Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA Patents a Way To Spot Network Snoops

Posted by CmdrTaco on from the welcome-to-the-holidays dept.

narramissic writes "The National Security Agency has patented a technique for figuring out whether someone is messing with your network by measuring the amount of time it takes to send different types of data and sounding an alert if something takes too long. 'The neat thing about this particular patent is that they look at the differences between the network layers,' said Tadayoshi Kohno, an assistant professor of computer science at the University of Washington. But IOActive security researcher Dan Kaminsky wasn't so impressed: 'Think of it as — if your network gets a little slower, maybe a bad guy has physically inserted a device that is intercepting and retransmitting packets. Sure, that's possible. Or perhaps you're routing through a slower path for one of a billion reasons.'"

6 of 161 comments (clear)

  1. Averages by Yvan256 · · Score: 4, Informative

    Of course there can be a billion reasons as to why some packets will take longer than others to reach their destinations.

    However, if you do enough sampling over a period of time, you can make averages and see if some types/destinations of packets are possibly being messed with.

    It's not perfect, but neither are averages in general, etc.

    What makes it newsworthy is that such a simple idea was granted a patent.

    1. Re:Averages by Anonymous Coward · · Score: 1, Informative

      They have enormous commercial interest. A whole industrial park full of spy tech companies has been opened up across the street from headquarters. Many of these companies are run by former NSA people as well as top spy people from countries such as Israel.

    2. Re:Averages by mr_mischief · · Score: 2, Informative

      In an all-switched network that has any chance of being secure, a hub is a snooping device.

  2. How was the mountain of prior art missed? by Andy_R · · Score: 2, Informative

    The patent was filed May 24, 2005. Googling for 'computer slow spyware 2004' gives 127,000 hits.

    --
    A pizza of radius z and thickness a has a volume of pi z z a
  3. Re:NSA patenting it because... by Anonymous Coward · · Score: 4, Informative

    a simple linux box with a listen only cable plugged in

    Would not alter the packet delay, but inserting

    a small hub in a key location

    to a network that didn't have one before would. And yes, the delay is noticeable, which is why proper network design limits the number of hubs as well as the length of the longest run in a single network segment.

  4. Re:Gov't patents by Anonymous Coward · · Score: 1, Informative

    ..meaning that it is public and thus not patentable.

    Public, sure, but not "patentable"? Would a private entity be allowed to patent it? In this case, perhaps the "invention" is so obvious that you think it shouldn't be. If so, fine. But in general, if an invention is patentable, then it's patentable no matter who applies for the patent.

    Look at it this way: now it's prior art, so no one else is going to be able to patent it (well, they can, but their patent will be easily challenged) and prevent the rest of the public from using the "invention."

    I think a more interesting question is: what if a private entity wants to use the same technique? Will the NSA sue them? Sue them for what, commercial damages? That'll be $0, which might be enough that they might not even have any standing or ability to sue.