|
% = % = % = % = % = % = % = % = = % P h r a c k X V I I % = = % = % = % = % = % = % = % = % Phrack Seventeen 07 April 1988 File 9 of 12 : Data-Tapping Made Easy --FEATURE ARTICLES AND REVIEWS- TAPPING COMPUTER DATA IS EASY, AND CLEARER THAN PHONE CALLS ! BY RIC BLACKMON, SYSOP OF A FED BBS Aquired by Elric of Imrryr & Lunatic Labs UnLtd Note from Elric: This file was written by the sysop of a board for computer security people (run on a CoCo), as far as I know the board no longer exists, it was being crashed by hackers too much... (hehe). --------------------- FOR SEVERAL YEARS, I ACCEPTED CERTAIN BITS OF MISINFORMATION AS TECHNICALLY ACCURATE, AND DIDN'T PROPERLY PURSUE THE MATTER. SEVERAL FOOLS GAVE ME FOOLISH INFORMATION, SUCH AS: A TAP INTERRUPTS COMPUTER DATA TRANSMISSIONS; DATA COULD BE PICKED UP AS RF EMANATIONS BUT IT WAS A MASS OF UNINTELLIGIBLE SIGNAL CAUSED BY DATA MOVING BETWEEN REGISTERS; ONE HAD TO BE IN 'SYNC' WITH ANY SENDING COMPUTER; DATA COULDN'T BE READ UNLESS YOU HAD A DIRECT MATCH IN SPEED, PARITY & BIT PATTERN; AND ONLY A COMPUTER OF THE SAME MAKE AND MODEL COULD READ THE SENDING COMPUTER. THIS IS ALL PLAIN SWILL. IT IS IN FACT, AN EASIER CHORE TO TAP A COMPUTER THAN A TELEPHONE. THE TECHNIQUE AND THE EQUIPMENT IS ALMOST THE SAME, BUT THE COMPUTER LINE WILL BE MORE ACCURATE (THE TWO COMPUTERS INVOLVED, HAVE ERROR CORRECTING PROCEDURES) AND CLEARER (DIGITAL TRANSMISSIONS HAVE MORE DISTINCT SIGNALS THAN ANALOG TRANSMISSIONS). FIRST, RECOGNIZE THAT NEARLY ALL DATA TRANSMISSIONS ARE SENT IN CLEARTEXT ASCII SIGNALS. THE LINES CARRYING OTHER BIT-GROUPS OR ENCIPHERED TEXTS ARE RARE. SECOND, THE SIGNAL APPEARS ON GREEN AND RED (WIRES) OF THE PHONE LINE ('TIP' AND 'RING'). THE DATA IS MOST LIKELY ASYNCHRONOUS SERIAL DATA MOVING AT 300 BAUD. NOW THAT 1200 BAUD IS BECOMING MORE CHIC, YOU CAN EXPECT TO FIND A GROWING USE OF THE FASTER TRANSMISSION RATE. FINALLY, YOU DON'T NEED TO WORRY ABOUT THE PROTOCOL OR EVEN THE BAUD RATE (SPEED) UNTIL AFTER A TAPED COPY OF A TRANSMISSION IS OBTAINED. IN A SIMPLE EXPERIMENT, A TAPED COPY OF A DATA TRANSMISSION WAS MADE WITH THE CHEAPEST OF TAPE RECORDERS, TAPPING THE GREEN AND RED LINES BEYOND THE MODEM. THE RECORDING WAS THEN PLAYED INTO A MODEM AS THOUGH IT WERE AN ORIGINAL TRANSMISSION. AT THAT POINT, HAD IT BEEN NECESSARY, THE PROTOCOL SETTINGS ON RECEIVING TERMINAL COULD HAVE BEEN CHANGED TO MATCH THE TAPE. NO ADJUSTMENTS WERE NECESSARY AND A NICE, CLEAR ERROR-FREE DOCUMENT WAS RECEIVED ON THE ILLICIT VIDEO SCREEN AND A NEAT HARD-COPY OF THE DOCUMENT CAME OFF THE PRINTER. THE MESSAGE WAS INDEED CAPTURED, BUT HAD IT BEEN AN INTERCEPTION INSTEAD OF A SIMPLE MONITORING, IT COULD HAVE BEEN ALTERED WITH A SIMPLE WORD PROCESSOR PROGRAM, TO SUIT ANY PURPOSE, AND PLACED BACK ON THE WIRE. WERE I TO HAVE AN INTEREST IN INFORMATION ORIGINATING FROM A PARTICULAR COMPANY, AGENCY, OR OFFICE, I THINK THAT I WOULD FIND IT FAR MORE PRODUCTIVE TO TAP A DATA TRANSMISSION THAN TO TAP A VOICE TRANSMISSION, AND EVEN MORE REWARDING THAN GETTING HARDCOPY DOCUMENTS. *SIGNIFICANT & IMPORTANT INFORMATION IS MORE CONCENTRATED IN A DATA TRANSMISSION. *SIGNIFICANT & IMPORTANT INFORMATION IS MORE EASILY LOCATED IN DATA TRANSMISSIONS THAN IN MASSES OF FILES OR PHONE CALLS. *TRANSMITTED DATA IS PRESUMED TRUE, AND WHEN ALTERATION IS DISCOVERED, IT'S READILY BLAMED ON THE EQUIPMENT. *THE LAWS CONCERNING TAPS ON UNCLASSIFIED AND NON-FINANCIAL COMPUTER DATA ARE EITHER QUITE LACKING OR ABJECTLY STUPID. THE POINT OF ALL THIS IS THAT THE PRUDENT MANAGER REALLY OUGHT TO ENCRYPT ALL DATA TRANSMISSIONS. ENCRYPTION PACKAGES ARE CHEAP (A 'DES' PROGRAM IS NOW PRICED AT $30) AND ARE EASY TO USE. -------------------------------