It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
'Black boxes' to monitor all internet and phone data
page: 1share:
'Black boxes' to monitor all internet and phone data
www.channel4.com
(visit the link for the full news article)
Internet and phone firms are preparing to install "black boxes" to monitor UK internet and phone traffic, and decode encrypted messages - including Facebook and GMail messages.
So, basically, this will require ISP's to route all communication through a government controlled 'black box' that will decrypt any and all
transmissions. Currently, services like Gmail are encrypted. This will allow the government in the UK to get around that, and will likely store that
data indefinitely.
From the article:
"Dominic Raab, a Conservative MP who has criticised the bill, said: "The use of data mining and black boxes to monitor everyone's phone, email and web-based communications is a sobering thought that would give Britain the most intrusive surveillance regime in the west. But, many technical experts are raising equally serious doubts about its feasibility and vulnerability to hacking and other abuse."
www.channel4.com
(visit the link for the full news article)
From the article:
"Dominic Raab, a Conservative MP who has criticised the bill, said: "The use of data mining and black boxes to monitor everyone's phone, email and web-based communications is a sobering thought that would give Britain the most intrusive surveillance regime in the west. But, many technical experts are raising equally serious doubts about its feasibility and vulnerability to hacking and other abuse."
www.channel4.com
(visit the link for the full news article)
Well, this has been coming down the pipe for a while now. I doubt the boxes are capable of decrypting the traffic though.
Nearly every week we see this being discussed by our or some other government. I think its obvious its going to happen.
I dont send secrets in emails, I dont make secret phone calls so I realy dont see why I should have to put up with this.
HERES THE SOLUTION.
Any kind of encryption will be broken or they'll invent a law preventing us from using it. So, the answer is actualy quite simple, at least for emails anyway.
At the moment they use software that scans emails looking for flagged words. This method is very fast and does not require a human to be involved.
We've all seen when we sign up in forums etc those little boxes that contain words and numbers and squiggles in the background, and they ask us to type in those numbers/letters. Well, the squiggles are there to prevent software from identifying the letters and numbers.
Now suppose we were to send our email as an image with those squiggles in the background!! This would prevent them from scanning the emails, they'd have to have a human to read each and every email sent.
Tens of millions of emails are sent every day, it would be impossible for them to read them all.
So, if you dont want them reading your email, there is an answer.
I dont send secrets in emails, I dont make secret phone calls so I realy dont see why I should have to put up with this.
HERES THE SOLUTION.
Any kind of encryption will be broken or they'll invent a law preventing us from using it. So, the answer is actualy quite simple, at least for emails anyway.
At the moment they use software that scans emails looking for flagged words. This method is very fast and does not require a human to be involved.
We've all seen when we sign up in forums etc those little boxes that contain words and numbers and squiggles in the background, and they ask us to type in those numbers/letters. Well, the squiggles are there to prevent software from identifying the letters and numbers.
Now suppose we were to send our email as an image with those squiggles in the background!! This would prevent them from scanning the emails, they'd have to have a human to read each and every email sent.
Tens of millions of emails are sent every day, it would be impossible for them to read them all.
So, if you dont want them reading your email, there is an answer.
Okay, the system as outline in the Channel 4 article isn't going to work, and here's why:
First, if there's a HTTPS/SSL connection to the server, neither the message or email addresses could be scanned or decrypted in real time. Yes, it's possible to decrypt the traffic, but even with a massive supercomputing facility that could take months for just one message. There are half a dozen possible encryption algorithms used for encrypting traffic, and the government won't know which is being used for a given connection, since that's determined during the handshaking stage and communicated using yet another encryption algorithm (RSA).
The only way around that is for the black box to impersonate the mail server, effectively performing a man-in-the-middle attack, which is tricky.
First, if there's a HTTPS/SSL connection to the server, neither the message or email addresses could be scanned or decrypted in real time. Yes, it's possible to decrypt the traffic, but even with a massive supercomputing facility that could take months for just one message. There are half a dozen possible encryption algorithms used for encrypting traffic, and the government won't know which is being used for a given connection, since that's determined during the handshaking stage and communicated using yet another encryption algorithm (RSA).
The only way around that is for the black box to impersonate the mail server, effectively performing a man-in-the-middle attack, which is tricky.
Originally posted by XeroOne
Okay, the system as outline in the Channel 4 article isn't going to work, and here's why:
First, if there's a HTTPS/SSL connection to the server, neither the message or email addresses could be scanned or decrypted in real time. Yes, it's possible to decrypt the traffic, but even with a massive supercomputing facility that could take months for just one message. There are half a dozen possible encryption algorithms used for encrypting traffic, and the government won't know which is being used for a given connection, since that's determined during the handshaking stage and communicated using yet another encryption algorithm (RSA).
The only way around that is for the black box to impersonate the mail server, effectively performing a man-in-the-middle attack, which is tricky.
Thats all rather interesting. Can you substantiate it further with some concrete evidence?
Originally posted by stanguilles7
Thats all rather interesting. Can you substantiate it further with some concrete evidence?
There's stuff on this up on Wikipedia. Let's just say I'm quite aware of the capabilities and weaknesses of current surveillance and interception technologies.
By the way, when I said it would take months to decrypt a message, I was giving a very, very conservative estimate.
edit on 30-6-2012 by
XeroOne because: (no reason given)
Originally posted by XeroOne
Okay, the system as outline in the Channel 4 article isn't going to work, and here's why:
First, if there's a HTTPS/SSL connection to the server, neither the message or email addresses could be scanned or decrypted in real time. Yes, it's possible to decrypt the traffic, but even with a massive supercomputing facility that could take months for just one message. There are half a dozen possible encryption algorithms used for encrypting traffic, and the government won't know which is being used for a given connection, since that's determined during the handshaking stage and communicated using yet another encryption algorithm (RSA).
The only way around that is for the black box to impersonate the mail server, effectively performing a man-in-the-middle attack, which is tricky.
Too tricky to be useful.
I simply assume that the gov't gets the data after it is decrypted regardless of what the Channel 4 morons claim.
Originally posted by XeroOne
Originally posted by stanguilles7
Thats all rather interesting. Can you substantiate it further with some concrete evidence?
There's stuff on this up on Wikipedia.
Great.
Can you link to it?
Originally posted by AlchemicalMonocular
I simply assume that the gov't gets the data after it is decrypted regardless of what the Channel 4 morons claim.
You assume so? But call the source morons?
I'm willing to believe the source got it wrong. Can you actually explain HOW?
ETA: my understanding is the Narus STA 6400 can handle 1010 bit/s, which means about a hundred of these could manage the UK's internet data easily,no?
edit on 30-6-2012 by stanguilles7 because: (no reason given)
reply to post by XeroOne
my understanding is the Narus STA 6400 can handle 1010 bit/s, which means about a hundred of these could manage the UK's internet data easily,no?
my understanding is the Narus STA 6400 can handle 1010 bit/s, which means about a hundred of these could manage the UK's internet data easily,no?
Originally posted by stanguilles7
Originally posted by XeroOne
Originally posted by stanguilles7
Thats all rather interesting. Can you substantiate it further with some concrete evidence?
There's stuff on this up on Wikipedia.
Great.
Can you link to it?
Well, here goes:
HTTPS
Advanced Encryption Standard
Triple-DES
TCP/IP
RSA Algorithm
Those are the basic components of an HTTPS/SSL connection. Knowing how they fit together, which attacks they're resistant against and various implementation issues is basically a matter of research, experience and expertise. I didn't learn this overnight by scanning a few Wikipedia articles.
As for the interception and codebreaking technologies, they really have their limitations. There's a reason why rootkits are being traded at events like ISS World.
Originally posted by stanguilles7
reply to post by XeroOne
my understanding is the Narus STA 6400 can handle 1010 bit/s, which means about a hundred of these could manage the UK's internet data easily,no?
According to Narus, but the firm (along with other Deep Packet Inspection vendors) is very very reluctant to allow objective testing of its products, and won't allow publication of the results. I wouldn't be surprised if it doesn't perform anywhere near as well in real-life.
They're also very expensive to buy, have a limited lifespan because of other technological developments, practically useless against encrypted traffic, and multiple DPI units would add a lot of latency. In short, no ISP's going to waste money buying a hundred of them.
The only practical use for DPI equipment is for quickly scanning port numbers in TCP packets for the purpose of 'traffic shaping'.
edit on
30-6-2012 by XeroOne because: (no reason given)
reply to post by XeroOne
Thats all quite interesting. Thanks for your replies. Clearly this is a subject i do not grasp very well.
Thats all quite interesting. Thanks for your replies. Clearly this is a subject i do not grasp very well.
Originally posted by stanguilles7
reply to post by XeroOne
Thats all quite interesting. Thanks for your replies. Clearly this is a subject i do not grasp very well.
No probs. Like I said, it's a very deep subject with lots of tangents, and it takes a while to get a feel of what's out there.
Originally posted by AlchemicalMonocular
I simply assume that the gov't gets the data after it is decrypted regardless of what the Channel 4 morons claim.
Originally posted by stanguilles7
You assume so? But call the source morons?
Correct.
Originally posted by stanguilles7
I'm willing to believe the source got it wrong. Can you actually explain HOW?
How would I know how a bunch of morons could screw a pooch?
edit on 30-6-2012 by AlchemicalMonocular because: (no reason given)
reply to post by VoidHawk
It MIGHT work, but it won't.
I own several websites which are inactive but have forums on them, all protected by CAPTCHA's, but the bots are still able to register on the forums i own. I had to actually disable registrations to stop it.
It MIGHT work, but it won't.
I own several websites which are inactive but have forums on them, all protected by CAPTCHA's, but the bots are still able to register on the forums i own. I had to actually disable registrations to stop it.
reply to post by Romekje
I had that trouble too, in the end I came to the conclusion that they were finding a way past the captcha rather than being able to read it. I was running a site for my local area, I got round the problem by asking the name of a local shop during the reg process..
I had that trouble too, in the end I came to the conclusion that they were finding a way past the captcha rather than being able to read it. I was running a site for my local area, I got round the problem by asking the name of a local shop during the reg process..
reply to post by VoidHawk
That's an option indeed if your service/communication is mostly local.
Though i'm pretty confident they can read anything they want, if they want,when they want, with or without these socalled "black boxes" (they are just for automation it seems)
That's an option indeed if your service/communication is mostly local.
Though i'm pretty confident they can read anything they want, if they want,when they want, with or without these socalled "black boxes" (they are just for automation it seems)
Originally posted by AlchemicalMonocular
How would I know how a bunch of morons could screw a pooch?edit on 30-6-2012 by AlchemicalMonocular because: (no reason given)
No. I'm asking instead of just vaguely saying 'it's wrong', can you actually explain WHY its wrong?
It looks like you cant.
new topics
-
New Bombshell Evidence Strongly Suggests Trump was Set Up in Classified Docs Saga
US Political Madness: 2 hours ago -
One More Night at the Pig and Blanket (Time 2024)
Short Stories: 5 hours ago -
Expert Says Parents Should Ask Babies Permission to Change Nappies.
General Chit Chat: 6 hours ago -
Hard evidence of a Royal plot on the US....if only i had proof.
ATS Skunk Works: 7 hours ago -
Do you name your cars ?
General Chit Chat: 8 hours ago -
Jim Biden Was in Business with Qatari Officials
US Political Madness: 10 hours ago -
I may have had a talk with Pope Francis about his plans for our nation
The Gray Area: 10 hours ago -
Sleep paralysis and the implantation of some weird Matrix-esque demon creature...
The Gray Area: 11 hours ago
top topics
-
5 probed after 18-year old girl dies as a result of having the COVID jab
Diseases and Pandemics: 14 hours ago, 19 flags -
Say his name
US Political Madness: 12 hours ago, 17 flags -
Jim Biden Was in Business with Qatari Officials
US Political Madness: 10 hours ago, 12 flags -
Official denial
Diseases and Pandemics: 17 hours ago, 11 flags -
New Bombshell Evidence Strongly Suggests Trump was Set Up in Classified Docs Saga
US Political Madness: 2 hours ago, 10 flags -
Expert Says Parents Should Ask Babies Permission to Change Nappies.
General Chit Chat: 6 hours ago, 10 flags -
Sleep paralysis and the implantation of some weird Matrix-esque demon creature...
The Gray Area: 11 hours ago, 8 flags -
MEGA - Let's Make Europe Great Again
Other Current Events: 17 hours ago, 7 flags -
There is no such thing as moonlight.
General Chit Chat: 13 hours ago, 6 flags -
I may have had a talk with Pope Francis about his plans for our nation
The Gray Area: 10 hours ago, 6 flags
active topics
-
Mood Music Part VI
Music • 3121 • : MRTrismegistus -
Why Files Our Alien Overlords | How We Secretly Serve The Tall Whites
Aliens and UFOs • 23 • : Quadlink2 -
Jim Biden Was in Business with Qatari Officials
US Political Madness • 60 • : CarlLaFong -
Do you name your cars ?
General Chit Chat • 12 • : underpass61 -
There is no such thing as moonlight.
General Chit Chat • 21 • : primalfractal -
New Bombshell Evidence Strongly Suggests Trump was Set Up in Classified Docs Saga
US Political Madness • 7 • : Zanti Misfit -
Expert Says Parents Should Ask Babies Permission to Change Nappies.
General Chit Chat • 36 • : ByeByeAmericanPie -
MEGA - Let's Make Europe Great Again
Other Current Events • 48 • : RAY1990 -
4/27/24 New Jersey Earthquake
Fragile Earth • 9 • : hoobah -
Sleep paralysis and the implantation of some weird Matrix-esque demon creature...
The Gray Area • 11 • : TheDiscoKing