Home page logo

nanog logo nanog mailing list archives

Re: PRISM: NSA/FBI Internet data mining project
From: Mark Seiden <mis () seiden com>
Date: Thu, 6 Jun 2013 22:57:07 -0700

On Jun 6, 2013, at 10:25 PM, jamie rishaw <j () arpa com> wrote:

Just wait until we find out dark and lit private fiber is getting vampired.

well, that's exactly and the only thing what would not surprise me, given the eff suit 
and mark klein's testimony about room 421a full of narus taps.   mark klein is an
utterly convincing and credible guy on this subject of tapping transit traffic.

but the ability to assemble intelligence out of taps on providers' internal connections 
would require reverse engineering the ever changing protocols of all of those providers.  
and at least at one of the providers named, where i worked on security and abuse, 
it was hard for us, ourselves, to quickly mash up data from various internal services 
and lines of business that were almost completely siloed  -- 
data typically wasn't exposed widely and stayed  within a particular 
server or data center absent a logged in session by the user.  

were these guys scraping the screens of non-ssl sessions of interest in real time?
with asymmetric routing, it's hard to reassemble both sides of a conversation, say
in IM.  one side might come in via a vip and the other side go out through the default
route, shortest path. only *on* a specific internal server might you see the entire 
conversation.  typically only the engineers who worked on that application would
log on or even know what to look for.

and also, only $20m/year?  in my experience, the govt cannot do anything like this 
addressing even a single provider for that little money.

and pretty much denials all around.   so at the moment, i don't believe it.  

(and i hope it's not true, or i might have to leave this industry in utter disgust
because i didn't notice this going on in about 8 years at that provider and it was
utterly contrary to the expressed culture.   

take up beekeeping, or alcohol, or something.).

Jamie Rishaw // .com.arpa () j <- reverse it. ish.
arpa / arpa labs

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]