[163374] in North American Network Operators' Group
Re: PRISM: NSA/FBI Internet data mining project
daemon@ATHENA.MIT.EDU (Mark Seiden)
Fri Jun 7 06:35:13 2013
From: Mark Seiden <mis@seiden.com>
In-Reply-To: <CABL6YZTGVEdcdun2MPRa6VeZa91vu5XvJpzMXzQt2NYq6BWjdQ@mail.gmail.com>
Date: Thu, 6 Jun 2013 22:57:07 -0700
To: jamie rishaw <j@arpa.com>
Cc: goemon@anime.net, NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jun 6, 2013, at 10:25 PM, jamie rishaw <j@arpa.com> wrote:
> <tinfoilhat>
> Just wait until we find out dark and lit private fiber is getting =
vampired.
> </tinfoilhat>
>=20
well, that's exactly and the only thing what would not surprise me, =
given the eff suit=20
and mark klein's testimony about room 421a full of narus taps. mark =
klein is an
utterly convincing and credible guy on this subject of tapping transit =
traffic.
but the ability to assemble intelligence out of taps on providers' =
internal connections=20
would require reverse engineering the ever changing protocols of all of =
those providers. =20
and at least at one of the providers named, where i worked on security =
and abuse,=20
it was hard for us, ourselves, to quickly mash up data from various =
internal services=20
and lines of business that were almost completely siloed --=20
data typically wasn't exposed widely and stayed within a particular=20
server or data center absent a logged in session by the user. =20
were these guys scraping the screens of non-ssl sessions of interest in =
real time?
with asymmetric routing, it's hard to reassemble both sides of a =
conversation, say
in IM. one side might come in via a vip and the other side go out =
through the default
route, shortest path. only *on* a specific internal server might you see =
the entire=20
conversation. typically only the engineers who worked on that =
application would
log on or even know what to look for.
and also, only $20m/year? in my experience, the govt cannot do anything =
like this=20
addressing even a single provider for that little money.
and pretty much denials all around. so at the moment, i don't believe =
it. =20
(and i hope it's not true, or i might have to leave this industry in =
utter disgust
because i didn't notice this going on in about 8 years at that provider =
and it was
utterly contrary to the expressed culture. =20
take up beekeeping, or alcohol, or something.).
>=20
>=20
> --=20
> Jamie Rishaw // .com.arpa@j <- reverse it. ish.
> arpa / arpa labs
