On Tuesday, December 11, 2001, at 10:07 PM, Meyer Wolfsheim wrote:
"So far, U.S. and European authorities battling terrorism and cybercrime have apparently focused their surveillance elsewhere. The FBI and the National Security Agency, which monitors international telecommunications, declined to comment on what strategy, if any, they have for dealing with remailers."
That would have made the article much more interesting..
What *is* the FBI/etc.'s strategy on dealing with remailers, other than ignoring them (and hoping that anti-spam/anti-terror legislation will make them illegal?)
The article was not completely silent on speculations about FBI/LEA efforts: Magic Lantern was mentioned as a way to get the keys. I'd guess that remops are likely targets for future "sneak and peek" black bag jobs. Warrants are no longer needed, say the criminals in D.C. (though the Constitution differs). Packet sniffers are another approach. Remember that we have Shimomura's own words that he was working on such sniffers for various intelligence agencie back during the Mitnick affair. Correlation analysis remains promising. Messages go in, messages leave. Without sufficient traffic to get the N^M entropy, imagine what sophisticate statistical analysis does to establish probable mappings. As we (again) discussed at this past Saturday's physical meeting, in Santa Cruz, a sparse set of users and messages is almost a toy system. Remailer traffic needs to go up by a large factor, whether actual messages or dummy messages. Remailers need to be more robust (uptime, strong policies) and need to be incentivized (paid remailers, an old topic). A chicken or egg situation? Ideally, simultaneous development...plenty of precedents for market forces pushing stronger products that customers are willing to pay for. --Tim May "Dogs can't conceive of a group of cats without an alpha cat." --David Honig, on the Cypherpunks list, 2001-11
On Tue, 11 Dec 2001, Tim May wrote:
strong policies) and need to be incentivized (paid remailers, an old topic).
The perenial failing in the CACL approach to this problem, and the primary reason they will fail. They'll sit around on their ass waiting until they can make money...gives you an idea of where their priorities REALLY are.
A chicken or egg situation? Ideally, simultaneous development...plenty of precedents for market forces pushing stronger products that customers are willing to pay for.
Really? Example please. -- ____________________________________________________________________ Day by day the Penguins are making me lose my mind. Bumper Sticker The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE----- On Tue, 11 Dec 2001, Tim May wrote:
The article was not completely silent on speculations about FBI/LEA efforts: Magic Lantern was mentioned as a way to get the keys.
His example was pretty far-fetched, though. Getting all the ISPs to log all their mail so that all remailer users could be identified would be quite a feat, and then compromising all of them with Magic Lantern would be rather difficult as well. Magic Lantern works if you have a meat-space suspect in mind. If all you have to go on is an anonymous email, it won't help much, unless it were designed to target the remailers themselves (bringing us to your next point).
I'd guess that remops are likely targets for future "sneak and peek" black bag jobs. Warrants are no longer needed, say the criminals in D.C. (though the Constitution differs).
According to current laws? I admit I haven't read Patriot all the way through, but it seems to me that an LEA would still need a warrant to black bag a remailer, if the operator wasn't under suspicion of being a terrorist. (Not that I would expect such warrants to be denied, nor would I be surprised if Son of Patriot permitted warrantless sneak and peek jobs on service providers.)
Packet sniffers are another approach. Remember that we have Shimomura's own words that he was working on such sniffers for various intelligence agencie back during the Mitnick affair.
Yes, and we see them now with Carnivore, etc.
Correlation analysis remains promising. Messages go in, messages leave. Without sufficient traffic to get the N^M entropy, imagine what sophisticate statistical analysis does to establish probable mappings.
As we (again) discussed at this past Saturday's physical meeting, in Santa Cruz, a sparse set of users and messages is almost a toy system. Remailer traffic needs to go up by a large factor, whether actual messages or dummy messages. Remailers need to be more robust (uptime, strong policies) and need to be incentivized (paid remailers, an old topic).
I agree completely. I suppose the question lingering in the back of my mind is "how hard would it be for the FBI to create such a monitoring system?" Correlation analysis can't offer much after the fact for a one-time communication through a remailer. The system would need to be in place and collecting data prior to the message being sent. I suppose it wouldn't be too difficult to deploy something along those lines, though, in US-friendly countries at least. Place a sniffer directly upstream of each remailer (at most 50?) and you'll know the real headers for the accounts each and every remailer user sends mail from. That's within the FBI's ability, I think. Then the problem of what to do with the remailers in countries where getting Carnivore or similar installed wouldn't be so easy. Sniffers on the US border routers probably isn't practical. How much of an increase in dummy-messages could the remailer network withstand? I'm trying to think of interesting ways to create more widespread dummy traffic coming from many different origins, but that could get out of hand rather quickly. - -MW- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/ iQEVAwUBPBfkvysFU3q6vVI9AQEVKAf/UdIwOluBkEivopga/QY9kkxoBrFSoEHE lhPR8RUbXOKPPwQ2kQblqF1lq92PznUGG6kgAYabnDTfxTg5erT6AaM0AWo7VI2N Umj2YNLCrX8qppc9y/B1zRmZ3BMYwneumJWeXmNQleua/GwCa+4BA6ABV6pndh1Q AErxWdwfJbxSZE2WZLKjiOVoD1AIbB1JSObgURsEAyYWHs3k6ZeND+Mx8Dyh3uWF GrbCayVyGs17JoH4RsLSHk2EG0Jm+BcBZTTb8Piezkj2BaIUC3tyJqCsJwN5Uief I5VUwEMspgBYQ8xur8r2msm8tzeJXh0CgIZXp9SXIspa8s+JwlkdeQ== =vRYw -----END PGP SIGNATURE-----
At 10:39 PM 12/11/2001 -0800, Tim May wrote:
On Tuesday, December 11, 2001, at 10:07 PM, Meyer Wolfsheim wrote:
As we (again) discussed at this past Saturday's physical meeting, in Santa Cruz, a sparse set of users and messages is almost a toy system. Remailer traffic needs to go up by a large factor, whether actual messages or dummy messages. Remailers need to be more robust (uptime, strong policies) and need to be incentivized (paid remailers, an old topic).
During your "rant" on re-mailers I mentioned the desirability of using popular P2P services in conjunction with remailers, possibly as middleman nodes. Len pointed out the problems with re-mailer system stability if P2P clients were used as they come and go. During the break there was a short discussion of using the P2P clients to generate cover traffic on remailers. This should be simple and involve no risk to those running the clients. steve
On Sat, 15 Dec 2001, Steve Schear wrote:
During your "rant" on re-mailers I mentioned the desirability of using popular P2P services in conjunction with remailers, possibly as middleman nodes. Len pointed out the problems with re-mailer system stability if P2P clients were used as they come and go. During the break there was a short
P2P nodes are ephemeral, the content is not. A short message hop from node to node is in the second range. Assuming the message doesn't sit on the node too long (running danger of it being pulled) and there are multiple redundant messages in transit (you wanted more idle traffic? here's is your idle traffic) the probability of delivery should be higher than the current remailers'.
discussion of using the P2P clients to generate cover traffic on remailers. This should be simple and involve no risk to those running the clients.
Ask Google for XML-RPC and Freenet and/or Mojo Nation. -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3
participants (5)
-
Eugene Leitl -
Jim Choate -
Meyer Wolfsheim -
Steve Schear -
Tim May