Eavesdropping Methods
With eavesdropping, attackers can use various methods to launch attacks that typically involve the use of various eavesdropping devices to listen in on conversations and review network activity.
A typical example of an electronic listening device is a concealed bug physically placed in a home or office. This could occur by leaving a bug under a chair or on a table, or by concealing a microphone within an inconspicuous object like a pen or a bag. This is a simple approach but could lead to more sophisticated, difficult-to-detect devices being installed, such as microphones within lamps or ceiling lights, books on a bookshelf, or in picture frames on the wall.
Despite all the number of technological advances making digital eavesdropping increasingly easy in this day and age, many attacks still rely on intercepting telephones. That is because telephones have electric power, built-in microphones, speakers, space for hiding bugs, and are easy to quickly install a bug on. Eavesdropping attackers can monitor conversations in the room the telephone is in and calls to telephones anywhere else in the world.
Modern-day computerized phone system make it possible to intercept phones electronically without direct access to the device. Attackers can send signals down the telephone line and transmit any conversations that take place in the same room, even if the handset is not active. Similarly, computers have sophisticated communication tools that enable eavesdropping attackers to intercept communication activity, from voice conversations, online chats, and even bugs in keyboards to log what text users are typing.
Computers also emit electromagnetic radiation that sophisticated eavesdroppers can use to reconstruct a computer screen’s contents. These signals can be carried up to a few hundred feet and extended further through cables and telephone lines, which can be used as antennas.
Pickup device
Attackers can use devices that pick up sound or images, such as microphones and video cameras, and convert them into an electrical format to eavesdrop on targets. Ideally, it will be an electrical device that uses power sources in the target room, which eliminates the need for the attacker to access the room to recharge the device or replace its batteries.
Some listening devices are capable of storing digital information and transmitting it to a listening post. Attackers may also use mini amplifiers that enable them to remove background noise.
Transmission link
A transmission link between a pickup device and the attacker’s receiver can be tapped for eavesdropping purposes. This can be done in the form of a radiofrequency transmission or a wire, which includes active or unused telephone lines, electrical wires, or ungrounded electrical conduits. Some transmitters can operate continuously, but a more sophisticated approach involves remote activation.
Listening post
A listening post is used to transmit conversations intercepted by bugs on telephones. When a telephone is picked up to make or take a call, it triggers a recorder that is automatically turned off when the call is ended.
Listening posts are secure areas in which signals can be monitored, recorded, or retransmitted by the attacker for processing purposes. It can be located anywhere from the next room to the telephone up to a few blocks away. The listening post will have voice-activated equipment available to eavesdrop on and record any activity.
Weak passwords
Weak passwords make it easier for attackers to gain unauthorized access to user accounts, which gives them a route into corporate systems and networks. This includes hackers being able to compromise confidential communication channels, intercept activity and conversations between colleagues, and steal sensitive or valuable business data.
Open networks
Users who connect to open networks that do not require passwords and do not use encryption to transmit data provide an ideal situation for attackers to eavesdrop. Hackers can monitor user activity and snoop on communications that take place on the network.