[ Pobierz całość w formacie PDF ]
.9.39.In advance of an interview conducted on 16th April 2014 Arthur Cox submitted adetailed statement which he had made out accompanied by a file containing some 49supporting exhibits.The statement greatly expanded upon and explained theinformation and assessments contained in the TSCM and CCI-002 Reports and gave astep-by-step account of the tests conducted and the measures taken during the threevisits to GSOC.The statement listed and described the various pieces of equipmentused in the tests and surveys.This was later supplemented by his further statementsmentioned in paragraphs 9.60 and 10.15 below.First Visit - Device 4B9.40.As already described above, the first detected threat was that of the unusual behaviourof Device 4B.He explained that a wireless network access point is the means of entryto the network rather like a door to a building and should be protected by anappropriate level of security like a door lock.The particular WEP security on theGSOC AMX network was regarded as wholly insecure and was easily hacked even bysomeone without special training.The significance of the weakness in the security ofthe wireless access points in question was that an eavesdropper could gain access tothe microphone-enabled units connected on the network in the Boardroom and theMedia Room and use them to listen to conversations in those areas.279.41.Mr s analysis also indicated to him that the Research Electronics International(REI) white noise generation system ANG-2200 installed in the Boardroom would notwork against eavesdropping audio attacks in those areas.An attacker would be able toeavesdrop on conversations in the Boardroom via access to the conferencemicrophones over the insecure wireless network and thereby have unrestricted audiofeed from the room unhindered by the noise generator system.The Polycom Unit9.42.Mr explained in greater detail the tests that had been carried out on the Polycomunit which had led to the conclusion that the telephone line to the conferenceextension equipment had been intercepted or  tapped by some eavesdropper.An analogue audio test was carried out using a  TALAN device which was placed  inline that is, between the telephone device and the telephone exchange.Measurementscan then be taken of the telephone and the telephone line in normal function and theline can then be tested by applying room audio.There should be no room audio whenthe telephone is not active.The telephone is then put into  off hook mode, thehandset is lifted thus opening the line.Each wire pair is then tested again for thepresence of room audio.There should be no room audio present on certain wires only.This is the  alerting test already mentioned above which can alert any eavesdropperto the fact that the telephone device is being tested for technical surveillance attacks.On this occasion loud music was used as room audio for the test.The test carried outshowed no abnormality so the telephone device was put back in its normal state.Within approximately three seconds of cancelling the test and putting the phone backin its normal state, the Polycom unit rang showing  unknown number.9.43.Mr testified that he had personally carried out this same test on thousands oftelephones and had never previously encountered this occurrence.All of the settingson the phone test device were checked to ensure that it had not generated this reaction.The test was then carried out twice more to ensure that there was no system fault butthe same ring-back reaction did not occur again.He subsequently contacted themanufacturer of the test device and was assured that it was not possible that the testcould have caused the ring-back reaction given the settings that were being used andthat no bias generator was involved.9.44.Officer A queried whether it could be a coincidental wrong number that had causedthe phone to ring.They then tried making a call to the GSOC switchboard and the callwas directed immediately to the GSOC out-of-office message indicating that it wasimpossible for the call back to have come through the switchboard.It could only,accordingly, have come by way of a direct dial to the extension number of thePolycom unit.It was on that basis that Mr suggested that the chance of someonerandomly dialling that particular wrong number at that time of night from an unknown number was so small as to be  virtually zero. Mr said that he hadalso ruled out the possibility that the ring-back reaction was attributable to the PBXreacting to his test device by testing other telephones in the building on the night inquestion without obtaining the reaction.9.45 [ Pobierz całość w formacie PDF ]