Thursday, December 01, 2005

Failing ocean current raises fears of mini ice age

The ocean current that gives western Europe its relatively balmy climate is stuttering, raising fears that it might fail entirely and plunge the continent into a mini ice age.

The dramatic finding comes from a study of ocean circulation in the North Atlantic, which found a 30% reduction in the warm currents that carry water north from the Gulf Stream.

The slow-down, which has long been predicted as a possible consequence of global warming, will give renewed urgency to intergovernmental talks in Montreal, Canada, this week on a successor to the Kyoto Protocol.

Harry Bryden at the National Oceanography Centre in Southampton, UK, whose group carried out the analysis, says he is not yet sure if the change is temporary or signals a long-term trend. "We don’t want to say the circulation will shut down," he told New Scientist. "But we are nervous about our findings. They have come as quite a surprise."

No one-off

The North Atlantic is dominated by the Gulf Stream – currents that bring warm water north from the tropics. At around 40° north – the latitude of Portugal and New York – the current divides. Some water heads southwards in a surface current known as the subtropical gyre, while the rest continues north, leading to warming winds that raise European temperatures by 5°C to 10°C.

But when Bryden’s team measured north-south heat flow last year, using a set of instruments strung across the Atlantic from the Canary Islands to the Bahamas, they found that the division of the waters appeared to have changed since previous surveys in 1957, 1981 and 1992. From the amount of water in the subtropical gyre and the flow southwards at depth, they calculate that the quantity of warm water flowing north had fallen by around 30%.

When Bryden added previously unanalysed data – collected in the same region by the US government’s National Oceanic and Atmospheric Administration – he found a similar pattern. This suggests that his 2004 measurements are not a one-off, and that most of the slow-down happened between 1992 and 1998.

The changes are too big to be explained by chance, co-author Stuart Cunningham told New Scientist from a research ship off the Canary Islands, where he is collecting more data. "We think the findings are robust."

Hot and cold

But Richard Wood, chief oceanographer at the UK Met Office’s Hadley Centre for climate research in Exeter, says the Southampton team's findings leave a lot unexplained. The changes are so big they should have cut oceanic heating of Europe by about one-fifth – enough to cool the British Isles by 1°C and Scandinavia by 2°C. "We haven’t seen it yet," he points out.

Though unseasonably cold weather last month briefly blanketed parts of the UK in snow, average European temperatures have been rising, Wood says. Measurements of surface temperatures in the North Atlantic indicate a strong warming trend during the 1990s, which seems now to have halted.

Bryden speculates that the warming may have been part of a global temperature increase brought about by man-made greenhouse warming, and that this is now being counteracted by a decrease in the northward flow of warm water.

After warming Europe, this flow comes to a halt in the waters off Greenland, sinks to the ocean floor and returns south. The water arriving from the south is already more saline and so more dense than Arctic seas, and is made more so as ice forms.

Predicted shutdown

But Bryden’s study has revealed that while one area of sinking water, on the Canadian side of Greenland, still seems to be functioning as normal, a second area on the European side has partially shut down and is sending only half as much deep water south as before. The two southward flows can be distinguished because they travel at different depths.

Nobody is clear on what has gone wrong. Suggestions for blame include the melting of sea ice or increased flow from Siberian rivers into the Arctic. Both would load fresh water into the surface ocean, making it less dense and so preventing it from sinking, which in turn would slow the flow of tropical water from the south. And either could be triggered by man-made climate change. Some climate models predict that global warming could lead to such a shutdown later this century.

The last shutdown, which prompted a temperature drop of 5°C to 10°C in western Europe, was probably at the end of the last ice age, 12,000 years ago. There may also have been a slowing of Atlantic circulation during the Little Ice Age, which lasted sporadically from 1300 to about 1850 and created temperatures low enough to freeze the River Thames in London.

Journal reference: Nature (vol 438, p 655).

Related Articles
Weblinks

source:http://www.newscientist.com/article.ns?id=dn8398

# posted by dark master : 12/01/2005 09:41:00 AM  0 comments

Signaling Vulnerabilities in Wiretapping Systems

Micah Sherr, Eric Cronin, Sandy Clark and Matt Blaze

University of Pennsylvania
Contact E-mail: blaze at-sign cis.upenn.edu

11 October 2005; revised 30 November 2005

Note: For those in the Philadelphia area, these results will be presented at the Penn Computer Science Research Seminar on Thursday, December 1st, at 3pm in the Levine Hall auditorium (on the Penn campus at 3330 Walnut Street).

Overview

In a research paper appearing in the November/December 2005 issue of IEEE Security and Privacy, we analyzed publicly available information and materials to evaluate the reliability of the telephone wiretapping technologies used by US law enforcement agencies. The analysis found vulnerabilities in widely fielded interception technologies that are used for both "pen register" and "full audio" (Title III / FISA) taps. The vulnerabilities allow a party to a wiretapped call to disable content recording and call monitoring and to manipulate the logs of dialed digits and call activity. These countermeasures do not require cooperation with the called party, elaborate equipment, or special skill. Preliminary drafts of the paper have been made available to the law enforcement community; contact the authors at the above email address.

We found exploitable vulnerabilities present in virtually all analog "loop extender" or "dialup slave" wiretap systems and in at least some systems based on the newer J-STD-025A CALEA interfaces. These systems depend on unsecured "in-band" signals that can be spoofed or manipulated by an interception target via his or her own telephone line.

In the most serious countermeasures we discovered, a wiretap subject superimposes a continuous low-amplitude "C-tone" audio signal over normal call audio on the monitored line. The tone is misinterpreted by the wiretap system as an "on-hook" signal, which mutes monitored call audio and suspends audio recording. Most loop extender systems, as well as at least some CALEA systems, appear to be vulnerable to this countermeasure. Audio examples (in MP3 format) of this countermeasure can be found below.

Loop extender systems are susceptible to other countermeasures as well. In particular, a subject can employ a simple computer-aided dialing procedure (which we call "confusion/evasion dialing") that prevents the dialed outgoing telephone numbers from being recorded accurately by the tap. Wiretap subjects can also falsely indicate the ending times for calls they make and receive and can inject false records of outgoing and incoming calls (appearing to be to or from any numbers they choose) into pen register logs.

Our analysis was based entirely on information obtained from published sources and equipment purchased openly in the retail and surplus markets. It is therefore possible (and perhaps even likely) that similar countermeasures have already been discovered and actively employed by motivated wiretap targets, e.g., in organized crime. Currently fielded telephone interception systems should be evaluated with respect to these vulnerabilities and re-configured or modified where possible to reduce their susceptibility. In addition, the possibility of these or similar countermeasures should be considered in analyzing previously collected wiretap evidence and intelligence.

Recommendations

A detailed technical analysis of the vulnerabilities and their implications can be found in the full paper at http://www.crypto.com/papers/wiretap.pdf.

There is unfortunately little room to make conventional loop extender interception systems more robust against these countermeasures within their design constraints; the vulnerabilities arise from inherent properties of their architecture and design.

Some CALEA systems, on the other hand, may be able to be made more robust against these countermeasures with relatively modest configuration changes. In particular, CALEA equipment that processes call audio may have features that control recording via in-band C-tone (sometimes called "continuity tone") signals on "Call Content Channel" (CCC) audio streams. These features should be disabled. Instead, these systems should be configured to rely exclusively on "Call Data Channel" (CDC) messages to determine when recording commences and stops. Telephone companies and law enforcement agencies should confirm the configuration and behavior of their CALEA delivery and collection systems with their vendors.

Wiretap evidence, whether collected by loop extender or CALEA systems, should be evaluated for signs of signaling countermeasures. In particular, records of dialed numbers and call times should be examined for discrepancies against telephone company call detail records. This reconciliation should be performed routinely and as soon as possible after the records become available.

We strongly urge that J-STD-025A and other interception standards and practices be evaluated critically against countermeasures such as those described in our paper and, more generally, against a broad threat model. Our analysis was by design limited in scope, with no attempt made to be comprehensive or exhaustive, and yet easily exploitable weaknesses were quickly found. It appears that a systematic search for vulnerabilities under a threat model that includes subject-initiated countermeasures was not a part of the development process for either the J-STD-025A standard or many of the systems that implement it. We suggest that the law enforcement community develop and articulate security and assurance requirements for interception systems, against which existing and future standards and technologies can be measured.

Audio example

In these MP3 audio captures, Alice and Bob are suspected of illegal activity and are the subjects of a full audio Title III wiretap interception on Alice's line. Alice uses C-tone spoofing to selectively suppress recording of part of the conversation. The recordings were created in our laboratory on a simulated telephone network with various wiretapping products.

Use the browser "back" button to return here after visiting these links:

  • This link [observed.mp3] gives the audio stream as captured and recorded by a Recall Technologies NGNR-2000 law enforcement loop extender wiretap system connected to Alice's line. Note the C-tone burst at the end of the recording (which ordinarily indicates that the tapped party has hung up and which causes recording to terminate). To the law enforcement agency, this appears to be a normal recording of a brief call.

  • This link [unobservered.mp3] gives the full conversation between Alice and Bob, as captured by an inexpensive, consumer-grade telephone recorder interface (sold by Radio Shack) connected to Alice's line.

Full paper

The full version of our research paper can be found online (PDF format, 500KB file) at http://www.crypto.com/papers/wiretap.pdf, and appears in the November/December 2005 issue of IEEE Security and Privacy.


Crypto.com home page here.



source:http://www.crypto.com/papers/wiretapping/


# posted by dark master : 12/01/2005 09:38:00 AM  0 comments

Security Flaw Allows Wiretaps to Be Evaded, Study Finds

The technology used for decades by law enforcement agents to wiretap telephones has a security flaw that allows the person being wiretapped to stop the recorder remotely, according to research by computer security experts who studied the system. It is also possible to falsify the numbers dialed, they said.

Someone being wiretapped can easily employ these "devastating countermeasures" with off-the-shelf equipment, said the lead researcher, Matt Blaze, an associate professor of computer and information science at the University of Pennsylvania.

"This has implications not only for the accuracy of the intelligence that can be obtained from these taps, but also for the acceptability and weight of legal evidence derived from it," Mr. Blaze and his colleagues wrote in a paper that will be published today in Security & Privacy, a journal of the Institute of Electrical and Electronics Engineers.

A spokeswoman for the F.B.I. said "we're aware of the possibility" that older wiretap systems may be foiled through the techniques described in the paper. Catherine Milhoan, the spokeswoman, said after consulting with bureau wiretap experts that the vulnerability existed in only about 10 percent of state and federal wiretaps today.

"It is not considered an issue within the F.B.I.," Ms. Milhoan said.

According to the Justice Department's most recent wiretap report, state and federal courts authorized 1,710 "interceptions" of communications in 2004.

To defeat wiretapping systems, the target need only send the same "idle signal" that the tapping equipment sends to the recorder when the telephone is not in use. The target could continue to have a conversation while sending the forged signal.

The tone, also known as a C-tone, sounds like a low buzzing and is "slightly annoying but would not affect the voice quality" of the call, Mr. Blaze said, adding, "It turns the recorder right off."

The paper can be found at http://www.crypto.com/papers/wiretapping.

The flaw underscores how surveillance technologies are not necessarily invulnerable to abuse, a law enforcement expert said.

"If you are a determined bad guy, you will find relatively easy ways to avoid detection," said Mark Rasch, a former federal prosecutor who is now chief security counsel at Solutionary Inc., a computer security firm in Bethesda, Md. "The good news is that most bad guys are not clever and not determined. We used to call it criminal Darwinism."

Aviel D. Rubin, a professor of computer science at Johns Hopkins University and technical director of the Hopkins Information Security Institute, called the work by Mr. Blaze and his colleagues "exceedingly clever" - particularly the part that showed ways to confuse wiretap systems as to the numbers that have been dialed. Professor Rubin added, however, that anyone sophisticated enough to conduct this countermeasure probably had other ways to foil wiretaps with less effort.

Not all wiretapping technologies are vulnerable to the countermeasures, Mr. Blaze said; the most vulnerable are the older systems that connect to analog phone networks, often with alligator clips attached to physical phone wires. Many state and local law enforcement agencies still use those systems.

More modern systems tap into digital telephone networks and are more closely related to computers than to telephones. Under a 1994 law known as the Communications Assistance for Law Enforcement Act, telephone service providers must offer law enforcement agencies the ability to wiretap digital networks.

But in a technology twist, the F.B.I. has extended the life of the vulnerability. In 1999, the bureau demanded that new telephone systems keep the idle-tone feature for recording control in the new digital networks, which are known as Calea networks because of the abbreviation of the name of the legislation.

The Federal Communications Commission later overruled the F.B.I. and declared that providing the idle tone was voluntary. The researchers' paper states that marketing materials from telecommunications equipment vendors show that the "C-tone appears to be a relatively commonly available option."

When the researchers tried the same trick on newer systems that were configured to recognize the C-tone, it had the same effect as on older systems, they found.

Ms. Milhoan of the F.B.I. said that the C-tone feature could be turned off in the new systems and that when the bureau tested Mr. Blaze's method on machines with the function turned off, the effect was "negligible."

"We were aware of it, we dealt with it, and we believe Calea has addressed it," she said.

Mr. Blaze, a former security researcher at AT&T Labs, said he shared the information with the F.B.I. His team's research is financed by the National Science Foundation's Cyber Trust program, which is intended to promote computer network security.

The security researchers discovered the new flaw, he said, while doing research on new generations of telephone-tapping equipment.

In their paper, the researchers recommended that the F.B.I. conduct a thorough analysis of its wiretapping technologies, old and new, from the perspective of possible security threats, since the countermeasures could "threaten law enforcement's access to the entire spectrum of intercepted communications."

There is some indirect evidence that criminals might already know about the vulnerabilities in the systems, Mr. Blaze said, because of "unexplained gaps" in some wiretap records presented in trials.

Vulnerabilities like the researchers describe are widely known to engineers creating countersurveillance systems, said Jude Daggett, an executive at Security Concepts, a surveillance firm in Millbrae, Calif.

"The people in the countersurveillance industry come from the surveillance community," Mr. Daggett said. "They know what is possible, and their equipment needs to be comprehensive and needs to counteract any form of surveillance."


source:http://www.nytimes.com/2005/11/30/national/30tap.html?pagewanted=print

# posted by dark master : 12/01/2005 09:38:00 AM  0 comments

This page is powered by Blogger. Isn't yours?