Full Disclosure mailing list archives
Re: IRC spying to increase
From: Darren Reed <avalon () cairo anu edu au>
Date: Fri, 15 Oct 2004 16:05:54 +1000 (EST)
In some mail from Ali Campbell, sie said:
A waste of money. They won't find anything...... people are too smart to use chatrooms to discuss elite stuff. Another reason to vote Bush out. :-)Also seems like a lot of money for something I seem to remember was done singlehandedly by Steve G***** when he was trying to track DDoS IRC bots ...
What he did was nothing like what this research proposal is for. With statements like this (and some of the other comments that follow up to this post) I wonder how low the average level of comprehension for the English language is for the average readers on this list (or at least of those who send emails.) I don't need anyone to tell me or give me their opinions on this, either. What it's actual relevance is to full-disclosure, I'm not all that sure of either, it's not actually computer security related, at all. It is more appropriate to some list that talks about spook activity. But then given who actually forwarded it to the list, that's not surprising. Lets look at the original email:
October 11, Associated Press - U.S. funds chat-room surveillance study. The U.S. government is funding a yearlong study on chat room surveillance under an anti-terrorism program. A Rensselaer Polytechnic Institute computer science professor hopes to develop mathematical models that can uncover structure within the scattershot traffic of online public forums. Professor Bulent Yener will use mathematical models in search of patterns in the chatter. Downloading data from selected chat rooms, Yener will track the times that messages were sent, creating a statistical profile of the traffic. "For us, the challenge is to be able to determine, without reading the messages, who is talking to whom," Yener said. The $157,673 grant comes from the National Science Foundation's Approaches to Combat Terrorism program. It was selected in coordination with the nation's intelligence agencies.
For those that can't read English, what they want to attempt to do is look at timestamps of when a message from various parties (X,Y,Z) are sent and determine who is talking to whom given their proximity in time. They're not interested in the content of the messages, presumably because this is a privacy violation. This isn't so much of a problem in small forums of under 10 people, where there's rarely more than one conversation thread running at a time, but put 50 people in the same chat room and it is not uncommon for there to be multiple conversation threads, intermingled. So why target this sort of chat room? Because if you're a terrorist and you want to chat to your fellow terrorist in real time using a chat network, then it is much easier to hide your content in a busy chat room than in some quiet chat room (or network) where it is easy to assume an association between parties. As an example, if there are 50 people in the room, and at any given time a random dozen are talking but regardless of this dozen if a message from #16 is always followed a second later by one from #43, are they actually talking to each other, even if messages from each other don't reference the other in any way? I'm sure lots of people here would like to guess one way or the other, but when that guess work needs to be strong enough in formulation that the CIA/FBI/NSA can use it as part of a report on whether or not there is going to be a bombing attempt on the Golden Gate Bridge on Friday, you want the "guess" to be more educated than a "finger in the wind" and so spending significant $ and having someone who knows math makes a lot of sense. I don't know if this is the real scope of the research being done, but I'm pretty sure it's at a level deeper than the "lets snoop/spy on traffic and see who's doing what." Darren _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- EEYE: Windows Shell ZIP File Decompression DUNZIP32.DLL Buffer Overflow Vulnerability Derek Soeder (Oct 12)
- Re: EEYE: Windows Shell ZIP File Decompression DUNZIP32.DLL Buffer Overflow Vulnerability Joe Stewart (Oct 13)
- IRC spying to increase Ron DuFresne (Oct 13)
- Re: IRC spying to increase xploitable (Oct 14)
- Re: IRC spying to increase Ali Campbell (Oct 14)
- Re: IRC spying to increase Darren Reed (Oct 15)
- Re: IRC spying to increase Ali Campbell (Oct 15)
- Re: IRC spying to increase xploitable (Oct 14)