It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

'Black boxes' to monitor all internet and phone data

page: 1
21
<<   2  3  4 >>

log in

join
share:

posted on Jun, 30 2012 @ 02:35 PM
link   

'Black boxes' to monitor all internet and phone data


www.channel4.com

Internet and phone firms are preparing to install "black boxes" to monitor UK internet and phone traffic, and decode encrypted messages - including Facebook and GMail messages.
(visit the link for the full news article)




posted on Jun, 30 2012 @ 02:35 PM
link   
So, basically, this will require ISP's to route all communication through a government controlled 'black box' that will decrypt any and all transmissions. Currently, services like Gmail are encrypted. This will allow the government in the UK to get around that, and will likely store that data indefinitely.

From the article:

"Dominic Raab, a Conservative MP who has criticised the bill, said: "The use of data mining and black boxes to monitor everyone's phone, email and web-based communications is a sobering thought that would give Britain the most intrusive surveillance regime in the west. But, many technical experts are raising equally serious doubts about its feasibility and vulnerability to hacking and other abuse."

www.channel4.com
(visit the link for the full news article)



posted on Jun, 30 2012 @ 03:03 PM
link   
Well, this has been coming down the pipe for a while now. I doubt the boxes are capable of decrypting the traffic though.



posted on Jun, 30 2012 @ 03:06 PM
link   
Nearly every week we see this being discussed by our or some other government. I think its obvious its going to happen.

I dont send secrets in emails, I dont make secret phone calls so I realy dont see why I should have to put up with this.

HERES THE SOLUTION.
Any kind of encryption will be broken or they'll invent a law preventing us from using it. So, the answer is actualy quite simple, at least for emails anyway.
At the moment they use software that scans emails looking for flagged words. This method is very fast and does not require a human to be involved.

We've all seen when we sign up in forums etc those little boxes that contain words and numbers and squiggles in the background, and they ask us to type in those numbers/letters. Well, the squiggles are there to prevent software from identifying the letters and numbers.
Now suppose we were to send our email as an image with those squiggles in the background!! This would prevent them from scanning the emails, they'd have to have a human to read each and every email sent.

Tens of millions of emails are sent every day, it would be impossible for them to read them all.

So, if you dont want them reading your email, there is an answer.



posted on Jun, 30 2012 @ 03:19 PM
link   
Okay, the system as outline in the Channel 4 article isn't going to work, and here's why:

First, if there's a HTTPS/SSL connection to the server, neither the message or email addresses could be scanned or decrypted in real time. Yes, it's possible to decrypt the traffic, but even with a massive supercomputing facility that could take months for just one message. There are half a dozen possible encryption algorithms used for encrypting traffic, and the government won't know which is being used for a given connection, since that's determined during the handshaking stage and communicated using yet another encryption algorithm (RSA).
The only way around that is for the black box to impersonate the mail server, effectively performing a man-in-the-middle attack, which is tricky.



posted on Jun, 30 2012 @ 03:22 PM
link   

Originally posted by XeroOne
Okay, the system as outline in the Channel 4 article isn't going to work, and here's why:

First, if there's a HTTPS/SSL connection to the server, neither the message or email addresses could be scanned or decrypted in real time. Yes, it's possible to decrypt the traffic, but even with a massive supercomputing facility that could take months for just one message. There are half a dozen possible encryption algorithms used for encrypting traffic, and the government won't know which is being used for a given connection, since that's determined during the handshaking stage and communicated using yet another encryption algorithm (RSA).
The only way around that is for the black box to impersonate the mail server, effectively performing a man-in-the-middle attack, which is tricky.


Thats all rather interesting. Can you substantiate it further with some concrete evidence?



posted on Jun, 30 2012 @ 03:35 PM
link   

Originally posted by stanguilles7

Thats all rather interesting. Can you substantiate it further with some concrete evidence?


There's stuff on this up on Wikipedia. Let's just say I'm quite aware of the capabilities and weaknesses of current surveillance and interception technologies.
By the way, when I said it would take months to decrypt a message, I was giving a very, very conservative estimate.
edit on 30-6-2012 by XeroOne because: (no reason given)



posted on Jun, 30 2012 @ 03:37 PM
link   

Originally posted by XeroOne
Okay, the system as outline in the Channel 4 article isn't going to work, and here's why:

First, if there's a HTTPS/SSL connection to the server, neither the message or email addresses could be scanned or decrypted in real time. Yes, it's possible to decrypt the traffic, but even with a massive supercomputing facility that could take months for just one message. There are half a dozen possible encryption algorithms used for encrypting traffic, and the government won't know which is being used for a given connection, since that's determined during the handshaking stage and communicated using yet another encryption algorithm (RSA).
The only way around that is for the black box to impersonate the mail server, effectively performing a man-in-the-middle attack, which is tricky.


Too tricky to be useful.

I simply assume that the gov't gets the data after it is decrypted regardless of what the Channel 4 morons claim.



posted on Jun, 30 2012 @ 03:40 PM
link   

Originally posted by XeroOne

Originally posted by stanguilles7

Thats all rather interesting. Can you substantiate it further with some concrete evidence?


There's stuff on this up on Wikipedia.


Great.

Can you link to it?



posted on Jun, 30 2012 @ 03:42 PM
link   

Originally posted by AlchemicalMonocular


I simply assume that the gov't gets the data after it is decrypted regardless of what the Channel 4 morons claim.



You assume so? But call the source morons?

I'm willing to believe the source got it wrong. Can you actually explain HOW?

ETA: my understanding is the Narus STA 6400 can handle 1010 bit/s, which means about a hundred of these could manage the UK's internet data easily,no?
edit on 30-6-2012 by stanguilles7 because: (no reason given)



posted on Jun, 30 2012 @ 03:56 PM
link   
reply to post by XeroOne
 


my understanding is the Narus STA 6400 can handle 1010 bit/s, which means about a hundred of these could manage the UK's internet data easily,no?



posted on Jun, 30 2012 @ 03:58 PM
link   

Originally posted by stanguilles7

Originally posted by XeroOne

Originally posted by stanguilles7

Thats all rather interesting. Can you substantiate it further with some concrete evidence?


There's stuff on this up on Wikipedia.


Great.

Can you link to it?


Well, here goes:
HTTPS
Advanced Encryption Standard
Triple-DES
TCP/IP
RSA Algorithm

Those are the basic components of an HTTPS/SSL connection. Knowing how they fit together, which attacks they're resistant against and various implementation issues is basically a matter of research, experience and expertise. I didn't learn this overnight by scanning a few Wikipedia articles.

As for the interception and codebreaking technologies, they really have their limitations. There's a reason why rootkits are being traded at events like ISS World.



posted on Jun, 30 2012 @ 04:04 PM
link   

Originally posted by stanguilles7
reply to post by XeroOne
 


my understanding is the Narus STA 6400 can handle 1010 bit/s, which means about a hundred of these could manage the UK's internet data easily,no?


According to Narus, but the firm (along with other Deep Packet Inspection vendors) is very very reluctant to allow objective testing of its products, and won't allow publication of the results. I wouldn't be surprised if it doesn't perform anywhere near as well in real-life.
They're also very expensive to buy, have a limited lifespan because of other technological developments, practically useless against encrypted traffic, and multiple DPI units would add a lot of latency. In short, no ISP's going to waste money buying a hundred of them.

The only practical use for DPI equipment is for quickly scanning port numbers in TCP packets for the purpose of 'traffic shaping'.
edit on 30-6-2012 by XeroOne because: (no reason given)



posted on Jun, 30 2012 @ 04:11 PM
link   
reply to post by XeroOne
 


Thats all quite interesting. Thanks for your replies. Clearly this is a subject i do not grasp very well.



posted on Jun, 30 2012 @ 04:14 PM
link   

Originally posted by stanguilles7
reply to post by XeroOne
 


Thats all quite interesting. Thanks for your replies. Clearly this is a subject i do not grasp very well.


No probs. Like I said, it's a very deep subject with lots of tangents, and it takes a while to get a feel of what's out there.



posted on Jun, 30 2012 @ 05:13 PM
link   

Originally posted by AlchemicalMonocular


I simply assume that the gov't gets the data after it is decrypted regardless of what the Channel 4 morons claim.



Originally posted by stanguilles7
You assume so? But call the source morons?


Correct.


Originally posted by stanguilles7
I'm willing to believe the source got it wrong. Can you actually explain HOW?


How would I know how a bunch of morons could screw a pooch?

edit on 30-6-2012 by AlchemicalMonocular because: (no reason given)



posted on Jun, 30 2012 @ 06:38 PM
link   
reply to post by VoidHawk
 


It MIGHT work, but it won't.

I own several websites which are inactive but have forums on them, all protected by CAPTCHA's, but the bots are still able to register on the forums i own. I had to actually disable registrations to stop it.



posted on Jun, 30 2012 @ 06:47 PM
link   
reply to post by Romekje
 


I had that trouble too, in the end I came to the conclusion that they were finding a way past the captcha rather than being able to read it. I was running a site for my local area, I got round the problem by asking the name of a local shop during the reg process..



posted on Jun, 30 2012 @ 07:06 PM
link   
reply to post by VoidHawk
 


That's an option indeed if your service/communication is mostly local.

Though i'm pretty confident they can read anything they want, if they want,when they want, with or without these socalled "black boxes" (they are just for automation it seems)



posted on Jun, 30 2012 @ 07:35 PM
link   

Originally posted by AlchemicalMonocular


How would I know how a bunch of morons could screw a pooch?

edit on 30-6-2012 by AlchemicalMonocular because: (no reason given)


No. I'm asking instead of just vaguely saying 'it's wrong', can you actually explain WHY its wrong?

It looks like you cant.



new topics

top topics



 
21
<<   2  3  4 >>

log in

join