FBI and Next-Gen P2P Monitoring 122
AHuxley writes "Can the FBI get funding to create a next-generation network monitoring and database system for P2P networks, web sites, and chat rooms?
Could the FBI's Regional Information Sharing Systems (RISS) network be opened to more law enforcement agents across the USA?
Will the tracking of p2p users via 'unique serial numbers' generated from a person's computer be expanded from its first use in late 2005?
Is your p2p application or plug-in sending back your MAC address, firmware revision, manufacture date, GUID or other details?" Could this story submitter pose any more questions in his submission? Won't someone please think of the ... oh, never mind.
For child porn? (Score:0, Insightful)
This is one hell of a slippery slope, my friends.
Manufactured Evidence (Score:3, Insightful)
Let's hope so (Score:3, Insightful)
Anyone wonder how many exit nodes the NSA already runs? That'd be a far better(easier?) approach than monitoring "normal" traffic since I suppose the interesting stuff is already going through Tor, though in a typical hour-long scan I can't find any really "interesting" unencrypted web traffic at my exit node.
Folks surfing porn? Plenty. Plenty of Chinese blogs with plaintext passwords, too. But even those Chinese blogs are benign and not something that would be censored by their gov't (I think). Based on the pictures and my basic proficiency with Chinese, it's either folks just fooling around with Tor or it's steganographic.
Re:Does F/OSS help? (Score:5, Insightful)
I think any of those would be quite hard to inject into open source code.
After all, in a p2p app the traffic is the most important thing ... and is going to be watched very closely. Patches that modify what go over the wire will be under considerable scrutiny.
And how are you going to collect those details once they're transmitted? By their nature p2p apps are hard to keep track of.
Not to say it couldn't happen. But I don't think it's much of a risk compared to the simple fact that your IP address is very visible when using a p2p app...
Re:All Fear, No Facts (Score:3, Insightful)
This is why OSS is important! (Score:3, Insightful)
Closed source applications from companies like M$ can't be trusted in this way.
FBI Sofware Projects are Notorious for Failures (Score:5, Insightful)
Re:Are MAC addresses globally unique? (Score:4, Insightful)
Come to think of it, it's a bit silly that they used 4 bytes for the address that has to be globally unique and 6 bytes for the one that only has to be locally unique...
Re:All Fear, No Facts (Score:5, Insightful)
Re:All Fear, No Facts (Score:3, Insightful)
All it takes is indirection to make it so that it does, though. Make the P2P client randomly choose whether to look locally or ask its neighbors. Make it lie randomly and say "I don't have it" at all times to mask the ability to use probability to determine whether you are serving locally-stored data or just passing on the request even with knowledge of how many peers your node has and generating hundreds of requests using a modified client. If nobody is doing that already, color me surprised....
Re:FBI Sofware Projects are Notorious for Failures (Score:2, Insightful)
The authorities use criminals all the time to catch other criminals. Most snitches are criminals themselves looking for a way to stay out of prison. It shouldn't surprise you at all if they employ Russian/Chinese hackers. And I consider their surveillance and authoritarian enforcement actions to be pretty efficient. If you want to break them down, you need to get the authoritarians to go after each other. Use the same methods that work so well on us.