FBI and Next-Gen P2P Monitoring

AHuxley writes "Can the FBI get funding to create a next-generation network monitoring and database system for P2P networks, web sites, and chat rooms? Could the FBI's Regional Information Sharing Systems (RISS) network be opened to more law enforcement agents across the USA? Will the tracking of p2p users via 'unique serial numbers' generated from a person's computer be expanded from its first use in late 2005? Is your p2p application or plug-in sending back your MAC address, firmware revision, manufacture date, GUID or other details?" Could this story submitter pose any more questions in his submission? Won't someone please think of the ... oh, never mind.

They're not slow...

[seramar]

It's not the people who are slow. Their comments are just tied up in the RISS awaiting gov approval.

Re:They're not slow...

[Prisoner's+Dilemma]

Or they're busy changing all the filenames of their P2P files.

Re:They're not slow...

[Alwin+Henseler]

It's not the people who are slow. Their comments are just tied up in the RISS awaiting gov approval. In that case, those gov. approval folks should outsource the work to far east, low-wage countries? I've heard they're cheap & good at it.

Dupe?

[mrvan]

Senator Proposes to Monitor All P2P Traffic for Illegal Files, it talks about the same plan by the same senator, and I don't see any new developments.

Seriously though, how difficult is it to use the slashdot search engine with the capitalized words in the title? third hit...

For child porn?

[MR.Mic]

Riiiight...

This is one hell of a slippery slope, my friends.

Re:For child porn?

[zappepcs]

Yes, and that whole show included numbers about how much the child porn industry is worth... WTF? If they already know how much it's worth, why do they need to monitor it even more?

I am seriously hoping that anonymous begins to get rather political toward November. It would just make me happy to see masked people picketing courthouses with signs that tell everyone how senator so-and-so can't count, or has close ties with felons, or whatever... just some signs showing the sins of those who would have our votes.

I think that is the only effective way to use a smear campaign, and I think that it should be done.

Re:For child porn?

[jamstar7]

This is one hell of a slippery slope, my friends.

Considering we're speeding toward the bottom at Warp 9, there's not a lot further to go. I'm thinking, we all might as well line up at the prisons now and serve our time for whatever the government decides is a crime tomorrow and get it over with.

And whoever is doing the monitoring

[hansraj]

will wonder why all the files have Joe Biden in the filename.

Re:And whoever is doing the monitoring

[johndmann]

No one will be doing the monitoring, it will all be filtered using keywords, byte patterns, and so on - much like Echelon.

Who cares?

[RiotingPacifist]

Is your p2p application or plug in sending back your MAC address, firmware revision, manufacture date, GUID or other details?

apt-get install macchanger
sudo macchanger -r

I'm no computer scientist but isn't it fairly trivial for them to get your mac (or at least that of your router) from your network traffic anyway?

Re:Who cares?

[mrvan]

I'm no computer scientist but isn't it fairly trivial for them to get your mac (or at least that of your router) from your network traffic anyway? If I'm not mistaken, MAC never leaves the immediate network, ie your router gets your mac, the next hop that of the router, and so on, but the final destination only gets the mac of the last router in between

Re:Who cares?

I'm no computer scientist but isn't it fairly trivial for them to get your mac (or at least that of your router) from your network traffic anyway? If I'm not mistaken, MAC never leaves the immediate network, ie your router gets your mac, the next hop that of the router, and so on, but the final destination only gets the mac of the last router in between You would be correct. A MAC (Media Access Control) address is a local identifier only. In fact it only really applies to switching, not routing. Unless a piece of software on your computer is sending it "home" then it would be rather difficult to obtain your MAC address. Also, it is by no means a unique identifier. It's a well known fact that manufacturers of network devices regularly cycle MAC addresses. It's uncommon, but not unheard of to end up with two devices on a network with the same MAC.

Re:Who cares?

[CastrTroy]

It's also quite easy with most network cards to get them to use another MAC than what was originally on the card. You can basically assign whichever number you want as your MAC address.

Manufactured Evidence

[conureman]

In the olden days, when I was a kid, we happened into dealing with the F.B.I. Subsequently, I know to engage a large supply of salt anytime I read about any investigation that has been tainted by their crime lab. Think of the children and send more money. Yeah. Knowing their proclivity to abuse/disregard the law, I don't really see the upside to this.

Re:Manufactured Evidence

[jamstar7]

In the olden days, when I was a kid, we happened into dealing with the F.B.I. Subsequently, I know to engage a large supply of salt anytime I read about any investigation that has been tainted by their crime lab. Think of the children and send more money. Yeah. Knowing their proclivity to abuse/disregard the law, I don't really see the upside to this.

Your personal stock portfolio is simply extremely deficient in companies that profit from the slave labor of the 'prison industrial complex'. More schemes like this are needed to keep the prisons full and the profits flowing.

Don't forget to invest on companies that are outsourced to run prisons. Their stocks are gonna go through the roof.

All Fear, No Facts

[houstonbofh]

Heavy on fear, but light on facts... And with so many popular torrent programs open source, all of the sneakiness is no longer possible. No magic serial, or mac address in my torrent program. Oh, and it is encrypted.

Re:All Fear, No Facts

Heavy on fear, but light on facts... And with so many popular torrent programs open source, all of the sneakiness is no longer possible. But, how many people actually re-compile or compare hashes on executables?

Re:All Fear, No Facts

The encryption on torrent transfers doesn't do shit as far as protection goes. Anyone connected to the same torrent will be connected to you and know what you're doing.

All the encryption really does is keep ISP's from throttling you unless they throttle all encrypted traffic (which some do).

Re:All Fear, No Facts

[I(rispee_I(reme]

"It only takes one to raise a stink about it.", goes the popular reasoning.

Re:All Fear, No Facts

[dev_eddie]

I do. That's all you need to know. If someone tampers our favorite torrent client, I would post it in my blog and send it to slashdot, then you get a patched version and we are all happy again.

That is the point, it is too easy to point malware in Free Software, it is not worth to try.

Re:All Fear, No Facts

[Robocoastie]

It's just the typical Democratic party cry wolf "we gotta do something!!!!" syndrome again. In this case it's also putting Sen. Biden back in the spotlight after his poor performance in the Iowa caucus. Political moves aside though let's think about what they are really asking. What is child porn? The government even lacks a definition of "porn" much less child. I have a serious problem believing that "child porn" is an epidemic requireing the black helecoptors so to speak. What likely is popular though is teen-fascination which psychiatry has an entirely different definition for. Our society in fact is geared toward that even between cheerleaders and dancers being just short of being nude, Disney channel turning tweens into glamored up pop stars, and shows like Dawson's Creek, Gossip Girls and the like having more adult themes than Desperate Housewives. This is nothing new though; in fact society used to marry their women off between 14 and 17 anyway. My point is I really wonder if real child porn actually is as bad as the fear mongers claim or if people's collective conscious is simply equating teen-fascination with it when they hear of those cases (which has increasingly been from female teacher - male student lately). The result of which is the "we gotta do something!!!" panic which then grants the government sweeping powers to do all kinds of spying with a fictional and ultimately false pretense.

Re:All Fear, No Facts

[MeditationSensation]

Hence Peer Guardian 2...

http://phoenixlabs.org/pg2/

Re:All Fear, No Facts

[dgatwood]

All it takes is indirection to make it so that it does, though. Make the P2P client randomly choose whether to look locally or ask its neighbors. Make it lie randomly and say "I don't have it" at all times to mask the ability to use probability to determine whether you are serving locally-stored data or just passing on the request even with knowledge of how many peers your node has and generating hundreds of requests using a modified client. If nobody is doing that already, color me surprised....

Re:All Fear, No Facts

[PPH]

It's just the typical Democratic party cry wolf "we gotta do something!!!!" syndrome again.

I thought the Democrats were all out producing the child porn and the GOP trying to stop it. Or prevent a child from being irreversibly harmed by seeing Janet Jackson's tit.

The Democrats want to track your financial transactions. Whatever the current administration puts in place now will be directed next year against that extra lunch you put on your expense account.

Re:All Fear, No Facts

[archeopterix]

If nobody is doing that already, color me surprised....

Paint yourself half-unsurprised then. MUTE filesharing does something similar. A client communicates directly with a small number of peers and nobody can tell whether a request (or response) comes directly from their neighbor or is merely relayed, so you get plausible deniability. Uh, and it uses an interesting algorithm for routing, similar to one used by ants in real life.

Re:All Fear, No Facts

[jamstar7]

What likely is popular though is teen-fascination which psychiatry has an entirely different definition for. Our society in fact is geared toward that even between cheerleaders and dancers being just short of being nude, Disney channel turning tweens into glamored up pop stars, and shows like Dawson's Creek, Gossip Girls and the like having more adult themes than Desperate Housewives.

'Kiddie porn' is usually defined as images of a possible sexual nature of any person below the age of 18. So, hold off on taking that topless pic of your 17 year old girlfriend the night of her 18th birthday til after midnight.

Re:All Fear, No Facts

[RiotingPacifist]

Theres the old snake oil of PeerGaurdian and the sort,

i also set my number of conected peers fairly low (~30), i do it prevent my isp picking me up when i start up my torrent program (to get linux distros and OO.org OFC), but it has the advantage of leaving me much less exposed to peers, at the cost of much slower d/l rates!

Re:All Fear, No Facts

[hairyfeet]

Let's face it, we all need to publicize this as what it is: a witch hunt and a power grab. Folks see the words "child porn" and automatically think of the sick bastard that rapes an 8 year old. What they don't realize and what we need to be telling our friends, relatives, and coworkers at every opportunity is they are using these laws in truly insane ways. Like who in their right mind would have thought they would charge a 15 year old and 16 year old for taking pics of THEIR OWN BODIES and sending it to each other? That is truly f*cking insane.

And IMHO we need to go back to the way it was when I was a kid when we had two distinct groups-Jailbait and sick bastards. Jailbait was anyone consenting between the ages of 14-17 and sick bastards was an adult having sex with anyone under 14. But sticking an 18 year old as a child molester for having sex with a 16 year old is just too insane for words.

And of course the more important thing for the FBI is the power to "monitor" everything going across the net. How long do you think it will be after this that the feds are kicking down doors for those "illegal terrorist pirates"? The way they are trying to link copyright infringement with terrorism makes me think it will be a year or two at the most. This is a damn scary time to be an American, and sad to say I don't see anything coming that will change the path we are on. The corruption is just too deep for something like voting or reforms to fix. But that is my 02c,YMMV.

P.S. As someone who was hit on VERY hard by a cop pretending to be a 14 year old in a WINDOWS REPAIR chat room I used to run, I can tell you they WILL use entrapment and will do WHATEVER it takes to make an arrest, legal or not. I finally had to say "leave me the hell alone I don't mess with jailbait. Stop or I will ban your I.P." Before "she" came clean and told me who he was and what he was doing there. So of course I banned the I.P. range for his police department. ;-)

Re:All Fear, No Facts

[kdemetter]

Hate to break it to you , but that won't help you much. PG2 only prevents their clients from sending and receiving data , but they can still see your ip. So they can still go after you , but they won't have proof that you downloaded/uploaded something , since no data was sent ( i guess it depends on interpretation of the law ). If you really want to be safe , use a darknet or a private tracker

Re:All Fear, No Facts

[Christophotron]

Like who in their right mind would have thought they would charge a 15 year old and 16 year old for taking pics of THEIR OWN BODIES and sending it to each other? That is truly f*cking insane. Yes, it is criminally insane. I'm not familiar with the case, but I assume these teens are labelled as sex offenders now? This needs to go to the supreme court, srsly. It is the people who arrested/harassed these teens that need to be punished.

Brought to you by Windows Vista,now with SP1 -We're sorry.But hey,Win 7 will rock! We promise!Please don't buy an Apple! Why would Microsoft care if you bought an Apple? More than likely you would still purchase MS Office and even Windows XP/Vista to run in bootcamp. It'd even benefit them since you would pay retail instead of OEM prebuilt-system price.

Re:All Fear, No Facts

[hairyfeet]

Actually they are labeled as child pornographers now, if you can believe it. Pretty much guaranteeing they will never have a job outside of meth lab worker, since nobody will hire either one after a background check. Oh, and let us not forget that a "rickroll" that goes to the FBI honeypot, even though there isn't any actual kiddy porn there and all you would see is a black corrupted DRM video, will get you 10 years and a permanent label of child molester, since the FBI isn't even bothering to record referrers or anything like that and simply clicking on it it considered "attempting to possess child pornography".

I start back to school in the fall and as soon as my 4 years is up I'll take a job with ANY foreign company, be it Mexico, India, Asia, wherever, as long as it gets me out of crazy corporate Jesusland(tm). This country is just getting too damn scary. It is like the red scare only EVERYBODY is considered a liberal commie pinko!

And as for the sig, I actually know a ton of folks with Apples from school (primarily an Apple centric campus) and a grand total of TWO use Office or boot camp. Everybody else tried iLife and iWork and all the other cool programs that came with it and went "Ooh,nice!" and never looked back. And with MSFT shooting themselves in the foot by only selling Vista after June 30th I bet the adoption rate will be going up. I personally can't wait until my student loans come in the fall to get me a nice Macbook which I will NOT be running MSFT on. If I break from MSFT for good (already running Linux on my laptop) I don't want anything on my Mac to drag be back. But that is my 02c,YMMV

P.S.-Since I don't have much experience with Macs, maybe someone could tell me-Is there something similar to Crossover on Linux for Macs? It would be nice if I could play Return to Castle Wolfenstein and a few other games while I killed time between classes. I'll probably keep a frankensteined XP gamer rig offline just for gaming, but Wolfenstein plays better on my laptop under Linux than it does on Windows so I was just curious if there was anything similar. Thanks and have a great weekend!!!

Re:All Fear, No Facts

[icedevil]

P.S.-Since I don't have much experience with Macs, maybe someone could tell me-Is there something similar to Crossover on Linux for Macs? It would be nice if I could play Return to Castle Wolfenstein and a few other games while I killed time between classes. I'll probably keep a frankensteined XP gamer rig offline just for gaming, but Wolfenstein plays better on my laptop under Linux than it does on Windows so I was just curious if there was anything similar. Thanks and have a great weekend!!!

There is crossover for OS X http://www.codeweavers.com/products/cxmac/

As well as a port of wine for OS X http://wiki.winehq.org/MacOSX

I would assume the crossover product is at least in part based on the OS X port of wine. I have not used either of these so I have no idea how stable they are or if either will work with the game you mentioned. I am just aware that they exist.

Re:All Fear, No Facts

[ask21900]

Bottom line is this: Technically, it is not illegal to download copyrighted music. It is illegal to listen to, distribute, posses (for any length of time), etc. In fact, you can duplicate copyrighted material if used specifically for education, religion, and other purposes. Everybody automatically has deniability... "I didn't know that the file was a copyrighted song. As soon as I found out, I deleted it." Therefore, feds either need to catch you in the act of sharing, or find the music on your system. In the event that they find music on your system, it is also legal to have a backup copy of your music (there are exact amounts that you can copy, etc. to be legal). That's somewhat easy to get away with too... "I own every CD that this music is on, but I keep my CDs ...enter location here..." The feds must then PROVE that you don't actually own the CDs. In the time that it takes them to make that case you could, if you have to, go buy all the CDs. I'm not sure why more people don't fight the feds (or rather the RIAA). There are endless "loopholes". One more thing: In order to be prosecuted for any crime, there is required to be a complainant. You can not be prosecuted for downloading music unless the label (or whoever owns the rights) wishes you to. For the record: All music that I listen to (every artist, every label) actually PROMOTES you to download their music. They have always been about singing what they are thinking, and want to "share" their thoughts with those that will listen. They have never been about money. For this reason (among others), I am dedicated to their "cause", and will support it however I can. I might copy a friends CD IF I AM BROKE when it comes out, but I have always went and bought the CD the next time I had a few bucks. I have every CD released by the label, bought and paid for, in my collection -- virtually all CDs coming from the label's online store.

Does F/OSS help?

"Is your p2p application or plug in sending back your MAC address, firmware revision, manufacture date, GUID or other details?"

Good fear. I wonder how often people review the code of even the F/OSS applications to make sure they're not doing this kind of stuff. And I wonder how often people check if binary distros executables match the source they supposedly come with.

I suspect every country's NSA-equivalent or other intelligence agency in the world probably has employees trying to put back doors in every major piece of software (think one intentional security bug in every country Microsoft employees engineers - that could explain why it stays so buggy). It'd be really interesting to know the various Linux distro's review practices to insure that the binary installers match the source and that the source is clean.

Re:Does F/OSS help?

[26199]

I think any of those would be quite hard to inject into open source code.

After all, in a p2p app the traffic is the most important thing ... and is going to be watched very closely. Patches that modify what go over the wire will be under considerable scrutiny.

And how are you going to collect those details once they're transmitted? By their nature p2p apps are hard to keep track of.

Not to say it couldn't happen. But I don't think it's much of a risk compared to the simple fact that your IP address is very visible when using a p2p app...

Re:Does F/OSS help?

[AHuxley]

You would need OS independence.
Unique file id's passing out in "real time".
Unique user id.
The user would have to feel safe and happy about the above.

I would suggest a something like a helpful new anti junk file database/plug in?

I beg your pardon...

[r_jensen11]

Can the FBI get funding to create a next-generation network monitoring and database system for P2P networks, web sites, and chat rooms? I beg your pardon, but chat rooms? People still use those? I thought those phased out about 10 years ago....

Re:I beg your pardon...

[jollyreaper]

I beg your pardon, but chat rooms? People still use those? I thought those phased out about 10 years ago.... At this point I bet it's nothing but feds posing as kids trying to catch other feds posing as peds. Not a single person in the room isn't drawing a federal paycheck.

Re:I beg your pardon...

[UnrealisticWhample]

I beg your pardon, but chat rooms? People still use those? I thought those phased out about 10 years ago.... At this point I bet it's nothing but feds posing as kids trying to catch other feds posing as peds. Not a single person in the room isn't drawing a federal paycheck. In the interest of accuracy I submit that there are also bots pitching webcam sex shows.So: Feds posing as kids, Feds posing as peds and Bots posing as hotties pitching sex shows. Sound about right?

Re:I beg your pardon...

[MulluskO]

It's been covered on Slashdot, http://yro.slashdot.org/article.pl?sid=07/10/16/1918204&from=rss : people still use NNTP to pirate material, IRC too.

It wouldn't surprise me if someone out there is using Gopher to pirate material.

Re:I beg your pardon...

[Kjella]

At this point I bet it's nothing but feds posing as kids trying to catch other feds posing as peds. Not a single person in the room isn't drawing a federal paycheck. Chat rooms are from what I've understood fairly active. When I grew up (god, I sound like an old fart already) the chatrooms were full of us nerdy boys. These days pretty much everyone is on some IM, though I gather it's mostly by contact lists I'm sure the chat rooms are doing fine. In fact, due to the change in demographics I'd guess the ratio of feds as opposed to real girls has gone down. Plus back then webcams and digicams didn't exist, were horribly bad or hidiously expensive plus you didn't have the bandwidth. Not to be tasteless, but it suggests to me they could get more out of chatting up someone now than when you had to meet IRL for anything more than chat.

Re:I beg your pardon...

[blitziod]

step 1 create chat bot for feds to use to pose as kids step 2 create chat bot for feds to use posing as peds step 3 PROFIT!

Re:I beg your pardon...

[jamstar7]

Ah, yes, Dalnet...

Where men are men, so are the women, and every 'horny 14 yr old virgin' is a Fed. Yup, sounds about right.

Re:I beg your pardon...

[Devv]

While the critical mass moved away a small portion of the community had already become a part of the system.
They spend all their time in the chat rooms answering the same trivia questions for all eternity.

Re:I beg your pardon...

Irc, my friend, is the last true cesspool on the internet.

Re:I beg your pardon...

[ask21900]

Welcome to the internet... Where the men are men, the women are men and the children are FBI agents.

child porn industry: tax it

If it's worth all that much, legalize and tax it. *JUST KIDDING*

*ducks*

Get the MAC address the old fashioned way

[davidwr]

If the FBI really wants your MAC address, they can do it the old fashioned way:

Get a warrant to tap the ISP they think you are at and a warrant for your billing information, listen in for awhile to make sure you aren't being joe-jobbed or pwned/bounced-off-of, then raid your house and seize all your computers and routers.

Your MAC address will be somewhere in that pile of equipment.

My MAC address is Oak Brook, IL 60523.

Re:Get the MAC address the old fashioned way

[Lord+Dreamshaper]

If the FBI really wants your MAC address, they can do it the old fashioned way: Get a warrant... Warrants? We don't need no steenking warrants...

gotta love the FBI

[Coraon]

Go on, take down my MAC address, 1. I'm in Canada, we don't serve your DCMA'ing kind here. 2. My router changes MAC addresses routinely, I made that change a long time ago.

Re:gotta love the FBI

[Bright+Apollo]

your router MAC isn't the one you need to change, it's your cable/FiOS/DSL modem's MAC. and good luck getting your ISP to validate new MACs on your say-so...

oops.

Re:gotta love the FBI

[Robocoastie]

ehh 1) child porn has nothing to do with DMCA (which many of us US Citizens see as an illegal law anyway)and 2) Canada has an extradition policy and your mounties take crime more seriously than we do.

Re:gotta love the FBI

[GuldKalle]

But how are you going to get that MAC? His computer only holds its own MAC, and the MACs of equipment directly connected to it (ie his router).

Re:gotta love the FBI

[CastrTroy]

Except that the mounties specifically said that they weren't going to target file sharers, because they have much more important things to worry about.

Let's hope so

[77Punker]

Maybe if they do start monitoring all that traffic, people will get a clue and start using Tor for all their internet traffic. Especially their plaintext passwords. Dangerous business, letting the FBI know where those plaintext passwords are going. Better encrypt them with Tor!

Anyone wonder how many exit nodes the NSA already runs? That'd be a far better(easier?) approach than monitoring "normal" traffic since I suppose the interesting stuff is already going through Tor, though in a typical hour-long scan I can't find any really "interesting" unencrypted web traffic at my exit node.

Folks surfing porn? Plenty. Plenty of Chinese blogs with plaintext passwords, too. But even those Chinese blogs are benign and not something that would be censored by their gov't (I think). Based on the pictures and my basic proficiency with Chinese, it's either folks just fooling around with Tor or it's steganographic.

Re:Let's hope so

Your post sounds like it came from a conspiracy theorist.

Answers

[gEvil+(beta)]

AHuxley:
Yes
Yes
Yes
Yes

CmdrTaco:
Yes

Hope that helps everyone.

UH-OH, GUYS

The system appears to rely heavily on filenames for targeting users for additional levels of scrutiny, but Waters declined to give too many details of how it positively identifies specific users who are engaged in illicit activity. Waters' comments, which refer to 624,932 "unique serial numbers" that are tied to specific suspects' computers for long-term tracking, make it difficult to discern just how accurate and invasive the system is.

so wait, just because i renamed the video of a dog dropping a wicked deuce, eating it and then throwing up to "britney sex spears sex farm sex grandma sex pedo sex shower sex pee sex petite sex fat sex anal sex poop.avi" and shared it with emule...canada might be on to my computers serial number, now?!

OMGAH HOW DO I ERASE MY COMPUTERS SERIAL NUMBERS?!

lol...

Re:UH-OH, GUYS

[computational+super]

OMGAH how do I erase my computers serial numbers?!

You scrape it off with a metal file, duh.

Sure they can too...

...since the chinese for example already do it.

I guess the slogan 'land of the free' means that the government is free to spy on people...

Are MAC addresses globally unique?

[beoba]

How unique is a MAC address? Can't a given manufacturer reuse old addresses since they only need to be unique within the local network?

Re:Are MAC addresses globally unique?

[mrvan]

I think they are globally unique, and since they are 6 bytes long the supply is practically infinite (256^6 = 216x10^12, ie every person can have something like 30,000 mac addresses)

Come to think of it, it's a bit silly that they used 4 bytes for the address that has to be globally unique and 6 bytes for the one that only has to be locally unique...

Re:Are MAC addresses globally unique?

Perhaps so there was a reason for NAT?

Would be odd to NAT with potentially more IP's available than possible interfaces.

Re:Are MAC addresses globally unique?

[vertinox]

I think they are globally unique, and since they are 6 bytes long the supply is practically infinite (256^6 = 216x10^12, ie every person can have something like 30,000 mac addresses)

Considering how trivial it is to defeat MAC address security for wireless, it wouldn't be hard to spoof it at random or just use someone else's you got while war driving.

Re:Are MAC addresses globally unique?

[TheThiefMaster]

Which is of course why we're trying to change to using 16-byte globally-unique addresses.

Re:Are MAC addresses globally unique?

macchanger -a eth0

You're welcome.

Re:Are MAC addresses globally unique?

NAT is a necessary evil, and I doubt the framers intended it to be used

Re:Are MAC addresses globally unique?

MAC addresses aren't unique by any means. Besides the fact that they can be easily changed, they're regularly cycled by hardware manufacturers. Each network device is assigned one or more MAC addresses, eventually the manufacturer runs out of their allocated range and has to start over. It's not unheard of to end up with two devices with the same MAC in your network... although it is rather rare.

They're also structured so that the first 4 bytes are the hardware manufacturer identifier, leaving only 4 bytes to identify the device... the same as a IPv4 address... Only 16,777,215 total addresses....

Re:Are MAC addresses globally unique?

[GuldKalle]

I think you are correct. I've heard that some manufacturers reuse MAC addresses instead of getting more of them from whoever issues them, but I can't quote any sources

Re:Are MAC addresses globally unique?

[fizzup]

It makes sense that the MAC address space should be bigger than the IP address space, because you need one IP address at a time, but once a NIC is made the MAC address should be unique forever just in case it's resurrected out of a junk box and added to an ethernet 20 years on.

Re:Are MAC addresses globally unique?

[nurb432]

I have seen a duplicate from the same manufacturer, on totally different models ( even generation ) of boards. Really made for a head scratcher on the network. By then NICs were cheap so i just broke it and tossed the 2nd one in the trash. But it was still weird. ( i think it was SMC )

Besides, you can change the MAC on most current NICs, or just emulate a different one using a VM. ( this gets around serialized motherboards, or CPUs even )

Now, embedded serials in your TPM chip, that might be harder to get around.

Re:Are MAC addresses globally unique?

[SRA8]

Try using that as a defence. It will go way over the typical jury's head.

Re:Are MAC addresses globally unique?

[DMUTPeregrine]

MACs are not 6 unique bytes long. They are 2 3-byte sections. The first 3 bytes are non-unique and identify the manufacturer. The last 3 bytes are given to each NIC, for about 16 million possible values per manufacturer. However, some NIC makers can easily exceed 16 million NICs made, so they either have to get a new manufacturer ID or start re-using MAC addresses.

Re:Are MAC addresses globally unique?

[vertinox]

Defense? If you do it right, you won't be the person in front of the jury. ;)

But in seriousness, you could have your lawyer have an internet expert (a teenager) demonstrate how to break into a wireless router with Mac address security.

This is why OSS is important!

[mich.linux.guy]

Is your p2p application or plug in sending back your MAC address, firmware revision, manufacture date, GUID or other details?" This is exactly why Open Source Software is so important. Even though the average user may not have the skill to examine the code for breaches of trust, there are many in the community that can and do. These breaches are fixed or made public and public opinion will decide whether or not the P2P application is trustworthy.
Closed source applications from companies like M$ can't be trusted in this way.

Re:This is why OSS is important!

[pwizard2]

Packet sniffing would also be a way to find out.

Re:This is why OSS is important!

[mich.linux.guy]

That's true, unless it was encoded somehow. This might be done to compress the size of the message.

FBI Sofware Projects are Notorious for Failures

[CodeBuster]

The last time the FBI tried to build a large piece of custom software, a case-file management system, they ended up spending 170 MILLION dollars over 3+ years for software which basically did nothing useful (a complete failure). The only way that this will work is if the FBI contracts someone else to build it for them and even then the chances of failure are high unless they are willing to deal with criminals (i.e. Russian hackers who write the software for worms and spammers) to get it done which will happen about the same time that hell freezes over. The one good thing about governments when it comes to controlling the populace is that they are inefficient. If the government spent our tax money efficiently and effectively on surveillence and authoritarian enforcement actions then we would already be living in 1984.

Re:FBI Sofware Projects are Notorious for Failures

[daigu]

Reminds me of that t-shirt quote:

Heaven: where the police are British, the cooks French, the mechanics German, the lovers Italian, and it is all organized and run by the Swiss. Hell: where the police are German, the cooks British, the mechanics French, the lovers Swiss, and it is all organized and run by the Italians.

Reality: where the police are Italian, the cooks German, the mechanics Swiss, the lovers British and it is all organized and run by the French.

Re:FBI Sofware Projects are Notorious for Failures

[houstonbofh]

Then again, a few public failures would be a very good way to hide some surveillance successes from the public. Always be wary of an incompetent police agency, or a friendly lawyer.

Re:FBI Sofware Projects are Notorious for Failures

[iminplaya]

...unless they are willing to deal with criminals...

The authorities use criminals all the time to catch other criminals. Most snitches are criminals themselves looking for a way to stay out of prison. It shouldn't surprise you at all if they employ Russian/Chinese hackers. And I consider their surveillance and authoritarian enforcement actions to be pretty efficient. If you want to break them down, you need to get the authoritarians to go after each other. Use the same methods that work so well on us.

Re:FBI Sofware Projects are Notorious for Failures

[CastrTroy]

You think that's bad? The Canadian gun registry cost $2 BILLION. All for a database to track who owns a gun. You could probably put together a similar application in a matter of weeks.

Re:FBI Sofware Projects are Notorious for Failures

[jamstar7]

The only way that this will work is if the FBI contracts someone else to build it for them and even then the chances of failure are high unless they are willing to deal with criminals (i.e. Russian hackers who write the software for worms and spammers) to get it done which will happen about the same time that hell freezes over.

Take a page from the 'War on Drugs'. A lot of 'anonymous tips' are from paid informants or people who were picked up in a sweep and threatened with prosecution unless they turned informant. The county where I live has a policy of 'Roll on 3, walk away free', in which, you give up the names of 3 'drug users' (or anybody else you can think of) for targetting by police surveillance, and you get out of jail free. Refuse, or can't think fast enough, count on a speedy fair trial followed by a long prison sentence making $30 jeans at 5 cents an hour.

Another 60 million per year.

[Animats]

Here's the actual bill. $60 million per year. 15 cosponsors.

This is another piece of Bush Administration "security theater". Write to your representatives in Congress and your Senators to get them to put this money into fighting spam and computer crime.

Re:Another 60 million per year.

[Salty+Sailor]

I don't see how this bill is the Bush Administration's fault.

Sponsored by: Joe Biden [D-DE]

Cosponsored by:

• Sen. Evan Bayh [D-IN]
• Sen. Barbara Boxer [D-CA]
• Sen. Sherrod Brown [D-OH]
• Sen. Hillary Clinton [D-NY]
• Sen. Byron Dorgan [D-ND]
• Sen. Richard Durbin [D-IL]
• Sen. Orrin Hatch [R-UT]
• Sen. Tim Johnson [D-SD]
• Sen. Frank Lautenberg [D-NJ]
• Sen. Blanche Lincoln [D-AR]
• Sen. Barbara Mikulski [D-MD]
• Sen. Lisa Murkowski [R-AK]
• Sen. Barack Obama [D-IL]
• Sen. Charles Schumer [D-NY]
• Sen. Ted Stevens [R-AK]

Perhaps our two Democratic presidential candidates are stooges for Bush, though.

Jurisdictional issues?

[yuna49]

I didn't see anything in either article about the question of offshore trackers and peers.

Can the FBI legitimately scan, say, The Pirate Bay, to discover the IP addresses of supposed child-porn torrenters? Obviously if the person is downloading the material to a computer in the US is liable under Federal laws, but was the evidence obtained legally if it's based on scanning a foreign tracker?

Giving the FBI unfettered access to monitor the entire global Internet raises profound questions about the meaning of limits on the FBI's activities overseas.

But, then, anything's fair game when it comes to protecting children.

And, really, relying on file names is just so ridiculous that I'm shocked it might have actually resulted in some legitimate prosecutions. I suppose there's a clueless bunch of pedo types who just browse sites looking for 'young girl in action' types of filenames, but there's also got to be a more clueful bunch who maintain their own private networks.

Re:Jurisdictional issues?

[Collapsing+Empire]

Why would it be illegal to connect to a foreign tracker to gather evidence of a crime? Its perfectly legal.

Re:Jurisdictional issues?

[yuna49]

Maybe; maybe not.

The FBI's jurisdiction ends at the water's edge. Scanning an offshore tracker might be considered as gathering "foreign intelligence." That's been the bailiwick of the CIA and NSA, and off-limits to the FBI for decades. It's true that the reorganization of functions after the establishment of the Department of Homeland Security has made these distinctions less clear.

What makes it more complex is the absence of any prior evidence of guilt before the scanning occurs. If the purpose is to discover new perpetrators rather than track ones already known, where, if at all, do Fourth Amendment protections against search and seizure come into play? Can FBI agents sniff around foreign cities looking for evidence that some American back in the States might be committing a crime? What if there's no prior evidence that any crime is being committed?

I don't know the answers to these questions, but I do think it's an over-statement to claim it's "perfectly" legal.

Re:Jurisdictional issues?

[arminw]

...it's "perfectly" legal....

Anything is perfectly legal if you can get away with it. The FBI and other government agencies are more likely to get away with something than an individual.

Re:Jurisdictional issues?

[Hatta]

There's no child porn on the pirate bay.

Just hire me...

I spend so much time online that I see it all anyway.

Funny that Biden is involved

[IvyKing]

Especially with his penchant for plagiarism.

Add one more question:

[nurb432]

Is anyone else worried?

On the other hand....

[hrtserpent6]

anti-child porn activists urged the Senators to increase the FBI's budget for combating child porn online
Oh yeah? So what did the pro-child porn activists have to say about that?

Oh. Nothing? I guess NAMBLA doesn't have a lobbying firm. Yet.

A new trend in p2p

[SiriusStarr]

I predict that soon, all p2p filenames will change to include more patriotic themes.

Maroon 5- The FBI is Great.torrent
Hot Sexy Babes (Not Really, It's the State of the Union Address!).torrent

And the FBI will wonder why illegal file-sharing has almost disappeared but the distribution of pro-government materials has skyrocketed.

False Positives

[Deliveranc3]

I don't think freedom advocates have even begun to fight on this front, the major battle begins when people start creating false positives (with reprecussions).

Flaws like the flash vulnerability mean that even without the complicity of GNU or Microsoft the majority of communications are open to inspection.

I'm curious to see what would happen if there was a decentralized push for better communication security.

Free Software is teh Al Qaeda!!!

[Travoltus]

"And it hampers Corporate America's Gawd Given right to a profit!"

Hear that clapping sound in Congress? That clapping sound is the sound of freedom dying... with thunderous applause?

Wireless

haha at piggy-backing wifi. just -try- to catch me

By Neruos

It's so funny watching the US government spending so much money on "internet" based projects. Instead of helping protect people from identity fraud, credit card fraud, online business scams, junk mail, spam and backdoors. How about protecting the things that adversely effect the tax paying populius and cost the private sector, federal and state governments, along with countless other venues money every year. The fact is, if the movie and music industry was to disappear over night. It wouldnt truely effect anything. But if your local SECU was to get hacked and 5000 SSNs stolen, imagine the financal impact of that. Wow, you still see websites and computers getting DoS'ed, by a almost 20 year old attack method.

You're government is doing what? Trying to help protect the sales of the Music and Movie sectors? Why? Why so much interest in p2p, internet game, file sharing, mp3 and movie sharers? I think Americans need to start digging deeper into there congressmans agendas, makes some calls, make a website to get people aware.

The last terrible idea they'll ever have

Seriously, do they think the American tax payers want to spend every, (well more because of our debt) dime on helping the RIAA, and the MPAA? This can only go on so long before income tax rates are around 90%, all so the FBI can load backtrack onto an iPhone and sit outside your house, while you watch Battlestar Gallactica in your underwear. Seriously, the kid has more to worry about when mom comes home and finds that he's been sitting on the couch all day instead of getting a job, or a girlfriend, or a life. Now if that kid had only come to /. his life would have been enriched. He would have seen the Dice dot com adds, he would have voted in polls, and he sure as hell would have read this post. He would look out the window and see goons with earpieces acting like they're talking on their little pentest devices. Then, and only then, would the kid have grown up. Slashdot, this is my story. The kid was me. But the kid was also each and every single one of us. We, who are believed to be intelligent, are watched, while the real criminals (drug cartels, corrupt corporations, the child molesters) all seem to be getting caught by accident. Someone has to call and file a complaint, it seems, before an investigation into wrong doing of these suspects is looked at. It seems they're treating techies, engineers, and the like as though they are part of hamas or hezbollah or hibbitywho'sawhatsit. And they're doing that for a reason. As tech people, the guys in the NSA, CIA, and FBI are not just police, they are trained scientists, often with military backgrounds, who are now more afraid of the American people, than they are of any foreign government. It was said long ago, "a government, by the people, and for the people." In a family, you worry about your kin. You do what you can for them. So I pose the question, "how is big brother, sitting outside, in his little van, eating cheetos , watching me, watch him, in any way a good use of tax dollars?" I tell yah what, he just wishes he was home with his wife and kids watching battlestar gallactica. When we talk about the good folks at the various alphabet organizations as some shadowy group of ill-intentioned individuals, then we are no less guilty than George Bush of creating an aura of fear. I do not fear the gov't, and they do not fear me. I'm more worried about the guy in the van. I know my sleep schedule, and I wonder, how it is that he stays up that long. How does he get any time to spend with his kids?

Not quite

[jd]

Heavy on fear, but light on facts

Strictly speaking no facts were presented. The questions do not state that anything is happening or true now, nor do they imply that if the suggested precursors and conditions are met that the event will happen. "Could" is a marvellous question if you plan on FUD, because almost anything COULD happen and cause-and-effect is left for the reader to infer. If I eat a cheezeburger, a meteorite COULD land on top of me, but unless McDonalds have gravitic weaponry installed, there would be no relationship between the two. Now, if I were to post about cheezeburgers on a lolcat site, maybe.

This exemplies to me why critical thinking, high-level language skills and logic should be core subjects in any education system. If people learned to be less passive in their reading and comprehension, they should be less subject to brain DoS attacks, otherwise known as FUD.

Re:Not quite

[rohan972]

This exemplies to me why critical thinking, high-level language skills and logic should be core subjects in any education system.

And history. You need to be able to put events in their historical context.

Another government program?

[woods01]

wait wait wait, before the government impedes on yet another failed government venture, can one point out to me what government programs have actually worked? Social security is in the toliet, medicare is set to go belly up this year, nothing they do is right, and they want to do more? This is like having an employee at your company that just fails at everything he does, maybe it's not his fault, but sooner or later you have to make a decision, let him go or keep him aboard and let the company fall apart. The US Government has absolutely no position in trying to monitor p2p traffic. The FBI offers the end user absolutely no help when it comes to internet problems, such as hacks, and attacks. None what-so-ever. Sure they will help the large companies when they get ddos'd, but you try getting help from them. This is equal to your local police department doing nothing but arresting people all the while doing nothing to protect the community, only there to "police" and not "serve".

Protect yourself

[elucido]

This just means you and your smart friends will have to develop legal technologies to protect yourself from entrapment.

I think entrapment is the whole point of this. Not only can you be entrapped by a cop into being a pedophile, but you can also be sent an illegal file by a cop and then arrested for accepting it.

So figure out a way to make it more difficult for yourself to be entrapped, or just expect to be entrapped.

They fingerprint of the file reviews whats inside

[elucido]

All they'd have to do is scan the filenames to see what the md5 or fingerprint is and then they'd know what it is.

You better use hardware encryption

[elucido]

If you use a software random number generator, it's not really random.

Encryption would be a start, but you need hardware encryption.

Some solutions to the privacy problem.

[elucido]

Software encryption isn't very good because it's not like you can trust closed source windows to actually encrypt without being buggy.

Hardware encryption is what you'll need to protect your privacy. Hardware encryption, combined with an updated Privacy enhanced Linux, and you'll have a solution.

You'll want to move your entire OS onto CD/DVD and into ram as well. All files stored on the harddrive should be stored in encrypted form, including the swap and cache.

And you'd probably want a stegnographic file system, or a plugin on top of the current linux filesystem you use.

There you go, there is your solution. All you have to do is assemble a team of coders and write the software. It's probably going to cost a bit of money to pay for some of the software, as I can see a steganographic file system plugin being difficult to code.

Steganographic file systems and protocols.

[elucido]

The solution is actually simple. It's just a matter of people deciding to code it. And I don't think the will is currently there, but where theres a will theres a way.

Steganographic file system

StegFS

The first step would be finishing up the development of StegFS, porting it to the newest Linux Kernel and all the distributions. And let the SERIOUS users have privacy.

Steganographic file systems and protocols

[elucido]

The only solution to defending privacy would be to develop Steganographic software solutions. A steg file system is already in development called stegFS.

And theres plenty of theories on how to do it. The question is who is actually going to write the software and who is going to pay for it?

I don't think theres enough demand for it, but in theory of course it's possible to have privacy and security. I think most linux users are more focused on paying for getting games working in Linux through Transgaming than they are focused on protecting their privacy.

Eventually critical mass will be reached and this will change. The result will be better software and hardware.

Protect your commuity, design better software.

[elucido]

Ultimately this just means you have to design good software. Design a steganographic protocol for P2P and a steganographic file system for linux. That would be a start.

One example of a protocol I can think of off the top of my head is a stego P2P protocol where I sent you a file with a secret word associated with this file, the file looks like an ordinary legal PDF file, you can even read it, but if you enter the secret word the PDF file decrypts into the real file.

You could even add unlimited layers so that you can get 10 different files from 10 different secret words.

You can send an mp3 file as a PDF file.

[elucido]

It's as simple as designing a steganographic protocol into either the file system, or the file sharing application.

Example, you want to send me an a file, on your Linux machine you combine 10 files into one big PDF file. The PDF file looks like a legit file with text, images etc, and the file name is also very boring, but associated with this file we both know a secret word known only between us.

The only way I can decrypt it into the correct file out of the 10 files you combined into it is if I know the exact secret word out of the 10 secret words that you picked.

So let our secret word be magic, there are 9 other words which would decode the PDF into any of the 9 other files, but because only you know the secret word, you enter it and you get the encrypted file.

Simple steganography. This will probably never be something for windows users, but I'm surprised Linux, the so called Free Software Operating System does not have it built into the file system.

Re:You can send an mp3 file as a PDF file.

[mich.linux.guy]

A quick google shows that there was a project started. See http://stegfs.sourceforge.net/
I'm not sure what you mean when you say,

Linux, the so called Free Software Operating System

Re:You can send an mp3 file as a PDF file.

[elucido]

What I'm saying is, Linux is not as free as it could or should be. Linux has gone commercial.

Granted, Linux is more free than Windows, but thats not really saying much.

What about Steganography?

[elucido]

There is a steganographic file system in development for linux called magikfs. If you value your privacy, you'll want to check it out.

MagikFS

Hence MagikFS

[elucido]

MagikFS

Re:They fingerprint of the file reviews whats insi

[SiriusStarr]

Sorry, probably should've put that at the end. Jeese, you had to go and hash on my parade.... :D

Re:They fingerprint of the file reviews whats insi

[SiriusStarr]

Gah! Curse HTML not showing up. Sorry, their was supposed to be an "end joke" at the top of that....