|
Korean Job Discussion Forums
"The Internet's Meeting Place for ESL/EFL Teachers from Around the World!"
|
| View previous topic :: View next topic |
| Author |
Message |
igotthisguitar
Joined: 08 Apr 2003
Location: South Korea (Permanent Vacation)
|
 Posted: Sat Jul 01, 2006 11:32 pm Post subject: The Newbie's Guide to Detecting the NSA |
 |
|
The Newbie's Guide to Detecting the NSA
It's not surprising that an expert hired by EFF should produce an analysis that supports the group's case against AT&T. But last week's public court filing of a redacted statement by J. Scott Marcus is still worth reading for the obvious expertise of its author, and the cunning insights he draws from the AT&T spy documents.
An internet pioneer and former FCC advisor who held a Top Secret security clearance, Marcus applies a Sherlock Holmes level of reasoning to his dissection of the evidence in the case: 120-pages of AT&T manuals that EFF filed under seal, and whistleblower Mark Klein's observations inside the company's San Francisco switching center.
If you've been following Wired News' coverage of the EFF case, you won't find many new hard revelations in Marcus' analysis -- at least, not in the censored version made public. But he connects the dots to draw some interesting conclusions:
The AT&T documents are authentic. That AT&T insists they remain under seal is evidence enough of this, but Marcus points out that the writing style is pure Bell System, with the "meticulous attention to detail that is typical of AT&T operations."
There may be dozens of surveillance rooms in AT&T offices around the country. Among other things, Marcus finds that portions of the documents are written to cover a number of different equipment rack configurations, "consistent with a deployment to 15 to 20" secret rooms.
The internet surveillance program covers domestic traffic, not just international traffic. Marcus notes that the AT&T spy rooms are "in far more locations than would be required to catch the majority of international traffic"; the configuration in the San Francisco office promiscuously sends all data into the secret room; and there's no reliable way an analysis could infer a user's physical location from their IP address. This, of course, directly contradicts President Bush's description of the "Terrorist" Surveillance Program.
The system is capable of looking at content, not just addresses. The configuration described in the Klein documents -- presumably the Narus software in particular -- "exists primarily to conduct sophisticated rule-based analysis of content", Marcus concludes.
My bullet points don't come close to conveying the painstaking reasoning he lays out to back each of his conclusions.
Perhaps the most interesting -- and, in retrospect, obvious -- point Marcus makes is that AT&T customers aren't the only ones apparently being tapped. "Transit" traffic originating with one ISP and destined for another is also being sniffed if it crosses AT&T's network. Ironically, because the taps are installed at the point at which that network connects to the rest of the world, the safest web surfers are AT&T subscribers visiting websites hosted on AT&T's network. Their traffic doesn't pass through the splitters.
With that in mind, here's the 27B Stroke 6 guide to detecting if your traffic is being funneled into the secret room on San Francisco's Folsom street.
If you're a Windows user, fire up an MS-DOS command prompt. Now type tracert followed by the domain name of the website, e-mail host, VoIP switch, or whatever destination you're interested in. Watch as the program spits out your route, line by line.
http://blog.wired.com/27BStroke6/index.blog?entry_id=1510938 |
|
| Back to top |
|
 |
ChopChaeJoe
Joined: 05 Mar 2006
Location: Seoul
|
| Posted: Tue Jul 04, 2006 4:39 am Post subject: |
|
|
Project codename Clipper is undetectable by traceroute, and that is about ten years old already.
if they want the info, they'll get it. Don't do foolish things on the net. get yo shhhite and get off. |
|
| Back to top |
|
|
dbee
Joined: 29 Dec 2004
Location: korea
|
| Posted: Tue Jul 04, 2006 6:43 am Post subject: |
|
|
| Quote: |
Project codename Clipper is undetectable by traceroute, and that is about ten years old already.
if they want the info, they'll get it. Don't do foolish things on the net. get yo shhhite and get off.
|
... traceroute isn't in anyway meant to be some kind of security program. It basically just asks the all the routers between your computer and the computer to which you are connecting, to send back their names and addresses. If you run one of those routers, you can just tell your router not to return any info for a traceroute. It really isn't very difficult, many won't return info by default...
I find it funny how few people that use the internet on a daily basis don't use any encryption whatsoever to mask their messages. The NSA still can't beat a well encrypted message (>512bit key) on the wire. To do that would take a HUGE amount of processing power ... well beyond even the NSA's ability. Unless of course they've found a key to factoring primes. Chances are that they haven't, since then they'd probably be using other forms of encryption themselves.
The NSA have a history of bullying corporations into shipping weak, broken encryption schemes like DES. And also arresting and imprisoning authors of open source, safe encryption schemes like PGP. The upshot of this is that people who need to keep their communications safe from the prying eyes of the NSA and the echeleon program ( such as drug dealers, large corporations, foreign governments, terrorist organizations ) can do so with ease, simply by employing the cryptologists and security experts that can implement safe encryption schemes.
Meanwhile for your average joe blogs, the chances of having your email read and personal privacy invaded by others, rises exponentially because the guys who write your emailing application are too scared to put any kind of encryption in it which might lead to the NSA having trouble breaking it... |
|
| Back to top |
|
|
ChopChaeJoe
Joined: 05 Mar 2006
Location: Seoul
|
| Posted: Wed Jul 05, 2006 4:31 am Post subject: |
|
|
| dbee wrote: |
... traceroute isn't in anyway meant to be some kind of security program. It basically just asks the all the routers between your computer and the computer to which you are connecting, to send back their names and addresses. If you run one of those routers, you can just tell your router not to return any info for a traceroute. It really isn't very difficult, many won't return info by default...
I find it funny how few people that use the internet on a daily basis don't use any encryption whatsoever to mask their messages. The NSA still can't beat a well encrypted message (>512bit key) on the wire. To do that would take a HUGE amount of processing power ... well beyond even the NSA's ability. Unless of course they've found a key to factoring primes. Chances are that they haven't, since then they'd probably be using other forms of encryption themselves.
The NSA have a history of bullying corporations into shipping weak, broken encryption schemes like DES. And also arresting and imprisoning authors of open source, safe encryption schemes like PGP. The upshot of this is that people who need to keep their communications safe from the prying eyes of the NSA and the echeleon program ( such as drug dealers, large corporations, foreign governments, terrorist organizations ) can do so with ease, simply by employing the cryptologists and security experts that can implement safe encryption schemes.
Meanwhile for your average joe blogs, the chances of having your email read and personal privacy invaded by others, rises exponentially because the guys who write your emailing application are too scared to put any kind of encryption in it which might lead to the NSA having trouble breaking it... |
Why would the NSA have any interest in my email? They don't. And if they did, they'd be bored silly. But I'd like any information you have about the NSA arresting and/or imprisoning encryption software creators. that sounds like bad fiction to me. |
|
| Back to top |
|
|
dbee
Joined: 29 Dec 2004
Location: korea
|
| Posted: Thu Jul 06, 2006 5:53 pm Post subject: |
|
|
The US government using spy networks for economic espionage...
| Quote: |
... when the Cold War ended, this under-employed intelligence apparatus was put to use for economic gain. "There's no safeguards, no remedies, " he said. "There's nowhere you can go to say that they've been snooping on your international communications. It is a totally lawless world." The journalist, who has spent much of his life investigating Echelon, has offered two alleged instances of US snooping in the 1990s, which he says followed the newly-elected Clinton administration's policy of "aggressive advocacy" for US firms bidding for foreign contracts. The first came from a Baltimore Sun report which said the European consortium Airbus lost a $6bn contract with Saudi Arabia after NSA found Airbus officials were offering kickbacks to a Saudi official. The paper said the agency "lifted all the faxes and phone-calls between Airbus, the Saudi national airline and the Saudi Government" to gain this information. Mr Campbell also alleges that the US firm Raytheon used information picked up from NSA snooping to secure a $1.4bn contract to supply a radar system to Brazil instead of France's Thomson-CSF.
|
http://en.wikipedia.org/wiki/ECHELON
... the EU subsequently offered it's own encryption scheme to European businesses, which keep their communications safe from prying eyes.
DES, the IBM encryption standard used by businesses and banks the world over ...
| Quote: |
, the proposed DES was published in the Federal Register. Public comments were requested, and in the following year two open workshops were held to discuss the proposed standard. There was some criticism from various parties, including from public-key cryptography pioneers Martin Hellman and Whitfield Diffie, citing a shortened key length and the mysterious "S-boxes" as evidence of improper interference from the NSA. The suspicion was that the algorithm had been covertly weakened by the intelligence agency so that they � but no-one else � could easily read encrypted messages. Alan Konheim (one of the designers of DES) commented, "We sent the S-boxes off to Washington. They came back and were all different." The United States Senate Select Committee on Intelligence reviewed the NSA's actions to determine whether there had been any improper involvement.
----------
The other criticism�that the key length was too short�was supported by the fact that the reason given by the NSA for reducing the key length from 64 bits to 56 was that the other 8 bits could serve as parity bits, which seemed somewhat specious. It is widely believed that NSA's decision was motivated by the possibility that they would be able to brute force attack a 56 bit key several years before the rest of the world would.
|
http://en.wikipedia.org/wiki/Data_Encryption_Standard
| Quote: |
Pretty Good Privacy (PGP) is a computer program which provides cryptographic privacy and authentication. The first released version of PGP, by designer and developer Phil Zimmermann, became available in 1991. Subsequent versions have been developed by Zimmermann and others.
--------------------
Shortly after its release, PGP found its way outside the US, and in February 1993 Zimmermann became the formal target of a criminal investigation by the US Government for "munitions export without a license". Cryptosystems using keys larger than 40 bits were then considered munitions within the definition of the US export regulations; PGP has never used keys smaller than 128 bits so it qualified at that time. Penalties for violation, if found guilty, were substantial.
|
http://en.wikipedia.org/wiki/PGP
[/quote] |
|
| Back to top |
|
|
ChopChaeJoe
Joined: 05 Mar 2006
Location: Seoul
|
| Posted: Fri Jul 07, 2006 6:09 am Post subject: |
|
|
Okay. But I'll ask again, why would the NSA care what s in my email?
And when has the NSA ever arrested anyone for developing encryption software? Phil Zimmerman is a very rich man today, I believe. |
|
| Back to top |
|
|
dbee
Joined: 29 Dec 2004
Location: korea
|
| Posted: Fri Jul 07, 2006 10:19 am Post subject: |
|
|
| Quote: |
Okay. But I'll ask again, why would the NSA care what s in my email?
|
... first of all, privacy isn't a privilege, it's a basic human right. The US government is no more or less moral than the rest of us. They are normal people, easily corrupted by temptation. Power corrupts, absolute power corrupts absolutely. This reminds me of the old saying from Nazi Germany, to paraphrase ...
| Quote: |
... when they came to take the pacifists, I didn't protest because I wasn't a pacifist. When they came to take the disabled, I didn't protest because I wasn't disabled. When they came to take the dissenters, I didn't protest because I wasn't a dissenter. When they came to take me, there was no-one left to stand up for me ...
|
Basically your point of view here ChopChaeJoe is akin to taking a piss all over the constitution of the United States. A document that wasn't drafted with protection against foreign enemies in mind, but rather a document whose raison d'etre was to protect citizens against their own tyrannical governments.... the signees of the Declaration of Independence are probably turning in their graves with the apathy and disdain which the American people now hold their own Bill of Rights and Constitution... |
|
| Back to top |
|
|
ChopChaeJoe
Joined: 05 Mar 2006
Location: Seoul
|
| Posted: Fri Jul 07, 2006 12:25 pm Post subject: |
|
|
[quote="dbee] Basically your point of view here ChopChaeJoe is akin to taking a piss all over the constitution of the United States. A document that wasn't drafted with protection against foreign enemies in mind, but rather a document whose raison d'etre was to protect citizens against their own tyrannical governments.... the signees of the Declaration of Independence are probably turning in their graves with the apathy and disdain which the American people now hold their own Bill of Rights and Constitution...[/quote]
My point of view has nothing to do with what you're saying it does. You claimed that the NSA had a history of arresting and imprisioning people that make encryption software. I asked you to provide me with information about that and you couldn't, because it never happened. You mentioned one case of a programmer who was never arrested, not even indicted. And that case brought a ton of free publicity to the guy, who is rich today.
As to encyrpting my my email -- I'd say that is as important as sending letters through the mail in secret code. If you're really worried about someone reading it, go ahead and do it. If you aren't, don't bother. |
|
| Back to top |
|
|
dbee
Joined: 29 Dec 2004
Location: korea
|
| Posted: Fri Jul 07, 2006 7:39 pm Post subject: |
|
|
| Quote: |
Why would the NSA have any interest in my email? They don't. And if they did, they'd be bored silly.
|
.. your response to the article indicated that since you didn't believe that you were doing anything 'wrong', you didn't care one way or the other whether the NSA read you emails or not. As far as I'm aware, Americans swear an oath to uphold and defend their own constitution, in their pledge of allegiance. Defending the constitution IMO requires that you take your rights seriously and take your government to task for violating them.
| Quote: |
You claimed that the NSA had a history of arresting and imprisioning people that make encryption software. I asked you to provide me with information about that and you couldn't, because it never happened. You mentioned one case of a programmer who was never arrested, not even indicted.
|
You're right, that statement was erroneous. To the best of my knowledge, the NSA is involved exclusively with code breaks and cyrptoanalysis of foreign countries communications, as far as I'm aware - they don't have the powers to arrest anyone.
While the charges against Phil Zimmerman may have been dropped. I think being the target of a three year criminal investigation, is enough to deter any nerd from challenging the US government. Software authors have been imprisoned in the United States for creating programs which are considered conducive to committing copyright infringement ...
| Quote: |
Dmitry Sklyarov (Дмитрий Скляров) (born December 18, 1974) is a Russian computer programmer known for his 2001 run-in with American law enforcement over software copyright restrictions.
Sklyarov was a PhD student researching cryptanalysis and an employee of the Russian software company ElcomSoft, where he created The Advanced eBook Processor software, also known as AEBPR.
On July 16, 2001, after giving a presentation called "eBook's Security � Theory and Practice" at the DEF CON convention in Las Vegas, he was arrested by the FBI as he was about to return to Moscow and charged with distributing a product designed to circumvent copyright protection measures, under the terms of the Digital Millennium Copyright Act.
|
http://en.wikipedia.org/wiki/Dmitry_Skylarov
What I do claim though, and what I gave you examples of, is the NSA and the US governments attempts to use their power to bully their own citizens and to use national security operatus to provide info to their friends in big business on matters such as civilian contracts ... there are plenty such examples ...
| Quote: |
... an eavesdropping and data mining program carried out by the National Security Agency (NSA) that the administration now refers to as the Terrorist Surveillance Program. Under the program, the NSA conducts surveillance on international and domestic phone calls, without Foreign Intelligence Surveillance Act (FISA) court authorization, which the text of FISA defines as a felony.
|
http://en.wikipedia.org/wiki/NSA_warrantless_surveillance_controversy
... like I said earlier, it's your constitution. I don't really care one way or the other if America slides down the ****hole. |
|
| Back to top |
|
|
ChopChaeJoe
Joined: 05 Mar 2006
Location: Seoul
|
| Posted: Fri Jul 07, 2006 9:11 pm Post subject: |
|
|
| dbee wrote: |
.. your response to the article indicated that since you didn't believe that you were doing anything 'wrong', you didn't care one way or the other whether the NSA read you emails or not.
|
Wrong. I indicated that I do not worry if the NSA reads my emails. I very much find something wrong with it, if it is ,or was, true. I simply believe that they do not do it. That they may indeed is another matter altogether, deserving a much deeper analysis.
| dbee wrote: |
While the charges against Phil Zimmerman may have been dropped. I think being the target of a three year criminal investigation, is enough to deter any nerd from challenging the US government.
|
I think you seriously underestimate that particular community. Check out eff.org
As to the DMCA arrest: That is an entirely different matter, not directly involving encryption. The DMCA law is fundamentally flawed in many respects, chiefly being a contradiction with the first amendment. I think the act should just be ditched. Essentially, the act prohibits the excercise of "fair use" rights when a content provider places a technological barrier in the way of obtaining those rights.
The end result is to stifle competition and silence those who may have discovered security flaws in a piece of software. I am well awar of Mr. Sklyrov's plight and I have interviewed several computer experts and rights advocates (Including the famed Richard Stallman) for a scholarly treatment of that issue.
I think our differences lay mostly in tactics. You wish to engage people through causing fear and suspicion, whether or not that involves factual discrepencies. I instead wish to provide only facts, and let people decide for themselves. people get the government they deserve. people get the planet they deserve. If we are so foolish to bring about the destruction of our civil rights, our enviroment, our families and society, then we surely deserve what we get.
| dbee wrote: |
| I don't really care one way or the other if America slides down the ****hole. |
That's another difference between us. You may not, but I do. I simply won't violate my personal morals to prevent it. that's what got us into this mess in the first place. |
|
| Back to top |
|
|
dbee
Joined: 29 Dec 2004
Location: korea
|
| Posted: Sun Jul 09, 2006 2:09 am Post subject: |
|
|
| Quote: |
I think you seriously underestimate that particular community. Check out eff.org
|
... yes, the eff are definitely the good guys. But essentially they are lawyers, not lobbyists. They can hold back the tide for a while, but essentially once congress passes laws, which are becoming tighter and stricter. The eff and people like them, who challenge large coroporations and governments, will be essentially outflanked.
| Quote: |
I think our differences lay mostly in tactics. You wish to engage people through causing fear and suspicion, whether or not that involves factual discrepencies. I instead wish to provide only facts, and let people decide for themselves. people get the government they deserve. people get the planet they deserve.
|
... hmm ... I'll admit that my original post was a tad emotional and speculative (probably having something to do with the fact that it was posted in the wee hours of the morning after coming home from the pub  ).
As for causing fear and suspicion though, I guess that's subjectivly determined by how serious you feel that the incursions of the US government and others, into people's human rights are exactly.
I don't agree with your philosophy of providing people with cold, hard data ... and letting them decide for themselves - while it sounds reasonable, the reality of it is that most people either can't understand, or couldn't care less about these things which are going on around them. The US government doesn't provide cold, hard facts and let people decide for themselves. Rather, it makes huge assumptions and stimulates people's fears all the time, in order to obtain greater and more far reaching powers, while erroding people's civil liberties.
* Simply stating to a casual observer in passing that ... BTW the US government monitors all your emails and calls now. Your ISP is handing over your internet surfing habits without even being troubled for a supaena. Ditto for AT&T and the big communication firms. Also yahoo, google and all the portals hand over your data now without having to be asked twice.
* Lexus Nexis and other private companies maintain large databases with your purchasing habits, personal information, social security number, oh and also, all this information is available to be bought by retails and advertising. And did I happen to mention that this database gets hacked into at least once a year (that we know of) ? Also, all of your bank records and details are on file over at the FBI
... this probably isn't going to concern the vast majority of the population out there. Most of whom consider themselves model citizens and that the government will most likely overlook any minor offences and see them for what they are.
On the otherhand, providing a domesday description, will probably get you noticed alot more. But of course is open to accusations of being speculative and sensationalist. There is nothing about this scenario, which is in any way inplausible, yet I think that it demostrates clearly to people that having someone monitor all your communications, may not always be something that is healthy for the common good ...
... it'd be best not to make any large purchases or plan any holidays, because when the feds computers pick up your conversation on irc the other day about you wanting to kill your boss, then cross-reference that to the fact that with your credit card and bank details and find that you recently purchased a one-way ticket to South America, cancelled your subscription to sports illustrated and sent your hunting gun in to be cleaned. Then it's gonna throw up red flags with regards to you and your intentions. This will all be done automatically btw, the computer will be able to put these things together without human assistance. You might then find you and your closest friends being closely monitored by agents, or you maybe even unable to get on an airplane any time soon. Oh did I forget that they also mentioned that they know from your phone records that you're cheating on your wife, and between that and the warrentless search of your home where they found your weed stash. You are now in deep s**t and bascially you'll end up being put in a position where you have to sign any statement that they put in front of you. This isn't science fiction. First it'll happen to the so-called bad guys, then it'll start happening to everyone.
Remember, the US government propose domesday scenarios and sensationalist propaganda all the time in order to push their own agenda with the people. Is the latter scenario really all that unrealistic ?
| Quote: |
If we are so foolish to bring about the destruction of our civil rights, our enviroment, our families and society, then we surely deserve what we get.
|
Or, on the otherhand, those of you who are best informed and who understand what is happening at this early stage. Can stand up now and call the government out over this and other issues. Maybe your Bill of Rights and Constitution is something that's worth getting worked up over. Maybe presenting cold, hard facts to people who are disinterested, won't suffice on this occasion. And rather, it requires people to stand up and let their government know that they won't be steam-rolled by the military-industrial complex and the continuous-war philosophy into exchanging their civil liberties for 'freedom' ... ?
maybe it might all never happen ... there's a lot of maybes in there ...
Regardless of how you see it. I think it obvious that giving someone (anyone) that much infomation and that much control, is inherently unhealthy and against the greater good. Even if, like in the above scenario, the people with that info aren't abusing it. But rather trying to preempt crime and have the best intentions. Personally I don't feel that in this situation, there is any excuse for apathy. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
