Some people seem to think because they are 'anonymous' on the internet that they really are anonymous...
Gangs like the Zetas back up their vendettas with the butt of a gun and reign of bullets... Gangs like Anonymous back up their vendettas with putting dirty laundry out for all to see and DOS attacks.
In many ways Anonymous brought a twig to a machine gun fight.
Actually, it seems to me that this method of "warfare" could be extremely useful in eliminating your enemy without ever actually becoming personally involved. Anonymous doesn't ever need to point a weapon or pull a trigger, they're just showing the cartel's local enemies where to point their guns...
Unfortunately, Anonymous gets bored easily, ruling out any persistent denial of service.
... unless one were to attempt to alleviate one's boredom by writing a quick script to keep up a DoS attack - just because they're "Anonymous" doesn't mean they're retarded.
I know, bad form to reply to my own post, but I neglected to include some information that I felt was important enough to warrant the breach of netiquette.
Firstly, I wish to point out that my original intent was to show you that packet sniffing was indeed used in the attack (or information-gathering methodology, if you prefer).
Second, I would like to explain that it is not necessary to decode or decrypt the information in the packets, themselves, as the intent is to identify an individual, rather than to identify the content they are transmitting or receiving. The correlation is made between an individual BitTorrent user's traffic, and an (assumed to be the same) individual Skype user's traffic. The only information required for that inference is the source and destination of the packets.
That is to say, packet sniffing is involved. As you yourself quoted at me, the second paragraph of the wiki entry indicates (emphasis mine):
As data streams flow across the network, the sniffer captures each packet and, if needed, decodes the packet's raw data, showing the values of various fields in the packet, and analyzes its content according to the appropriate RFC or other specifications.
"Packet sniffing" does not necessarily indicate decryption/decoding. In this particular instance, the main concern is observing that packets are flowing, and sampling the sender and receiver information. The information indicating the packet's source and its destination are the only pertinent data, and are available with no more than a cursory glance at the packet to obtain the routing information. In other words, no more information is required than "if you were merely going to route it".
Being able to correlate the connection between the user and the BitTorrent swarm they are participating in, as well as correlating the user and the Skype node they are connected to, allows the observer (or attacker, depending on your viewpoint) to determine that a particular IP address that is communicating via the BitTorrent protocol is also communicating via the Skype protocol - if nothing else, the assumption that continued communication with IP addresses known to serve Skype and others that are known to serve BitTorrent seems to indicate that the required protocols are being observed.
IP Spoofing can not protect against this, as the communication is necessarily two-way, and without an accurate "return address" on the "envelope", the "package" will never be able to be successfully responded to - that is to say, the user would never receive the requested information because the address to send it to is false.
It is true that I have not read the article, and I am also not a Skype user. I am unaware of exactly how they are obtaining the identifying information from the Skype network.... but the fact remains that the "researchers" are able to obtain identifying information by correlating data from encrypted traffic - or more accurately, from the source and destination of that traffic.
As an aside, I am no longer quite so certain that this methodology will be deemed illegal, as the contents of the "conversation" are not necessarily discovered. Merely the fact of the conversation's existence seems to be enough to (accurately) point a finger.
[To] actually verify the packet is a Skype [packet] you have to pull it apart more [than] if you were merely going to route it.
... unless you happen to know that the destination IP belongs to a Skype service node, in which case all you need to know is where the packet is going - especially since you won't (in theory) be able to decode any information in the packet in the first place. Skype packets are encrypted, making packet disassembly a waste of time that could be used instead to correlate your internet traffic with individual components of a BitTorrent swarm and a known trafficker in Skype communications, without having to (or being able to) spy on what you were actually talking about on that Skype call.
On the bright side, it's likely to be inadmissible as evidence in court, due to the fact that the information is obtained via methods that will probably be deemed illegal; wiretapping without a warrant is illegal in most jurisdictions. On the not-so-bright side, that's unlikely to deter anyone; it should be easy enough to use the illegal evidence to construct a legal fiction in order to obtain the information in other ways.
All it is is data mining packets from skype nodes and comparing them to open torrent peer lists. This is not really surprising or scary to me. There are other 'researchers' who can link alot more data to you then this.
All the better reason to lock down your wireless network.
... to make absolutely certain that the traffic they're sniffing couldn't possibly come from an outside agent?
to determine the current IP address of identified and targeted Skype user (if the user is currently active)
Moral of the story - make sure you are logged off from Skype before file sharing.
... because there's no way they can acquire the Skype identification at "random time A", and then correlate that with the BitTorrent traffic at "random time B"...
If I am understanding the method properly, then anything that generates traffic can be used to correlate data, indicating that the BT user is also a user of (insert internet-using software here). Skype happens to be useful as an immediate indication of the identity of the user.
The question might then become, "What (legitimate) internet software might I be running, to cast doubt on whether I was using BT to acquire digital content illegally?"
For example, World of Warcraft uses BitTorrent to distribute patches, and can be configured to do so while you are logged in and playing. With the addition of the "Free to Play" aspect, your BitTorrent traffic might fly under the radar. I'm sure there are other pieces of software that can allow you to show good reason why your computer might have been servicing BitTorrent traffic...
Part of the problem, here, is that BitTorrent is coming under indirect attack by the media industry... most people will assume that "torrenting" is synonymous with "pirating".
The problem, despite my other posts in this thread, is not privacy. It's a lack of sane legislation.
Copyright has become a joke, completely unenforceable for nearly any digital content. It has become more and more illegal to do things that would have been considered "fair use" just a few years ago. Adding to this is the fact that digital media can't be "loaned to a friend", which increases the feeling of being treated like a criminal, which causes the users to be less and less inclined to actually follow the rules in the first place.
It's an arms race, and the world already had one of these. It was called the Cold War, and it nearly resulted in world-wide destruction. Unfortunately, humanity doesn't seem to have learned that escalating both sides of a conflict leads only to violence.
What we need is a new media distribution system that has the consumers' rights built into the relationship between the consumer and the content producer. I don't have any idea what that system might be, but almost anything would be better than the system we have now, where pirating digital media results in a superior quality product (less intrusion to the content itself, with quality not far below the physical media in most cases).
Depends on your internet speed and what else is making traffic in your vicinity. I've had Skype calls so bad that I literally could not understand what information the caller was attempting to convey.
A packet analyzer (also known as a network analyzer, protocol analyzer or sniffer, or for particular types of networks, an Ethernet sniffer or wireless sniffer) is a computer program or a piece of computer hardware that can intercept and log traffic passing over a digital network or part of a network.
Sniffing doesn't necessarily require opening the packets. Think of it this way: if you want to know who someone is sending mail to, and who they're receiving mail from, then all you need to do is look at the fronts of the envelopes in their mailbox - sender and receiver address information is there for all to see. You don't actually care what's written inside, you just want to know who they're talking to.
Of course, it's still illegal to tamper with the mail, but if you didn't actually open the mail, then you might just get a slap on the wrist, instead of a few years in the federal penitentiary - assuming it was proven you touched the mail in the first place.
Because NAT and UPNP wouldn't make a random Skype user and a different BitTorrent user appear to be coming from the same IP address..
No, it wouldn't. "Random" implies that they wouldn't necessarily know each other, whereas "same ip" implies they have knowledge of one another, since they are operating from the same physical network address.
What's illegal about it? What federal or state statute have they violated?
Wiretapping. Conspiracy to collect information assumed to be private, via technological means. Robocalling (the Skype phone, duh). Wardialing (same thing).
They've violated a boatload of communications regulations... and the fact that they did it as part of a multi-researcher study means it was premeditated, and they conspired to do it. Conspiracy to commit a misdemeanor is a felony.
The problem here would be that anyone who tries to have them arrested and/or takes them to civil court will be presumed guilty of something, because why else would we care if someone can tie our online activities to our real-world identities?
encouraging truck drivers to join their First Observer Highway Security Program an report anything suspicious that they see to authorities.
"Yes, sir, I see a bunch of people with no business digging around in the back of sealed containers en route to their destinations... digging around in sealed containers en route to their destinations."
Seriously, though, if I were contemplating placing explosives, drugs, or other contraband into a commercial vehicle, I would consider bribing a TSA agent to do the placing for me. There are so many of them, now, that it seems absurd to think there won't be at least one thinking they're underpaid and/or overworked... so many body cavities, so little time...
"For the rights to view my solution to your programming challenge, you will be required to purchase a license to view the code, at $300 per viewing eyeball. For the rights to implement and/or execute the solution, you will need to purchase a separate license, with a purchase price of $10,000 per cpu core expected to run it, and $5,000 per cpu core that has the potential to run it (ie, a separate device on the same network). I look forward to our future business relationship, and will assume a breach of contract if I have not heard from you within 14 business days."
... they currently have to go to a store and purchase a pre-paid debit card for cash (to which there is assessed a large fee in the purchase of).
Or more likely, get a money order for somewhere between $0.79 and $1.99, depending on the source and value. I had a discussion with my bank (located in the grocery store) about acquiring a cashier's check, which they wanted to charge me $5.00 for. I explained that I could get a money order at the (grocery store's) service desk, a mere 20 feet away, for $0.99 if they didn't want to help me. The teller agreed that it was reasonable for me to do so, but that she could not discount the fee.
My bank didn't make $0.99 that day, and I removed my funds from their possession shortly thereafter.
The point I was attempting to make is that Circle K, Kroger, Albertson's, etc. are more than happy to accept cash in exchange for a money order, and the paper trail vanishes (at least, between buyer and seller). The person receiving the money will still need to cash the money order, which will likely require ID, but the transaction trail is broken. I dare any authority to challenge me for attempting to cash any number of money orders for any range of values.
This law is ridiculous on its face, and doesn't accomplish its stated goal. If nothing else, it's impossible to enforce (the first sign of a bad law).
People running garage sales probably do not fall under the definition of second-hand dealers. If the law is narrowly defined to pawn shop and scrapyard dealers that would routinely deal with a high volume of stolen goods, I don't really have a problem with it.
Isn't it already required for pawn shops and scrapyard dealers to require ID, and record the transaction? I know I sold a bunch of soda cans to the metal yard a couple years ago, and they required ID before they'd hand me my cash.
If you don't support this law, then I hope you weren't one of the ones lashing out at Apple back then.
Your argument is invalid, flawed at its core. You are arguing that: if (We think cash should be a legal transaction tender for any transaction) then (We should not be arguing that Apple could refuse cash as payment for an iPhone);
In essence, you have stated that if we hate spaghetti, we should not be complaining about being force-fed spaghetti.
You fail at logic; Thank you for playing, please try again.
I'd argue most craigslisters and garage sales are likely people who are like that.
There is a house across the street from me that has a "yard sale" every weekend. There is a house down the street that only does it once every couple months, but when they do, they have multiple items, still in the original packaging. One of my next-door neighbors hasn't had a "real job" in several years, but makes a damn good living buying and selling on craigslist (among other places).
I would argue that most people don't give a rat's ass about the legalities of something that seems perfectly legal, and will continue doing as they please right up until they get caught... at which point it becomes a revenue stream for the authorities.
Let's skip over the "federal vs state" thing entirely... if the idea is to prevent transactions without a paper trail, does this mean that barter will also be outlawed?
I am not inclined to let the governement (any government, at any level) tell me what I can and can't trade with/for.
Let's assume the lawmakers sidestep the issue with "You can trade anything for any other thing, so long as there's a paper trail." What happens to the kid who trades his pudding cup for somone else's PB&J sammich at lunchtime? Do we fine and/or jail him for a receipt-less transaction?
Interesting numbers they used... 14 "psychopaths", and 38 "controls"...
Perhaps they selected their target/control groups based on how well they appeared to match the anticipated results? How many subjects were actually interviewed, and where is the rest of the data?
Slashdot Mirror
For some reason this XKCD comes to mind
http://xkcd.com/538/
Some people seem to think because they are 'anonymous' on the internet that they really are anonymous...
Gangs like the Zetas back up their vendettas with the butt of a gun and reign of bullets...
Gangs like Anonymous back up their vendettas with putting dirty laundry out for all to see and DOS attacks.
In many ways Anonymous brought a twig to a machine gun fight.
Actually, it seems to me that this method of "warfare" could be extremely useful in eliminating your enemy without ever actually becoming personally involved. Anonymous doesn't ever need to point a weapon or pull a trigger, they're just showing the cartel's local enemies where to point their guns...
Yeah, because comments with up-mods are inherently more truthful than those that have been down-rated.
Are you seriously using thumbs-up counters on YouTube videos as a yardstick for truth, accuracy, or anything at all connected with reality?
Unfortunately, Anonymous gets bored easily, ruling out any persistent denial of service.
... unless one were to attempt to alleviate one's boredom by writing a quick script to keep up a DoS attack - just because they're "Anonymous" doesn't mean they're retarded.
Has anyone else noticed how CyberPunk the world has gotten in the past couple years?
... just checking, chummer.
I know, bad form to reply to my own post, but I neglected to include some information that I felt was important enough to warrant the breach of netiquette.
Firstly, I wish to point out that my original intent was to show you that packet sniffing was indeed used in the attack (or information-gathering methodology, if you prefer).
Second, I would like to explain that it is not necessary to decode or decrypt the information in the packets, themselves, as the intent is to identify an individual, rather than to identify the content they are transmitting or receiving. The correlation is made between an individual BitTorrent user's traffic, and an (assumed to be the same) individual Skype user's traffic. The only information required for that inference is the source and destination of the packets.
That is to say, packet sniffing is involved. As you yourself quoted at me, the second paragraph of the wiki entry indicates (emphasis mine):
As data streams flow across the network, the sniffer captures each packet and, if needed, decodes the packet's raw data, showing the values of various fields in the packet, and analyzes its content according to the appropriate RFC or other specifications.
"Packet sniffing" does not necessarily indicate decryption/decoding. In this particular instance, the main concern is observing that packets are flowing, and sampling the sender and receiver information. The information indicating the packet's source and its destination are the only pertinent data, and are available with no more than a cursory glance at the packet to obtain the routing information. In other words, no more information is required than "if you were merely going to route it".
Being able to correlate the connection between the user and the BitTorrent swarm they are participating in, as well as correlating the user and the Skype node they are connected to, allows the observer (or attacker, depending on your viewpoint) to determine that a particular IP address that is communicating via the BitTorrent protocol is also communicating via the Skype protocol - if nothing else, the assumption that continued communication with IP addresses known to serve Skype and others that are known to serve BitTorrent seems to indicate that the required protocols are being observed.
IP Spoofing can not protect against this, as the communication is necessarily two-way, and without an accurate "return address" on the "envelope", the "package" will never be able to be successfully responded to - that is to say, the user would never receive the requested information because the address to send it to is false.
It is true that I have not read the article, and I am also not a Skype user. I am unaware of exactly how they are obtaining the identifying information from the Skype network.... but the fact remains that the "researchers" are able to obtain identifying information by correlating data from encrypted traffic - or more accurately, from the source and destination of that traffic.
As an aside, I am no longer quite so certain that this methodology will be deemed illegal, as the contents of the "conversation" are not necessarily discovered. Merely the fact of the conversation's existence seems to be enough to (accurately) point a finger.
[To] actually verify the packet is a Skype [packet] you have to pull it apart more [than] if you were merely going to route it.
... unless you happen to know that the destination IP belongs to a Skype service node, in which case all you need to know is where the packet is going - especially since you won't (in theory) be able to decode any information in the packet in the first place. Skype packets are encrypted, making packet disassembly a waste of time that could be used instead to correlate your internet traffic with individual components of a BitTorrent swarm and a known trafficker in Skype communications, without having to (or being able to) spy on what you were actually talking about on that Skype call.
This is an example of a side channel attack.
On the bright side, it's likely to be inadmissible as evidence in court, due to the fact that the information is obtained via methods that will probably be deemed illegal; wiretapping without a warrant is illegal in most jurisdictions. On the not-so-bright side, that's unlikely to deter anyone; it should be easy enough to use the illegal evidence to construct a legal fiction in order to obtain the information in other ways.
All it is is data mining packets from skype nodes and comparing them to open torrent peer lists. This is not really surprising or scary to me. There are other 'researchers' who can link alot more data to you then this.
All the better reason to lock down your wireless network.
... to make absolutely certain that the traffic they're sniffing couldn't possibly come from an outside agent?
Way to paint a target on your forehead.
to determine the current IP address of identified and targeted Skype user (if the user is currently active)
Moral of the story - make sure you are logged off from Skype before file sharing.
... because there's no way they can acquire the Skype identification at "random time A", and then correlate that with the BitTorrent traffic at "random time B"...
If I am understanding the method properly, then anything that generates traffic can be used to correlate data, indicating that the BT user is also a user of (insert internet-using software here). Skype happens to be useful as an immediate indication of the identity of the user.
The question might then become, "What (legitimate) internet software might I be running, to cast doubt on whether I was using BT to acquire digital content illegally?"
For example, World of Warcraft uses BitTorrent to distribute patches, and can be configured to do so while you are logged in and playing. With the addition of the "Free to Play" aspect, your BitTorrent traffic might fly under the radar. I'm sure there are other pieces of software that can allow you to show good reason why your computer might have been servicing BitTorrent traffic...
Part of the problem, here, is that BitTorrent is coming under indirect attack by the media industry... most people will assume that "torrenting" is synonymous with "pirating".
The problem, despite my other posts in this thread, is not privacy. It's a lack of sane legislation.
Copyright has become a joke, completely unenforceable for nearly any digital content. It has become more and more illegal to do things that would have been considered "fair use" just a few years ago. Adding to this is the fact that digital media can't be "loaned to a friend", which increases the feeling of being treated like a criminal, which causes the users to be less and less inclined to actually follow the rules in the first place.
It's an arms race, and the world already had one of these. It was called the Cold War, and it nearly resulted in world-wide destruction. Unfortunately, humanity doesn't seem to have learned that escalating both sides of a conflict leads only to violence.
What we need is a new media distribution system that has the consumers' rights built into the relationship between the consumer and the content producer. I don't have any idea what that system might be, but almost anything would be better than the system we have now, where pirating digital media results in a superior quality product (less intrusion to the content itself, with quality not far below the physical media in most cases).
Depends on your internet speed and what else is making traffic in your vicinity. I've had Skype calls so bad that I literally could not understand what information the caller was attempting to convey.
A packet analyzer (also known as a network analyzer, protocol analyzer or sniffer, or for particular types of networks, an Ethernet sniffer or wireless sniffer) is a computer program or a piece of computer hardware that can intercept and log traffic passing over a digital network or part of a network.
http://en.wikipedia.org/wiki/Packet_analyzer
Sniffing doesn't necessarily require opening the packets. Think of it this way: if you want to know who someone is sending mail to, and who they're receiving mail from, then all you need to do is look at the fronts of the envelopes in their mailbox - sender and receiver address information is there for all to see. You don't actually care what's written inside, you just want to know who they're talking to.
Of course, it's still illegal to tamper with the mail, but if you didn't actually open the mail, then you might just get a slap on the wrist, instead of a few years in the federal penitentiary - assuming it was proven you touched the mail in the first place.
How many people do you know, other than us slashdotters, that realize they have an IP address when their equipment has a connection to the internet?
How many even know what an IP address is?
Because NAT and UPNP wouldn't make a random Skype user and a different BitTorrent user appear to be coming from the same IP address..
No, it wouldn't. "Random" implies that they wouldn't necessarily know each other, whereas "same ip" implies they have knowledge of one another, since they are operating from the same physical network address.
What's illegal about it? What federal or state statute have they violated?
Wiretapping. Conspiracy to collect information assumed to be private, via technological means.
Robocalling (the Skype phone, duh). Wardialing (same thing).
They've violated a boatload of communications regulations... and the fact that they did it as part of a multi-researcher study means it was premeditated, and they conspired to do it. Conspiracy to commit a misdemeanor is a felony.
The problem here would be that anyone who tries to have them arrested and/or takes them to civil court will be presumed guilty of something, because why else would we care if someone can tie our online activities to our real-world identities?
encouraging truck drivers to join their First Observer Highway Security Program an report anything suspicious that they see to authorities.
"Yes, sir, I see a bunch of people with no business digging around in the back of sealed containers en route to their destinations... digging around in sealed containers en route to their destinations."
Seriously, though, if I were contemplating placing explosives, drugs, or other contraband into a commercial vehicle, I would consider bribing a TSA agent to do the placing for me. There are so many of them, now, that it seems absurd to think there won't be at least one thinking they're underpaid and/or overworked... so many body cavities, so little time...
"For the rights to view my solution to your programming challenge, you will be required to purchase a license to view the code, at $300 per viewing eyeball. For the rights to implement and/or execute the solution, you will need to purchase a separate license, with a purchase price of $10,000 per cpu core expected to run it, and $5,000 per cpu core that has the potential to run it (ie, a separate device on the same network). I look forward to our future business relationship, and will assume a breach of contract if I have not heard from you within 14 business days."
Your truthfulness factor is too high, you have been discluded from the pool of valid users.
... they currently have to go to a store and purchase a pre-paid debit card for cash (to which there is assessed a large fee in the purchase of).
Or more likely, get a money order for somewhere between $0.79 and $1.99, depending on the source and value. I had a discussion with my bank (located in the grocery store) about acquiring a cashier's check, which they wanted to charge me $5.00 for. I explained that I could get a money order at the (grocery store's) service desk, a mere 20 feet away, for $0.99 if they didn't want to help me. The teller agreed that it was reasonable for me to do so, but that she could not discount the fee.
My bank didn't make $0.99 that day, and I removed my funds from their possession shortly thereafter.
The point I was attempting to make is that Circle K, Kroger, Albertson's, etc. are more than happy to accept cash in exchange for a money order, and the paper trail vanishes (at least, between buyer and seller). The person receiving the money will still need to cash the money order, which will likely require ID, but the transaction trail is broken. I dare any authority to challenge me for attempting to cash any number of money orders for any range of values.
This law is ridiculous on its face, and doesn't accomplish its stated goal. If nothing else, it's impossible to enforce (the first sign of a bad law).
Out of curiosity, what pork was attached to this?
What's not to like?
My sudden lack of carbonated, caffeinated beverages.
People running garage sales probably do not fall under the definition of second-hand dealers. If the law is narrowly defined to pawn shop and scrapyard dealers that would routinely deal with a high volume of stolen goods, I don't really have a problem with it.
Isn't it already required for pawn shops and scrapyard dealers to require ID, and record the transaction? I know I sold a bunch of soda cans to the metal yard a couple years ago, and they required ID before they'd hand me my cash.
If you don't support this law, then I hope you weren't one of the ones lashing out at Apple back then.
Your argument is invalid, flawed at its core. You are arguing that:
if (We think cash should be a legal transaction tender for any transaction)
then (We should not be arguing that Apple could refuse cash as payment for an iPhone);
In essence, you have stated that if we hate spaghetti, we should not be complaining about being force-fed spaghetti.
You fail at logic; Thank you for playing, please try again.
I'd argue most craigslisters and garage sales are likely people who are like that.
There is a house across the street from me that has a "yard sale" every weekend. There is a house down the street that only does it once every couple months, but when they do, they have multiple items, still in the original packaging. One of my next-door neighbors hasn't had a "real job" in several years, but makes a damn good living buying and selling on craigslist (among other places).
I would argue that most people don't give a rat's ass about the legalities of something that seems perfectly legal, and will continue doing as they please right up until they get caught... at which point it becomes a revenue stream for the authorities.
Perhaps that's all this is in the first place.
Let's skip over the "federal vs state" thing entirely... if the idea is to prevent transactions without a paper trail, does this mean that barter will also be outlawed?
I am not inclined to let the governement (any government, at any level) tell me what I can and can't trade with/for.
Let's assume the lawmakers sidestep the issue with "You can trade anything for any other thing, so long as there's a paper trail." What happens to the kid who trades his pudding cup for somone else's PB&J sammich at lunchtime? Do we fine and/or jail him for a receipt-less transaction?
Interesting numbers they used... 14 "psychopaths", and 38 "controls"...
Perhaps they selected their target/control groups based on how well they appeared to match the anticipated results? How many subjects were actually interviewed, and where is the rest of the data?