[Details on the AT&T/NSA wiretapping]
[from somelist] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 That's what it appears we are up against, folks. Real-time semantic data monitoring on a huge scale. A scale beyond what most of us can even comprehend. It's scarey. http://www.dailykos.com/storyonly/2006/4/8/14724/28476 - -ken - -- - --------------- The world's most affordable web hosting. http://www.nearlyfreespeech.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFEOOBke8HF+6xeOIcRAuqCAKCNIVU77CEJYsKYr7Xo2V9Vhimo4ACfYzJX VlFnDfJLQPqbWhnEoTe4cSE= =uEQQ -----END PGP SIGNATURE----- [The following is "not for attribution". I've sent away for their white papers (and have yet to get a reply --- I suspect they've been dailykossed), but I suspect that they're using the word "semantic" at a far lower level than people are accustomed to thinking. You have to understand that all you users just exist to provide a test load for our network. If you spend your life at layer 2 of the network (down where packets change direction based on the value of a few bits in the IP header) then looking beyond the IP header (to such exotic places as the port numbers in the TCP header) to recognize that one packet as likely to be HTTP and another as likely to be VOIP is considered "semantic". And it's harder than you'd think it would be at 10Gbps (that's one packet roughly every 200 nanoseconds). One of the reasons I am dubious about this article is that the peering point that tries to do intrusion detection between what we used to refer to as "the Milnet" and the rest of the world is unable to monitor packets on 1Gbps links (so they keep adding 1Gbps links every couple of months instead of adding 10Gbps links less frequently). That site has hardware money coming out its ears (they talk about keeping several hundred gigabytes of transaction logs in RAM). And, that site is run in cooperation with NSA. If this equipment did what is being claimed, I think that peering point would know about it and be using it for lesser things like intrusion detection. ---p*zz*] ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
On 4/10/06, Eugen Leitl
... If you spend your life at layer 2 of the network (down where packets change direction based on the value of a few bits in the IP header) then looking beyond the IP header (to such exotic places as the port numbers in the TCP header) to recognize that one packet as likely to be HTTP and another as likely to be VOIP is considered "semantic". And it's harder than you'd think it would be at 10Gbps (that's one packet roughly every 200 nanoseconds).
not really, see below.
One of the reasons I am dubious about this article is that the peering point that tries to do intrusion detection between what we used to refer to as "the Milnet" and the rest of the world is unable to monitor packets on 1Gbps links (so they keep adding 1Gbps links every couple of months instead of adding 10Gbps links less frequently). That site has hardware money coming out its ears (they talk about keeping several hundred gigabytes of transaction logs in RAM). And, that site is run in cooperation with NSA.
hardware monies buy things like FPGA driven filters, and these hardware sniffers can in turn easily talk to banks of DDR. there was a paper at USENIX or somewhere that showed Xilinx FPGA's programmed with up to 700+ snort filter rules that could monitor a 10GigE stream in real time (yes, 10GigE) and scaled linear; just the kind of mechanism well funded adversaries like to brute force. [i can't find this paper anymore, does someone else have a link / copy?] nallatech makes some nice FPGA hardware systems that would apply: http://www.nallatech.com/?node_id=1.2.1&id=1 sure, this doesn't capture everything, but i suspect these filters are tuned more for what they want to discard (p2p movie and warez traffic, that'd eliminate quite a chunk, right?) than for what they want to inspect. (that is, what they want to inspect is everything they don't consider useless and filter out) on a side note, the recent interference in the Sourcefire and Check Point merger makes you wonder, doesn't it? what kind of classification systems is the government using from Sourcefire that is so sensitive it must be US owned?
If this equipment did what is being claimed, I think that peering point would know about it and be using it for lesser things like intrusion detection. ---p*zz*]
they don't get to play on the equipment. they only get to splice a fiber to it. you can buy these kinds of high capacity hardware filtering / classifying systems but they are insanely expensive. like http://www.cloudshield.com/ for example.
sure, this doesn't capture everything, but i suspect these filters are tuned more for what they want to discard (p2p movie and warez traffic, that'd eliminate quite a chunk, right?) than for what they want to inspect. (that is, what they want to inspect is everything they don't consider useless and filter out)
That's the key here, and not captured in the subject line. They DON'T capture everything and backhaul it, though everything probably undergoes a first touch at the POP. What I suspect is that there are underground footballfields worth of SAS geeks down in NSA basements who apply statistical criteria for pre-sorting. For instance, if sender IP is "Mongolia" then that buckets that communication into a low-risk segment. If there's enough "Risk" in a communication they probably decide to pull it back via the NSA parasite network where further Risk models dictate whether it gets stored or analyzed by a "higher layer". Eventually, a tiny fraction are probably analyzed by humans. Interestingly, I'd bet we can guess as to how much gets pulled back and how much gets dropped at the POP, but it would take some work. Another point that was made years ago on Cypherpunks is that the presence of crypto "where it doesn't belong" is probably a very high risk indicator. In other words, if your sender IP isn't some bank or big company and you're using crypto, they probably grab ALL of that and send it to high-cost processes. The moral of this story is: Use Stego in your P2P'd Porno if you want to send anything discretely. -TD
At 07:59 AM 4/11/2006, Tyler Durden wrote:
sure, this doesn't capture everything, but i suspect these filters are tuned more for what they want to discard (p2p movie and warez traffic, that'd eliminate quite a chunk, right?) than for what they want to inspect. (that is, what they want to inspect is everything they don't consider useless and filter out)
Another point that was made years ago on Cypherpunks is that the presence of crypto "where it doesn't belong" is probably a very high risk indicator. In other words, if your sender IP isn't some bank or big company and you're using crypto, they probably grab ALL of that and send it to high-cost processes.
The moral of this story is: Use Stego in your P2P'd Porno if you want to send anything discretely.
The increasing use of crypto in popular P2P (e.g., Azureus' newest releases) is a godsend for privacy. Steve
Another point that was made years ago on Cypherpunks is that the presence of crypto "where it doesn't belong" is probably a very high risk indicator. In other words, if your sender IP isn't some bank or big company and you're using crypto, they probably grab ALL of that and send it to high-cost processes.
The moral of this story is: Use Stego in your P2P'd Porno if you want to send anything discretely.
The increasing use of crypto in popular P2P (e.g., Azureus' newest releases) is a godsend for privacy.
PGP might still be "crypto where it doesn't belong", but VPNs aren't - not only do big companies use them extensively for home workers, but small companies are much more likely to use VPNs than to set up frame relay networks these days. It's amazing how something that used to be a cutting-edge technology and civil liberties issue has become a standard tool for daily commuting for much of the workforce. VPNs are also used for connections between companies, but for most of my (big-company) customers, they're primarily used for workers at home or on the road, especially since most of the country has broadband. Meanwhile, the _really_ popular encrypted P2P is Skype. It's not the world's best crypto (mainly due to poor choices of strong algorithms, e.g. RSA instead of DH), and being closed-source you can never be too sure what's happening, but it's Pretty Good, and extremely widespread for home users.
VPNs are also used for connections between companies, but for most of my (big-company) customers, they're primarily used for workers at home or on the road, especially since most of the country has broadband.
Meanwhile, the _really_ popular encrypted P2P is Skype. It's not the world's best crypto (mainly due to poor choices of strong algorithms, e.g. RSA instead of DH), and being closed-source you can never be too sure what's happening, but it's Pretty Good, and extremely widespread for home users.
I think that's an important point too. Even moderately strong crypto is a good thing because it forces them to make choices about where they will devote their resources. Even though the Feds can "print money" at will, reality eventually bites even them in the ass. So in other words, even if they can print money they will eventually run out of paper. That being the case, then using ANY crypto for popular apps is better than (and not equal to) nothing. Of course, the stronger the better, but those arguments that "they can break anything so why bother" are counterproductive at best and suspicious at worst. -TD
Thus spake Tyler Durden (camera_lumina@hotmail.com) [11/04/06 22:03]: : That being the case, then using ANY crypto for popular apps is better than : (and not equal to) nothing. Half-assed crypto is not necessarily better than no crypto. Let's say that the crypto in Skype turns out to be a load of bunk (hey, it could happen). How many people won't find out? How many will continue to believe it's okay? How many people will be bitten? And, perhaps most importantly, how many people won't care? Easily broken crypto, that is not advertised as such, is arguably worse than no crypto: people do things under the illusion they're safe, when they aren't. Take WEP as an example of this: 'twould have been better to just not have it at all, and have people focus on using 'proper' technologies (IPSec, OpenVPN, etc.) than to include it and give people a false sense of security. : arguments that "they can break anything so why bother" are : counterproductive at best and suspicious at worst. And even if they /could/ break anything, it still takes time, right? Throw enough data their way, and they're suddenly unable to break everything.
On Tue, Apr 11, 2006 at 10:02:08AM -0700, Steve Schear wrote:
The moral of this story is: Use Stego in your P2P'd Porno if you want to send anything discretely.
The increasing use of crypto in popular P2P (e.g., Azureus' newest releases) is a godsend for privacy.
VPNs are now pretty vanilla, too. I tend to wrap most things into VPNs, even things which already use crypto. Well, yeah, they can read this letter just fine by packet timing (given that I ssh into a vserver) -- assuming the link is not idle. -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
On 2006-04-12T09:12:59+0200, Eugen Leitl wrote:
On Tue, Apr 11, 2006 at 10:02:08AM -0700, Steve Schear wrote:
The moral of this story is: Use Stego in your P2P'd Porno if you want to send anything discretely.
The increasing use of crypto in popular P2P (e.g., Azureus' newest releases) is a godsend for privacy.
VPNs are now pretty vanilla, too. I tend to wrap most things into VPNs, even things which already use crypto. Well, yeah, they can read this letter just fine by packet timing (given that I ssh into a vserver) -- assuming the link is not idle.
Why can't they wait a few minutes to read your posts from their in-house cypherpunks feed? -- The six phases of a project: I. Enthusiasm. IV. Search for the Guilty. II. Disillusionment. V. Punishment of the Innocent. III. Panic. VI. Praise & Honor for the Nonparticipants.
On Wed, Apr 12, 2006 at 11:05:04AM +0000, Justin wrote:
VPNs are now pretty vanilla, too. I tend to wrap most things into VPNs, even things which already use crypto. Well, yeah, they can read this letter just fine by packet timing (given that I ssh into a vserver) -- assuming the link is not idle.
Why can't they wait a few minutes to read your posts from their in-house cypherpunks feed?
You are flattering yourself. This list is not all that interesting. Even less so, since the usual suspects have moved on (to bigger and better things, I hope). But picking off things off ssh sessions based on a typing timing model is something quite easy, so I wouldn't be surprised if it happens on a large scale. Btw, in an unrelated vein there are distinct trends in capabilities in Riddle Palace/Body of Secrets, which can be extrapolated to today. -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
On 4/11/06, Tyler Durden
... Interestingly, I'd bet we can guess as to how much gets pulled back and how much gets dropped at the POP, but it would take some work.
this would be a fun exercise. i wonder how much dark fiber is truly "dark" these days...
Another point that was made years ago on Cypherpunks is that the presence of crypto "where it doesn't belong" is probably a very high risk indicator. In other words, if your sender IP isn't some bank or big company and you're using crypto, they probably grab ALL of that and send it to high-cost processes.
a friend and i had a discussion on this very subject recently. if you don't mind the social network analysis but desire privacy of content, does it matter if your encrypted comms stand out assuming they can't break the cipher? strong anonymity against an NSA threat model is very difficult; sometimes privacy of content is sufficient. in any case, i'd like to see encryption become the norm for even trivial communications. like the Azureus enhancements Steve mentioned this can be done in a simple and intuitive manner - it will just take a lot of effort...
in any case, i'd like to see encryption become the norm for even trivial communications. like the Azureus enhancements Steve mentioned this can be done in a simple and intuitive manner - it will just take a lot of effort...
Absolutely. This was another idea we kicked around on Cypherpunks briefly...like spreading some kind of virus that will encrypt P2P traffic. Of course, many people won't even notice the virus is there, which is cool.
On Tue, Apr 11, 2006 at 09:37:15PM -0400, Tyler Durden wrote:
in any case, i'd like to see encryption become the norm for even trivial communications. like the Azureus enhancements Steve mentioned this can be done in a simple and intuitive manner - it will just take a lot of effort...
Absolutely. This was another idea we kicked around on Cypherpunks briefly...like spreading some kind of virus that will encrypt P2P traffic. Of course, many people won't even notice the virus is there, which is cool.
An interesting way to increase background encrypted traffic and bypassing NAT tunneling braindeadness is to package the crypto inside the consumer router brick. I've just reflashed a couple Linksys WRT54GS with OpenWRT, and OpenVPN and Tor are in the standard package depository (there are many others, including Asterisk). The hardware is so cheap that you could easily distribute preflashed routers to end users as authentication token and part of a darknet-like product. Some of the Linksys even have crypto accelerators (largely 3DES, I think). I'm not sure how much this is supported already. -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
On 4/12/06, Eugen Leitl
... An interesting way to increase background encrypted traffic and bypassing NAT tunneling braindeadness is to package the crypto inside the consumer router brick.
I've just reflashed a couple Linksys WRT54GS with OpenWRT, and OpenVPN and Tor are in the standard package depository (there are many others, including Asterisk). The hardware is so cheap that you could easily distribute preflashed routers to end users as authentication token and part of a darknet-like product.
this is an excellent idea. i've played with the old WRT54G's a little bit and it is certainly an amenable piece of equipment for this kind of tweaking. i've had problems trying to get too much on a single unit as the flash space restrictions are tight but there is still enough space to support a decent set of services (like openvpn and tor as you mention).
Some of the Linksys even have crypto accelerators (largely 3DES, I think). I'm not sure how much this is supported already.
this is the only other trouble i've had with them: the crypto bits tend to get sluggish, esp. when negotiating EDH or generating keys. (fortunately this isn't needed all too frequently) i haven't looked at the GS but if they support WPA2 they should also support AES; it would be nice if this AES engine could be used for general offload in addition to WPA2 traffic :) i'm going to have to get one to tinker with...
a friend and i had a discussion on this very subject recently. if you don't mind the social network analysis but desire privacy of content, does it matter if your encrypted comms stand out assuming they can't break the cipher?
Depends. If you're planning on knocking over the Empire State building then even if they can't crack your code (in a reasonable amount of time) they still have sender/receiver IP as well as a host of other information. Come to think of it, isn't the encryption length itself unencoded in the header? Even if not, if your message falls into a high enough risk bucket to merit an all-out assault, if your message doesn't yield then after a certain point they'll start realizing that you probably cooked your own and did it very well. In THAT case they probably start thinking about sending a blackbag operation into your neighborhood. -TD
participants (7)
-
Bill Stewart -
coderman -
Damian Gerow -
Eugen Leitl -
Justin -
Steve Schear -
Tyler Durden