NSA vacuuming down Internet traffic
-----BEGIN PGP SIGNED MESSAGE----- WRT: "...the same article had Madsen stating that the NSA is vacuuming down Internet traffic. he gave the likely entry points that they are doing this." It's a virtual lead-pipe cinch that this is being done and probably has been going on for longer than anyone would like to think. In the 1960's - 1970's when international cable traffic was in its computer infancy, access was had to EVERY CABLE MESSAGE passing through the message switches of U.S. common carriers. This means no only every international cable message originating from or destined to a U.S. point, but also included every message ROUTED THROUGH the U.S., such as Europe <--> South America. There was no great skullduggery involved -- the common carriers simply made copies of their own log tapes and handed them to messengers from the, ah, FCC (ahem). It was on the operations checklist and no one thought twice about it. It may be urban legend to some, but I've seen it with my own eyes, handled the tapes with my own hands. If anyone else wishes to move this from the status of urban legend to something more solid, all they have to do is locate and ask people who worked in message switch operations at RCA Global Communications, ITT World Communications, or Western Union International, the three common carriers of that time. Knowing this, I would assume something similar was done at overseas locations of the same carriers and at such other access points as could be compromised. An organization such as NSA that viewed this as SOP would have to be brain dead not to be doing the same thing with the Internet. The only question in my mind is how far they have gone beyond USENET and the newer, fertile ground of web sites. Are they vacuuming packets and reassembling email? Just how many laser discs have been filled with coherent traffic? Time to exercise those plain, brown envelopes. We Jurgar Din (that will have to suffice: I do not yet live in a free country) +"The battle, Sir, is not to the strong alone. It is to the+ +vigilant, the active, the brave. Besides, Sir, we have no + +election. If we were base enough to desire it, it is now + +too late to retire from the contest." -Patrick Henry 1775 + -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBVAwUBMP9XX0jw99YhtpnhAQEH1gH+KiIxJ3eXZCNGq5mG9UB1A68+TOLe9tCk NG170tzIBtwjlXw09B83Oxx16WineBqlZ7NJJiRazssBpFqDnWEh4A== =tUWW -----END PGP SIGNATURE-----
Is there any open source - or otherwise - knowledge or speculation about which words/phrases the Terra-cycle cpu's are text-searching *for*? If it were your responsibility to eavesdrop on Iranian terrorists - or French Commercial Attache reports to Paris - or to have UK nationals, off in their private room of your building, write down the name of every in America who expresses a libertarian dissatisfaction with the Republicrat regime - would you know for sure which words/phrases to key on? It doesn't sound like a tractable problem to me.
To me it does sound completely feasible (you don't need very good accuracy). I've personally run packet filters (for statistical purposes only) on busy 10-mbit ethernets using BPF, FreeBSD, and 486 or pentium machines. They easily keep up with little packet loss. I understand T3 is 34 mbits, so only three times faster. No problem to optimize that much by specially written software, especially if you can do some of the low level stuff in hardware. As for the keyword search problem, it would easily be possible to scan much of the data (say, tcp ports smtp, nntp, login, exec, ident) in real time against a million-phrase dictionary (containing keywords, e-mail addresses, names, abbreviations, etc.). If there are performance problems, you can first limit by source/destination/protocol/port. Only intercepts (e.g., entire tcp connections) that pass this initial screening are passed on to other machines for more complicated analysis. Note also that many parts of the filtering problem parallelize quite nicely. For example, you can split the traffic to a number of machines based on the value of the numerically smaller of the source/destination addresses. I don't see any technical problems in doing large-scale internet monitoring. The equipment needed is even cheap enought to be done by motivated amateurs/individuals, assuming they can get a copy of the raw data from the T3. This is one of the reasons why strongly encrypting internet data is so important. Tatu See http://www.cs.hut.fi/ssh for information on SSH, the secure remote login program. See http://www.cs.hut.fi/crypto for information cryptography available to anyone worldwide.
If I were standing in one of the places where NSA has it's taps of the Net - what would I see? Alligator clips across terminal strips, leading to a bunch of T3 lines? Is there any open source - or otherwise - knowledge or speculation about which words/phrases the Terra-cycle cpu's are text-searching *for*? If it were your responsibility to eavesdrop on Iranian terrorists - or French Commercial Attache reports to Paris - or to have UK nationals, off in their private room of your building, write down the name of every in America who expresses a libertarian dissatisfaction with the Republicrat regime - would you know for sure which words/phrases to key on? It doesn't sound like a tractable problem to me. Of course, some people don't need to worry about the GAO doing their own evaluation of how well an agency is doing its assigned mission! Alan Horowitz alanh@norfolk.infi.net
Alan Horowitz asks ...
If I were standing in one of the places where NSA has it's taps of the Net - what would I see? Alligator clips across terminal strips, leading to a bunch of T3 lines?
I can't say I have a reliable answer to your question (although I can say fairly confidently that it is unlikely to be done with alligator clips at T3 and Sonet rates). In the past a good bit of this stuff was apparently done by intercepting microwave tail circuits (such as on the older FDM type undersea cables). For some random reason all the traffic on the undersea cable just happened to always be routed via a microwave link (sometimes as a "backup" to a cable link sent to a satellite ground station in case it had to carry the traffic if the cable failed). It is remarkable how many of the undersea cable terminals have microwave links to the rest of the world. Now with everything digital and almost always on fiber, one would probably expect that the main Internet backbone Sonet or FDDI rings have little diversions or bridges that feed undocumented fibers going somewhere that nobody at the carriers quite knows where. There is a great deal of dark fiber installed (around the Beltway area especially) for the spook agencies that was put in without any normal cable records being kept by the carriers regarding where the fibers in the bundle terminate or what they are used for or even where the actual cables really go. The amount of fiber going into some of the beltway CIA sites is truly impressive (several major runs). The DACS digital crossconnect points (high speed space/time division DS-1/DS-3 switches used for routing and and interconnecting digital circuits from one fiber pipe to another) could certainly be programmed to route a copy of the traffic on some interesting backbone T3 line out another port as well - and like all complex software driven devices this capability could be covertly activated and controlled without notice to the normal operators who certainly don't have source code or the expertise to vet it. As one might expect I've so far not met anyone at a carrier who knows exactly where the NSA taps are, but other possibilities certainly exist at repeater sites (where used) and even by optical taps (bending the fiber to make it leak a little light) in some manhole somewhere. And obviously buggering the firmware in central routers to forward selected packets is available as a last ditch option. Dave
participants (4)
-
Alan Horowitz -
Dave Emery -
nobody@REPLAY.COM -
Tatu Ylonen