Northern Ohio MARCS Security Incident?

[k4imw]

There's an interesting article in the Wilmington News Journal:

Clinton County eyes MARCS security fix - Wilmington News Journal

WILMINGTON — The countywide radio communications system for first responders will have to get an upgrade after an incident in northern Ohio exposed a

www.wnewsj.com

The countywide radio communications system for first responders will have to get an upgrade after an incident in northern Ohio exposed a security issue in the system that’s used around the state.
.....
If a locale’s upgrade is not performed by July 2023, all its public safety radios will go silent,

This is the first that I've heard of any "Security" related incidents w/r/t MARCS-IP.

Does anyone have any news articles around this that they could share? Digging around the first few pages of the Ohio Radio Discussion Forum didn't really yield any good results.

 

[northernsummit]

I’m guessing it may have been this:

https://das.ohio.gov/Portals/0/DASDivisions/InformationTechnology/IS/MARCS/Steering%20Committee/Stark%20Presentation%20Beginning%20to%20End.pdf?ver=E3NIyJKtDb5WReb4nhRXcw%3D%3D

 

[k4imw]

I think you might be 100% correct on this.

It'll be interesting to see what changes are made.

 

[littona]

I’m guessing it may have been this:

https://das.ohio.gov/Portals/0/DASDivisions/InformationTechnology/IS/MARCS/Steering%20Committee/Stark%20Presentation%20Beginning%20to%20End.pdf?ver=E3NIyJKtDb5WReb4nhRXcw%3D%3D

Wow... some serious whackers there!

 

[kf8yk]

It'll be interesting to see what changes are made.

Link Layer Authentication will be required by July 2025.

MARCS Radio Authentication

Motorola ASTRO 25 Radio Authentication

 

[chrismol1]

Ive posted on this story somewheres else if I recall but the main deal is these guys were the most whackerific whackers. This went on for 2 years before they were caught

The main guy had a security company, as you can see from the photos, they were charged with impersonation as well as breaking onto the trunked radio system. These guys were entitled to think they could use the system for themselves, they stole radios or otherwise got access from someone affiliated from a PD and cloned the radios also acquiring encryption keys and loaded up their own personal radios with police encryption keys and stole radio IDs from the agency to appear as legitimate radios on the system and used them for themselves

The second part is they bought more radios and sold those radios to their buddies and were parading around on the system using it for themselves stealing airtime and listening to now unencypted police transmissions. In the end they recovered or inhibited hundreds of unauthorized radios on the system and arrested a bunch of people

 

[DualReverse]

Was told anecdotally late last week that I guess there may have been another incident involving unauthorized MARCS-capable radios in the northern part of the state. Nothing firm, but it was definitely not the Stark County incident they were talking about.

 

[mmckenna]

So much whacking.

Link Layer Authentication is going to plug some glaring holes in the P25 protocol.

 

[RayAir]

So much whacking.

Link Layer Authentication is going to plug some glaring holes in the P25 protocol.

Link layer authentication is going to be a welcomed feature but frankly I'm surprised there isn't an option to encrypt the control channel. For instance use an AES key to encrypt CC and every SU is key loaded to decode CC data.
OTA signaling encryption would be nice too for more sensitive applications.
Block the metadata (TG, RID).
Hytera offers this for DMR. With OTA signaling enc on, dsd will play the voice frames but the only info dsd will show is the color code. That's it. It uses a separate user generated 128 bit key apart from the enc keys set for voice encryption.

 

[tweiss3]

Link layer authentication is going to be a welcomed feature but frankly I'm surprised there isn't an option to encrypt the control channel. For instance use an AES key to encrypt CC and every SU is key loaded to decode CC data.
OTA signaling encryption would be nice too for more sensitive applications.
Block the metadata (TG, RID).
Hytera offers this for DMR. With OTA signaling enc on, dsd will play the voice frames but the only info dsd will show is the color code. That's it. It uses a separate user generated 128 bit key apart from the enc keys set for voice encryption.

There is, LLE is supposedly is becoming available soon.

 

[wa8pyr]

Link layer authentication is going to be a welcomed feature but frankly I'm surprised there isn't an option to encrypt the control channel. For instance use an AES key to encrypt CC and every SU is key loaded to decode CC data.

I believe there is such an option, but for a system like MARCS encrypting the control channel would be a management nightmare, as well as a serious safety concern; if a user's radio loses the encryption keys, it's completely useless and the user would be unable to yell for help if needed. Normally, losing the encryption key simply means the radio cannot decrypt encrypted voice, but would still work just fine on clear talkgroups.

It would also cause issues at the interoperability level.

As @mmckenna noted, LLA should plug the holes.

 

[harvick21]

Interesting in that we always hear from the Public Safety officials is, we need encryption so the public, media and "bad guys" can't listen in but as pointed out most likely had inside help. So another fraud perpetuated that it's the public is the problem when, I'm betting, inside jobs are happening around the country thanks to whackjobs. This is exactly the kind of thing that needs to be publicized to push back on hiding basic everyday communications. But more likely, it will be covered up to protect higher up in PSB's and other govt officials.

 

[mmckenna]

Interesting in that we always hear from the Public Safety officials is, we need encryption so the public, media and "bad guys" can't listen in but as pointed out most likely had inside help. So another fraud perpetuated that it's the public is the problem when, I'm betting, inside jobs are happening around the country thanks to whackjobs. This is exactly the kind of thing that needs to be publicized to push back on hiding basic everyday communications. But more likely, it will be covered up to protect higher up in PSB's and other govt officials.

The reasons for encryption are valid, even though scanner listeners may not agree.

There are requirements that were agreed to when agencies started accessing criminal justice information systems, terminal systems, databases, etc. Essentially these agencies agreed to protect that personal information at all times, or risk losing access to it. This is a requirement on the FBI side, as well as most state systems. The agencies signed agreements saying they would abide by those rules or risk losing access.
The requirements are that CJI/PII must be encrypted and protected at all times. It cannot be shared with anyone that does not have a legit need for it (scanner listeners claiming "transparency" isn't a valid need). That includes transmitting it over the radio.
Since this sort of information is important for law enforcement and other users, and would put offices lives at risk if they didn't have access to it, it needs to be encrypted. If they don't, system access can be pulled and now the officers are in the dark.

This isn't a new requirement, agencies agreed to this a long time ago. It's just now starting to be enforced.

 

[RayAir]

I believe there is such an option, but for a system like MARCS encrypting the control channel would be a management nightmare, as well as a serious safety concern; if a user's radio loses the encryption keys, it's completely useless and the user would be unable to yell for help if needed. Normally, losing the encryption key simply means the radio cannot decrypt encrypted voice, but would still work just fine on clear talkgroups.

It would also cause issues at the interoperability level.

As @mmckenna noted, LLA should plug the holes.

Encrypted CC key can be set with IKR.
EDACS had a CC security key option, but it wasn't very robust.

 

[harvick21]

The reasons for encryption are valid, even though scanner listeners may not agree.

There are requirements that were agreed to when agencies started accessing criminal justice information systems, terminal systems, databases, etc. Essentially these agencies agreed to protect that personal information at all times, or risk losing access to it. This is a requirement on the FBI side, as well as most state systems. The agencies signed agreements saying they would abide by those rules or risk losing access.
The requirements are that CJI/PII must be encrypted and protected at all times. It cannot be shared with anyone that does not have a legit need for it (scanner listeners claiming "transparency" isn't a valid need). That includes transmitting it over the radio.
Since this sort of information is important for law enforcement and other users, and would put offices lives at risk if they didn't have access to it, it needs to be encrypted. If they don't, system access can be pulled and now the officers are in the dark.

This isn't a new requirement, agencies agreed to this a long time ago. It's just now starting to be enforced.

There are valid reasons, I agree but for everyday basic, routine calls there is no reason for full encryption. This type of information can be accessed by going to the the PD and requesting the logs for via FOIA, So this invalidates the full time encryption argument. And again, the big point is, this appears to be an inside job which too many PSB's try to hide. Erie PA officials are totally hostile to the public and news media, why because the Erie PD has a history of issues and this makes hiding them even easier. New Castle PD Police chief claims to love transparency but refuses to discuss the full time encryption, so they can't have it both ways. And agan, this is another PD that has had issues over the years.

 

[belvdr]

The reasons for encryption are valid, even though scanner listeners may not agree.

Agreed on all points. Do agencies typically have rules that forbid system admins from putting the encryption keys for channels on radios that don't need general access? By this, do they forbid the encryption keys to "leave the building" on radios that are not in service, such as putting LE keys on a radio tech system? I'm thinking of the MARCS incident in particular.

 

[N8WCP]

I believe there is such an option, but for a system like MARCS encrypting the control channel would be a management nightmare, as well as a serious safety concern; if a user's radio loses the encryption keys, it's completely useless and the user would be unable to yell for help if needed. Normally, losing the encryption key simply means the radio cannot decrypt encrypted voice, but would still work just fine on clear talkgroups.

It would also cause issues at the interoperability level.

As @mmckenna noted, LLA should plug the holes.

If they encrypted the CC scanners would be useless and their owners heads would explode LLA should help but the cost in hard dollars and time is ridiculously expensive and I doubt this project will be completed by 2025.

 

[mmckenna]

There are valid reasons, I agree but for everyday basic, routine calls there is no reason for full encryption. This type of information can be accessed by going to the the PD and requesting the logs for via FOIA,

No. Criminal Justice Information/PII would not be given out in a Freedom of Information Act request.

Day to day radio traffic not involving CJI/PII is not required to be encrypted. But requiring officers to switch back and forth between channels/talk groups adds to the work load. Many agencies just encrypt everything so no one "forgets" to switch.

 

[IAmSixNine]

I monitor a system with great balance.
Dispatch channels clear. NCIC, swat, detectives and other similar channels encrypted. As a former 2 way guy and current scanner guy i am happy with it that way. I dont need to hear anything on drivers license returns or background checks. I just need to hear day to day dispatch and fire comms.

 

[mmckenna]

I monitor a system with great balance.
Dispatch channels clear. NCIC, swat, detectives and other similar channels encrypted. As a former 2 way guy and current scanner guy i am happy with it that way. I dont need to hear anything on drivers license returns or background checks. I just need to hear day to day dispatch and fire comms.

Yeah, that's a great way to do it if the radios are set up well and officer training enforces it. I'm all for that solution. In fact, I'm waiting on funding to build a new system for our PD that will include (likely) a dispatch channel in the clear and the other channels fully encrypted.

Thankfully I don't have to enforce the officer training.