T 5.7 Line tapping

Due to the low risk of detection, line tapping is a potential threat to information security that should not be overlooked. Basically, there is no such thing as a tap-proof cable. Due to the low risk of detection, line tapping is a potential threat to IT security that should not be overlooked. Whether a line is actually being tapped can only be determined using sophisticated instruments.

The decision to tap a line basically depends on whether the information that could be obtained is worth the technical and financial expenditure and the risk of detection. This question can only be answered by knowing what capabilities the attacker has and what his or her particular interests are. It is therefore impossible to know for sure what information, and therefore which lines, could be targets for tapping.

It can be very easy to tap a line. With some types of LAN cabling, access to a LAN socket may be sufficient to eavesdrop on all the network traffic in the local network. The risk is greater when an attacker has access to passive or perhaps even active connection elements of an IT network. It is even easier to intercept network traffic on wireless networks (wireless LAN / radio LAN, IEEE 802.11). Furthermore, the risk of being detected while listening in on a wireless network is virtually nil.

The insecure transmission of authentication data using plain text protocols like HTTP, ftp, or telnet is especially critical since it is easy in these cases to determine the position of the data entered by the user in the transmitted packet due to the simple structure of the protocols (see also T 2.87 Use of insecure protocols in public networks). It is therefore relatively easy to automatically analyse such connections.

For example, in the first step, password sniffer programmes could be used to collect passwords when they are transmitted to a system. This would then enable the attacker to gain access to this IT system and then carry out further attacks locally on the computer.

Examples:

• It is wrong to assume that messages sent by e-mail are the equivalent of letters in the classical sense. -Since e-mail messages can be read anywhere along their journey through the Internet, it is much more realistic to compare them to postcards.
• Some manufacturers supply sniffer programmes along with their operating systems to debug networks, but these programmes can also be used to intercept data.