Alert icon
We're changing our privacy policy. This stuff matters.  Learn more  Dismiss

Black Hat DC 2010: Exploiting Lawful Intercept to Wiretap the Internet 1/6

Sign in or sign up now!
Alert icon
Upgrade to the latest Flash Player for improved playback performance. Upgrade now or more info.
1,608
Loading...
Alert icon
Sign in or sign up now!
Alert icon

Uploaded by on Feb 9, 2010

Clip 1/6
Speaker: Tom Cross

Many governments require telecommunications companies to provide interfaces that law enforcement can use to monitor their customer's communications. If these interfaces are poorly designed, implemented, or managed they can provide a backdoor for attackers to perform surveillance without lawful authorization. Most lawful intercept technology is proprietary and difficult to peer review. Fortunately, Cisco has published the core architecture of it's lawful intercept technology in an Internet Draft and a number of public configuration guides.

This talk will review Cisco's architecture for lawful intercept from a security perspective. The talk will explain how a number of different weaknesses in its design coupled with publicly disclosed security vulnerabilities could enable a malicious person to access the interface and spy on communications without leaving a trace. The talk will explain what steps network operators need to take to protect this interface. The talk will also provide a set of recommendations for the redesign of the interface as well as SNMP authentication in general to better mitigate the security risks.

For more information go to the BlackHat 2010 DC archive http://bit.ly/aNhakO

Category:

Science & Technology

Tags:

License:

Standard YouTube License

  • likes, 2 dislikes

Link to this comment:

Share to:
see all

All Comments (3)

Sign In or Sign Up now to post a comment!

  • none of this should be posible until a criminal offense by the person being monitored has been proved.! Until that time this is unlawful.!

    bigdav123456 9 months ago

  • well guilty til proven innocent is the model of security, but not the model of freedom. the two are opposed.

    if everyone is considered guilty and suspect, then everything can be monitored and nothing missed (the white list model, only trusted things can be exempt) if everyone is considered innocent how do you determine who is guilty.

    wire tapping is terrible, censoring the internet is terrible, and i will take freedom over security and safety any day!

    tuseroni 1 year ago

  • So, we're all GUILTY UNTIL PROVEN INNOCENT? We're all potential CRIMINALS unless we're continually monitored? The 4th Amendment is null & void? Why is Cisco mentioning European laws? Europeans have their laws, and we have our 4th, and 5th Amendments.

    joe80dman 2 years ago

Loading...

Alert icon
0 / 00Unsaved Playlist Return to active list
    1. Your queue is empty. Add videos to your queue using this button:
      or sign in to load a different list.
    Loading...Loading...Saving...
    • Clear all videos from this list
    • Learn more