THE MAGAZINE

Speaking Privately

By John Wagley

About two years ago, Billy Cason, president of Special Communications & Construction Enterprises (SCCE), was on the verge of a major deal in Colombia, providing the architecture for a satellite communications system. He’d even received a tip that his company would win the contract, he says. But it didn’t. He later looked at the winning bid. The equipment and service proposal was the same as his own company’s “down to dotting every ‘i’ and crossing every ‘t.’”

He knew his Norfolk, Virginia-based firm’s ideas had been stolen. “After racking my brain, I figured some of our phone calls must have been intercepted,” says Cason, whose company was using Voice over Internet Protocol (VoIP) communications at the time. Early this year, SCCE started using DigiGone Secure Mobile, a VoIP encryption solution from Seminole-Florida, based Diginonymous.

SSCE’s business is way up, and Cason is convinced it’s the encryption. “It’s the difference between night and day,” he says.

He attributes the up tick in business to his ability to retain trade secrets, he says. But the encryption’s helped in other ways, including improving the overall business environment. Executives feel more confident sharing data over the phone, he says.

Client companies also like SCCE’s use of DigiGone, and that has helped the company win recent bids, including one to work in Iraq for Fluor Daniels, an Irvine, California-based construction company. Cason says his company has begun setting up DigiGone on the phones of key Fluor Daniels contacts.

Setting it up is easy, says Cason. The VoIP encryption comes in two forms: a flash drive for computers and a flash chip that can be placed in smart phones running Microsoft Windows 5 or 6. On mobile phones, the press of a button can shift the phone into secure mode.

Diginonymous already has more than two dozen VoIP encryption customers, says company owner Mike Dunleavy. Some other firms have also started selling the technology in recent years, including CellCrypt, based in London.

Both vendors say they fill a need stemming from growing concerns over government and corporate spying, especially in some developing countries, where even the government may have formal and informal links to organized crime.

VoIP can be cracked unless a provider adds a VoIP encryption protocol, says David Hulton, a director and encryption researcher at Seattle, Washington-based Pico Computing. Whether running over wireless or wired networks, VoIP can be “sniffed” with software that’s free and widely available online, he says.

But it’s not just the Internet phone that’s insecure. Eavesdropping on cell phones has been possible for years, and it’s getting easier. At a recent Black Hat conference in Washington, two cyber researchers, Pico’s Hulton as well as Steve Muller, a CellCrypt researcher, demonstrated how, with computer storage and processing equipment costing under $1,000, they could break a cell phone’s encryption in under 30 minutes.

Their target was a phone using the global system for mobile communications (GSM), used by most American cell companies, including AT&T and T-Mobile. The system is also used by the vast majority of non-U.S. cell carriers outside of the United States. The researchers have patented and plan to sell the technology. GSM-cracking technology has been commercially available until now, but it has cost hundreds of thousands of dollars.

Once in the data center, cell technology also loses its encryption. Eavesdropping can be as easy as a small bribe to phone company employees. “Anytime you’re talking business, if it’s not a secure line, a prudent person has to think someone’s listening,” says Cason. And that means doing something to prevent it.

Intellectual property isn’t just important to each company, says Cason. It is one of America’s strongest assets, he says. “[The U.S.] won’t remain competitive without technology like this.”

Comments

 

The Magazine — Past Issues

 




Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.