Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: IRC spying to increase
From: Darren Reed <avalon () cairo anu edu au>
Date: Fri, 15 Oct 2004 16:05:54 +1000 (EST)

In some mail from Ali Campbell, sie said:

A waste of money. They won't find anything...... people are too smart
to use chatrooms to discuss elite stuff.

Another reason to vote Bush out. :-)

Also seems like a lot of money for something I seem to remember was done 
singlehandedly by Steve G***** when he was trying to track DDoS IRC bots ...

What he did was nothing like what this research proposal is for.  With
statements like this (and some of the other comments that follow up to
this post) I wonder how low the average level of comprehension for the
English language is for the average readers on this list (or at least
of those who send emails.)  I don't need anyone to tell me or give me
their opinions on this, either.

What it's actual relevance is to full-disclosure, I'm not all that sure
of either, it's not actually computer security related, at all.  It is
more appropriate to some list that talks about spook activity.  But then
given who actually forwarded it to the list, that's not surprising.

Lets look at the original email:

October 11, Associated Press - U.S. funds chat-room surveillance study.
The U.S. government is funding a yearlong study on chat room surveillance
under an anti-terrorism program. A Rensselaer Polytechnic Institute
computer science professor hopes to develop mathematical models that can
uncover structure within the scattershot traffic of online public forums.
Professor Bulent Yener will use mathematical models in search of patterns
in the chatter. Downloading data from selected chat rooms, Yener will
track the times that messages were sent, creating a statistical profile
of the traffic. "For us, the challenge is to be able to determine, without
reading the messages, who is talking to whom," Yener said. The $157,673
grant comes from the National Science Foundation's Approaches to Combat
Terrorism program. It was selected in coordination with the nation's
intelligence agencies.

For those that can't read English, what they want to attempt to do is look
at timestamps of when a message from various parties (X,Y,Z) are sent and
determine who is talking to whom given their proximity in time.  They're
not interested in the content of the messages, presumably because this is
a privacy violation.  This isn't so much of a problem in small forums of
under 10 people, where there's rarely more than one conversation thread
running at a time, but put 50 people in the same chat room and it is not
uncommon for there to be multiple conversation threads, intermingled.

So why target this sort of chat room?  Because if you're a terrorist
and you want to chat to your fellow terrorist in real time using a chat
network, then it is much easier to hide your content in a busy chat
room than in some quiet chat room (or network) where it is easy to
assume an association between parties.  As an example, if there are
50 people in the room, and at any given time a random dozen are talking
but regardless of this dozen if a message from #16 is always followed
a second later by one from #43, are they actually talking to each other,
even if messages from each other don't reference the other in any way?

I'm sure lots of people here would like to guess one way or the other,
but when that guess work needs to be strong enough in formulation that
the CIA/FBI/NSA can use it as part of a report on whether or not there
is going to be a bombing attempt on the Golden Gate Bridge on Friday,
you want the "guess" to be more educated than a "finger in the wind"
and so spending significant $ and having someone who knows math makes
a lot of sense.

I don't know if this is the real scope of the research being done, but
I'm pretty sure it's at a level deeper than the "lets snoop/spy on traffic
and see who's doing what."


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]