Slashdot Mirror

← Back to Stories (view on slashdot.org)

Results From "Jam Echelon Day"

Posted by ryuzaki0 on from the peanut-butter-and dept.

snotty sent us linkage to a USA Today story talking about the results of Jam Echelon Day. We mentioned this a bit earlier. Sorta a depressing followup I guess, but worth a read.

3 of 178 comments (clear)

  1. If Echelon is as good as many think it is... by FallLine · · Score: 4

    If Echelon is as good as many seem to think it is, why raise all the fuss? If mere key words can't trigger it, and its actually able to tell pick "bad" intent out amongst all the other noise, what is the problem? eg: assasinate president in the name of allah, blow DC up, blow airplane up, etc etc etc.

    Unless this thing returns a significant number of false positives (which it might); I, for one, am not that alarmed by this. If only terrorists and criminals are affected, I couldn't give a damn.

    The issue is when they use this technology to audit anything they don't like -- abusing the power. I suppose this is a legitimate concern, but many advocates of "Jam Echelon" bring nothing but FUD to the table. They ought to give a coherant and rational argument as to how it could affect decent citizens adversely.

  2. An NSA patent by mjg · · Score: 4

    I was this over on HNN a while back, related to Echelon and a patent the NSA has for "document retrieval" which would, according to the information on their site, ignore the type of stuff people were sending for "Jam Echelon Day".

    Basically, it can figure out what a document is about in spite of things such as keywords being planted in the document (ala the Jam Echelon plan), and is not dependant on the language of the document. It works by relating the document to a database of other document fragments, they say.

    The NSA's website has some information about it, and this is the patent itself.

    If this stuff exists and works, then Jam Echelon was a waste of time on the technical side - but I think the main point was to raise awareness, and that it has done.

  3. Got to be getting sloppy by ajs · · Score: 4
    Echelon has already got to be getting sloppy. There's so much traffic that's going to be hard to handle. For example, VPNs are becoming quite popular, and while I'm sure the NSA has the technology to crack the top 10 hardware-VPN strategies, I'm also sure that the fact that, e.g. F5's BigIP ships with a myriad of encryption options has got to be pissing them off. This could be defeated by making a "deal" with companies that ship VPN hardware, but still, software VPNs aren't uncommon at all, and they too have a myriad of options.

    I also can't see the NSA throwing compute resources at every single Email message with image attachments (unless they just have a statistical analyzer that tells them if a given image might have been dicked with to embed encrypted text).

    Overall, I'd say that Echelon is now pretty much stuck with three classes of analysis:

    1. By individual (e.g. anything coming from the Iraqi embasy or from an anonymous remailer is probably worth breaking).
    2. By analyzing plain text (it's amazing how much info can be gained by looking at what isn't obfuscated).
    3. By breaking certain cyphers which they have standard attacks for. For example, it's basically a given at this point that they have built the next-generation of the DES craker, and can probably take DES-encrypted data-streams apart in real time. 3DES is probably just as unsafe.

    Given the above and the fact that almost no one encrypts phone converstations, I'll bet Echelon gets quite a bit, but it would be easy to move data through in the noise in such a way that it would be almost impossible to detect, much less break.

    How would I do it? Probably by setting up several VPNs which constanntly move random data. I would use several encryption technologies, and occasionally move small chunks of the real data over arbitrary subsets of the pipes. The real data would, of course, be encrypted once re-assembled using yet another scheme. Just to muddy the waters, I would also move chunks of the newspaper this way at least once a day.

    Of course, I would only do this if I had something to hide, but these days, every business has something to hide, because you never know if your competition is bribing some lacky at the NSA to get your Email. Sure, that would be hard. Just look at the excellent security that the DOE was maintaining.... :-(

    These days businesses can't affort to not be paranoid. And, yes, I know there are several simple flaws with the above, but if I told you exactly what I'd do, someone would write an engine to detect it, and that would defeat the point.