Conversations can be
intercepted at any point along this path by several techniques. Sophisticated devices may
be attached to or placed in or near communications equipment and cables. The tap may
include a miniature transmitter that broadcasts the signal to a nearby listening post, a
switch that allows monitoring from another line, or a voice-actuated recorder.
The limiting factor is that the installer of
a telephone tap must somehow gain physical access to the telephone cables, terminals, or
switching equipment for a brief period of time. In some cases the physical access may be
readily available for example, if the customer service box is located on the
outside of a home or other target building. In other cases, a member of an unescorted
cleaning crew might be recruited to provide access to the cables in a large office
building, or a telephone repairman might be recruited to provide direct access to the
lines or to a switching station.
In tapping phone lines, a local security service that
can tap lines legally has a huge advantage over anyone who might try to do so without
official support. American government and business offices overseas must assume their
telephone lines are tapped, as this is a common practice. The capability is
certainly there to tap any telephone, fax, e-mail, computer, or other form of electronic
communication that might carry information of potential interest. Large volumes of tapes
can be screened by computer programs that search for key words. Artificial intelligence
algorithms can pick out the conversations most likely to contain useful information.
Fiber-optic cables are gradually replacing
copper wire as a transmission media for both inside and outside wiring. While not as
vulnerable as copper cable to simple methods of attack, fiber-optic cables are nonetheless
vulnerable. Devices are readily available to extract information from cable previously
billed by some as tap proof.
The telephone system can be penetrated to
steal information or to steal valuable processing time. The computerization of telephone
systems is now opening these systems to new channels of attack.2
The standard telephone instrument has always
contained all the classic components of a surveillance device -- a microphone and wire
line designed to carry information from a target area. We used to think the telephone was
safe as long as the handset was in the cradle, or "on-hook."
Now, however, one cannot simply look at a
phone, see that it is hung up, and therefore know it is secure. The software features of
most computerized phone systems make it possible to manipulate the instrument so that it
acts like a microphone to pick up and transmit room conversations even when the handset is
hung up. Many telephone instruments are designed with a speaker phone option, but it is
possible to turn a handset into an active microphone to pick up room conversations even if
this was not a part of its design or construction. Room conversations can then be
monitored from another telephone far away.
There are many different methods for mounting
such an attack, some of which do not even require physical access to the telephone
hardware or the room in which the telephone is located. Those that do not require physical
- Using the computer telephone system
maintenance procedures to put a phone in the monitor mode -- that is, off-hook.
- Using the computer telephone system software
that permits a phone instrument to answer in the hands-free mode -- that is, remote
activation of the speaker phone option.
- Applying externally generated electrical
voltages or control signals onto the telephone line.
- Modifying the telephone equipment or control
unit software through exploitation of a remote maintenance port.
Methods that do require physical access to
the telephone equipment are:
- Modifying or reconfiguring the existing
- Modifying the equipment or control unit
- Installing a clandestine technical
surveillance device -- a bug.
An acceptable level of protection for
telephones and other telecommunications devices against this type of penetration requires
a combination of technical measures and controls on physical access to the hardware. It is
not possible to eliminate all risk, but technical measures are available to greatly reduce
the risk of an outsider monitoring your room conversations via the telephone while the
phone is on the hook. These measures must be supported by physical security measures to
prevent unauthorized persons from gaining physical access to the telephone equipment.
Telephone fraud has become a serious problem
in the modern office environment. "Phreakers" (phone breakers who break into
computerized phone systems) surf telephone systems like hackers surf computer networks
looking for vulnerabilities. The most common weakness is the system for remote maintenance
and testing of the lines. When phreakers gain illicit access, they make long distance
calls at no cost to themselves, or they sell the access to fraudulent call-sell operators
who then resell to others the ability to make long distance calls at reduced rates.
Denial of Service Attack
Interception and penetration are not the only
risks. Communications systems are also vulnerable to a type of infowar attack called a
"denial of service attack." This is when a telephone system is flooded with so
many calls, and the main communication lines are tied up with so much trash traffic, that
they cannot be used for business. This is the telephone equivalent of an "e-mail
flooding attack" on a computer system. An adversary can use such an attack to
temporarily cripple a communication or telephone system or cause financial damage to a
Related Topics: Using the STU-III, Fax
Machines, Overseas Communications.
1. Much of this description of the mechanics of
intercepting microwave and satellite communications is from an article by Senator Daniel
Patrick Moynihan, "Privacy Disappears as America is Plagued by 'Bugs:' To the
Soviets, All of America is a Party Line, as their Devices Tap Phone Communications."
Published in Popular Mechanics and reprinted in Orange County Register, April
2. All information in this section is from the National Reconnaissance
Organization publication Everything You Always Wanted to Know about Telephone
Security, December 1998.