Slashdot Mirror
FBI Wants to Tap The Net
Majik was among the stream sof people submitting this story about the FBI wanting to
tap the net. Makes carnivore look like a baby monitor since this tracks all packets, and would be placed at key locations on the net.
← Back to Stories (view on slashdot.org)
You know that's what they're after. Hoover left a more lasting legacy than we know...
I'm going to put the words anthrax, get the bomb, allah, and kill them all in every fucking packet. Let's see em sort through 800000 terabytes of crap a day.
Wouldn't this degrade the performance of the Internet in general? Tapping the 'net also has a few more drawbacks. It only examines packets enroute. That would tend to catch people doing legitimate things more than it would catch criminals. Meaning, they could see you sending and receiving traffic from some server that could possibly have illegal things on it (which is what? 90% of servers) and then swoop down and bust you for aiding a criminal or something stupid.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
Whoa, this is getting confusing!!! What happens if an FBI agent uses a Windows machine running some packet-catching/sniffing program to "tap the 'Net"? Wouldn't this be a crime since they'd be using a terrorist-harboring operating system (see last Slashdot article) to search for terrorists? Uggghhh...
If you celebrate Xmas, befriend me (538
The next thing you know, they'll want control of all major routers; It's just one more step to bring the Internet under US control. Welp folks, it's time we built our own network...
Wooden armaments to battle your imaginary foes!
It's pretty clear that everyone is going to scream about how horrible this is for privacy. Granted, it will be frightening in its approximation of of Orwell's Big Brother but don't overlook that this will slow internet traffic down considerably. Imagine peeking in on every packet sent! Further, to accomodate this I have a feeling the cost will be passed down to you and I--the taxpaying public. I see farms of servers collecting and storing data, offices filled with high-paid IT staff and IT forensic specialists. So, to recap: bad for privacy, slows down the net, and we'll pay for the privilege of being spied on. I'll have say this isn't in our best interest...
Of course we torture people, we need the information --Gen. Pinochet
And make this unfeasable for real production use.
Breaking 2048 bit DH compression on one packet or transmission is feasible, given time and a (very) powerful computer.
If the FBI were to have to crack even 2-5% of the billions of packets that went through their system, however, it would make this system completely unworkable.
Use PGP or GPG. Sign your messages. Let other people know that you prefer messages sent to you in encrypted formats. Surf and download from sites who use SSL. It's not that hard, and once you get in the habit of encrypting data, you'll feel safer and more secure.
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
NSA does not spy/eavesdrop on US citizens.
Read their charter; i'm pretty sure it's not classified. When I was a contractor at Ft Meade, I wrote a lot of extra code to specificially make sure of things like this for my project. I can't speak of the FBI, CIA, or DIA however...so draw your own conclusions people. Things may have changed in the last year, but as of a few years ago this was a top priority for each project I was on. If someone can convince me I'm wrong (project names, people, etc, not random web links), I'd love to know about it as I still talk to many friends at the agency (about unclassified things of course).
there are no stupid questions, but there are a lot of inquisitive idiots
So what? People have had the ability to listen in on network communications since the dawn of time (well, the dawn of networking, anyway :) If you have to transmit any sensitive or private information, encrypt it! Maybe this will finally get people to get off their asses and start using PGP/GPG like they should anyway.
Carnivore *IS* a baby monitor. Just be glad there aren't video cameras all over the place like in London, that'll give you the Orwellian feeling you've been craving.
It shouldn't really be that shocking that a device like Carnivor exists, is used, and has analogs in other jurisdictions as well. The Canadian RCMP have something like that. They don't have an equivalent to Echelon, but then again Canadians are passive and wouldn't dream of plotting to overturn our ineffective government. No need to spend money on that, might as well setup more social assistance programs to help "refugees" setup a few more terror cells.
perl -e 'print $i=pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'
One major problem exposed by this idea is that the Internet will suddenly have a single point of failure (and slowness) where all of the packets have to go through. Do you like your Internet slow and vulnerable?
It's a paraphrase of Ben Franklin and the original quote was:
:)
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
For some reason this quote keeps coming up a lot lately. I wonder why
This sig has been temporarily disconnected or is no longer in service
I know everyone is going to whine and complain... and I'll probably get mod'd down for trolling, but here it goes...
I run a webserver (as a business) and have run shell servers in the past. I don't think ANY of these people who have been on the receiving end of a 2 day DDoS attack. Now, if such a system would be put into place, there would be other advantages than just searching for "key words" in text. It would most likely be a enterprise integrated intrusion detection system used to find and stop DDoS attacks and the such. If these systems could use formulas to determine a DDoS and black hole routes before it can cause thousands of dollars of damage to an ISP, then it would save LOTS of money!
At one provider, I was received a bill of a few grand of bandwidth charges when my shell box was hit with a DDoS for several hours... image what it would cost Yahoo! and such sites in lost revenue.
Also, the FBI isn't interested in your e-mail. Sure, it would allow them to look at it but it's no different than being able to tap your phone now. So what's the difference between tapping your phone and tapping your internet connection? Nothing. There is no difference. They'll need a wire-tapping order to do it, still.. And yes, someone will respond "but they won't need one to do this!" and you're right... they also don't need one to tap your phone, but it's illegal without it. Hence, we would be protected under the same laws as the current wiretapping law.
After the FBI comes knocking at my door asking me why I always play T.
Somewhere, something incredible is waiting to be known. -- Carl Sagan
Yes, but don't forget that IPSec can be used with IPv4 which we all use now. IPSec is normally used for virtual private networks, but there's no particular reason you couldn't extend it to other services. It's not so useful for any-to-any communication (it assumes PKI availability) but perhaps this will change as users get more paranoid.
sulli
RTFJ.
Without the ability to act private and say what we want, the corporate interests controlling the congress will enact more and more bad law, creating a behavioral minefield in our land of freedom.
Does a citizen have a right to hold a private conversation?
Perhaps the FBI can use its packet sniffing capability to identify pockets of resistance to the DMCA. Black helicopter forces can be dispatched to deal with said resistance.
Or, much scarier, they just might pass additional laws that make it illegal to conspire to defeat the DMCA. The packet sniffer will detect your illegal motions, even inside the room.
Distributed collection, perhaps distributed storage and forwarding of data over (possibly) private network. Collectors targeted to IPs under suspicion. All these means is more efficient data intercept orders with the sniffers already deployed. This would cost a helluva lot of money that should be spent on education or given back to the tax payers. Boxes that do this stuff aren't cheap.
Port mirroring or silimar tactics would be used to send copies of data to the collectors. Another big question raised by this is will these collectors be accessibly on public address space? How will they be secured? When (not "will") they become targets for crackers, info-terrorists, and hostile foreign governments?
perl -e 'print $i=pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'
Ah, but, unfortunately, we are not fully at 1984 yet. That is why some friends and I have formed the Students for an Orwellian Society (SOS). Because 2001 is 17 years too late.
Why does everyone here get all worked up about the governement watching us if they truely have nothing to hide?
You've got it backwards. The question should be:
Why is the government all worked up about watching us if we're not criminals?
Fascism starts when the efficiency of the government becomes more important than the rights of the people.
Doesn't this seem to imply a radical change to the architecture of the net? How far has the internet gotten away from its original ability to route around damage because there weren't any single locations that all packets had to travel through in order to get to their destinations? Isn't that what the FBI wants to do -- remove that ability to bypass damage so that all packets have to go through a few choice locations they regulate? And doesn't that imply that a very few terrorist acts against these traffic monitors could bring down the entire Internet?
Just curious...
The difference is that NSA is an intelligence organization, not a law enforcement organization.
That is, NSA doesn't care about who you slept with last night, your tastes in g0at-pr0n, whether you may or may not have indulged in recreational pharmaceuticals in your misspent youth, how many MP3z and warez you download, or whether you traffic in copy control circumvention devices. Even if you assume (incorrectly) that they want to spy on US citizens, keeping track of jaywalkers is not their mandate, and they're busy enough with the stuff that is their mandate.
It is, however, entirely within the FBI's mandate, as enforcers of the law, to "sweat the small stuff". Today, they hunt terrorists with guns, when they're gone, they'll scour the database to find the terrorists with drugs, and next year, they'll start earning their keep by nailing the copyright terrorists.
Spooks have better things to do with their time. Cops don't.
It's unthinkable that terrorists would dare to target such a potent symbol of US power and authority.
No... wait... that was before September 11th.
This proposal is vile and ahborent in moral, technical and security terms. Three for three.
If you were blocking sigs, you wouldn't have to read this.
I can totally believe that the FBI would love to do this, given the chance. I just need a little more evidence before I am to go around saying that they *are* doing it.
I can just see it now. Start sniffing on an ATM backbone and analyze those packets 48 bytes at a time. You go G-man!
ELINT has its uses but some perspective is needed here.
I don't want knowledge. I want certainty. - Law, David Bowie
Scene: Windowless van parked next to the sidewalk under a streetlamp. Two slightly overweight first-year FBI agents sit in the van splitting a box of Crunch-n-Munch. The air smells like two slightly overweight first-year FBI agents eating Crunch-n-Munch.
Agent 1:"Turn on your monitor. The sniffer is receiving something."
Agent 2 wipes the crumbs off his hands against the leg of his jeans and flicks the switch on his flatscreen.
Agent 2:"It's coming in. It says: 'ALL...YOUR...BASE...ARE...BELONG...TO...US...' What the fuck does that mean?"
Agent 1:"I don't know, but add it to the MOVE ZIG and FOR GREAT JUSTICE files. I think we're onto something.
Meanwhile, down the street, a ten-year-old geek chortles and crawls under the covers.
Why do users with IDs under 100,000 or over 700,000 usually have the most worthwhile comments?
When you take a position in an elected, appointed, or law enforcement position with the government, you make a sworn oath to uphold and protect the Constitution.
The FBI agents and elected officials supporting them who are planning on implementing this overt violation of the IV Amendment of the Constitution either:
a. Didn't understand the oath they took. Which makes them very stupid, and are therefore unfit for their position.
or
b. Are knowingly violating their oath. Which makes the dishonest, and are therefore unfit for their position.
I leave it to you to decide which one applies.
-- Will program for bandwidth
After a while, these people will be rounded up and questioned, intimidated and possible detained. And if the current set of laws that just passed gets any worse, then you might even get jailed without due process, and incarcerated for life based on these information retrieval practices. Sound ominous so far? It should. This stuff is right in line with Nazi Germany too. Lets just hope they don't start lining us all up and shooting us because we are "terrorists, hackers, druggies", etc. Never forget that it was Orrin Hatch who called for the Death Penalty for anyone caught using drugs.
www.enthea.org
It really is. I'm not joking.
Law enforcement can now 'dictate' to data communication providers what types of functions their service MUST incoproate, in order to comply with the needs of law enforcement.
How does this NOT equate to the government telling you how to run your business?
Conclusion obvious: Because it's plainly obvious that this will not locate terrorists, the logical conclusion is that finding terrorists is not why they want to implement this.
It works on immature crackers, so why not apply it to the FBI as well?
There's no real way to catalogue every packet on the internet this without some sort of computerized searching technology. They may even call it 'AI', but what it will boil down to is an application looks for suspicious strings to flag for human eyes.
Therefore, it would be very possible to fool and overtax any kind of system like this by building a new kind of honeypot-style server.
Some Ideas:
Have this server connect to different IRC nodes bot style and create suspicious sounding chanels like '#BombUSA' or something similiar. Have it talk to itself Eliza style through IRC, but with terrorist keywords like 'Anthrax', 'Jihad', 'Hijack', etc... You could also substitute keywords for other kinds of illegal activity. Drugs, Pr0n, and other illegal/questionable vices all have keywords which would raise any LEO's eyebrows.
If two servers happen to meet on a chanel like this, they can exchange POP email addresses and start sending smtp packets to eachother with the same kind of information. Maybe throw in a few uuencoded attachments of the Osama and Bert poster.
One last thing. Have each server that does this engage in plaintext dialogue 4/5ths fo the time, and then, psuedo-random bitstreams the rest to simulate encryption. If/when they do try to crack those streams, it will use up their resources so that they can't as effectively be used against individuals who do have valid reasons to use crypto.
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
- by default apache should use https instead of http
- fork the email protocol so it *only* uses PGP/GPG and retrieves the public key of the recipient
- telnetd and ftpd should be removed from all open source distros
Perhaps LUG's could even offer certificate signing. I really would like to have an parallel email protocol that only allowed signed and encrypted emails.This thing is going to track what?
I give it a week before the packets flood the data storage and crash the spying hardware.
I give it a day before it starts loosing data to keep up.
I give it an hour before someone figures how to bypass it
I give it 15 seconds before somebody finds a way to trigger a national alert that there are terrorists at a former employers location.
I give it a month before Microsoft realises the Windows in testing is crashing due to packet moddifications by FBI due to a minnor defect in FBI software. Blame the FBI Os.. retract when they discover it's Win 2K.. and clame the problem is still there when the FBI fixes it by switching to BSD... (Thought I was gona say Linux didn't ya?)
I don't actually exist.
Comment removed based on user account deletion
of the Internet Architecture Board on enabling wiretapping
RFC2804
So now we have the group that defines internet standards saying that requirements to implement wiretapping should not be included in protocol design discussions. That does not mean that the FBI couldn't put a BIG HONKING device in a couple of places on the internet and globally adjust all routing tables so that packets went to it... but then there is something about too much information hidding the data
Use IPsec for security, maybe over an L2TP tunnel if NATs are involved. Then they can only map connections on the IP layer...
LedgerSMB: Open source Accounting/ERP
I am reminded of the NSA's escapade with taping the single fiberoptic line under the atlantic (one line tapped, of several in place). The flood of information was too much for them to do ANYTHING with.
For the FBI to pull this off, they would certainly need quantum computers... And what of speling myst-aches? This requires more computing power... Even Caeser cyphers become effective means of defeating these because of computational limits...
LedgerSMB: Open source Accounting/ERP
I disagree.
Torture takes effort - an FBI permitted to use torture would be physically unable to use it in the violation of the civil liberties of 300,000,000 Americans, simply because it'd take too long to work their way through the population, even if every FBI agent went berzerk and started torturing everyone they met for the sheer hell of it.
Passive electronic monitoring doesn't take effort - every citizen's right to be secure against unreasonable search and seizure is violated the instant they flip the switch on the Mother Of All Carnivores.
Put another way - there's a reason why people get dozens of spams per day (sometimes per hour), while still only getting three or four telemarketing calls per week.
Detainee: But i didn't do anything wrong.
FBI Agent: Acording to the data from our tracking systems, your toilet paper consumption rates, the number of gardening books you buy per year and the number of bad jokes about CmdrTaco that you post on Slashdot per week match those in our profile for "Higly Dangerous - Possible Megalomaniac Persons". To prevent any crimes from your part we are hereby detaining you for psychiatric treatment.