Black Hat //Webcast 14

Exploiting Lawful Intercept to
Wiretap the Internet // tom cross

thursday, february 18, 2010

1300 hrs PST/ 1600 hrs EST • FREE


This month's webcast will be moderated by Jeff Moss, founder of Black Hat, and features one of the hottest talks from Black Hat DC 2010

Many governments’ require telecommunications companies to provide interfaces that law enforcement can use to monitor their customer's communications. If these interfaces are poorly designed, implemented, or managed they can provide a backdoor for attackers to perform surveillance without lawful authorization. Most lawful intercept technology is proprietary and difficult to peer-review. Fortunately, Cisco has published the core architecture of its lawful intercept technology in an Internet Draft and a number of public configuration guides.

This talk will review Cisco's architecture for lawful intercept from a security perspective. The talk will explain how a number of different weaknesses in its design coupled with publicly disclosed security vulnerabilities could enable a malicious person to access the interface and spy on communications without leaving a trace. The talk will explain what steps network operators need to take to protect this interface. The talk will also provide a set of recommendations for the redesign of the interface as well as SNMP authentication in general to better mitigate the security risks.


Tom Cross
Manager, IBM Internet Security System's X-Force Advanced Research team

Tom's team is engaged in a daily effort to identify, analyze, and mitigate computer security vulnerabilities. Tom has a six year history with ISS, during which he has served as a vulnerability researcher and software developer. He is credited with discovering a number of critical security vulnerabilities in enterprise class software and he also wrote one of the first academic papers suggesting the use of trust metrics in Wikipedia. Tom frequently speaks on computer security issues at conferences around the world. He holds a Bachelor's degree in Computer Engineering from Georgia Tech.

We would like to thank this month’s webcast sponsor Loglogic for their continued support. LogLogic provides the visibility to understand exactly what is going on throughout your IT infrastructure. Their open log management and database activity monitoring solutions provide you with state of the art tools to monitor all activity that occurs in your networks, applications, databases, and servers. For more information visit their website at