"Various jurisdictions around the world have legal requirements
to ensure that voice and data traffic can be wiretapped in the
interest of public safety and national security. According to an
IBM researcher, that same requirement for wiretapping, or lawful
intercept of data, could potentially be abused by an attacker.
"IBM Internet Security Systems researcher Tom Cross today
detailed during a live Black Hat Webcast event some of the specific
issues he uncovered looking into a lawful-intercept implementation
developed by Cisco. Cisco's architecture for lawful intercept is
now used by more than 15 vendors.
"In the U.S., lawful intercept capabilities on Internet
infrastructure are a legal requirement under the Communications
Assistance for Law Enforcement Act (CALEA). Cross noted that many
ISPs meet their CALEA compliance obligations by implementing
Cisco's lawful intercept technology. The Cisco architecture is
published as Internet RFC 3924, and provides a mechanism for a
network to send data to law enforcement, but is not a blanket
'sniffing' of all traffic, according to Cross."