7

Can somebody hack the line between my router and service provider and monitor what I'm doing online and what sites I'm visiting?

Thomas Pornin
  • 322,884
  • 58
  • 787
  • 955
  • 2
    Short answer: yes – Oliver Salzburg Jan 15 '13 at 16:42
  • You say "telephone line", so I presume you're talking about a DSL router? Are old-school 56k (or earlier) modems in-scope too? – Iszi Jan 15 '13 at 17:33
  • In my scenario, I have a DOCSIS 3.0 cable modem which encrypts it's traffic between my location and the CMTS (cable modem termination system) and from there it's all my ISP's. It would depend on your specific internet service, but it's unlikely. –  Jan 15 '13 at 14:54

4 Answers4

12

Theoretically yes. In practice, it is a bit complex for amateurs.

In Older Times, when people used dialup modems, plugging on the line was just a matter of a pair of crocodile clips and hooking another modem, tuned to be "receive only". Nowadays, people use ADSL, coaxial cable or optic fiber, and the much higher data rates mean that inexpert plugging will disrupt the connection, making it unsuitable for passive eavesdropping. While the "physical conditions" have not changed (the spy must still reach the wire, which is usually not very hard to do discreetly in urban environments), the price of involved hardware and the level of expertise have increased.

(Edit: also, some ADSL providers use PPTP tunneling with encryption; I have seen it done in France. The apprentice spy would have to break the encryption layer as well, which would involve an even trickier man-in-the-middle attack on the physical line.)

Law enforcement agencies and other official organizations find it much easier to add their hardware directly on the ISP premises. ISP, as a rule, collaborate with authorities since they need their continued benevolence with regards to regulations on telecommunications; and that's a legal obligation anyway in most countries (yes, including whatever country you may think of as "the most democratic country in the world").

If you want to evade such surveillance, one possible method may be Tor. There can always be monitoring somewhere (if only directly on the network provider for the server) so Tor tries to hide who is doing the browsing. Also, any site which uses HTTPS provides end-to-end security (subject to the usual caveats of server certification and human user ability to dismiss warning popups): eavesdropper can know which site you contact, but not what you do on it (unless the server rats on you, which is always a possibility, or your home machine is bugged, which is no less plausible).

Thomas Pornin
  • 322,884
  • 58
  • 787
  • 955
  • Isn't the most democratic country in the world ancient Greece? – this.josh Jan 16 '13 at 08:22
  • Mmh, _some_ ancient Greece cities claimed to be "democratic" (e.g. Athens, but certainly not Sparta), which means "the people hold the power", but it required a "well tuned" notion of what "people" means -- in Athens, it did not include the poor and certainly not the slaves. – Thomas Pornin Jan 16 '13 at 10:51
  • IIRC, the encryption used by PPTP has been broken completely – first in [1999](http://www.schneier.com/paper-pptpv2.html), later in [2012](http://www.h-online.com/security/features/A-death-blow-for-PPTP-1716768.html). I'm not sure a MITM attack is needed for that. – user1686 Jan 19 '13 at 20:49
4

This would require some kind of physical intrusion on the phone infrastructure, and would be HIGHLY illegal (the telephone company would probably sue them for millions of dollars). It is much easier and more feasible to perform a successful attack at the application layer by compromising your web browser, browser plugins, or an open service on your computer.

Most computers which are not audited by systems security experts have at least a handful of exploitable security vulnerabilities that don't require messing with the physical connection between you and your ISP. Going the physical route, while technically possible, is not very practical in reality, and carries a much higher risk of detection, and more serious penalties if caught.

If you are using a dial-up modem, you may or may not have end to end encryption enabled. For HTTPS sites, it doesn't matter -- if your address bar says https or shows the secure "lock" icon, then there will NEVER be an instance where someone can eavesdrop, unless they've compromised your system's software (not hardware) thoroughly enough to make your web browser trust a malicious signing Certificate Authority.

If you are using a cable or DSL modem or fiber, your traffic is almost certainly encrypted at the link layer, so that only your ISP and you are able to see the "raw" bytes of your traffic, even for regular old http sites (such as SuperUser). So for these newer technologies, it is very likely that your ISP has already foreseen this potential problem of physical "tapping" to intercept the communication, and has safeguarded against it using encryption built into the device that prevents anyone from illegally intercepting the transmissions at the physical layer (the wire itself).

allquixotic
  • 618
  • 1
  • 5
  • 14
3

It all depends on where the concern is and what kind of attacker you are worried about. There are a few places things can go wrong. The easiest one is in between your cable modem and the ISP if they don't have encryption turned on.

On some older passive fiber systems (which many cable systems are based off of), 32 or so households would share a common connection to the ISP's office. The only thing that prevented all the information from being visible was a filter that the cable modem put on. Since the early days, the option to encrypt it to the particular customer has become available, but there is no guarantee your provider does this and if they do not, then simply disabling the filter will show all traffic being sent to you that is not otherwise protected (by something like SSL for example).

Another level of threat is that once information gets out on the general Internet, it doesn't go straight to the server you want to talk to. It has to pass through a bunch of devices called routers in order to find it's way to where it is going. Appropriate routing is based on what kind of a connection routers say they have and a bad router can say that it has really fast routes and cause more traffic to come it's way. It could then write down any traffic it sees unless SSL or some similar protection is being used. Generally this kind of thing is done at the governmental level, but it is feasibly possible for a private party to do it.

As far as the likelihood, in both cases, you are either talking about someone who happens to live near you wanting to see what you are doing or you are talking about someone with considerable skill and resources trying to go after you (or just having dumb luck that your traffic passed through a router that was compromised.) It's not very likely in a day to day situation, but it still is important to use HTTPS (SSL) for important online activities like financial stuff and use encryption when privacy is critical.

AJ Henderson
  • 41,896
  • 5
  • 63
  • 110
2

Government agencies can certainly place a tap on your phone line and are likely to be able to decode DSL traffic in many cases (at least it might be unwise to assume they cannot). In many countries they would have to first obtain a court order or follow some equivalent procedure.

Some countries may make ISPs log such data for access by government agencies. For example a proposed law in the UK

It is likely to be somewhat more difficult for a criminal organisation to do the same, but I imagine that phone company engineers are not impervious to coercion and bribery.

It is likely to be considerably more difficult for an individual person to do this. As others have said, for them it is probably much easier to install snooping software directly on your computer.

RedGrittyBrick
  • 1,355
  • 8
  • 14