Telephone Line Attacks
The telephone system presents a major threat from audio eavesdropping attacks. Telephone tapping, a term the general public is well aware of, is the act of monitoring telephone conversations. Telephone taps are of two general types: Direct and Inductive.
A direct tap is accomplished by splicing directly to the target telephone line. The tap is inserted into the circuit in series or parallel.
An eavesdropper must have some method to access intelligence gained from a telephone wiretap. This intelligence can be acquired at the wiretap, transmitted over another wire pair, transmitted using an RF transmitter, stored on a tape recorder for later retrieval or any combination.
Several variations exist in the interfacing between the telephone line and the amplifier such as bridge taps, capacitance isolation, high impedance, and isolated direct taps.
An eavesdropper could perform a wiretap at any point along the telephone line.
With thousands of telephone lines at his disposal, an eavesdropper could also bridge tap the target telephone line to any available wire pair, within the same junction box, possibly selecting a wire pair that travels to a distant location. This would extend the listening post away from the bridge tap and the target.
RF Transmitter Wiretaps
The radio frequency (RF) transmitter tap technique involves attaching a small RF transmitter to the telephone line, or within the telephone instrument. The audio fluctuations from the telephone conversation modulate the transmitter carrier, transmitting the conversation into free air space. A series RF tap or leach is powered by the telephone line and therefore does not require frequent battery replacement, which enables indefinite operation.
Popular RF series wiretaps are now built into telephone plugs and cords and can be installed in seconds. These devices look like standard telephone accessories and require TSCM RF equipment to detect them.
RF transmitter taps offer several advantages over the other types of wire taps. Because the listening post (LP) is a receiver requiring no wire lines' run to it, the LP can be located anywhere within transmission range.
An infinity transmitter is a device which is installed in the target area utilizing a telephone line to transmit the room audio out. Called from a remote telephone, and activated with a tone signal. This type of device operates independent of the telephone instrument and typically requires its own telephone line. As it is not connected to any telephones within the target area, it would not ring and alert the target. This device could be hidden in any location, for connection to the additional telephone line. Unlike the conventional infinity transmitter, this method of attack will function on ELECTRONIC SWITCHING SYSTEMS (ESS), without requiring procedures to work around the ESS system.
Infinity transmitters are available as common electronic devices which are sold as house monitors. Electronic detection of this type of attack requires equipment capable of activation and detection of remote devices.
Slave Parallel Wiretaps
One of the most popular wiretap devices used by the law enforcement community, and many professional eavesdroppers, is a slave parallel wiretap. This device is similar in operation to an infinity transmitter and combines these features with a parallel wiretap. The slave is attached anywhere along the target telephone line. The eavesdropper requires a standard working telephone line (leased line) which is located in the same cable, cross-connect or closet as the target line. Once both lines are connected to the slave, the eavesdropper can call his leased telephone line and activate the slave. Upon activation, the slave automatically connects the eavesdroppers telephone line to the target telephone line. This attack allows eavesdropping on the target telephone line to be performed from any telephone in the world.
An inductive tap is accomplished by bringing a coil into the electro-magnetic field created by the current fluctuations during a telephone conversation.
Current fluctuations similar to the target conversation are induced into the coil windings caused by this electro-magnetic field. These current fluctuations are amplified in order to recover the target conversations. Inductive taps are not particularly effective. However, a split/resplit inductive wiretap, using a highly sophisticated method, which is relatively unknown, produces excellent audio recovery.
Of all the known methods of wiretapping, this little known method is probably the safest from accidental detection or location by the telephone company and is therefore often used by professional eavesdroppers. This technique exploits the inductive properties of wire pairs within the same cable. The split/resplit wiretap is accomplished by rewiring the target telephone line to induce conversational audio into the eavesdroppers telephone line.
An inductive split/resplit wiretap can not be detected by any piece of equipment, other than time domain reflectometer (TDR). A TDR is the only instrument that will enable the TSCM technician to reliably detect all wire irregularities, including split/resplit and bridge taps.