|
FAX INTERCEPTION This article is reprinted from Full Disclosure #23. Copyright (c) 1991 Full Disclosure. Permission granted by publisher to reprint when subscription information provided: Full Disclosure, Box 903-R, Libertyville, Illinois 60048, Phone: (708) 395-6200, Fax: (708) 395-6022, BBS: (708) 395-3244, Toll free: (800) 786-6184. Subscriptions: $18 for 12 issues. As with the introduction of all new communications technologies, there is a time lag between the availability of the technology and commercial development of interception devices. Accompanying the use of both are unanticipated risks and the potential for misuse and misunderstandings. False Sense of Security With the widespread proliferation of fax machines came increased use. In general, a document transferred has been given the same sort of validity as one sent or received by U.S. Mail. In general, such communications were originally secure. Now that interception equipment is available, the sense of security has become false. For all practical purposes, fax is a remote photocopying machine. The process begins with the sending unit converting the image on the page into a digitized image (numbers in an electronic format) and transmitting it as a noise sounding signal over a phone line. The receiving fax converts the signal into dots and prints it. Since the image is transmitted over standard phone lines, the communication is subject to interception. However, rather than tapping the line with a tape recorder or simply listening to the oral communications, an interception device that makes sense of the specialized signal is necessary. Sometimes this is done by recording the transmission and later converting the recording of the modem signal to a computer image, sometimes it is done 'on the fly' as the signal is being intercepted. Simple Fax Intercepts Why not just use a standard fax machine for interception? The signal sequences and handshaking at the time machines first connect complicates the possibility. During startup, the machines automatically select one of several built in protocols depending on line conditions. That is why on really noisy connections, the transmission of a page can take much longer. Directly connecting a 3rd fax machine to the line may confuse this process. Both the receiving unit and the intercepting machine would be sending signals about line conditions and protocol. However, if a 3rd fax machine did manage to get properly synchronized to the signal in use without interfering with the initial handshake, it would print an image identical to the one received by the intended recipient. We had mixed results when we tried this in our lab. Sometimes we managed to get all three machines synchronized. Using unmodified fax machines to attempt intercepts didn't provide sufficient reliability to be considered a viable approach. Indeed, continued attempts of this approach would likely put both sender and recipient(s) on notice that something was wrong as connections would be repeatedly lost. This doesn't mean that it is really complicated to intercept faxes. The Philadelphia Inquirer reported in September 1990 that Japanese hackers have been stealing valuable information from corporations by using fax interception. The article claimed it could be done by anyone with a little knowledge of electronics. We agree, we have intercepted faxes in our lab. (See front cover for one such example.) Doing It Right The latest commercially available fax interception devices generally use fax boards in IBM PC or compatible computers. The actual hardware used for fax interception is often the same as used by normal computer-fax systems. The software is more sophisticated. Rather than attempting to synchronize with the sending unit by sending protocol information, it adjusts to whatever protocol the two main players have established and stores the signal information. After interception, the electronic information is stored in the computer and is available for review, to be printed, altered or discarded. Such equipment can be left unattended for long periods if necessary, or monitored for the instant use of information in cases where law enforcement is standing by waiting for some specific bit evidence. Cellular Fax Interception Cellular phone based fax machines provide ripe opportunity for `hacker' intercepts, since the signal is available via low cost police scanners. No physical connection to a common carrier network is necessary. There is absolutely no risk of being detected. Commercial fax interception equipment gets more complicated, though. Since fax messages might be on the same phone lines as voice or other computer modem communications, some of the interception devices automatically route different types of communications to different interception devices. This provides the interceptor with a separate recordings of voice phone calls, faxes, and other computer communications. Such fax interceptions are based upon the interceptor having a specific target. Distributing the sorts of information received for analysis isn't much different from an ordinary, now old fashioned, wiretap. Broadband Interception Presorting of signals and voice communications as described above makes broadband scanning for fax messages easy. The interception of satellite or microwave links has become possibile. Cooperation by a common carrier with the government has happened in the past, and strikes a chord of dangerous reality today. But it really takes little by way of home fabricated equipment to monitor much of the satellite link traffic. Commercial equipment is also available. One commercial fax interception unit can decode up to 150 simultaneous fax transmissions from a 6,000 phone line satellite link. Such broadband interception can also be done on oral calls, however, the task of listening to all the conversations for the important ones is much, much greater compared to scanning faxes. First, faxes are usually much more direct and to the point than normal phone conversations (not so much about Sunday's game). Additionally, optical character recognition (OCR) process can be used to convert much of the text to standard computer data and then be mechanistically selected for closer scrutiny by an automated search of keywords of interest. Encryption of a fax could also be noted, perhaps triggering further attention. The risks resulting from broadband interceptions are henious. Your fax could be intercepted not because you were a selected target of law enforcement, industrial spies or miscreant hackers, but because of the route your fax travelled through the common carrier networks. Broadband interceptions become a modern day version of general warrants. Satellite signals don't respect borders. Interception in nations with no privacy concerns for radio signals of what we, as users, understand to be Constitutionally protected communications has become a real threat. There are areas contained within our national frontiers where the United States Constitution does not apply. Foreign embassies present one such clearcut example. The status on Indian Reservations is not cleancut. Dangers of Fax The February 13, 1990 issue of the American Bankers' Association publication ``Bankers Weekly'' reported that ``In one incident, a bank suffered a $1.2 million loss through fraudulent funds transfer requests which were accomplished using nothing more than business letterhead, tape and sissors.'' A fax machine made such simple tools effective. Inordinate reliance on technology permitted the loss to actually happen. The journal continues that there is a need for legislation (changes to the Uniform Commercial Code) to put a stop to the problem. Unfortunately, legislative efforts alone cannot correct the problem. The first step, is an understanding of the technology. Once the technology is understood, administrative procedures can be implemented by users of fax machines to protect themselves. That protection cannot be successful without understanding the limitations of the machinery. Taking any communications device for granted is a high risk path. New Techniques For Fraud The advent of fax technology has opened the door to new methods of fraud. Those intent on committing fraud have always devised methods of bypassing normal authentication systems in order to steal. As technology evolves, these methods also evolve. Protective measures must follow suit. Faxes represent a multiple whammy. People who send faxes have some geographic distance between them. Because of past reliance on semi-automated communications, formal verification proceedures are bypassed, substituting the mysterious nature of modern communications. There was a time, even recently, that tellers at banks asked for positive identification even in the case of small cash transactions inside a bank. Yet today we witness orders for large sums being processed simply because ``it came by fax.'' This is truly a conspiracy of laxness and misinformation. A written purchase order from a company is likely to have a particular form, and include a signature. One attempting to issue a fraudulent purchase order would need to forge both the form and the signature. Additionally, envelopes and possibly a postage meter imprint from the issuing company would also be needed. Elsewhere in this issue we reprint a letter from the Federal Communications Commission. The letterhead was, for reasons we have been unable to determine, typed instead of printed. Some of the recipients we've talked to have placed calls to verify the authenticity of the letter. As it turns out, the letter was authentic and official. A purchase order sent by fax on the other hand, can be created by cutting, pasting and xeroxing together parts of other orders from the company. When received by fax, the fake would appear legitimate. PC's & Fax: The Miscreants Gun The advent of PC based fax boards exaggerates these problem. A fax that originates, is received by, or intercepted by a personal computer (PC) fax board really opens the door for miscreants. A fax, when stored on a PC is easily modified using ordinary commercial software intended for preparation of graphics. An image of the fax can be brought up on the screen and parts of it altered or cut and pasted electronically. For example, a purchase order could have a shipping address altered. A signature could be removed from one document and placed on another. All such operations can be done on a computer screen in moments. Document changes that could take a professional forger hours to accomplish could be done in minutes by an amateur, even an underage one. Bogus faxes can be created to be sent to another fax, or incoming faxes could be altered by an employee and printed as authentic. Detection is difficult to impossible, depending on verification techniques used at audit. The difficulty of intercepting standard U.S. Mail or voice phone calls and altering the content by a third party is enormous compared to fax messages. Before a fax message is printed, it is just a series of electrical signals. Any alternations result in changes without a trace of the alteration. The receipt of a fax is <B>not<D> a confirmation of its content, unless other corroborative authentication validates the information. Someone with access to a phone closet can route incoming fax line to a PC. The fax can then be connected to a different phone line. All incoming faxes would be first received by the PC and the operator could alter, erase, or forward without change those faxes to the standard fax machine. A pre-review and alteration if desired scheme can be effected. The same can not easily be accomplished with normal voice phone calls, or the U.S. Mail. With the advent of the Caller-ID services, this information should soon be incorporated into fax machines, so the true number of the caller will be placed on the fax. This will still do nothing to prevent transmission of bogus faxes over that phone line. Protect Yourself The best rule for protecting one's interests when using faxes is to use them only with other confirmation or as confirmation of other communications. They should never be used for final copies of contracts, purchase orders or other important documents that could have a significant impact if altered, or entirely fabricated. Where would we be if our WW2 treaties terminating hostilities were faxed documents. Additionally, information that would not be given out over a standard phone conversation, subject to a wiretap, or other listeners (via a speakerphone, extension, etc), should not be sent by fax. There is no way to tell who may pick up a received fax and read it. In fact, it is more likely an unintended party will read a fax than pick up an extension phone and eavesdrop on a voice call (intentionally or not). It should be kept in mind that any errant employees or others that could get access to the fax phone line(s) could intercept all faxes sent or received and make use of the fax images for whatever purpose they desired. The intercepted faxes can be used to collect or create incriminating evidence, industrial espionage, or as the base of documents to be used in forgery. There's a whole new meaning to autograph collection. Conclusion Fax technology in its current form provides a useful service for business and others. However, the risks must be examined so the use doesn't go beyond that which is appropriate given its current functionality / risk ratio. In conclusion, the convenience of a fax must be weighed against its risks and procedures implemented to authenticate incoming and outgoing faxes as well as what information is communicated by fax. As with all technologies, it must be understood so that it can be used for purposes that are appropriate for the needs of the technology and the user. A lack of understanding can leave the user exposed to unnecessary danger, liability and loss. When used with an understanding of the benefits as well as the pitfalls, a fax machine can greatly enhance productivity.