PDA

View Full Version : BIS Email Encryption?


kantzow
02-01-2008, 12:31 PM
Hi All,

Well after reading through a few posts here about email security I still need some clarification on the matter.

I understand that mail between RIM and the BlackBerry is encrypted, however what if the Carrier wanted to tap the email between your you@<hidden> can they do this since the email needs to pass through their RIM gateway on their network? I have no BES available.

The other thing is the surfing traffic through BDS, is this also encrypted or can it be "listened" to as well?

Thanks, Fred

Worm
02-01-2008, 07:21 PM
Odd first post m8 ???

Anything can be listened to, you just have to decrypt it.

If someone wants to know what's contained within they'll just ask the network though, in this case RIM.

cheers

Worm

tsac
02-01-2008, 09:35 PM
The only time a carrier will bother to "listen" is if the need is there. Anything sent via radio or Internet can be monitored....anything

Dubdub
02-01-2008, 09:57 PM
Feeling paranoid?

kantzow
02-01-2008, 11:55 PM
Paranoid? Yes very, if you were in my shoes you would be too.

I'm located in Barbados where C&W have had monopoly on telecommunications for as long as they have been available. They have used this advantage and vacuumed the market with ridiculousy overpriced services. During 1995-2005 80% of the total income world wide for C&W was accumulated in the Caribbean alone.

Anyhow nuff history, the market today is different. It is supposedly more open and "anybody" could today register a telephone company. Sure it costs around US$ 250000 a year in license fees and another US$50000 in bribes but besides the point. I'm in the telecoms business and the mere fact that "funny" things have happened after a few conversations over the cell with my collegues (ports closed, IMEI's blacklisted of GSM gateways, "random packet dropping" on Internet links etc list is long) is just proof that our phones are being monitored by C&W staff to make the already hard market mere impossible for new actors. Thank god there is another cell operator (Digicel) where any phone tapping would have no use (unless you doing something illegal off course).

Any how to make a long story short, if I'm now going to have my email (Relayed from outside C&W network through VPN and SSL to local internal mail server) going through their network and therefor enabling them to read everything you could kind of see my problem here :D

Anybody got some security advise here, Digicel don't offer BlackBerry services as of yet. Maybe it's time to think back on the times of East and West Germany when people were smuggled under the back seat of a car and Gestapo inspected every inch of vehicle. ^^

Dubdub
02-02-2008, 08:41 AM
That explains the reason for the question.

Berry One
02-02-2008, 02:49 PM
Here is how your BIS email goes from blackberry, with capital E means encrypted:

device -E-> carrier -E-> RIM (Canada) -> Internet

Here is how it comes to your device from Internet:

Internet -> RIM (Canada) -E-> carrier -E-> device

As you can see, carrier can not wiretap your emails. Even if they want to.


Here is for BES emails, from the Internet to device:

Internet -> Exchange/BES (in your office) -E-> RIM -E-> carrier -E-> device

From device to Internet:

device -E-> carrier -E-> RIM -E-> Exchange/BES (in your office) -> Internet

kantzow
02-02-2008, 03:21 PM
Ok, thanks for the reply!

tsac
02-02-2008, 03:25 PM
Here is how your BIS email goes from blackberry, with capital E means encrypted:

device -E-> carrier -E-> RIM (Canada) -> Internet

Here is how it comes to your device from Internet:

Internet -> RIM (Canada) -E-> carrier -E-> device

As you can see, carrier can not wiretap your emails. Even if they want to.


Here is for BES emails, from the Internet to device:

Internet -> Exchange/BES (in your office) -E-> RIM -E-> carrier -E-> device

From device to Internet:

device -E-> carrier -E-> RIM -E-> Exchange/BES (in your office) -> Internet

Not to add to this paranoia but even in your example the traffic goes via a carrier. I would say he has another issue. One that if he has had his cell blacklisted in a few cell sites he must have riled the wrong person who has access to the cell controller and user database. Remember when you call any company for service , if you piss off the guy at the controls it is simple for him to make a few “ mistakes” and delete something. Believe me when I say this is not too uncommon. Big carriers keep records of all system access but a person with the right knowledge can do amazing things. Just look at the hacking going on around the world. And if the guy called has a brother or friend in the outside plant, guess what, it’s even easier.

If this doesn’t get him diving for the cave nothing will.:?

livinginx
02-02-2008, 04:41 PM
Not to add to this paranoia but even in your example the traffic goes via a carrier. I would say he has another issue. One that if he has had his cell blacklisted in a few cell sites he must have riled the wrong person who has access to the cell controller and user database. Remember when you call any company for service , if you piss off the guy at the controls it is simple for him to make a few “ mistakes” and delete something. Believe me when I say this is not too uncommon. Big carriers keep records of all system access but a person with the right knowledge can do amazing things. Just look at the hacking going on around the world. And if the guy called has a brother or friend in the outside plant, guess what, it’s even easier.

If this doesn’t get him diving for the cave nothing will.:?

The nice thing with most carriers though is that anytime somebody makes a change to your account, those changes are signed. It would take a lot on any carrier that I have worked for to get screwed and not be able to revert to a previous state.

kantzow
02-02-2008, 07:07 PM
This is understandable in a world where insight and control mechanisms exists, however this does not apply to most developing countries where the governments simply choose "not to interfere", obviously because of brides (cars, money, travel, free this free that).

C&W does have a lot of control mechanisms within their corporation, every login to the DSLAMs, Cell stations etc is logged and there is a trail. Now imagine this, if you tell anybody of what is going on even if it's illegal within their corporation (former employees as sources) you will be fired, and once fired from a corporation like C&W in the Caribbean you will have a hard time to find work elsewhere due to the very high ranking connections of the "top" in the company.

LOL this is really starting to sound like a conspiracy theory, except this is pretty much the reality in the Caribbean.

I doubt this is a problem in modern industrial countries, like western europe and the US since people can actually act against companies with success. Even though the company have "misplaced" or deleted the logs over access and traces of the corruption once a court order has been issued (if ever).

Berry One
02-03-2008, 09:31 AM
Well, if they don't like you they can just terminate your blackberry service.

The concern was wiretapping of BlackBerry email conversations somewhere on carrier wireless network, the response is: unlikely.