Liquidmatrix Security Digest pointed me to an article in Wired about the FBI's wiretapping cabilities.

DCSNet is a suite of software that collects, sifts and stores phone numbers, phone calls and text messages. The system directly connects FBI wiretapping outposts around the country to a far-reaching private communications network.


Today, most carriers maintain their own central hub, called a "mediation switch," that's networked to all the individual switches owned by that carrier, according to the FBI. The FBI's DCS software links to those mediation switches over the internet, likely using an encrypted VPN. Some carriers run the mediation switch themselves, while others pay companies like VeriSign to handle the whole wiretapping process for them.

Now; reading this article reminded me of a very good writeup of the Athens Affair in IEEE Spectrum of July 2007.

What whould happen if this large-scale infrastructure somehow got compromised? Would the intruder have full access to all our phone calls in real time? What kind of controls are in place to prevent such mis-use? What kind of controls are in place to detect breaches, and how would intrusions be reacted to? If the DCS system is indeed linked to the internet, an attack vector must exist. Much is known already, and more information is expected to become public.

I'll be interested in seeing more about this.