RE: [Full-Disclosure] Wiretap or Magic Lantern?
Date: 04/07/04

  • Next message: Guido van Rooij: "Re: [Full-Disclosure] Off-Topic: IKEA ownz Microsoft"
    Date: Wed, 7 Apr 2004 09:59:03 -0400

    It isn't nearly as difficult as you might think. A number of companies
    already make sniffing logging tools capable of the volumes you mention. They
    are used mainly in large financial traffic firms to ensure their data
    traffic is recoverable and to monitor for abuse. They are able to store
    terabytes of data. Of course terabytes isn't enough is it? So you only look
    for specific phrases and content matter. You use fuzzy logic to grade on a
    scale of interest and discard what you don't want (or that doesn't seem
    important enough to take up other space). You can keep a very large amount
    of related data that way. You use some logical way of determining what to
    look for, certain not so common phrases, specific equations, Specific
    chemical or equipment lists, specific names. I'd probably also look for key
    exchanges and open line key transmissions and storages. You come up with
    these filters based on prior knowledge and intelligence. You also know that
    certain traffic paths are likely to hit pay dirt. You don't have just one
    terabyte sized database you have many that the agents report back to. You
    have a team monitor each one. Databases and teams each report into an
    associated Hierarchy. The Db's feed up information and the teams coordinate
    with the other teams with guidance from leaders with access from other
    information sources. The NSA has over 3 Bill USD/Year in open book funding.
    So they are able to afford hundreds of teams. The FBI has more as does the
    CIA so pick your big brother. So it is defiantly possible.

    The real question though is why should we care.

    In the sense that we as individuals still have some privacy the statements
    about huge volumes still applies.

    The people who would be running these filters don't know who they are
    watching and they don't care. All they want to find are the people trying to
    make Anthrax or build a bomb. (If they are watching, I bet this mail meets
    their filters. I hope they get a kick out of it)

    It is very much a data coordination and mining job. Things that are easy to
    do and thousands of companies with less motivation are already good at data

    Probably fairly boring most of the time with moments when they actually find
    something making it worthwhile.

    Also there are a lot of other things they could spend those budgets on so it
    is quite likely that they are not doing anything like this but it is

    James Cupps
    Information Security Officer

    -----Original Message-----
    From: Feher Tamas []
    Sent: Wednesday, April 07, 2004 6:26 AM
    Subject: [Full-Disclosure] Wiretap or Magic Lantern?


    I wonder if the "Magic Lantern" trojan truly exists? I don't quite get
    this "Big Brother watches all Internet traffic realtime" story.

    1., The sheer volume of all traffic (IM, SMTP - including spam, P2P,
    webmail, etc.) must be too much no matter what Crays you have.
    (Imagine someone uses command line FTP right now, types "bin" and
    all the warning lights suddenly turn red at NSA HQ.)

    2., The terrorsts are not stupid, they use strong encryption and there is
    proof that PGP repels NSA.

    3., So I think it was some bugging method , either a software or
    hardware device (small thingie hidden in the keyboard).

    Regards, Tamas Feher.


    Canadian terrorist arrests a key win for NSA hackers
    by DAVID AKIN, Globe and Mail Update, 6 April 2004

    A computer hacker who allowed himself to be publicly identified only
    as "Mudhen" once boasted at a Las Vegas conference that he could
    disable a Chinese satellite with nothing but his laptop computer and a

    The others took him at his word, because Mudhen worked at the Puzzle
    Palace - the nickname of the U.S. National Security Agency facility at
    Fort Meade, Md., which houses the world's most powerful and
    sophisticated electronic eavesdropping and anti-terrorism systems.

    It was these systems, plus an army of cryptographers, chaos theorists,
    mathematicians and computer scientists, that may have pulled in the
    first piece of evidence that led Canadian authorities to arrest an
    Ottawa man on terrorism charges last week.

    Citing anonymous sources in the British intelligence community, The
    Sunday Times reported that an e-mail message intercepted by NSA
    precipitated a massive investigation by intelligence officials in
    several countries that culminated in the arrest of nine men in Britain
    and one in suburban Orleans, Ont. - 24-year-old software developer
    Mohammed Momin Khawaja, who has since been charged with
    facilitating a
    terrorist act and being part of a terrorist group.

    The Orleans arrest is considered an operational milestone for this vast
    electronic eavesdropping network and its operators. But Dave Farber,
    Internet pioneer and computer-science professor at Carnegie-Mellon
    University in Pittsburgh, said the circumstances are also notable
    because it will be the first time that routine U.S. monitoring of e-
    mail traffic has led to an arrest.

    "That's the first admission I've actually seen that they actually
    monitor Internet traffic. I assumed they did, but no one ever admitted
    it," Mr. Farber said.

    Officials at the NSA could not be reached for comment. But U.S.
    authorities are uniquely positioned to monitor international Internet
    and telecommunications traffic because many of the world's
    international gateways are located in their country. And once that
    electronic traffic touches an American computer -- an e-mail message, a
    request for a website or an Internet-based phone call, for instance --
    it is routinely monitored by NSA spies.

    "Foreign traffic that comes through the U.S. is subject to U.S. laws,
    and the NSA has a perfect right to monitor all Internet traffic," said
    Mr. Farber, who has also been a technical adviser to the U.S. Federal
    Communications Commission.

    That's what happened in February, when NSA officers at Fort Meade
    intercepted a message between correspondents in Britain and Pakistan,
    The Sunday Times reported. The contents of that message have not
    revealed, but are significant enough that dozens of intelligence
    officials were mobilized in Britain, Canada and the United States.

    The intelligence officers at Fort Meade rely on a sophisticated suite
    of supercomputers and telecommunications equipment to analyze
    of messages and phone calls each day, looking for certain keywords or
    traffic patterns.

    Internet traffic is chopped up into small chunks called packets, and
    each individual package is then routed over the Internet, to be
    reassembled at the recipient's end. The packet is wrapped in what
    computer scientists sometimes refer to as the envelope. And just as the
    exterior of a regular piece of mail contains important addressing
    information, so does the envelope of a digitized packet. These bits of
    information are called headers, and they can be valuable to
    investigators as well.

    Headers typically contain generic descriptions of the packet's
    contents, in order to let computers make better decisions about how to
    route the packet through the Internet. E-mail traffic gets a lower
    priority than Internet video traffic, for instance.

    Headers also pick up the numeric or Internet Protocol (IP) address of
    all the computers a packet touches as it travels from its originating
    machine all the way to its destination. Every computerized device
    connected to the Internet has its own unique IP number.

    Investigators could program their supercomputers to flag packets of
    information that met certain criteria, such as a certain IP number, a
    certain traffic pattern or a certain kind of content. As soon as a
    packet is flagged, investigators would apply for warrants to assemble
    the packets and read the messages' contents.


    Full-Disclosure - We believe in it.
    This message may contain information which is private, privileged or
    confidential and is intended solely for the use of the individual or entity
    named in the message. If you are not the intended recipient of this message,
    please notify the sender thereof and destroy / delete the message. Neither
    the sender nor Sappi Limited (including its subsidiaries and associated
    companies) shall incur any liability resulting directly or indirectly from
    accessing any of the attached files which may contain a virus or the like.

    Full-Disclosure - We believe in it.

  • Next message: Guido van Rooij: "Re: [Full-Disclosure] Off-Topic: IKEA ownz Microsoft"

    Relevant Pages

    • [Full-Disclosure] Wiretap or Magic Lantern?
      ... all the warning lights suddenly turn red at NSA HQ.) ... Internet pioneer and computer-science professor at Carnegie-Mellon ... monitor Internet traffic. ... so does the envelope of a digitized packet. ...
    • Risks Digest 27.68
      ... Apple Says It Is 'Unaware' of N.S.A. iPhone Hack Program ... Local restaurant chain source of data breach that compromised card info ... Recent *Der Spiegel* coverage about the NSA and GCHQ ... Internet citizen mobilization and the law ...
    • Re: Government Wire Taps (nbc)
      ... WASHINGTON -- The National Security Agency, in carrying out President Bush's order to intercept the international phone calls and e-mails of Americans suspected of links to Al Qaeda, has probably been using computers to monitor all other Americans' international communications as well, according to specialists familiar with the workings of the NSA. ... It captures reams of data from satellites, fiberoptic lines, and Internet switching stations, and then uses a computer to check for names, numbers, and words that have been identified as suspicious. ...
    • Risks Digest 27.59
      ... ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ... Opinion: Don't Gerrymander the Internet! ... No Morsel Too Minuscule for All-Consuming NSA (Scott Shane via ... Subject: Utility network protection? ...
    • Like this was shocking!!
      ... "What the heck is the NSA doing here?" ... Internet records of more than a dozen global and regional telecom providers. ... AT&T allowed the agency to hook into its network and, according to Klein, ... The job entailed building a "secret room" in another AT&T office 10 blocks ...