Ex AT&T Tech Says NSA Monitors All Web Traffic 566
Sir Tandeth writes "A former technician at AT&T, who alleges that the telecom giant forwards virtually all of its internet traffic into a 'secret room' to facilitate government spying, says the whole operation reminds him of something out of Orwell's 1984. Appearing on MSNBC's Countdown program, whistleblower Mark Klein told Keith Olbermann that all Internet traffic passing over AT&T lines was copied into a locked room at the company's San Francisco office — to which only employees with National Security Agency clearance had access. 'Klein was on Capitol Hill Wednesday attempting to convince lawmakers not to give a blanket, retroactive immunity to telecom companies for their secret cooperation with the government. He said that as an AT&T technician overseeing Internet operations in San Francisco, he helped maintain optical splitters that diverted data en route to and from AT&T customers. '"
I've read about this before. (Score:4, Informative)
Very scary stuff.
Re:Encrypt (Score:2, Informative)
Re:Encrypt (Score:5, Informative)
Re:I've read about this before. (Score:2, Informative)
Re:Encrypt (Score:2, Informative)
If you're using public key encryption, it isn't that much work for telcos to act as an encryption proxy to whomever you're connecting to, which pretty much kills any encryption you're using.
Only true way to stop spying is shared key encryption, which is completely unrealistic for broad use.
Re:Anything about this in AT&T Privacy Stateme (Score:3, Informative)
Son of carnivore. (Score:1, Informative)
Re:Encrypt (Score:5, Informative)
Fine. Have you by any chance ever read the 10th Amendment? In other words, if the Constitution is unclear and there is no relevant law then the Federal Govt. has no power whatsoever to intercept our Internet traffic.
Re:Pure FUD. Need more information. (Score:3, Informative)
Oops, I just noticed you were modded flamebait, and rightfully so. FUD applies more to your post than the article.
Re:Encrypt (Score:4, Informative)
Is it possible you've confused public key cryptosystems in general with systems based on Diffie-Hellman key exchange that provide protection against eavesdroppers but not man-in-the-middle attacks?
Re:Encrypt (Score:3, Informative)
If you're the government, how hard do you think it would be to tamper with those signature databases to make them match the man in the middle?
RSA signatures work against your run-of-the-mill hacker, but does not stop telcos/gov from doing this.
Re:I've read about this before. (Score:3, Informative)
Not as Hard as You Think (Score:3, Informative)
No it wouldn't. It's called sampling. Red flags and segmenting certain layers and patterns. You don't have to store a fraction of the traffic data to analyze it and store what you need.
I won't say what I do, but I do it for a fortune 50 company, and I personally analyze an obscene amount of internet traffic. I do all this with a few servers and a workstation. Now I can honestly I say I have probably analyzed .5% of the internet's traffic (doesn't sound like much, but it is). With the differnet software we use and the relatively small amounts of hardware we use, I can easily imagine scaling that to 100% without too much problems. You'd need a lot more people, better alogorithms, and much more processing and storage space. But it's definitely possible.
And you don't even need to do 100%. As I pointed out before, you can segment your data and sample it for what you are looking for. Or data mine samples if you don't know what you are looking for. Find the flags you want, and apply that accross the whole traffic spectrum.
Pretty scary. Allthough my first thought is that this is used for counter-terrorism activities, I can't help but think that's instead used for political purposes as well. Who knows. Big brother indeed.
Yes and no. (Score:1, Informative)
Sadly most of his ideas are closely mirrored by the apocalyptic christian evangelicals (misnomer admitted)
Re:Encrypt (Score:4, Informative)
The first bold part is what commonly makes the second bold part untrue.
Unless Alice has personally verified that the key she has is in fact Bob's key and vice versa, then she doesn't know for sure that it's Bob's public key that she's using. If Alice just get Bob's public key off the internet itself, then Alice doesn't know that it was Bob Alice was talking too and it may actually be Charlie's public key that she received. If it is in fact Charlie's public key, then Charlie can act as a man-in-the-middle. Alice unknowingly sends a message to Charlie with Charlie's public key, he decrypts it, re-encrypts it with Bob's public key, then sends it on to Bob. Neither will ever know.
People get around this by using certificates which come from a Certificate Authority whom they trust and who verifies that the keys you received are really Bob's keys and not Charlie's. The same problem shows up here, though, since at the point where Alice is communicating with the certificate authority over the internet, the CA is basically Bob and she's in the same boat.
People get around this part of the problem by having the Certificate Authority's keys hard-coded inside their browsers and OSes. There are two problems with this, one general and the other specific. The general problem is that if you get your browser over the internet, once again you can't be sure that the CA's key is really the right key and that the MD5 hash is really the MD5 hash of the unmodified browser. The specific problem is that this whole article is about the government getting telecom companies to cooperate with their spying programs. The Certificate Authority's usually fall into that category, and it would be naive to assume that they haven't handed over to the government their private keys, in which case NSA-Charlie doesn't even need to feed you a fake CA key somehow, he can just flat out pose as CA-Bob.
It is fundamentally impossible to share cryptographic keys securely over an insecure communication network. This is known as "the key exchange problem", and it's really, literally, impossible to fix. The only way to truly be secure when exchanging keys is for Alice and Bob to step outside the insecure network and physically meet in person, and exchange keys and verify that the other person has the correct key.
So if you're really so paranoid that you feel you must encrypt all your communications to keep the government from spying on you, just remember this, and find an off-line way to exchange public keys with everyone you wish to talk to.
Re:I've read about this before. (Score:4, Informative)
http://www.npr.org/templates/story/story.php?storyId=16088947&ft=1&f=1 [npr.org]
One thing he mentions: The NSA likely has installations like this maybe a dozen of locations around the country.
Obligatory.... (Score:2, Informative)
Sorry, couldn't resist.