USANomad asked the Answer Line forum if people can eavesdrop on Voice Over Internet Protocol (VOID) phone calls.
Yes, they can.
But that’s true with cell phones and old-fashioned landlines, as well. From a technical point of view, phone companies and governments can pretty much listen to any wired or wireless conversation they want to. That’s why we need privacy laws requiring search warrants to protect us.
Of course, phone companies and governments don’t always follow the law. And even criminals without government or corporate connections can find a way to spy on your calls if they want to badly enough.
But these existing privacy issues get worse with VOIP calls, which have all of the security issues of the Internet and personal computing. If the person you’re calling has a conventional phone line, you’ve got both kinds of security threats.
The digital data of a VOIP call can be intercepted anywhere along the complicated path from your router through the multiple servers until it goes out to the analog phone network. Assuming your VOIP service doesn’t encrypt calls, whoever intercepts it can listen to it, as well.
Which raises the question: Does your VOIP service encrypt calls?
Skype does, with very strong, 256-bit AES encryption. You can read the details here.
But others are not as cautious. I know that Google Voice doesn’t encrypt their calls because a Google spokesperson told me so. Yahoo didn’t respond to my query, so I think it best to assume the Yahoo Voice (the service that USANomad uses) also lets their calls go out unprotected.
While encryption increases your safety, it doesn’t guarantee it. Your own computer may be the weak point in your VOIP security chain. If your PC is infected, whoever is controlling the malware may be able to monitor your phone calls and get useful information off of them. I have yet to hear of a malicious program that monitors transmitted audio data for key words like “credit card number,” but it’s certainly possible.
The best solution is to do what you’re probably already doing: Keep your security software up-to-date, scan weekly with another security program, avoid suspicious websites, and generally practice safe computing.
And, of course, your end is only half the problem. If the person you’re speaking to is also on a VOIP phone, they have the same security issues. If they’re using a cell or landline phone, their phones can still be tapped.
In the final analysis, there’s no such thing as a totally secure phone call, but unless you have reason to believe that someone powerful has it out for you, you can achieve a reasonable degree of privacy. For more on the issue, I suggest this excellent blog post by Bruce Schneier.
PARIS — A security agent for Renault has been charged with fraud and accused of inventing industrial espionage claims that led the French carmaker to wrongly suspect — and suspend — three executives, the state prosecutor said Monday.
Michel Balthazard, Bertrand Rochette and Matthieu Tenenbaum were suspended Jan. 11 after Renault said it had discovered signs of espionage, had proof the men received “funds from a foreign source” and accused them of selling “information strategic for the company.”
The executives had strongly denied the allegations and investigators could not verify them. Renault’s focus then shifted to a possible scam.
Preliminary charges of “organized fraud” were filed Sunday against Dominique Gevrey, once employed by the Defence Ministry intelligence service and now a member of Renault’s security service, prosecutor Jean-Claude Marin told reporters Monday.
Gevrey had been detained Friday at Paris’ Charles de Gaulle airport as he prepared to board a flight for Guinea, and has since been jailed.
“Renault is perhaps not a victim of indelicate employees but of fraud,” Marin said.
He said foreign accounts that were alleged to have been held by the three executives, notably in Switzerland and Liechtenstein, do not exist.
After Gevrey’s arrest, Renault quickly convened an extraordinary board meeting and sent a deep apology to the three wrongly accused employees.
Top company chiefs, CEO Carlos Ghosn, and Patrick Pelata, chief operating officer, “acknowledge the serious personal harm that they (the employees) and their families have suffered,” a company statement said, adding that “reparations (will) be made” and “their honour in the public eye (will) be restored.”
Investigators in the French intelligence service found a series of clues the prosecutor contends pointed to Gevrey — the only person in contact with an alleged source who furnished bank information implicating the three executives. That information turned out to be false.
Banking information Gevrey furnished in the 2009 firing of an executive in an unrelated case also was false, Marin said.
“Everything he provided is false or non-existent,” Marin said.
Gevrey’s lawyer, Jean-Paul Baduel, insisted that his client is innocent, saying in an interview that he is “nothing but a little soldier.”
Renault had launched an internal investigation into allegations the three executives had “deliberately and consciously threatened” company assets, after receiving an anonymous letter more than four months earlier denouncing the men. The allegations centred on Renault’s electric car program, in which Renault and partner Nissan had invested $4 billion.
The scandal, which Renault made public in January, led French Industry Minister Eric Besson to openly talk of “economic warfare” being waged on one of France’s leading industrial giants.
Renault filed a criminal complaint on Jan. 13 “against persons unknown” — for acts constituting organized industrial espionage, corruption, breach of trust, theft and concealment — after the carmaker said it had discovered “serious misconduct detrimental to the company” and in particular to its “strategic, technological and intellectual assets.”
The company’s chief operating officer, in an interview at the time with French newspaper Le Monde, had accused an “organized, international network” of obtaining information on its flagship electric car program, including its architecture, costs and economic model. Sensitive, proprietary technological information on Renault’s electric cars had not been compromised by the espionage, Pelata said in January.
Renault’s Ghosn said on the French TV channel TF1 on Jan. 23 that “we have the certitude” and “multiple” proofs of the alleged espionage, although Renault never disclosed any evidence to back up its complaint, saying such information was reserved for investigators.
But by early March, doubt was growing, and Pelata spoke of a possible “manipulation.” The course of the investigation changed dramatically Friday, with Gevrey’s arrest.
A Deerfield man is accused of trying to export government secrets to the Chinese. But his attorney, James Tunick, said Monday that federal prosecutors are mistaken.
“He’s as American as a summer baseball game,” Tunick said.
Sixing “Steve” Liu, 47, was arrested March 8 on charges that he was exporting military secrets to China.
He appeared in federal court Monday, where a judge set a detention hearing for Tuesday.
Liu, who works for a tech firm in New Jersey, traveled to Shanghai, China, in November.
When he returned to the United States, he was detained at Newark Liberty International Airport in New Jersey, and authorities searched his laptop.
They allegedly found photos of military weapons systems, hundreds of sensitive documents from the company, as well as “internal communications, analyses, data, test results, schematics, images and security protocols,” charging papers say.
The company, which was not named, develops precision navigations systems for the U.S. Defense Department. Liu was not allowed to take information off the premises of his company, according to charges.
Tunick said his client was attending an international conference in China that had nothing to do with the military and may have had work-related content on a laptop because he was finishing projects.
Liu attended the International Workshop on Innovation and Commercialization of Micro Nanotechnology, which took place over the dates that Liu traveled to China, Tunick said.
“There were no military issues discussed at the conference,” Tunick said.
Liu has a doctoral degree in electrical engineering and has done work with Chrysler, Ford and John Deere, Tunick said.
While he works in New Jersey, Liu, a permanent resident, lives in Deerfield with his family, including three children — one of whom attends Northwestern University.
Liu came to the United States in 1993 after receiving his education in China, according to court papers.
Prosecutors said Liu could face more than six years in prison if convicted.
NEW YORK — The lawyer for a wealthy investment manager accused in the biggest insider-trading scandal ever to hit the hedge-fund world engaged in a combative verbal battle Tuesday with a top government witness, trying to cast his client’s one-time friend as a man facing a long prison term who is desperate to win his freedom.
Former financial consultant Anil Kumar grew increasingly impatient and defensive with attorney John Dowd as he explained his encounters with Galleon Group founder Raj Rajaratnam, a one-time billionaire whose family of hedge funds was forced to shut down after his October 2009 arrest.
Under earlier questioning from a prosecutor over three days, Kumar said Rajaratnam paid hundreds of thousands of dollars into overseas accounts in return for inside information.
The two men met at the University of Pennsylvania’s Wharton School in the early 1980s. Kumar is testifying under a plea agreement that can win him leniency if he answers questions honestly. He has admitted feeding inside information to Rajaratnam.
The testy exchanges between Kumar and Dowd came on the same day that the government played an audiotape of a phone call in which a former Goldman Sachs board member could be heard telling Rajaratnam that Goldman was discussing whether it was wise to acquire a bank such as Wachovia Bank or an insurance company like American International Group.
The government had said it would introduce evidence at trial that Rajaratnam was aided by his relationship with the ex-board member, who is not criminally charged.
But it was the exchanges between Dowd and Kumar that highlighted the day, with both men engaging in lengthy verbal sparring.
“You provided services to Mr. Rajaratnam?” Dowd asked Kumar, who worked for McKinsey Co. for more than 23 years before his 2009 arrest.
“Illegal services,” Kumar responded.
“Nevertheless services, correct?” Dowd asked.
“Yes,” Kumar said. He paused before again adding: “illegal services.”
Repeatedly, Dowd tried to restrict what Kumar said by warning that he had asked a yes-or-no question and it should be answered accordingly.
It was the first sample jurors got to Dowd’s manner of questioning after he delivered an opening statement last week that took twice as long as the initial description of the evidence in the case presented by Assistant U.S. Attorney Jonathan Streeter.
Dowd, best known for preparing a report that led Pete Rose to accept a lifetime ban from baseball in 1989, opened his cross examination of Kumar by talking about securities-fraud charges Kumar pleaded guilty to a year ago that could bring a prison term of up to 25 years.
“You might not go to jail at all, correct?” Dowd asked, dismissively.
“Yes,” Kumar responded.
“It’s important to make Mr. Streeter happy, correct?” Dowd asked.
“Wrong,” Kumar immediately answered.
“And his goal is to convict Mr. Rajaratnam, correct?” the defense lawyer continued.
“Wrong,” came the reply again.
Kumar is considered key to the government case against the 53-year-old Rajaratnam, who was charged along with more than two dozen other hedge-fund employees and workers for public companies.
The government has said Rajaratnam’s illegal profits may have topped $50 million while Dowd has maintained that Rajaratnam only made trades based on information that was already public. After his arrest, Kumar quickly cooperated, which gave Dowd another line of attack that he did not pass up.
“When you got caught, you pinned it all on Raj didn’t you, ’cause that’s what you needed to do to stay out of jail?” Dowd asked.
Enterprises are not taking the threat of cyber espionage seriously enough, and many have not taken adequate steps to prevent an attack, according to research firm Ovum.
In a new study, the technology analyst claimed that cyber espionage is a major threat to enterprises. But despite this, it has been overlooked, leaving many vulnerable.
Graham Titterington, author of the report and Ovum principal analyst, said: “The threat of cyber espionage must be addressed by enterprises as it is as relevant to them as it is to national security organizations.
“Cyber criminals are graduating from stealing credit cards and banking credentials to targeting corporate plans and proprietary information. They want valuable information such as product and technology blueprints, customer lists, or information that can be used to embarrass or disadvantage a victim.
“Almost every organization has sensitive information that would damage it if it were to be leaked out; however, many have overlooked cyber espionage in their preoccupation with preventing the theft of financial data. This needs to change, and enterprises need to wake up to the danger posed or risk losing valuable information and having to deal with the consequences.”
Cyber espionage is usually aimed at key individuals within an organization, who are sent ‘spear phishing’ emails containing malicious links or attachments that infect their machines. The criminals then use malware to identify assets, decrypt login details and steal the target information.
Titterington commented: “The home computer networks and personal lives of key individuals may be the weakest part in the corporate security defenses. Personal information may reveal passwords and other credentials, and individuals may be susceptible to blackmail.”
The report advised enterprises to increase their awareness of cyber espionage, restrict the distribution of sensitive information, vet users who have access to high-value information, protect data held on third-party sites and conduct a risk analysis, including mobile devices and removable media.
The report also warnd enterprises that holding large amounts of data can increase the risk of falling victim to cyber espionage, and they should look to minimize volumes.
Titterington added: “Every piece of stored data and every copy of this data is a potential leakage incident as it gives spies more potential targets to attack. The increasing volume of data makes it harder to manage the entire data estate.
“The growth in data volumes should be examined critically. At minimum, organizations should make more use of shared data infrastructure and services so individual users can be discouraged from creating their own copies.” — Newsbytes.ph
USANomad asked the Answer Line forum if people can eavesdrop on Voice Over Internet Protocol (VOID) phone calls.