On Wed, Aug 22, 2012 at 8:51 AM, Andreas Krey <a.krey@gmx.de> wrote:
Buying software for a) will probably show up in public records, and b) may be hindered by the paranoia of the participating LEAs. Even the software needed to get all the intercepted data in one place could be nightmarish.
I don't think that buying the software would be that difficult. For a big project, LE could outsource it to one of those shady companies selling exploits, or (more likely) to a government contractor with security clearance. For something smaller, a hungry grad student should do, after making them sign an NDA, or, in case of a really arrogant LE, some national secrecy act. Writing the service as something innocent in accounting is probably par for the course. Closer to the topic, I think that traffic correlation can be performed in a distributed fashion, if you know the target IPs to watch for (which can be gathered beforehand locally on exit nodes, and aggregated and analyzed afterwards). Exit nodes that see packets to/from target hosts aggregate their exact timestamps for a few seconds, and then send the chunks to all other nodes (so yes, you can't correlate too much traffic). All other (guard) nodes then try to locally correlate the received packets with their own traffic, and aggregate successes for later reports. In this fashion, each node needs to keep perhaps a minute of timestamped traffic. It is also possible to play with traffic / disk space / success probability tradeoffs: send chunks to rotating sets of nodes, increase recorded traffic window (to be able to send old chunks to nodes that didn't see traffic to a given IP yet), etc. -- Maxim Kammerer Liberti Linux: http://dee.su/liberte _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE