The built-in mechanism that lets many Internet providers tap communications for law enforcement agencies is susceptible to abuse by insiders who work for the ISPs, Black Hat 2010 was told. LAS VEGAS — The built-in mechanism that lets many Internet providers tap communications for law enforcement agencies is susceptible to abuse by insiders who work for the ISPs, Black Hat 2010 was told.How to DDoS a federal wiretapThe result could be eavesdropping on communications by parties who don’t have court approval to do so, says Tom Cross, the research director for IBM’s X-Force Research.Founder: Black Hat Reflects a Changing Industry Cisco routers that use inside provider networks have a weakness in that they don’t generate traps when bad passwords are used over and over as would be the case if someone were trying to brute-force the password. That leaves the machines open to the attacks and gives network administrators no warning. In addition, logs that would record when the routers gather traffic for a tap can be shut off so there is no audit trail, leaving no record of the tap being placed, Cross says.“To me this is bizarre,” Cross says, because it makes it impossible to demonstrate that someone has tapped communication illegally. He says he understands law enforcement officials want the feature because it prevents insiders at the ISPs from checking the logs to spot what the cops are tapping and tipping off the parties being investigated. But still, “There’s no way to see if a person is lying if they say they didn’t tap a line,” he says. Another weakness is that the router can send the tapped data anywhere it is told to, not just to the mediation device in the ISP network that is supposed to gather tap information, he says.Getting access to the key routers is difficult to do from outside the service provider networks, but people with access to the ISP LAN could do so relatively easily, he says. “This meets the hackers halfway,” Cross says. “It makes it easier to use and cheaper and more likely to happen,” he says.The problem is more complex, he says, because many of the devices used in wiretap schemes aren’t open to public scrutiny. Cross says he gained knowledge about the Cisco implementation because Cisco made it open to public review by submitting it as a standard to the IETF. Other devices don’t have to meet standards and the way they work is kept secret, he says.Read more about wide area network in Network World’s Wide Area Network section. Related content news UK Cyber Security Council CEO reflects on a year of progress Professor Simon Hepburn sits down with broadcaster ITN to discuss Council’s work around cybersecurity professional standards, careers and learning, and outreach and diversity. By Michael Hill Sep 27, 2023 3 mins Government Government Government news FIDO Alliance certifies security of edge nodes, IoT devices Certification demonstrates that products are at low risk of cyberthreats and will interoperate securely. By Michael Hill Sep 27, 2023 3 mins Certifications Internet Security Security Hardware news analysis Web app, API attacks surge as cybercriminals target financial services The financial services sector has also experienced an increase in Layer 3 and Layer 4 DDoS attacks. By Michael Hill Sep 27, 2023 6 mins Financial Services Industry Cyberattacks Application Security news Immersive Labs adds custom 'workforce exercising' for each organizational role With the new workforce exercising capability, CISOs will be able to see each role’s cybersecurity readiness, risk areas, and exercise progress. By Shweta Sharma Sep 27, 2023 3 mins Security Software Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe