Slashdot Mirror
CIA Researching Automated IRC Spying
Iphtashu Fitz writes "CNet News is reporting that the CIA has been quietly investing in research programs to automatically monitor Internet chat rooms. In a two year agreement with the National Science Foundation, CIA officials were involved with the selection of recipients for research grants to develop automated chat room monitors. Researchers at Rensselaer Polytechnic Institute received $157,673 from the CIA and NSF for their proposal of 'a system to be deployed in the background of any chat room as a silent listener for eavesdropping ... The proposed system could aid the intelligence community to discover hidden communities and communication patterns in chat rooms without human intervention.' How soon until all IM conversations are monitored by Big Brother? The abstract of the proposal is available on the NFS website."
Even if its able to spy on private chat rooms on major networks, they wont be able to spy on thoose who dont want to be spied on... Its relatively easy to set up your own IRC server, and control exactly who has axcess to it so the feds are left outside alone...
> Join: NotWithCIA [notspying@user128a85b.cia.gov]
<l33th4x0r> and i h4ck3d into the NSA and compiled gentoo on it
<l33th4x0r> it was awesome
<l33th4x0r> like a beowulf cluster of beowulf clusters
<myPPburns> how long did that take?
<l33th4x0r> like 2 days
<myPPburns> no, I mean compiling Gentoo
<l33th4x0r> yah, like 2 days
<myPPburns> who is that new guy? NotWthCIA?
<l33th4x0r> dunno, never seen him before
<myPPburns> cool nick tho
<myPPburns> I'm gonna go hack WoW l8r. make myself king orc!!!
<l33th4x0r> yah, im gonna go post a letter from osama on drudge
<l33th4x0r> watch the media fr33k out
> Quit: NotWthCIA (OSAMA DETECTED! ALERT! ALERT!)
Just avoid the rooms with the *CIA_Chanserv* bot running
/mode +b #haxxor *!*@*.cia.gov
eclecti.cc
I wonder if slashdot will be able to unmount them?
If you didn't have a reason to enable SSL on your IRCD or on your client, now sounds like a GREAT time to do so!
Where men are men,
Women are men,
13 year old girls are FBI agents,
and that guy who never says anything is a CIA bot.
Unknown host pong.
Does anyone know if theyre allowed to "spy" on foreign citizen? If i chat on an european server with fellow europeans i cant see any way that they should be allowed to "spy" on me?
So basically they received 150k to develop a logging bot? Not that it existed for the past 10 years... I sure hope their technology is more sophisticated than that. Even then, I don't think they'll get usefull info monitoring public chat rooms; its not like terrorists go to #terrorism to chat about their next plan.
Eureka Science News - automatically updated
The only reason the government gets technology like this developed is intelligent people will do anything for their degree or grant money. Until we all stand together and refuse to help Americans spy on other Americans or any one else in the world our rights will continue to slowly errode because of people like the researchers at Rensellaer. Really, they are the ones who need to be punished by ostracizing them from the scientific community and their neighborhoods to make it clear that any one who accepts tax dollars to further the goals of Big Brother are not welcome in our hearts or minds as comrades.
Posthuman since 2001.
* digid slaps CIA-bot around a bit with a large trout
Isn't that considered interstate wiretapping?
The last time I checked, federal law said you needed a warrant to do that.
> How soon until all IM conversations are monitored by Big Brother?
<musicfan> Hey, anyone got The Smiths - How Soon Is Now.mp *THUMPTHUMPTHUMP* "FEDERAL COPYRIGHT CZAR SQUAD! PUT DOWN THE HEADPHONES AND STEP AWAY FROM THE IPOD!"
*** Disconnected
I don't see how people can be upset about monitoring chatrooms, unless they were actually doing something questionable with that data. As most of IRC is a completely public network by design, there is no expectation of privacy. And it's also well-known that your IP address is exposed to all those on the server.
IM conversations are a different matter, though. There, the network is private, run by a company, and the expectation is that the conversations are private as well. It might very well be illegal for AOL (and other IM networks) to be monitoring individual IM sessions.
-3Suns
~~~~
The Revolution will be Slashdotted
They are just trying to find the best quotes and submit them to bash.org
"I am a kernel in the linux army"
Yeah, but you don't have physical control over the pipes between yor server and all your clients. How do you think your bits get sent back and forth? I just have to put an intercept between you and your clients to grab all the data I want.
This would be some sort of program that can sit on an ISP's trunks, and grab all traffic that looked like IRC traffic and dump it in a log. Since it is the CIA, (And they are in theory, the Intelligence 'Offense') it might be a small embedded hardware solution that has a built in microdrive. It would be very handy to have a CIA controled operative slip in to a NOC in a hostile country, snap it onto a trunk in an unobtrusice location and pick it up a month later.
American Tinfoil hat people, relax. The FBI is the group spying on you, not the CIA.
HA! I just wasted some of your bandwidth with a frivolous sig!
Anyone who thinks that the CIA doesn't already have systems to automatically monitor email, chatrooms etc - needs to read a bit more on intelligence technology. This would fall under "Echelon" anyhow.
The NSF might lack the tools, but I sincerely doubt that the CIA are developing these sorts of very basic tools. More likely, the NSF aren't given access or information on the extent of CIA information gathering.
Also, I imagine such a news article makes the public likely to believe that the technology isn't already in active use.
Si tacuisses philosophus mansisses. If you had kept quiet, you would have remained a philosopher.
The CIA is still being semi-passive here. It's shady seeming, but I think if you can join freely, they can as well.
This surpasses basic monitoring of clear text protocols like irc but it still doesn't have the ability to monitor where you must actually be a part of a community. If you use irc over SSL, you're in the clear from passive and undetectable monitoring. This obviously gets around that but it means that they will have some interesting people poking around with people who normally do the poking on networks.
The rand corp goes one step further and seeks to hire people to become members of groups by being an outright spy. Pretty interesting stuff. It was on cypherpunks a while back.
It should be assumed that if you don't use encryption, it can be monitored. If you use encryption (irc over ssl, silc, etc) in a broadcast medium (for an entire room), you should assume it's monitored also. It would just have to be monitored by an agent of some sort.
It's all about the threat model you're up against.
"Not my manner of thinking but the manner of thinking of others has been the source of my unhappiness." - M
It's easy to understand why I'm upset. You might understand the next time you pay your taxes. Remember that a fraction of your hard work is going to pay for your government to listen in on your conversations. Many people are making a living at it. I think they and my government have better uses for my money. I did not ask for it, I don't like it and I don't want to pay for it. it's also well-known that your IP address is exposed to all those on the server.
If you don't mind that kind of thing, perhaps I can interest you in a few personal services. For the low price of $50/hr, I'll log all of the communications from your "exposed" IP address, cull what I want, damage your reputation by questioning your peers if I note anything suspicious and even charge you with crimes if you happen to say the wrong thing. Most of the work will be automated but I take no responsibility for the information being stolen by insurance companies, employers and other organizations that have a direct impact on your quality of life. By freedom of information, I'll be sure to let people know that I'm investigating you but I'll tell them that I'm an official government agency, so they won't question my motives and will instead turn their suspicions onto you. Sound like a good deal?
Pay up!
Friends don't help friends install M$ junk.
All you really need is the servers at a few of the nodes to be running logging software, and it wouldn't even need to be running in the context of the IRC server - it'd just need to be tracking the inbound and outbound traffic. It wouldn't catch everything, but you'd get a fair amount of it and probably get enough to tell you what areas needed more examination.
Similarly, I assume that just about everything on Usenet is monitored and saved by at least a few agencies domestic and foreign, if not more. How much would Giganews charge for a full feed? That's not going to be a lot of use against one-way traffic, but discussions would almost certainly be trackable.
As with many things the information stream itself is relatively easy and inexpensive to get access to, but extracting good information out of it is likely to be harder. I wouldn't be surprised if a big chunk of the money they're giving out is related more to the analysis of that sort of information stream (and existing store) than to the simple acquisition of data.
fencepost
just a little off
The CIA should be operating in public spaces - there's little expectation of privacy in public. joeschmo can watch IRC traffic, so spy007.exe should be able, too. The control points on this activity lie at a slightly deeper level: we need a definition of "public" vs. "private" on the Internet that can work in courts and congresses as well as in compilers and chatrooms. And the CIA, or any organization (government, corporate, NGO or otherwise) must abide copyright constraints, which include right to copy personal info (including message traffic) for the express purpose in the license. In the case of the CIA, that means info that is read from public data must be either immediately discarded, for the purpose of separating data relevant to an operation from that which is not; or, if stored, it must be directly relevant to an operation. That further requires the CIA define the scopes of its operations sufficient for Congressional oversight to second-guess decisions of what data to retain.
;) will say that once the CIA is operating at all in this medium (it surely already is), the finer points of policy and law will be given mere lip service, and abuse will be the norm. Unfortunately, the CIA has Americans over a barrel: their legitimate service is essential, while their unaccountability is lethal, in the survival of our society. This issue doesn't change that dilemma, though it forces the issue - and ought to pressure exactly these kind of delineations. Since the current purges at the CIA seem likely to merely institutionalize the Iran/Contra CIA abuses to the exclusion of any legitimate control, we who understand these issues can at least understand their workable boundaries, and enforce them ourselves, for ourselves. Like comprehensive crypto for messaging, which defines an expectation of privacy, whether defensible from CIA codebreaking filters or not. It's all we've got, and will be harder for the CIA, or any other prying eyes, to casually violate, either on the Net or in a court.
Of course, cynics (like me
--
make install -not war
I personally welcome our CIA...you know, this is getting to be really old and boring. I say "F@CK the CIA Overlords" We're all moving to Canada!
Why doesn't anything interesting happen when I have mod points?
It's pretty easy to bypass. Get yourself a custom IRC client that logs into 3 or 8 or 100 servers at a time. Then your contact logs into the same servers and into randomly selected channels. You send a message which is scrambled up and is sent in pieces to each server. So say your message is "Let's meet at the tower at midnight." it would be split up on as many channels as you have servers connected on both sides. So say you are using three servers on each side, then only every third character would be sent, with an offset of which server it is:
So like channel #random19a9x on server 1 would get a message from you:
L'mtt w dh
and channel #random19a9x on server 2 would get:
ese BLAH BLAH etc
rinse and repeat for as many channels as you like. of course, while all this is happening, you could be continually logging off and on, changing nicks or channels or sending to other servers in a predefined fashion. Perhaps the control connection could be over a DCC connection while the actual secure messages travel thru the IRC never to be found again. (Outband signaling).
You could also combine this with email, SMS, web pages, etc to split the message up into as many channels and media as possible. And of course, you have to make the software client script driven so new scripts can be easily generated to stay ahead of any technology Big Brother could use to monitor it.
Possible problems are pretty obvious: everything originally comes from your IP so anything between you and the network can be compromised. It's really pretty safe to assume that the core routers are compromised as well. Well, this is not the case. The order could be randomized and the complexity of putting it back together grows in proportion with the number of channels.
The idea is to make it as much like chat as possible but not have any full packets of clear or encrypted text go out at once, preventing any easy way to view it. And the ability to change the patterns and behavior of the connecting and reconnecting would thwart anyone learning the way it works.
Cool! Amazing Toys.
Wanna get nasty? - DaNasty