Slashdot Mirror

← Back to Stories (view on slashdot.org)

Shadowy Tech Brokers Deliver Data To the NSA

Posted by Soulskill on from the in-30-minutes-or-it's-free dept.

An anonymous reader notes an article about a group of companies whose business is to wiretap various ISPs (with permission) to gather data in response to federal subpoenas. Many smaller ISPs don't have the resources to deal with the flood of data requests from agencies like the NSA, so they outsource compliance and collection in order to keep costs down. The article profiles one of these companies, called Neustar: Neustar can in many cases execute the warrant from anywhere within the U.S., keeping within the bounds of the country's surveillance law. But when a wiretap device is needed, they are not hard to come by. Most networking equipment makers sell devices that can be used to collect data, or used to inspect data — so-called deep-packet inspection devices, which can also be used to prevent piracy, the spread of malware, and website access, all at the Internet provider level. Once a FISA warrant is issued, so-called "tasking" orders, which contain selectors — like a phone number or an email address — are often sent electronically to the ISP. These tell the ISP or phone company, or third-parties like Neustar, exactly where to wiretap and what data to collect to hand back to the requesting authority.

35 comments

  1. Remember folks! by Anonymous Coward · · Score: 2, Interesting

    It's not censorship when it's not the government doing it.

    It's not oppression when it's not the government doing it.

    It's not fascism when it's not the government doing it.

    It's not a Constitutional violation when it's not the government doing it.

    1. Re:Remember folks! by ogdenk · · Score: 0

      Shut up dick, I'm watching "Ow, my balls!"

    2. Re:Remember folks! by Jeremiah+Cornelius · · Score: 5, Insightful

      Man. Just think HOW MUCH WORSE it would have been, if the Nazis or the Communists won. We'd have to watch everything we say, not sure if our innocent statements were being permanently recorded - only to be retrieved and used against us, years later.

      Oh, wait...

      Well I'm sure glad that the people spying on us are also the one's reassuring us that Russia is evil, and all the other dangers we are protected from.

      --
      "Flyin' in just a sweet place,
      Never been known to fail..."
    3. Re:Remember folks! by Anonymous Coward · · Score: 0

      If they had won, you'd be dead by now.

    4. Re:Remember folks! by Anonymous Coward · · Score: 1

      Wasn't the saying, "Better dead than red?"

      In this case, I'm confused.

    5. Re: Remember folks! by Anonymous Coward · · Score: 0

      Honey where are my pants?

    6. Re:Remember folks! by Anonymous Coward · · Score: 0

      I'm pretty sure one thing Jeremiah Cornelius would never say seriously is "better dead than red."

    7. Re:Remember folks! by matthias.loeffel · · Score: 1

      As a non-native english speaker, it took me a minute to spot the implied "sarcasm"-tag. But i was very relieved when i found it! :-)

  2. Pondering... by thechemic · · Score: 4, Funny

    Wouldn't a "New Star" (Neustar) be similar to "New World". So if you place an order with Neustar, is that a New World Order?

    --
    Let's make like a bird... and get the flock outta here.
  3. Funny title, if read too quickly by Crayz9000 · · Score: 3, Funny

    Now I'm half expecting Commander Shepard to show up at the NSA seeking information on the Shadow Broker.

  4. Full Packet Capture by brunes69 · · Score: 3, Informative

    so-called deep-packet inspection devices, which can also be used to prevent piracy, the spread of malware, and website access, all at the Internet provider level....

    Er, no, that is not what full packet capture devices are used for AT ALL.

    Full packet capture devices are typically used for digital forensics. For example, your company gets hacked using an APT and you know that probably data was exfiltrated, but you don't know exactly what data was taken and you don't know how these guys got into your system. A full packet capture device can help here. Another way they are typically used is to produce evidence for court cases where employees steal company data and so forth, or browse child porn at work, etc.

    They are NOT typically used to "prevent piracy" or "spread of malware" or "website access", I don't even see the use case here. I think the OP is confusing full packet capture with layer 7 application state firewalls, which ARE used for the above.

    1. Re: Full packet Capture by Anonymous Coward · · Score: 0

      or used to inspect data — so-called deep-packet inspection devices, which can also be used to prevent piracy, the spread of malware, and website access, all at the Internet provider level.

      Who said "full packet capture"? Oh, you said full packet capture. Expert swordsmanship, sir. You showed that strawman what for.

      IDS systems absolutely do all of the above. Especially when you throw in Comcast's use of Sandvine to throttle torrents.

    2. Re: Full Packet Capture by Anonymous Coward · · Score: 0

      Just, wow. Go quoted the fantastic summary saying deep packet inspection, then argued about full packet capture.

    3. Re:Full Packet Capture by Jane+Q.+Public · · Score: 3, Informative

      They are NOT typically used to "prevent piracy" or "spread of malware" or "website access", I don't even see the use case here. I think the OP is confusing full packet capture with layer 7 application state firewalls, which ARE used for the above.

      Um, wrong.

      Deep-packet inspection was used routinely by the large ISPs to throttle certain kinds of traffic, until the FCC made them stop. This was just a couple of years ago.

      Maybe not "full" packet inspection, but it was deep packet inspection, so they could distinguish, for example, packets of BitTorrent traffic from packets containing streamed video from YouTube.

  5. Small ISP by Tablizer · · Score: 2

    What "smaller ISPs"? Are there many left? Haven't most merged into competition-free oligopolies already?

    --
    Table-ized A.I.
    1. Re:Small ISP by Jeremiah+Cornelius · · Score: 1

      She's a drag, a well-known drag. We turn the sound down on her and say rude things.

      --
      "Flyin' in just a sweet place,
      Never been known to fail..."
  6. Exactly where to wiretap? by DoofusOfDeath · · Score: 3

    Once a FISA warrant is issued, so-called "tasking" orders, which contain selectors — like a phone number or an email address — are often sent electronically to the ISP. These tell the ISP or phone company, or third-parties like Neustar, exactly where to wiretap and what data to collect to hand back to the requesting authority.

    By "where", I assume the article means San Francisco. And "whom" (if it were mentioned) would mean everyone in the damn country.

    NSA, I hope you die badly in a fire.

  7. kinda/sorta like red-light cameras by turkeydance · · Score: 1

    local law contracts out for "revenue enhancement". in this case, the GubMint overwhelms for "data enhancement". low hanging fruit. yum yum.

  8. Everybody misses the point with the NSA by Anonymous Coward · · Score: 4, Informative

    The real dark nightmare isn't the NSA as a government agency.

    It's the fact that the NSA is really a cartel of private companies that, as private companies do, work for the good of their bottom line first, and everything else second. They will do everything they can do to get them more business. When their business is undermining your right to privacy guess what the fuck is going to happen?

    Welcome to the "Security Services Complex" - Dark budgets. Secret courts. No oversight. They make money and you lose. It's a gigantic scam and nobody, not even Congress or the President really has the ability to audit them.

    And really, what incentive do they have? What happens if a headless, unaccountable NSA doesn't feel like having their budget slashed? They really could do anything they wanted to intimidate/blackmail/smear/disappear an inconvenient politician and no one would be the wiser.

    Don't forget about Snowden. What's important about Snowden really isn't the leaked information. It's the fact he was just some flunky working for a private contractor. He was able to do what he did because he was walking out of an office building with flash drive. National security reduced to a run of the mills business IT security social engineering attack.

    1. Re:Everybody misses the point with the NSA by khallow · · Score: 4, Insightful

      I find it interesting how we can gloss over the power from being a government agency with access to the data of billions of people and veer right into ZOMG someone's making money! The real story is power without accountability. You could have dropped the first two paragraphs without materially changing a thing.

      Motive just isn't that relevant. An organization brutalizing or blackmailing you for your own good is just not that different from one doing it to make a buck. Except that the latter would stop when things start to get unprofitable.

  9. Open Many Doors by JimSadler · · Score: 1

    Data collection and spying are going to force society to take all kinds of steps. As the ability to detect increases the number of violations will become ever more obvious. So now we are left with a very serious issue. It is impossible to enforce the laws when you can catch all the violations. Suppose as a simple example that we can catch ten million Americans cheating the IRS. There is simply no way to process and convict ten million people with any kind of fair judicial system. So most people would effectively be allowed to continue cheating while others would be punished. How does nepotism, racism, bribery and all manner of wrong do under such conditions.? We already detect far more people than we dare imprison and imagine what cops can do simply by sweeping up people and demanding even more people be reported by those detained ? I have already seen a situation in which a drug house was untouchable operated on the border of a public high school. The cops as well as the school were all very aware of the busy drug house and it was simply untouchable. It had reached the point at which an arch shaped window was in stalled so buyers could by dope in a drive through in plain view of everyone. Why authorities allowed that drug house to operate in plain sight I do not know but if they arrested everyone that purchased drugs in that drive through it might have bankrupted the city. What will happen when the slumbering public becomes aware that society gives some criminals a free pass?

    1. Re:Open Many Doors by jenningsthecat · · Score: 5, Insightful

      It is impossible to enforce the laws when you can catch all the violations.... What will happen when the slumbering public becomes aware that society gives some criminals a free pass?

      I think the premise of your argument, (that the primary concern of Three Letter Agencies is stopping crimes of various kinds), is largely false. The prime directive of these agencies, (organisms if you will, because they have many characteristics of living entities), is to grow, to thrive, to gain power, and to become ever more robust and resistant to damage. For example, the last thing the NSA wants is an end to terrorism and various foreign threats. Too much money is at stake, and too many jobs, careers, and personal empires are on the line; if enough enemies don't exist in reality, they will be fabricated as required. (BTW, all that data they're gathering comprises a shitload of raw material for said fabrication). Ditto for the DEA, (that's why you'll never see legalization of drugs), the military, etc.

      Wars of various kinds, (including NSA 'intelligence wars'), are simply too profitable to be 'won' or otherwise concluded; the agencies in question will continue to expand their power and reach so they can make damned sure that the wars will never end. As for the "slumbering public", your description of them answers the question you asked.

      --
      'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
    2. Re:Open Many Doors by TheMeuge · · Score: 5, Insightful

      It is impossible to enforce the laws when you can catch all the violations

      You're asking the wrong question - the correct question is this - how have we wound up in a situation where he have so many offenders, of so many laws, that there's not enough resources to lock them all up even if we knew every last one of them.
      The answer is simple - if you create a job which comes with money and power, and where the job description is writing laws - you are going to have more laws. It's inevitable. And in a society where as a lawmaker you are rewarded for being "tough on crime", each subsequent law will be nitpickier and more punishing than the last.
      That's it - our own system is going to bury us all in petty crime.
      Freedom is the ability to break little rules. Rule of law is when you get caught when you break the big rules. A police state is when everyone is guilty, and it's up the police to decide who gets caught at what time.

      As someone who was born behind the Iron Curtain, I promise you that the latter is very very scary.

    3. Re:Open Many Doors by Anonymous Coward · · Score: 0

      ..sounds like Obama and his desire to "manage" ISIS. We need just enough 'terrorism' to keep the military/defense contractors profitable.

    4. Re:Open Many Doors by Anonymous Coward · · Score: 1

      ... bury us all in petty crime ...

      Most petty crimes don't lead to imprisonment. The criminal system is dysfunctional but don't waste time with the parts that work.

      Petty crime does little long-term damage to society. Hence, the name. Some of the things marked as petty are quite serious. The damage of someone doing 30 over the speed limit can be quite large, but the probability of causing a one-off accident is low. So a fine provides a cumulative punishment (as well as repeat-offender laws) and the police get paid to enforce the law. This has its own problem as the police now have a revenue quota just like a sales manager. Issuing fines keeps the expense of imprisonment limited to acts of serious damage.

      ... when you break the big rules ...

      You mistakenly skipped over the real problem. The number of big rules increase and the number of petty crimes decrease, thanks to the politicians. Most of these deal with the war on drugs/terror. Like 10 years, for a first offense, after police entrapment to deal drugs. Like minimum sentence for a drug-dealer when he entraps another person to sell drugs.

      Then there are side-effect laws, which change the nature of the crime: Like when the perpetrator is liable for all crimes committed by a victim or the police. Like when the police no longer need evidence of a crime to treat any person, not a suspect, as a criminal.

    5. Re:Open Many Doors by AHuxley · · Score: 1

      Re: 'Why authorities allowed that drug house to operate in plain sight I do not know but if they arrested everyone that purchased drugs in that drive through it might have bankrupted the city. What will happen when the slumbering public becomes aware that society gives some criminals a free pass?"
      Options: see where the cash goes and follow it up to the 'top' by offering all the lower people found "informant" status.
      This builds insiders and providers open court parallel construction cover to hide mention of the telco 'tech' - eg an insider was used to bring a case to court vs the tame US phone system, tame OS and junk encryption software tracked people of interest 24/7 for years.
      Add in voice prints, gps, tracking, new calls connecting to known cell numbers... its just waiting for the press friendly raid to get another federal grant.
      The other aspect is the funding for the mil/gov bureaucrats and their private sector contractor friends. The conditions allow for huge buy ins of telco tech, training, support and upgrades via ex gov staff who entered the private sector.
      Everybody is winning via the gov spending on gov telco signals systems. The gov may not even need to pay the telcos for some tech and might just go tap direct into the private sector telco networks as the encryption is so poor and needed hardware so cheap. That also cuts out the private staff talking to the press risk.
      As for the drug deals tracked by signals intelligence: the producers just want to ship product, the shipment networks are tracked, the sellers move/launder/divert their massive cash profits via friendly Western banks, the Western banks look after their long term shareholders... the police get federal budgets/grants to raid low end users.... everybody of importance is winning.
      The gov tells itself it does not want to endanger "parallel construction". The private sector just wants to keep the gov upgrading and in need of complex generational maintenance contracts.

      --
      Domestic spying is now "Benign Information Gathering"
  10. FISA directives are not warrants by Anonymous Coward · · Score: 4, Insightful

    Please don't call FISA directives "warrants." They aren't issued upon probable cause of suspicion of a crime. NSA defenders love calling them that because it gives them a false veneer of legality.

    1. Re: FISA directives are not warrants by Anonymous Coward · · Score: 0

      This post is an example of why you should not take anything from cold fjord, salt or no.

    2. Re: FISA directives are not warrants by Anonymous Coward · · Score: 0

      That's correct just a long as you are, and wish to remain, ignorant or misinformed.

  11. I worked for a small ISP by Anonymous Coward · · Score: 1

    Our CALEA vendor deployed their own router to create a VPN from the core of our ISP to their network. When a subpoena was issued, they had pre-configured access via SNMP to the core routers to enabled/disable "lawful intercept" duplication of interesting traffic which then flowed over the vpn to their data collection servers. From there, they parse and interpret and forward on to the requesting agency. SSL protected traffic? Useless...

    "Lawful intercept" is a feature set built into all core router images sold to ISPs, since as an ISP you are compelled by law to provide intercept upon request. Guess what you want to attack if you're a hacker?

    Just gave you the big red barn...go knock on the door.

  12. no, retard by Anonymous Coward · · Score: 0

    no, retard, if you had read it at all, it's very specific, not the dragnet that certain people are claiming. The ability is to catch everything, the warrants are for specific things.

  13. Ugh by koan · · Score: 1

    http://en.wikipedia.org/wiki/N...

    Neustar also operates the authoritative directory for U.S. Common Short Codes, part of the short messaging service (SMS) relied upon by the U.S. wireless industry, and provides solutions used by mobile network operators to enable mobile instant messaging for their end users.

    --
    "If any question why we died, Tell them because our fathers lied."
  14. that's not neustar's main business by Anonymous Coward · · Score: 0

    Neustar is a huge corporation responsible for a lot of IT infrastructure in the US including acting as the registry for the .US top level domain and all phone number registrations in the US. I would imagine they're helping with wire taps just because they have the experience. I'd like to hate on companies that violate our privacy but this post seems pretty bs.