Full Disclosure mailing list archives
Re: Wiretap or Magic Lantern?
From: Maarten <fulldisc () ultratux org>
Date: Wed, 7 Apr 2004 14:11:31 +0200
On Wednesday 07 April 2004 12:26, Feher Tamas wrote:
Hello, I wonder if the "Magic Lantern" trojan truly exists? I don't quite get this "Big Brother watches all Internet traffic realtime" story.
I say, where there is smoke there is fire...
1., The sheer volume of all traffic (IM, SMTP - including spam, P2P, webmail, etc.) must be too much no matter what Crays you have. (Imagine someone uses command line FTP right now, types "bin" and all the warning lights suddenly turn red at NSA HQ.)
If a single commercial entity like Google can already index a very large amount of the web using of-the-shelf linux boxes, a vastly much more determined agency with _virtually_unlimited_ resources and funding can certainly index a LOT of information that's flying through the wires. The trick is tuning the system which triggers the alarm bells. My guess is, that is an endless process of trial and error and retune. But realize that they have years, decades of experience in that field. I'm sure the most ingenious algorythms are being deployed, presumably algorythms that haven't even been disclosed anywhere yet. You can bet they don't (just) use a tweaked spamassassin script to filter all that information. ;-) Your example above, the string 'bin' is just plain stupid. We don't have snort triggering on strings like 'sbin' or 'kernel', now do we ? Me thinks you vastly underestimate how the NSA filters, and more importantly, what they filter on, and how they parse the context in which something is found. And secondly, do you actually think that two terrorists will even include a string "bin laden" in their mails ? They're not stupid either. So the NSA, thinking a few steps ahead, may well disregard any "bin laden" strings (since that most probably is just another CNN news story) and concentrate on finding the "harmless_at_first_glance" communications. HOW is anyone's guess...
2., The terrorsts are not stupid, they use strong encryption and there is proof that PGP repels NSA.
If they [only] use PGP they would indeed be quite stupid. Most of the time, the only thing the NSA needs is seeing a communication between a suspect party and another one. The content of said communication is largely irrelevant, the fact that a contact was established is enough. Remember, terrorists don't need to be _secret_, they need to be inconspicuous. Maarten -- Linux: Because rebooting is for adding hardware. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Wiretap or Magic Lantern? Feher Tamas (Apr 07)
- Re: Wiretap or Magic Lantern? Maarten (Apr 07)
- Re: Wiretap or Magic Lantern? Szilveszter Adam (Apr 07)
- Re: Wiretap or Magic Lantern? Maarten (Apr 07)
- Re: Wiretap or Magic Lantern? Szilveszter Adam (Apr 08)
- Re: Wiretap or Magic Lantern? Cael Abal (Apr 07)
- RE: Wiretap or Magic Lantern? Brent Colflesh (Apr 07)
- Re: Wiretap or Magic Lantern? Maarten (Apr 07)
- RE: Wiretap or Magic Lantern? Byron Copeland (Apr 07)
- RE: Wiretap or Magic Lantern? Ron DuFresne (Apr 07)
- RE: Wiretap or Magic Lantern? Brent Colflesh (Apr 07)
- Re: Wiretap or Magic Lantern? Exibar (Apr 07)
- Re: Wiretap or Magic Lantern? Maarten (Apr 07)