Re: Insecurity in Finnish parlament (computers)

[Valdis.Kletnieks () vt edu]

On Sun, 26 Dec 2004 14:34:24 GMT, James Tucker said:

> There are so many 'bits' that you simply could not filter all of them
> using standard electronics.

The first bad assumption - that you even *need* to filter all the bits.
It would be the *very* poor intelligence agency that didn't apply some
basic traffic analysis to get rid of the 99.998% of the traffic that's
probably not of interest - just toss out all the downloads from known pr0n
shops and music/video downloads that are known to be steganography-free,
and right *there* you've gotten rid of 95% of the traffic. ;)

Also, remember that we're talking *statistical* methods, they don't even
need to catch *every* packet.  For instance, you can reconstruct a large part
of your original mail just looking at my reply.  Similarly, if we were to snag
one side of 4 phone conversations of 15 of your friends 2 days before your
birthday, we could probably have a really good idea of when and where the party
was, even if we only caught 10% of the total talking....

>                               1) not fast enough, 2) the warehouses
> supposedly running echelon are not big enough to house the processing,

"supposedly".  If I were you, I'd look a few miles down the road for
buildings that look like 60 Hudson or One Wilshire.  If you can't figure
out why I name those 2 as examples, or examples of what, you're not
qualified to comment on this one.... :)

> 3) the buildings do not draw enough power and show no evidence of a
> generator inside,

And you verified the "draw power" measurement how, exactly?  We recently pulled
a feed from a power substation a mile down the road into our building.  It's
rated for 2 megawatts.  It's also underground so once the grass grows back,
you'll never know without special equipment.  What *is* visible is the cooling
towers and the UPS diesel - a 1.2 megawatt generator looks like a large diesel
locomotive for obvious reasons....  Bonus points if you can figure out what we
used it for.. ;)

> 4) i have not repeated the calculation myself, but
> it has been stated, by the EU report no less, that to analyse all of
> the data you would require more atoms than are present in the area

And you blindly accepted that number without doing even a back-of-envelope
calculation?  Hint - if the traffic were all encrypted with strong crypto,
the number might be right.  But very little is actually encrypted...

> be restricted to use in communications monitoring. oh, and 5) tapping
> the data, the number of data circuits leaving these countries is
> sufficiently high that there simply could not be enough bandwidth

You don't need a circuit to the analysis building.  You only need 3 feet
of cable from the router to the analysis box.  Go read up on the architecture
of the FBI "Carnivore" system - that involved a sniffer box that was sitting
in a rack at the ISP...

> entering the analysis buildings. This leaves 6) A decentralised virus
> which can infect many architectures and hide quite happily operating
> outside of normal conditions in order to not be visible. The
> requirements for such a thing (e.g. its ability to run on
> preprogrammed DSP's) and the required size and intelligence is simply
> not possible. 

Which is, of course, why Symantec and company are getting rich selling us
software to keep exactly that sort of thing out of our computers and cell
phones...  Naah, nobody could write a program to do that, so there's no
reason to have programs that defend against programs that do that... ;)

> not possible. This is not to say that communications don't get
> monitored, it is just to say that the report of 'everything you say is
> being watched' is quite simply false.

Maybe it is all being watched, and maybe it isn't.  A bit of thought shows
that acting as if it is all watched is the only sane way to behave - if you
know only 10% is watched, but can't tell *which* 10%, there's only one
thing to do....

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html