Surveillance or Security?: The Risks Posed by New Wiretapping Technologies by Susan Landau

Author:Susan Landau [Landau, Susan]
Language: eng
Format: epub
ISBN: 9876543210
Publisher: MIT Press
Published: 2011-07-05T01:19:00+00:00

7.6 Who's Winning?

The race between criminals and law enforcement has always been a game of leapfrog. The bad guys used telephones to conduct their activities, and the police learned to wiretap. The crooks thwarted that by using pay phones; in turn, law enforcement gained the use of roving wiretaps, in which they did not have to spell out ahead of time the phone number they would be tapping. Drug dealers moved to cell phones and pagers and the police learned to exploit calling patterns.

The FBI believes that it is making some progress on organized-crime efforts in cybercrime. The 2004 Council of Europe treaty, to which the United States is a signatory, addresses extradition for certain types of computerrelated offenses and helps in this regard. But even more importantly, "Simply the negotiations on the treaty showed the need for international cooperation," explained Steve Chabinsky, deputy assistant director of the FBI. The bureau has been witnessing increasing global cooperation on cybercrime. Fighting cybercrime, which means catching the bad guys even when they attack people outside your country, is being seen as both "defending [your] own interests and being a good global citizen." In recent years the FBI has seen cooperation not just from European nations ranging from the United Kingdom to the Ukraine, but from authorities in "Hong Kong, Egypt and Turkey, really from across the globe," Chabinsky said.171 Where the FBI is less sanguine is about risks within the U.S. supply chain. Here the bureau has good reason to be concerned. Two examples show the range of problems.

Organized crime groups in Pakistan and China modified credit-card readers while still in the factory. The readers were used to authenticating chipand-pin credit cards. In a chip-and-pin system, an embedded microchip is used instead of the magnetic strip on the back of the credit card; the card reader uses this to check that the card is genuine. Then the customer types in a four-digit PIN, which is checked against the PIN encoded on the card (the reader has decoded the PIN). If they match, the customer is legitimate.

The card readers had been modified at the factory so that, by first hopping via a wireless connection to a local network, they transmitted the secret details of the card to Pakistan.172 These data were used to clone credit cards; the criminal gang then used the cards to siphon funds from customer accounts. The only visible difference between the corrupted readers and legitimate ones was a few ounces in weight173 (this had MasterCard investigators traveling around Europe weighing card readers to find corrupted ones). The tampered smartcard readers had been exported to Britain, Ireland, the Netherlands, Denmark, and Belgium. It took investigators months to determine the cause of the problem. An extra chip had been installed behind the card reader's motherboard. Its function: to transmit customer card information to Lahore once the card data had been decrypted by the smartcard reader.

Supply chains can be corrupted in many ways. In 2008 the FBI uncovered a major flow of

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.