Wireless

Using VoIP-based mobile devices over Wi-Fi or IP video phones? Be careful.

Researchers plan to demonstrate this weekend how they can eavesdrop on voice over IP conversations made using an iPhone over a Wi-Fi network and snoop on video and audio communications between IP video phones.

These types of man-in-the-middle eavesdropping attacks aren't new, however these could be the first public demonstrations of them on these particular platforms.

This screen shot shows the user interface of UCSniff. The user can listen in on a conversation and see the video of two people talking on an IP-based video phone. The two video screens show what each of the video phones is displaying.

(Credit: Viper Lab, Sipera Systems)

In the VoIP demo at ToorCon in San Diego on Saturday, Jason Ostrom, director of Viper Lab at Sipera Systems will listen to the conversation of someone talking on an iPhone over an unsecured wireless network. The exploit targets smartphones that are using the SIP (session initiation protocol) for VoIP, he said on Friday.

Ostrom will use an open-source assessment tool called UCSniff to listen to and record the conversation. A new version of the tool will be released publicly on Saturday, he said.

In another demo, Ostrom will show an attack in which he can view and listen in real time to video and audio from a conversation made over an IP video phone.

At Defcon in July, Ostrom demonstrated attacks in which someone could eavesdrop on video conference calls and intercept surveillance camera video.

Sipera Systems will announce new security products next week that can help protect against the VoIP over Wi-Fi smartphone attack, said Adam Boone, vice president of marketing and product management at the company.

Security researchers have discovered a way to steal cryptographic keys that are used to encrypt communications and authenticate users on mobile devices by measuring the amount of electricity consumed or the radio frequency emissions.

The attack, known as differential power analysis (DPA), can be used to target an unsuspecting victim either by using special equipment that measures electromagnetic signals emitted by chips inside the device or by attaching a sensor to the device's power supply, Benjamin Jun, vice president of technology at Cryptography Research, said on Tuesday. Cryptography Research licenses technology that helps companies prevent fraud, piracy, and counterfeiting.

An oscilloscope can then be used to capture the electrical signals or radio frequency emissions and the data can be analyzed so that the spikes and bumps correlate to specific activity around the cryptography, he said.

An oscilloscope and simple antenna can capture electromagnetic emissions from mobile devices. The large spikes correspond to secret keys used during cryptographic activity.

(Credit: Cryptography Research)

"While the chip performs cryptography it is massaging the secret key around in various ways. This processing causes information about the key to leak through the power consumption itself," said Jun.

For instance, someone with the proper equipment could steal the cryptographic key from a device three feet away in a cafe in as short a time as a few minutes, he said. An attacker could replicate the key with the information and use it to read a victim's e-mail or pretend to be the user in sensitive online transactions.

Smartphones and PDAs have been found to leak data unless they have countermeasures in place to protect against it, which Cryptography Research offers, according to Jun.

He would not say exactly which devices could be snooped on in this manner and said he did not know of any attacks in the wild using this method.

"I think we're about to start seeing it on smartphones," he said. "These attacks are not theoretical."

This type of attack first surfaced about 10 years ago on cash register terminals and postage meters. Similar data leakage was found with smartIDs, secure USB tokens, smart cards, and cable boxes, he said.

Countermeasures can involve randomizing to throw noise into the measurements or changing the way the computation is done, Jun said.

Asked to comment on how threatening this type of attack could be, cryptography expert Bruce Schneier said the basic question is who stands to lose?

"Honestly, I don't care if someone hacks a cable box--it's not my money. Similarly, I don't care how often a bank gets robbed as long as the bank doesn't deduct the losses out of my personal account," he said in an e-mail. "But if someone hacks my phone and either steals service that I am charged for, or causes me enough hassle to change my phone number, that's bad."

iPhone and iPhone 3G users hit a roadblock last week trying to login to Exchange 2007 servers after upgrading to iPhone OS 3.1.

(Credit: Apple)

Because the problems began with the latest update, it may seem reasonable to assume that the update is to blame, but it's not. In fact, everything is working exactly how it's supposed to be, according to Apple.

"iPhone OS 3.1 is working properly with Exchange Server 2007," Apple representative Natalie Harrison told CNET News. "We added device encryption information to the data that can be managed by IT administrators using Exchange Server 2007. The policy of whether to support iPhone 3G, in addition to iPhone 3GS, which always has on-device encryption, on Exchange Server 2007 is set by the administrator and can be changed at any time."

What this means is that iPhone OS 3.1 now properly identifies itself to Exchange 2007 as having hardware encryption, and that's what is causing the problems for iPhone and iPhone 3G users.

iPhone OS 3.0 did not identify itself properly to Exchange 2007 on any iPhone. This means that if you had a 3G and Exchange 2007 was configured to require hardware encryption, you could still login, even though the device does not have hardware encryption.

With iPhone OS 3.1, all iPhones identify themselves properly to the server, essentially fixing a glitch in the previous operating system. However, now iPhone and iPhone 3G users that upgraded to iPhone OS 3.1 cannot login to Exchange 2007 servers that require hardware encryption.

If you use the new iPhone 3GS, you won't notice any change. Apple's newest phone is equipped with hardware encryption, so it will meet the requirements of the Exchange server when identifying itself.

If you already upgraded to iPhone OS 3.1 on an iPhone or iPhone 3G and connect to an Exchange 2007 server, you can ask that the IT admin turn off the hardware encryption requirement for those devices.

Company IT administrators who require hardware encryption to access Exchange 2007 will need to decide whether they want older iPhones to access their servers. If so, they will need to configure Exchange to not require encryption from the iPhone and iPhone 3G.

Of course, if you haven't upgraded your iPhone, it will continue to access Exchange 2007 as it always did.

The Symbian Foundation has released its first open-source software package, the first step in the organization's plan to eventually open-source the entire Symbian mobile operating system.

The Symbian Foundation was set up by in June 2008 by Nokia, Motorola, Sony Ericsson, NTT DoCoMo, Texas Instruments, Vodafone, Samsung, LG, and AT&T to oversee the development of the Symbian OS as an open-source platform, licensed under the Eclipse Public Licence (EPL). The OS had previously been developed as proprietary software by the Symbian Foundation.

On Wednesday, Symbian made available its first package covered by the EPL, the OS Security Package, according to Symbian developer Craig Heath.

"The OS Security Package source code is now available under the EPL, and it is the very first package to be officially moved from the closed Symbian Foundation License (SFL) to...the EPL," Heath wrote in a blog post.

Heath said the EPL would allow the security package to bypass export regulations in the U.K., where the Symbian code is legally based.

"There is an exemption for software 'in the public domain,' meaning that open-source software isn't export-controlled, so moving it from SFL to EPL was the most straightforward way to make sure that the complete cryptographic functionality would be available to all," he wrote.

The move is also intended to demonstrate that Symbian is "serious" about both open source and security, according to Heath. The next step will be to open source the Symbian kernel, along with a basic set of components and drivers, according to Symbian chief architect Daniel Rubio.

"It has to be accompanied by all other components and drivers to run a shell with full I/O--for example, a Board Support Package, a hardware vehicle and, of course, a freely available toolchain," Rubio said in a blog post. "The good news is that we are working hard to make this happen in the short term, which in my mind is a three-month horizon."

Alongside the shift to open source, Symbian is working to integrate several components of the old software into a new operating system that will be released under the name Symbian ^2. The new OS is to be based on version 9 of the Symbian OS and will integrate the S60, UIQ, and MOAP user interfaces, according to Symbian. It is planned to begin beta testing in the next few weeks, and could appear in handsets in the first half of next year.

In March, Symbian said it plans to release a new version of the OS every six months, with Symbian ^3 planned for the middle of this year. Symbian competes with a number of mobile operating systems, including Apple's iPhone OS, Google's Android, and Microsoft's Windows Mobile.

Matthew Broersma of ZDNet UK reported from London.

Updated at 2:30 p.m. PST with security source comment.

T-Mobile USA is looking into claims that a hacker has broken into its data bases and stolen customer and company information.

Someone anonymously posted the claims on the security mailing list Full Disclosure on Saturday. In that post, the hacker claims to have gotten access to "everything, their databases, confidential documents, scripts and programs from their servers, financial documents up to 2009."

The poster said he had offered the information to T-Mobile competitors, but they supposedly didn't show any interest. Now he says he is offering the information to the highest bidder.

T-Mobile issued a statement that the company is looking into the matter.

"The protection of our customers' information, and the safety and security of our systems, is absolutely paramount at T-Mobile," the company said. "Regarding the recent claim, we are fully investigating the matter. As is our standard practice, if there is any evidence that customer information has been compromised, we would inform those affected as soon as possible."

Some security experts were skeptical of the claims.

"The way this data has been offered is not the way the Underground Economy usually works," said Steve Santorelli, a former Scotland Yard detective who is director of global outreach at security research firm Team Cymru. "Such a highly public offer certainly tends to suggest that this is a hoax or a scam. Many things don't add up: for example, if you'd spent the time to get all this data, surely you'd have a buyer lined up or at least the connections to discretely find a buyer. Now that 'the cat's out of the bag,' the data is worth significantly less on the open market as T-Mobile will be able to put countermeasures in place such as changing passwords."

Kelly Todd, chief communications officer at the Open Security Foundation, said there wasn't enough information publicly available to determine at this time whether the breach is legitimate or not.

"At initial glance I'd say a list like that could be legitimate," he said. However, "I would have to question their comment that they had contacted T-Mobile competitors...You'd think that in order to cover their tracks they would want to take a different route than to contact the competitors."

T-Mobile has had three prior data breaches recorded on the DataLossdb.org site, which the Open Security Foundation runs. In 2005, a teenager was able to get phone numbers of celebrities who use the service; in 2006 a laptop was reported lost that contained social security numbers and addresses of about 45,000 T-Mobile customers; and in October 2008 a disc was reported lost that contained data on about 17 million T-Mobile customers, according to Todd.

CNET News' Elinor Mills contributed to this report.

You might have heard about online "phishing" scams designed to steal money from unsuspecting Web users, but now criminals are using another type of scam called "vishing" to commit the same crimes.

Last week, the Federal Trade Commission filed lawsuits against two telemarketing firms in Florida and a company claiming to sell extended automobile warranties for violating the Do Not Call registry and fraud for selling bogus warranties for between $2,000 and $3,000 a pop. Since 2007, the companies supposedly made 1 billion calls and generated more than $10 billion.

These companies likely used spoofed caller ID numbers to hide their identities from consumers and law enforcement authorities.

The case is the latest example in what is known as vishing attacks, which use the phone network to swindle people out of money. To help readers understand what these scams are, how they work and how they can protect themselves. CNET News has put together this FAQ.

What is vishing? The term "vishing" is a socially engineered technique for stealing information or money from consumers using the telephone network. The term comes from combining "voice" with "phishing," which are online scams that get people to give up personal information.

How does it work? Typically attackers use a technique called caller ID spoofing to make it look like calls are coming from a legitimate or known phone number. It's a very similar technique to email spoofing, which makes e-mail addresses look like they are coming from a trusted source. But because people typically trust the phone service and caller ID, spoofing phone numbers can be particularly damaging.

And just like with online phishing attacks, which direct consumers to phony Web sites, vishing attacks usually have a recorded message that tells users to call a toll-free number. The caller is then typically asked to punch in a credit card number or other personal information. In the case of the warranty scams, users are asked to buy a bogus extended warranty for their car, which can cost anywhere between $2,000 and $3,000.

How easy is it to spoof a phone number? With voice over IP phone technology, caller ID spoofing is very easy to do. The traditional phone network works by connecting one circuit to another. Each circuit on either end of the call is assigned a phone number by the phone company. So changing the phone number of a caller was more difficult. Of course, there were people who had figured out ways to hack into the old phone network to do this, but it wasn't as easy as it is today with voice over IP technology. With VoIP services, there is no circuit. These services use the Internet, which assigns different devices on the network IP addresses instead of actual phone numbers. Phone numbers are actually assigned by the users themselves.

There are several companies offering commercial spoofing services, such as SpoofCard. And even VoIP services, such as Skype, allow people to pick an area code and even the prefix number they want when they set up a new phone number. These numbers can be used to disguise where calls originate. Of course, Skype is built for individual use, but other services like Flowroute provide VoIP services for businesses using PBXs. A PBX, or private branch exchange system, makes connections among the internal telephones of a private organization, such as a business, and it also connects them to the public switched telephone network (PSTN). These services allow companies to pick any phone number for caller ID they want. And some telemarketers use the service to spoof telephone numbers.

The practice of caller ID spoofing is so widespread and common that one of the telemarketers accused in the FTC lawsuit supposedly bragged to a prospective client that he could call the entire United States in just a few hours and would not get caught calling people on the Do Not Call List.

Is caller ID spoofing illegal? No it's not. But there is proposed legislation that could make manipulating a phone number to look like it's coming from someone else illegal.

Are there legitimate uses for caller ID spoofing? Yes, there are some legitimate uses for spoofing. Voice over IP providers by definition must use spoofing, or some kind of number manipulation, to create phone numbers. But there are other legitimate uses. For example, doctors who might want to call back patients from their home may use spoofing to conceal their their home numbers. Some online dating services use spoofing to let people talk to potential matches without revealing their real phone numbers. And some lawyers involved in domestic violence cases may use caller ID spoofing to protect the whereabouts of abused clients.

Even though there are some legitimate uses for caller ID spoofing, Lance James, co-founder of Secure Science, which specializes in fraud protection, says 75 percent of all caller ID spoofing is likely for illegitimate purposes. Still, he believes that any new laws written that make caller ID spoofing illegal, should distinguish between people using spoofing for legitimate purposes and those looking to harm or scam people out of money.

Who typically uses caller ID spoofing and vishing scams? Most of the vishing attacks have been from nefarious individuals or crime rings who are stealing credit card numbers or other personal information in identity theft. But telemarketers are also using the technique to get people to buy bogus products. Because the costs are so low for to spoof caller ID numbers using a voice over IP service, it means that companies using the technique only have to get a few people to buy a phony product or hand over personal or financial information to make the efforts profitable.

How do the scams usually work? Scammers often use either a war dialer, which is software that identifies numbers that can be used to make calls, to call phone numbers in a given region, or they access a legitimate voice messaging company with a list of phone numbers stolen from a financial institution. Usually they set up an automated recording to call individuals telling them that their credit cards have been flagged for fraudulent activity. Then they either ask people to provide credit card numbers, PIN codes, and/or Social Security numbers to verify their account or they provide another number where the consumer is to call to provide account details.

Some sophisticated attacks combine vishing and phishing. These scams typically start with a phishing e-mail that says there has been a problem with an online account from a known Web site, such as a bank, credit card company, or online retailer, and it directs users to call a number and enter information to verify their account.

Is it hard for authorities to catch vishers? Yes and no. Because all calls originate and terminate somewhere, there are billing records that law enforcement officials can use to trace calls to their sources. But this often takes several subpoenas to get access to the right information, which takes time and costs money.

Are there any technologies that can be used to identify vishing attacks? The biggest vulnerabilities in the communications network occur where older technologies meet new technologies, according to Secure Science's James. As a result, he believes that a coordinated effort by traditional phone companies and newer VoIP companies can help stop many attacks. Essentially, traditional phone companies and VoIP providers can verify and authenticate calls to ensure people making calls are who they say they are. This practice should cut down on much of the illegal activity that is done by spoofing caller ID numbers, James said.

Carriers could also add clauses to their terms of use that would prohibit customers from using spoofed IDs to commit fraudulent acts. And if these users are caught doing something illegal, they could have their service terminated.

Some companies are offering blacklist software that blocks certain caller ID phone numbers. Of course, blacklisting can be tricky since scammers and telemarketers can numbers can change the pool of numbers they use to conceal their identities. For example, Google will offer a feature in its Google Voice product that will allow phone calls to be filtered like email so that users can block calls or send some calls from certain phone numbers to a "spam" folder.

And finally caller ID spoof providers like SpoofCard, which handles the large majority of spoofed numbers on the market, can work with service providers and law enforcement to flag suspicious spoofers.

What can consumers do to protect themselves? Here is some advice from security experts:

• Be aware. Consumers need to know that these scams exist. To find out more information, go to the FTC Website.

• Be suspicious of all unknown callers. People should be just as suspicious of phone calls as they are of e-mails asking for personal information. And some experts suggest letting all calls from unknown callers go to voicemail.

• Don't trust caller ID. Just because your caller ID displays a phone number or name of a legitimate company you might recognize, it doesn't guarantee the call is really coming from that number or company. As explained earlier, caller ID spoofing is easy.

• Ask questions. If someone is trying to sell you something or asking for your personal or financial information, ask them to identify who they work for, and then check them out to see if they are legitimate.

• Call them back. Again if someone is selling you something or asking for information, tell them you will call them back and then either verify the company is legitimate, or if it's a bank or credit card company, call them back using a number from your bill or your card. Never provide credit card information or other private information to anyone who calls you.

• Register your number with the National Do Not Call registry at donotcall.gov. Even though criminals and unscrupulous telemarketers may ignore the list, if you are on the list and get a call from a supposed telemarketer, that could be a tip that the offer is bogus. Most legitimate telemarketers obey the rules and laws about contacting consumers. Also, the Website provides a place where complaints can be filed.

• Report incidents. Report vishing calls to www.ftc.gov or call (888) 382-1222. The FTC wants the number and name that appeared on the caller ID as well as the time of day and the information talked about or heard in a recorded message. If you think you've been a victim of a vishing attack you can also contact, the Internet Crime Complaint Center.

Security companies Symantec and McAfee will be the latest big-name developers to make products for Apple's iPhone, as the two look to cash in on the popularity of the device.

Speaking to Reuters, McAfee CEO Dave DeWalt said his company is developing security software for the iPhone, though no other details on the product were provided. DeWalt also said the company is working on a "much more comprehensive suite for the Apple family."

Symantec is throwing its hat into the iPhone ring too, but it won't be developing traditional security software. Instead, Symantec is looking at a backup service that would give people access to files stored on their computers or on the Web.

The service sounds a bit like Apple's own MobileMe service, which stores data in the cloud. But it's unclear whether Symantec will offer the same type of data syncing available from Apple.

Symantec Senior Vice President Rowan Trollope told Reuters that his company has no immediate plans to introduce security products for the iPhone.

Neither company gave a time frame for the release of products.

President Obama's BlackBerry 8830 is getting the super-secure treatment.

(Credit: Research In Motion)

After months of waiting, President Obama will soon get his super-secure BlackBerry.

The Washington Times newspaper reported Thursday that the presidential BlackBerry 8830 is "in the final stages of development by the National Security Agency." The agency is still testing the encryption software to ensure it's up to snuff. And the president could have his new device in a matter of months.

A Washington, D.C.-based company, Genesis Key, developed the software called SecureVoice that will be used to secure the high-security BlackBerry. Research In Motion, the maker of the BlackBerry, has also been involved in development, the Washington Times said.

Since the inauguration in January, President Obama, who vowed security officials would have to pry his BlackBerry out of his hands, has been using a cumbersome work-around to communicate with key members of his staff and close aides.

A simple snip of a few fiber-optic communications cables left thousands of people in Silicon Valley and throughout parts of the San Francisco Bay Area without phone, Internet, or wireless service for more than 12 hours on Thursday.

The San Jose Police Department is investigating the incidents, which took place in two different locations in San Jose and San Carlos and classified as acts of vandalism. Now that the network is up and running again, people are asking how difficult is it to take down the nation's communications network? And should we be more worried about the fiber optic cables that ring our communities and crisscross the country carrying all of our communications?

"A couple of well-placed attacks could do a lot of damage to the communications network," said Sam Greenholtz, co-founder and principal of Telecom Pragmatics, a consulting and research firm specializing in the telecommunications market. "And it's not really that hard to figure out where the fiber optic cables are laid and to get access to them."

That said, Sgt. Ronnie Lopez of the San Jose Police Department said there is no reason yet to suspect terrorism in this case. But the FBI has been briefed on the case.

AT&T is offering a $250,000 reward to anyone who can provide information that leads to the arrest and conviction of the vandals.

"We are aggressively working with law enforcement authorities to see that those responsible for this willful act are apprehended and prosecuted to the fullest extent of the law," the company said in a statement Friday.

AT&T also said in a press release that following the terrorist attacks of September 11, 2001, its networks were declared National Critical Infrastructures, which means that anyone who tampers with, destroys, or disrupts the company's network or its components is in violation of both federal and state laws.

Wondering about vulnerabilities
Still, with recent reports that our nation's electrical grid has gotten less secure due to technological advances, incidents such as this one leaves many wondering how vulnerable the communications network really is.

I talked to a few experts about how telecommunications networks are built and how they operate. And I've concluded that while it's somewhat easy to figure out where fiber is laid and to gain access to the fiber infrastructure in the ground, it's much harder to actually cause major damage unless you know what you're doing.

Let me explain. In the AT&T fiber cut case, it was fairly easy for the perpetrator to access the fiber-optic cables that were eventually cut. Sgt. Lopez said that it appeared that whoever cut the fibers simply lifted the manhole cover, went down the ladder, and cut two cables.

But knowing exactly which manhole cover to open and which cables to cut that would cause widespread damage to the network is another story.

Greenholtz, who was a former manager in the Planning and Engineering Group at Verizon where he worked for nearly 28 years, said that causing a network outage of this magnitude was likely orchestrated by someone who not only knew which manholes provided access to AT&T fibers, but also knew which places on the network were most vulnerable and could cause the most damage.

"The manhole covers are not locked," he said. "Anybody can open them and go down there. But most of these networks have redundancy and diversity built-in to the architecture, so if you cut a cable, it reroutes itself and recovers."

Greenholtz explained that someone with knowledge of the network would know the most vulnerable points in the network and could pinpoint those areas.

Built in rings
AT&T declined to discuss specifics of the company's network architecture, but experts say that the Baby Bell phone companies, such AT&T's predecessor SBC Communications, typically built their regional fiber networks in rings. The rings themselves would help provide protection against an outage, because if a line were cut, the traffic could just reverse itself in less than 50 milliseconds and go the other direction around the ring.

But the phone companies also typically ran redundant lines that are spaced some distance apart from each other, so that if one line is cut, there is also a separate fiber carrying the traffic. And to ensure that the redundant line can handle excess traffic in an emergency, most phone companies run these systems at 50 percent capacity.

(Credit: Google Maps)

The fiber-optic cables that were cut in San Carlos, which were owned by Sprint Nextel, appear to have worked in this way. The traffic was quickly rerouted to another path, and service to Sprint's business customers was not interrupted.

Unlike regional networks, which have multiple fiber rings running through and between cities, undersea cables that connect continents do not have this type of redundant architecture because it's much too expensive to build it that way. This means that undersea cables are particularly vulnerable to fiber cuts. But because they are deployed beneath the ocean floor, they tend to be more difficult to tamper with. That said, cables are severed and massive outages do occur from time to time.

By contrast, some networks in highly trafficked regions or networks that service critical customers have even more redundancy built into them. Michael Howard, a principal analyst at telecommunications research firm Infonetics Research, said that carriers such as Deutsche Telekom have begun building meshed networks so that there is a third path for traffic if fibers are cut or there is some other disruption on the network.

"The more traffic there is on the route, the more redundancy the carrier provides," he said. "There are usually two aspects to a backup plan for networks. One is providing a diversity of virtual routes for the traffic, but the other is providing physically separate routes on separate fibers. I'd have to say the outage that occurred in Silicon Valley seems odd, given the traditional network architecture."

An inside job?
Indeed, AT&T's network failure seems to suggest that at least one other path that would have rerouted the traffic was also damaged or cut. Given that the police indicated that the incidents occurred in only two locations, San Jose and San Carlos, it seems likely that there was already some damage or issue happening on AT&T's network at the time the fiber was cut or the vandals managed to cut the ring in two places.

Of course, neither I nor any other expert could know this for sure. But the fact is that fibers are cut all the time in regional networks, and rarely do they cause massive outages that shut down entire regions for hours. Most of these incidents are accidents. Someone might be landscaping a yard and a back-hoe severs a cable. Or another utility worker accidentally damages a cable while working in the same manhole where communication cables are located.

"Fiber cuts happen more often than people realize," said Crystal Davis, a spokeswoman for Sprint Nextel. "It happens by accident all the time when someone is drilling or digging up a street. Or they're doing regular maintenance. We know this, and that's why traffic can be quickly rerouted."

This is also why Greenholtz believes that the AT&T fibers were likely cut by someone who knew the network and its potential weaknesses.

"If there was an ongoing maintenance issue on one side of the fiber ring that hadn't been addressed," he said. "And then the other side is cut, it would cause a major outage like the one AT&T experienced. But in order to cause that much damage, someone would have to know that. Otherwise, it was just a very lucky vandal."

More theories
This line of thinking has caused some bloggers to suspect that the vandal was a disgruntled former or current AT&T employee.

And some have even gone so far as to suggest that the perpetrator could be an unhappy union worker. AT&T is currently in contract negotiations with its largest union the Communications Workers of America, which represents some 80,000 workers at AT&T. Workers have already voted to strike if a new contract can't be agreed upon. So far, no date has been set for a strike, and Candice Johnson, a spokeswoman for the union said that the two sides are still negotiating.

But Johnson also said that the union was not involved in the vandalism and that claims that its members might be involved are unfounded.

"There is no basis for speculation that our members were involved in this act of vandalism," she said. "We are cooperating with authorities. We are currently at the bargaining table with AT&T management, and our workers are on the job. Our goal is to get a contract renewed."

Sgt. Lopez from the San Jose Police Department said that it's still too early in the investigation to talk about suspects or motives.

Regardless of whether the cables were cut by disgruntled employees or random vandals, the recent incident highlights the potential for such an attack to be undertaken on a broader scale by foreign terrorists, who may infiltrate our nation's telephone companies or gain access to information about the country's communications network. But Greenholtz and other experts say that because these networks have always been built with redundancy in mind, it would take a massive coordinated effort to target individual manholes and to cut fibers.

"If you really want to take down the communications network and cause damage, you'd probably target a central office," Greenholtz said.

A central office is the nerve center of a telecommunications network. It houses all the switching equipment and billing data for a particular region of the network. As an example, Greenholtz said that if a terrorist was able to damage Verizon's central office on 38th Street in Manhattan, communications services on Wall Street could be wiped out not just for a few hours, but likely for days, weeks, or even a month. Because these facilities are so critical, he said all the major phone companies have tight security.

"Those places have tons of security," he said. "You'd probably need Jack Bauer (of the TV show '24') to help you get in there."