It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

The Echelon Surveillance Network

page: 2
1
<< 1    3 >>

log in

join
share:
sip

posted on Jan, 24 2007 @ 06:04 PM
link   
Hey Tom,
Regarding Echelon you gave a great example of its eavesdropping methods over phonelines. You know anything about it's abilties to snoop net connections? The amount of packets generated on the net every minute is enormous. If they do have their equipment in with ISP's it must be some heavy hardware as it would have to inspect each packet. Would it take into consideration secure connections such as SSL or SSH?

They must only snoop connections they know there's something going on. I mean switch on any packet capturing software (Wireshark, tcpdump) and check out the results. That is alot of info to go through.

Just some thoughts.

sip




posted on Jan, 24 2007 @ 06:21 PM
link   

Originally posted by sip

Hey Tom,
Regarding Echelon you gave a great example of its eavesdropping methods over phonelines. You know anything about it's abilties to snoop net connections? The amount of packets generated on the net every minute is enormous. If they do have their equipment in with ISP's it must be some heavy hardware as it would have to inspect each packet. Would it take into consideration secure connections such as SSL or SSH?

They must only snoop connections they know there's something going on. I mean switch on any packet capturing software (Wireshark, tcpdump) and check out the results. That is alot of info to go through.

Just some thoughts.

sip


You know, I've seen a web site on another network that had captured some of my emails from time to time. Certainly not all of them but a scattering. I thought it was interesting. I'm not sure if it was being done because of where I was or what, they didn't seem to have any rhyme or reason based on content.

As far as all web traffic, that's a lot of traffic. And you'd have to be on the backbone because you really don't know how any connection is going to be routed.

I'm not sure it's the same project, personally.

I know the feebs get theirs through a CALEA connection to your ISP. If they want to monitor your emails, they get a warrant (yeah) and your ISP delivers them the goods to a copy account. As far as that goes, you can command a 4ESS to do basically the same thing on a phone call.


sip

posted on Jan, 24 2007 @ 06:26 PM
link   

Originally posted by Tom Bedlam

Originally posted by sip

Hey Tom,
Regarding Echelon you gave a great example of its eavesdropping methods over phonelines. You know anything about it's abilties to snoop net connections? The amount of packets generated on the net every minute is enormous. If they do have their equipment in with ISP's it must be some heavy hardware as it would have to inspect each packet. Would it take into consideration secure connections such as SSL or SSH?

They must only snoop connections they know there's something going on. I mean switch on any packet capturing software (Wireshark, tcpdump) and check out the results. That is alot of info to go through.

Just some thoughts.

sip


You know, I've seen a web site on another network that had captured some of my emails from time to time. Certainly not all of them but a scattering. I thought it was interesting. I'm not sure if it was being done because of where I was or what, they didn't seem to have any rhyme or reason based on content.

As far as all web traffic, that's a lot of traffic. And you'd have to be on the backbone because you really don't know how any connection is going to be routed.

I'm not sure it's the same project, personally.

I know the feebs get theirs through a CALEA connection to your ISP. If they want to monitor your emails, they get a warrant (yeah) and your ISP delivers them the goods to a copy account. As far as that goes, you can command a 4ESS to do basically the same thing on a phone call.


Would you reckon there's an ongoing "filtering" of the web now for keywords? I'm assuming only emails and more than likely search engines are targeted (also forums such as this). It is hard to think that they would target all traffic. As you said they must be on a backbone, redirecting traffic is one thing, but sifting through it all is insane (but still possible).

sip



posted on Jan, 24 2007 @ 06:41 PM
link   

Originally posted by Morkoc96
Haha thats a great story, , i can picture that image of ben stiller in along came polly when he gets arrested by the fibbies for being a hitchhiker killer and has no idea what they are talking about and admits to it..even though you didnt admit to it..lol, the thought came to mind.


Thats actually "Theres Something About Mary".....but whatever.



posted on Jan, 24 2007 @ 06:45 PM
link   

Originally posted by sip

Would you reckon there's an ongoing "filtering" of the web now for keywords? I'm assuming only emails and more than likely search engines are targeted (also forums such as this). It is hard to think that they would target all traffic. As you said they must be on a backbone, redirecting traffic is one thing, but sifting through it all is insane (but still possible).

sip


There probably isn't much point looking at web page reads, that's a big percentage. You know pretty much what the page says. Emails, I could see, maybe file transfers.

You could get the load down by having the ISP's routers doing some basic upfront work for you, I'd guess. Doing deep packet inspection on every packet on the backbone would be tough, and on top of that you'd have to somehow coalesce the packets since they might not all go the same way during a session. Nasty. Of course, in practice that may be a lot more predictable than TCP/IP CAN be. Maybe these days the routers make sure all the packets in a session go the same route to ease the burden.

It would be a lot easier to just target individuals, I'd think.

We made a little packet duplicator thing a few years ago that clipped into a net drop and would either throw packets on the floor if they were from an IP blacklist, or would echo copies back to another place. You could get all the traffic or whatever IP list you wanted. It fit in little nooks and crannies and ran at wire speed. You could use something like that, I'd imagine, if you could gain access to your target's office and didn't want the ISP in on it.

Other than that I could see ways to do it but holy crap the hardware you'd need. On the other hand, they ARE the largest consumer of DSP boards and supercomputers.

The times I've gotten verbal warnings, they just spidered a forum and used a program to search the contents. The one time they really got ticked there was a four month delay between when I posted a bunch of stuff they didn't like and when the threads vanished and I got a free trip to the DC area. So it wasn't in anything like real time.


sip

posted on Jan, 25 2007 @ 03:37 PM
link   

Originally posted by Tom Bedlam

Originally posted by sip

Would you reckon there's an ongoing "filtering" of the web now for keywords? I'm assuming only emails and more than likely search engines are targeted (also forums such as this). It is hard to think that they would target all traffic. As you said they must be on a backbone, redirecting traffic is one thing, but sifting through it all is insane (but still possible).

sip


There probably isn't much point looking at web page reads, that's a big percentage. You know pretty much what the page says. Emails, I could see, maybe file transfers.

You could get the load down by having the ISP's routers doing some basic upfront work for you, I'd guess. Doing deep packet inspection on every packet on the backbone would be tough, and on top of that you'd have to somehow coalesce the packets since they might not all go the same way during a session. Nasty. Of course, in practice that may be a lot more predictable than TCP/IP CAN be. Maybe these days the routers make sure all the packets in a session go the same route to ease the burden.

It would be a lot easier to just target individuals, I'd think.

We made a little packet duplicator thing a few years ago that clipped into a net drop and would either throw packets on the floor if they were from an IP blacklist, or would echo copies back to another place. You could get all the traffic or whatever IP list you wanted. It fit in little nooks and crannies and ran at wire speed. You could use something like that, I'd imagine, if you could gain access to your target's office and didn't want the ISP in on it.

Other than that I could see ways to do it but holy crap the hardware you'd need. On the other hand, they ARE the largest consumer of DSP boards and supercomputers.

The times I've gotten verbal warnings, they just spidered a forum and used a program to search the contents. The one time they really got ticked there was a four month delay between when I posted a bunch of stuff they didn't like and when the threads vanished and I got a free trip to the DC area. So it wasn't in anything like real time.


Interesting posts Tom, thanks for your reply. Would love to see their methods first hand. I have a few ideas pottering around about their methods but nothing no one has suggested before. That "packet duplicator thing" sounds good. All these packet inspection software can be easily written with Libpcap and Libnids. Packet crafting, low level networking(arp) and secure layers are all easily done with Libnet, Libdnet and OpenSSL. Great fun if anyone wishes to play with networks at the network layer


Check that stuff out.

sip



posted on Jan, 27 2007 @ 02:42 AM
link   

Originally posted by seifera003
So if ECHELON tracks keywords typed into a search engine, which I've heard it does, why haven't any of us had any issues?

I'm sure some of us who are heavy into researching, would've triggered a bunch of alarms by now.

I haven't had any visits from anybody, or cars trailing me (which I do occassionally check for). Has anybody else had anything weird like that happen to them?



We do trip their alerts all the time. Records of our searches are likely kept in huge databases, there are too many people doing too many searches like this for them to come out and bother us, just know that they know.



posted on Jan, 27 2007 @ 03:24 PM
link   
Good luck to you hect3a, but understand they know that your trying to do this about echelon & that I am writing this response..... nice world we live in Fella.



posted on Feb, 6 2007 @ 07:52 AM
link   
I’ve being inside Menwith Hill Base last year, me and my father where delivering some gear and we had to the truck sniffed for explosives before we even got in the perimeter. Then we finally got checked ourselves and we were given security passes to enter the base.
We drove to one of the side entrances were we got our passes checked by British armed guards.
We dropped off what we had to and then we entered a building were we took some stairs down like into and underground shopping mall. We then went into a shop and tried to buy some stuff but we wasn’t allowed because the women behind the counter who was American said that she couldn’t serve us because we are British.

Hers's a good site. www.gn.apc.org/cndyorks/mhs/mhsint.htm



posted on Feb, 6 2007 @ 12:07 PM
link   
i mentioned in an earlier post of a different base located near menwith hill,
the base is at Scarborough in Yorkshire U.K. and is def linked in with the echelon system......

any one know the place i am talking about ??

snoopyuk



posted on Feb, 15 2007 @ 10:05 AM
link   
Pine Gap:



It's 'officially' for over the horizon radar, bouncing signals of the atmosphere to monitor ships and other suspect vessels in SE Asia heading to Oz...unofficially, well thats another matter that my security guideline notebook in my drawer won't let me talk about even though I was NOT directly involved with PG.



posted on Feb, 17 2007 @ 09:47 AM
link   
Actually the entire thing is 75% a total mess just like any other government agency.

Targeted individuals and groups have near real time analyzing, but data that is simply being "mined" can end up backlogged by months, much as Tom Bedlam had mentioned.

I don't know anything about Tom Bedlam, but his case must have been unique, as he was already on a watch list for it to happen that "quickly".

What I mean by that are there are different levels of watch lists that you can be moved into.

Now before I go further, I will just say I have worked in the government sector doing mostly work with databases, and that I surely don't know everything, as besides the fact that everything is compartmentalized, there is also a ton of beurocracy, backstabbing, and infighting, so you never know whats really going on when you factor in those three things.

to continue, from my experience, the system is not quite as dramatic as some in this thread would like to think. The problem is, that due to some budget constraints, outside vendors are trying to be merged with in house development to cut costs, but in turn this is causing major headaches, and painful transitions.

I believe, although I do not know, that this transition is only happening in the lower levels, as in, the work being done on high priority level data is still handled by completely in house software, and is not likely to change anytime soon.

Where they are trying to cut costs is on this flood of data that has resulted from new initiatives on the WoT.

For instance, Tom Bedlams account would be partially accurate for the average citizen, but not completely correct from my knowledge.

Let's say you are Joe Q Public, and you make a search term, or make a post that is mined by the system. The system makes a determination right off the bat at this low level as to whether to forward it for review, or to just scrap it.(when I say scrap, it is still kept, just not readily available, to retrieve the data would require a request from "archives".) There was a hardware failure a while back though that lead to the loss of a lot of this type of data. When I say a lot, I mean 1/10th of 1 percent of a staggering amount of data.

Anyway, lets say this search or post is not immediately scrapped by the system filters. It goes to some guy that sits there all day reading this stuff, and then from there decides if it warrants level 2 surveillance. What this does is goes back and tries to gather further data( I don't know the methods used) on the same individual. At this point it will do another dump of this data, and again a computer will match this data against criteria set by the reviewer. If this data AGAIN makes the cut, then it will go for a second review.

At this point the individual has now been moved into a targeted area of the system, but is still not real-time. What happens is all communication that can be matched to this individual is now pulled, and dumped in for processing. Anything meeting certain criteria set is kicked out and reviewed.

If the data continues to be of importance it may become a "case", and have someone start to work on the individual full time. When I say full time, I don't mean 8 hours a day, 5 days a week, I mean it goes to someone who has say 200 cases assigned to them, which of course is impossible for 1 person to handle properly, but this is what I spoke of earlier in that, the system isn't as perfect as many would imagine. These individuals end up with major backlogs of cases, and can only hope to fully investigate 10-20%(and thats probably being optimistic) of them, they must sift through, and pick out the most likely.



[edit on 17-2-2007 by 2305989458802174]



posted on Feb, 17 2007 @ 09:48 AM
link   
[continued]

From here, you could possible get a knock on the door from what I understand, but in general you are heavily surveilled if you make the cut of cases that are full time.

Now I know that there are steps in between from here, but I am not quite sure what they are, so I won't attempt to comment on it, but I do know that from here there are two levels of surveillance from here, but realtime, but with two different levels of priority.

Now to fully disclose, the next two levels are what I understand from bits and pieces of conversations I have had put together, it is in no way authoritative, but I think it's probably a pretty good estimation.

In the first level, you have real time surveillance of all communication, but they are mostly trying to tie in others, and continue to surveil. It is more of a recon segment, and not the type with imminent action, since they are trying to gather and move them into the next level if warranted. There is a large pool of people working on a pretty large amount of cases, so although the communication is pulled real-time, or close to it, it sits in data pools, and it can be a few days until it is sifted through.

The highest level that I am aware of is real time surveillance, with a dedicated team working on about 2-5 individuals, or one team dedicated to one group. This data is analyzed immediately, and immediate action can be triggered.



posted on Feb, 17 2007 @ 10:15 AM
link   

Originally posted by sip

Hey Tom,
Regarding Echelon you gave a great example of its eavesdropping methods over phonelines. You know anything about it's abilties to snoop net connections? The amount of packets generated on the net every minute is enormous. If they do have their equipment in with ISP's it must be some heavy hardware as it would have to inspect each packet. Would it take into consideration secure connections such as SSL or SSH?

They must only snoop connections they know there's something going on. I mean switch on any packet capturing software (Wireshark, tcpdump) and check out the results. That is alot of info to go through.

Just some thoughts.

sip


Just to further, and address this a bit. Equipment does not reside at individual ISP's, it exists at key points of packet travel. There is still plenty of data that is never analyzed because it simply does not travel through these points. You can be assured though that any packets that leave or enter the US have most likely been processed. Whether 99% of it is worth anything is a whole other story.

A good percentage of the packets domestically end up passing through one of these points too, just take a look at some of the strange routings if you do a tracert. Most of your data ends up moving through one of these points, however not all.

Anonymous internet traffic is still the best way to go, as it's the only thing that a large corporation or government agency cannot control end to end. Things like mobile phones, sat phones, landlines, fax machines, etc are controlled end to end. Now the internet for the most part is the same way, but the one wrench in the works is the fact that internet traffic can be rerouted endlessly by individuals with the proper software setup. This causes a packets origin and desination very difficult to trace without access to all of the data relating to the handoffs.

This data CAN be pieced together, but it takes a lot of time and money, and for 99.999% of cases it is not worth it. And if you are of high enough priority for it to be warranted, there are already numerous other points of surveillance being utilized.



posted on Feb, 17 2007 @ 10:41 AM
link   
I think in the Tylenol case, there was apparently an EO to reduce the level at which you got moved up to a direct confrontation, as well as to permit use of the network on domestic traffic.

The other times (including the big one in 2004) it wasn't anything to do with NSA, but a military intel group that was spidering forums. If you said something they felt you shouldn't have, your contributions past and present were looked at in greater depth. In that case, they were looking for contributions from people with clearances and caught a bunch of us discussing several things we ought not, in retrospect. What really wadded their panties was the ad-hoc backthread projects discussion forum we were running.



posted on Feb, 18 2007 @ 11:48 AM
link   
After reading the first few posts it made me think of th emovie "Enemy of the State".

This is a quote by the character Brill




Brill: The government's been in bed with the entire telecommunications industry since the forties. They've infected everything.
Brill: They get into your bank statements, computer files, email, listen to your phone calls... Every wire, every airwave. The more technology used, the easier it is for them to keep tabs on you.
Brill: It's a brave new world out there. At least it better be.



In the movie the character Brill also talks about the Government having supercomputers monitoring everything you say in phone calls designed to track and process key words that may be mentioned like, "president", etc.

just my 2 pence.

[edit on 18-2-2007 by marcopolo]


sip

posted on Feb, 18 2007 @ 12:07 PM
link   

Originally posted by 2305989458802174

Just to further, and address this a bit. Equipment does not reside at individual ISP's, it exists at key points of packet travel.



Thanks for your posts, very insightful. Just a question, with regards to the equipment residing at key points of packet travel does that mean those key points which I am assuming are made up of certain universities and companies allow the NSA to place their hardware with their networks? Is this not a clear breach of your rights plus the operations of the NSA? They're not allowed to carry out surveillence on their own citizens aren't they?

sip



posted on Feb, 18 2007 @ 03:54 PM
link   
sip,

I cannot comment too heavily on that subject, since it is not my area of expertise.

However, to my knowledge, universities and corporations in general have not been involved. The only way that they would be involved is if they are already part of a strategic point.

I cannot point you to specific answers, but im sure a little bit of research can give you a general idea of where this data is being intercepted. You need to look at where major backbones intersect. There are many backbones across the U.S. run by various corporations, but there are a couple of key places where most of them intersect. This is what makes the internet so powerful, because of this redundancy, but it also makes it a lot easier to intercept packets since most of these backbones have common points at a few places.

In addition to those points, the points where transatlantic fiber optic cable enters/exits country would be ideal points to intercept traffic.

If you combine a little research and some tracert (if in windows), you will be able to find the locations of interest.

edit:

I realize I was extremely vague when reading my post. Just to give SOME sort of content

Domestic Points:

Atlanta
Seattle

International Points:

San Francisco
New York

There are quite a few others, but those are a few to get you started.


[edit on 18-2-2007 by 2305989458801174]


sip

posted on Feb, 18 2007 @ 04:24 PM
link   
Yeah I kind of figured the transatlantic cable stations and satellite groundstations would be a good position. I have a good deal of interest in the packet development (injection,snooping) area so it is always good to hear some more information on "the bigger picture". I will certainly investigate this when I have the time. I'll check out those areas you mentioned.

Cheers,
sip



posted on Feb, 26 2007 @ 05:24 PM
link   
Its my understanding that we spy on other countries and vice-versa. That way are government is not technically spying on us. Which is how they get away with it.



new topics

top topics



 
1
<< 1    3 >>

log in

join