NSA Patents a Way To Spot Network Snoops

← Back to Stories (view on slashdot.org)

NSA Patents a Way To Spot Network Snoops

Posted by CmdrTaco on Monday December 22, 2008 @05:15AM from the welcome-to-the-holidays dept.

narramissic writes "The National Security Agency has patented a technique for figuring out whether someone is messing with your network by measuring the amount of time it takes to send different types of data and sounding an alert if something takes too long. 'The neat thing about this particular patent is that they look at the differences between the network layers,' said Tadayoshi Kohno, an assistant professor of computer science at the University of Washington. But IOActive security researcher Dan Kaminsky wasn't so impressed: 'Think of it as — if your network gets a little slower, maybe a bad guy has physically inserted a device that is intercepting and retransmitting packets. Sure, that's possible. Or perhaps you're routing through a slower path for one of a billion reasons.'"

21 of 161 comments (clear)

Uh... by Anonymous Coward · 2008-12-22 05:18 · Score: 3, Funny

Or perhaps you're routing through a slower path for one of a billion reasons.
I knew taking that left turn at Albuquerque was a bad idea...
NSA patenting it because... by ATestR · 2008-12-22 05:18 · Score: 4, Insightful

They don't want any of US to have access to such technology when THEY slap the monitoring devices on our network.

--
âoeAny society that would give up a little liberty to gain a little security will deserve neither and lose both.
1. Re:NSA patenting it because... by networkBoy · 2008-12-22 05:21 · Score: 3, Interesting
  
  how does that work anyway?
  If the patent is filed by a US Government Agency is it not funded by the taxpayer and thus public domain in the US?
  -nB
  
  --
  whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
2. Re:NSA patenting it because... by SatanicPuppy · 2008-12-22 05:28 · Score: 4, Insightful
  
  I was thinking the same thing...But in this world, it's more likely that they patented it so that some stupid patent troll won't get the opportunity to sue the gov't.
  
  --
  ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
3. Re:NSA patenting it because... by Lumpy · 2008-12-22 05:30 · Score: 3, Interesting
  
  And it wont work for most snooping technology.
  a simple linux box with a listen only cable plugged into a small hub in a key location is undetectable by their system as it adds in ZERO delays.
  WEll not zero but too small to be measured their way as it will be consistent across all traffic.
  I call their system an epic fail for detection for everything but a remote redirect which is incredibly sloppy way of doing it.
  
  --
  Do not look at laser with remaining good eye.
4. Re:NSA patenting it because... by GSPride · 2008-12-22 05:52 · Score: 5, Interesting
  
  The NSA can not only file for patents, they can do so secretly.
  From wikipedia:
  The NSA has the ability to file for a patent from the U.S. Patent and Trademark Office under gag order. Unlike normal patents, these are not revealed to the public and do not expire. However, if the Patent Office receives an application for an identical patent from a third party, they will reveal the NSA's patent and officially grant it to the NSA for the full term on that date.
  
  --
  Apple has never claimed not to be evil, they're just very stylish about it.
5. Re:NSA patenting it because... by j00r0m4nc3r · 2008-12-22 05:57 · Score: 3, Funny
  
  I'm guessing this is what Steve Ballmer fantasizes about while he makes love to his wife
6. Re:NSA patenting it because... by Anonymous Coward · 2008-12-22 06:00 · Score: 4, Informative
  
  a simple linux box with a listen only cable plugged in
  Would not alter the packet delay, but inserting
  a small hub in a key location
  to a network that didn't have one before would. And yes, the delay is noticeable, which is why proper network design limits the number of hubs as well as the length of the longest run in a single network segment.
7. Re:NSA patenting it because... by teridon · 2008-12-22 06:04 · Score: 4, Interesting
  
  From what I gather, you can apply for licenses to federally-owned patents. This is typically done through a "Technology Transfer" office. It seems that you have to be a business capable of bringing the invention to market. I suppose in this case you would have to be capable of implementing the software.
  Some information about Technology Transfer here:
  http://www.federallabs.org/home/faqs/
  Which includes a link to a listing of all federal research organizations and how to initiate Tech Transfer, which I'll repeat here:
  http://www.federallabs.org/labs/results/?Agency=-1&
  The relevant U.S. Codes appear to be collected here:
  http://www.law.cornell.edu/uscode/html/uscode35/usc_sup_01_35_10_II_20_18.html
  In particular, it seems "TITLE 35 > PART II > CHAPTER 18 > Section 209" applies.
  But hey, IANAL. :)
  
  --
  I hold it, that a little rebellion, now and then, is a good thing. -- Thomas Jefferson
8. Re:NSA patenting it because... by R2.0 · 2008-12-22 06:48 · Score: 3, Funny
  
  I'm guessing this is what Steve Ballmer fantasizes about while he makes love to his money
  
  Fixed that for ya'.
  
  --
  "As God is my witness, I thought turkeys could fly." A. Carlson
9. Re:NSA patenting it because... by gnick · 2008-12-22 07:23 · Score: 3, Insightful
  
  Two people/companies eventually coming to a solution that is sufficiently similar to violate patents is a long way from "obvious to someone who works in the field". And, assuming that the two people who identified the solution are the leaders in their field (because they reached the idea before the other 6.7 billion of us), they could be described as having "extraordinary skill in the art".
  There are a number of patents for designs that multiple developers reached independently and were awarded to the person who managed to file first (Edison seemed to have extraordinary luck in beating his competitors to the patent office). That doesn't necessarily make the solution obvious, just non-unique.
  
  --
  He's getting rather old, but he's a good mouse.
Averages by Yvan256 · 2008-12-22 05:20 · Score: 4, Informative

Of course there can be a billion reasons as to why some packets will take longer than others to reach their destinations.
However, if you do enough sampling over a period of time, you can make averages and see if some types/destinations of packets are possibly being messed with.
It's not perfect, but neither are averages in general, etc.
What makes it newsworthy is that such a simple idea was granted a patent.
1. Re:Averages by GMFTatsujin · 2008-12-22 05:28 · Score: 4, Funny
  
  Nah. What makes it newsworthy is that the snoops are patenting tools which can detect their own snoopage.
  Counter-snooping this way is now a patent infringement as well as anything else, and the laws seem much tougher for that crime. Pursue 'em for one thing, nail 'em to the wall with another.
Gov't patents by Rinisari · 2008-12-22 05:22 · Score: 3, Insightful

This is another example of the broken patent system. No government should be able to patent something--that technology was funded by the taxpayer and should thus be owned by the taxpayer, meaning that it is public and thus not patentable.

--
Colin Dean Go a year without DRM
1. Re:Gov't patents by JCSoRocks · 2008-12-22 05:45 · Score: 3, Insightful
  
  I was actually confused by that when I first saw the headline. I didn't even know that the government could patent something. It's just so completely broken and silly that I never even considered it.
  
  --
  You are using English. Please learn the difference between loose and lose; they're, there, and their; your and you're.
2. Re:Gov't patents by AviLazar · 2008-12-22 05:47 · Score: 4, Interesting
  
  This is another example of the broken patent system. No government should be able to patent something--that technology was funded by the taxpayer and should thus be owned by the taxpayer, meaning that it is public and thus not patentable.
  
  I killed my spent mod points to respond to this. I have no problems with the gov't patenting something, just as long as they don't use it to prevent people from using it in a positive manner. It's possible the gov't patented this so they could share the information with other people and not worry about some private company patenting the idea and then sueing everyone else for us it. Basically - patent to allow people to use it. In this case we don't have to look at the gov't for being evil, but maybe the gov't is protecting us from companies who like to create submarine patents?
  
  Instead of looking at everything the gov't does and say "but it's evil because big brother did it", let's give them the benefit of the doubt.
  
  --
  
  I mod down so you can mod up. Your welcome.
Tape Dispenser Plans Missing on NSA Website by saintsfan · 2008-12-22 05:23 · Score: 5, Funny

Uh oh, someone stole the plans for the NSA Tape Dispenser, it is missing from their Domestic Technology Transfer Program website! http://www.nsa.gov/techtrans/techt00075.cfm
A Billion here a Billion there, pretty soon... by alcmaeon · 2008-12-22 05:24 · Score: 4, Funny

these false positives really begin to add up. Couple this will all the lame-brained terrorist detection schemes that create millions of false positives and we can see the plan to get America out of recession is to have every single citizen working for the government hunting snipe.
So... what? by Geminii · 2008-12-22 05:57 · Score: 3, Funny

The best this will be able to do is detect changes in latency patterns, possibly being able to narrow it down to certain network segments depending on how many devices are having their details analysed in real time.
"NSAapp: Latency change detected in segment AA23. No idea what it might mean. Send the intern."
Prior art: L0pht antisniff from 1999? by Hobart · 2008-12-22 06:09 · Score: 4, Insightful

Looking at the article, (and having skimmed but not read all of the patent), isn't AntiSniff (released by DilDog of L0pht in 1999) using this technique? (Slashdot article, Aug '99)
Original tech paper was on l0pht.com (now defunct) - looks like archive.org doesn't have a mirror, here's the best copy I could find in Google: http://servv89pn0aj.sn.sourcedns.com/~gbpprorg/l0pht/antisniff/tech-paper.html

--
o/~ Join us now and share the software ...
Re:Huh? by Amouth · 2008-12-22 06:48 · Score: 5, Interesting

i remember a while back a firend of mine that workd for a college was tasked with trying to find a person who was sniffing peoples logins on the campus wifi.. what he ended up doing was sending out garbled truncated packets - turns out that windows boxes running things like etheral would get the truncated packet and then request the rest of the packet even though it wasn't addressed to them.. very clever way of finding the stupid ones.. luckly the person they where after was stupid

--
'...if only "Jumping to a Conclusion" was an event in the Olympics.'