Last Friday, 16 minutes of a conference call between the U.S. Federal Bureau of Investigation and the London Metropolitan Police, during which the law enforcement agencies discussed their investigation into hacking incidents believed to be the handiwork of the hacker group Anonymous, was posted on the Internet by—you guessed it—Anonymous. The Wall Street Journalquoted a New Scotland Yard spokesperson as saying, "no operational risks have been identified" by the disclosure.  But security lapses that could tarnish the agencies' reputations certainly were.

The FBI insisted in a story published in the New York Times that the call wasn't "hacked" which may be technically true but a bit irrelevant. This story in the today's Macworld.UK says that "it appears the hackers obtained an e-mail sent on Jan. 13 to law enforcement agents in the U.S., U.K., Ireland, the Netherlands, France, Germany and Sweden. The e-mail, titled 'Anon-Lulz International Coordination Call,' contained the dial-in number and access code needed for a participant to join the conference, which took place on Jan. 17." The e-mail, which is posted online, contains a list of e-mail addresses for law enforcement personnel, which I suspect are being quickly changed.

New Scotland Yard and the FBI are said to be investigating the "illegal" eavesdropping and are refusing to comment further on the matter.

The episode demonstrates once again how easy it is to gain access to unsecured corporate communications. (The on-going UK News of the World scandal has highlighted how easy it is to gain access to voicemail systems.) There was a story a few weeks back in the New York Times about how videoconferencing systems were also vulnerable to unauthorized access. According to the story, an IT security company was able to find and potentially access "5000 [electronically] wide-open conference rooms at law firms, pharmaceutical companies, oil refineries, universities and medical centers."

While many video-conferencing systems come with security features, they are often left unactivated or are never configured properly, the Times story says.

In another communications security story from last week, the London Telegraphreported that two professors from Ruhr University Bochum in Germany have published a paper called "Don't Trust Satellite Phones." The researchers report that they "cracked two encryption systems [GMR-1 and GMR-2] used to protect satellite phone signals and that anyone with cheap computer equipment and radio could eavesdrop on calls over an entire continent."

The professors told the Telegraph that they were able to reverse engineer the encryption algorithms, and that with about US $2000 in equipment and software, they could decrypt a prerecorded satellite call using either of the two encryption standards in about 30 minutes. A country's intelligence service, which would have access to much more sophisticated equipment, could perform the decryption in real-time.

The Telegraph article states that the professors published the details of their research in hopes of prompting "ETSI (European Telecommunications Standards Institute), the organization that sets the standards, to create stronger algorithms."

Finally, in probably the most distressing IT security news from last week, VeriSign, the company that operates two of the Internet's 13 root name servers, admitted in its 10-Q filing to the U.S. Securities and Exchange commission that, "We experienced security breaches in the corporate network in 2010 which were not sufficiently reported to management."

Note the word "breaches."

According to a Reutersstory that made the disclosure widely known (the 10-Q was filed on 28 October:

"The VeriSign attacks were revealed...  [following the institution of ] new guidelines on reporting security breaches to investors...  Ken Silva, who was VeriSign's chief technology officer for three years until November 2010, said he had not learned of the intrusion until contacted by Reuters."

The VeriSign 10-Q states that "access was gained to information on a small portion of our computers and servers. We have investigated and do not believe these attacks breached the servers that support our Domain Name System ('DNS') network... However, given the nature of such attacks, we cannot assure that our remedial actions will be sufficient to thwart future attacks or prevent the future loss of information. In addition, although the Company is unaware of any situation in which possibly exfiltrated information has been used, we are unable to assure that such information was not or could not be used in the future."

Reuters also says that "VeriSign's domain-name system processes as many as 50 billion queries daily. Pilfered information from it could let hackers direct people to faked sites and intercept e-mail from federal employees or corporate executives." Classified government data, said the article, moves through more secure channels.

Upon hearing the news, Stewart Baker, former assistant secretary of the U.S. Department of Homeland Security and one-time top lawyer at the U.S. National Security Agency, was quoted as saying:

"Oh my God. That could allow people to imitate almost any company on the Net."

Apparently, VeriSign's security staff discovered and responded to the attacks but for some unexplained reason failed to alert top company management until September of last year. I guess they didn't think it was important enough to bother anyone in management.

VeriSign (which sold its security business to Symantec in 2010 and states categorically that none of the acquired products have been compromised) is not providing any more details about the breaches. Maybe like the FBI and New Scotland Yard, saying anything would only embarrass them more.

Photo: iStockphoto

The Conversation (0)

Metamaterials Could Solve One of 6G’s Big Problems

There’s plenty of bandwidth available if we use reconfigurable intelligent surfaces

12 min read
An illustration depicting cellphone users at street level in a city, with wireless signals reaching them via reflecting surfaces.

Ground level in a typical urban canyon, shielded by tall buildings, will be inaccessible to some 6G frequencies. Deft placement of reconfigurable intelligent surfaces [yellow] will enable the signals to pervade these areas.

Chris Philpot

For all the tumultuous revolution in wireless technology over the past several decades, there have been a couple of constants. One is the overcrowding of radio bands, and the other is the move to escape that congestion by exploiting higher and higher frequencies. And today, as engineers roll out 5G and plan for 6G wireless, they find themselves at a crossroads: After years of designing superefficient transmitters and receivers, and of compensating for the signal losses at the end points of a radio channel, they’re beginning to realize that they are approaching the practical limits of transmitter and receiver efficiency. From now on, to get high performance as we go to higher frequencies, we will need to engineer the wireless channel itself. But how can we possibly engineer and control a wireless environment, which is determined by a host of factors, many of them random and therefore unpredictable?

Perhaps the most promising solution, right now, is to use reconfigurable intelligent surfaces. These are planar structures typically ranging in size from about 100 square centimeters to about 5 square meters or more, depending on the frequency and other factors. These surfaces use advanced substances called metamaterials to reflect and refract electromagnetic waves. Thin two-dimensional metamaterials, known as metasurfaces, can be designed to sense the local electromagnetic environment and tune the wave’s key properties, such as its amplitude, phase, and polarization, as the wave is reflected or refracted by the surface. So as the waves fall on such a surface, it can alter the incident waves’ direction so as to strengthen the channel. In fact, these metasurfaces can be programmed to make these changes dynamically, reconfiguring the signal in real time in response to changes in the wireless channel. Think of reconfigurable intelligent surfaces as the next evolution of the repeater concept.

Keep Reading ↓Show less
{"imageShortcodeIds":[]}