[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] (Fwd) News Unlimited: The spy in your server

------- Forwarded message follows -------
From:           	Owen Blacker <owen.blacker@pres.co.uk>
To:             	"UK Crypto list (E-mail)" <ukcrypto@maillist.ox.ac.uk>,
       	"Plotting list (E-mail)" <plotting@netlists.liberty.org.uk>
Copies to:      	"NTK Tips (E-mail)" <tips@ntk.net>
Subject:        	News Unlimited: The spy in your server
Date sent:      	Thu, 10 Aug 2000 10:17:44 +0100
Send reply to:  	ukcrypto@maillist.ox.ac.uk

Hash: SHA1


The spy in your server 

There is no hiding place on the net as governments around the world
chase your data, reports Duncan Campbell 

Special report: privacy on the net

Thursday August 10, 2000 

Governments all over the world have suddenly become embroiled in
controversy about electronic surveillance of the internet. In the
United States, a political storm has arisen over a new FBI internet
tapping system codenamed Carnivore. In Britain, the Regulation of
Investigatory Powers (RIP) Act has just extended telephone-tapping
powers to cover internet service providers (ISPs), and allows the
government to arrange indiscriminate tapping or email interception for
foreign police forces and security agencies. 

In the Netherlands, the Dutch security service BVD admitted two weeks
ago that it has been collecting emails sent abroad by companies. In
the Hague, laws are being prepared to allow the Justice Ministry to
tap into email and subscriber records, scan messages and mobile phone
calls, and track users' movements. 

The Australian government has passed laws allowing security agents to
attack and modify computers secretly to obtain information. Many other
governments have similar schemes in the pipeline. 

These developments are no coincidence but the direct result of secret
planning over seven years by an international co-ordinating group set
up by the FBI, after Congress twice refused to extend its telephone
tapping powers for digital networks. Under the innocuous title of the
International Law Enforcement Telecommunications Seminar (ILETS), the
group has met annually to plan for and lobby to make
telecommunications systems "interception-friendly". 

ILETS excluded lawyers and industry specialists who might have
advised on the arrangements to protect privacy and human rights, or on
the feasibility and cost of the intelligence officers' wish list of
interception requirements. As a result, the laws based on their
recommendations have repeatedly caused controversy. 

The work of ILETS first came to light in late 1997, when a British
researcher, Tony Bunyan, revealed collaboration between EU staff and
the FBI for many years. Details of plans to compel ISPs all over the
world to install secret internet interception "black boxes" in their
premises appeared in Online last year. 

A month ago, the European Parliament appointed 36 MEPs to lead a
year-long investigation into Echelon -- the codename for a mainly US
system for monitoring traffic on commercial communications satellites.
Echelon has become common parlance for the worldwide electronic
eavesdropping or signals intelligence (Sigint) network run by the
Government Communications Headquarters (GCHQ) together with the US
National Security Agency (NSA). The inquiry will ask if the rights of
European citizens are adequately protected and ascertain whether
European industry is put at risk by the global interception of

French politicians and lawyers have taken the lead in accusing the US
and Britain of using their electronic intelligence networks to win
business away from foreign rivals. US politicians have riposted that
France runs a worldwide electronic intelligence system of its own --
"Frenchelon", based at Domme, near Sarlat in the Dordogne, and
includes an eavesdropping station in New Caledonia in the Pacific (see
www.zdnet.co.uk/news/2000/25/ns-16207.html ). 

Electronic eavesdropping has become a battleground between the US and
Russia. The Russian-American Trust and Cooperation Act of 2000, passed
on July 19, stops President Clinton rescheduling or writing off
billions of dollars of Russian debts unless a Russian spy base in Cuba
is "permanently closed". 

This base at Lourdes, located on leased land near Havana, was the
former Soviet Union's most important intelligence facility. It uses
Echelon-type systems to collect data from telephone calls and
satellite links covering the US. 

Lourdes allegedly provides "between 60% and 70% of all Russian
intelligence data about the US". A defector has said that spying from
Lourdes has grown dramatically following an order by Boris Yeltsin to
step up economic and technological espionage against the west. 

The White House wants to stop the campaign to close Lourdes because
other countries might then ask the US to close down its identical
bases. Documents suggest the US would particularly fear the Lourdes
effect spreading to Britain, Germany and Australia, where the NSA
operates large sites. Its station at Menwith Hill, Yorkshire, is the
largest electronic intelligence base in the world. 

The US is not alone in this spying. By the end of the year, the
Government Technical Assistance Centre (GTAC) will have begun
operations from inside MI5's headquarters at Thames House, Millbank.
Its primary purpose will be to break codes used for private email or
to protect files on personal computers. It will also receive and hold
private keys to codes which British computer users may be compelled to
give to the government, under the RIP Act. 

Development of GTAC has been pioneered by the Home Office's
Encryption Co-ordination Unit, which says that the centre will
"provide the capability to produce plain text/images/audio from
lawfully intercepted communications and lawfully seized computer
media which are encrypted". The Home Office has not confirmed reports
that GTAC will also be the collecting point for intercepted internet
communications relayed from the "sniffer" boxes to be installed inside
British ISPs. 

The cost of building GTAC, said to be 25m, is likely to include the
price of ultra-fast super-computers, of the type previously used only
to break Soviet codes and attack other special military targets. Code
breakers from the communications intelligence agency GCHQ will be
seconded to work at GTAC. 

GCHQ has used sophisticated computers for many years to examine
foreign or "external" messages and phone calls, as part of the
worldwide intelligence network operated with other English-speaking
countries. The key part of this system utilises computers called
Dictionaries, which hold lists of thousands of target names, addresses
and key words. They are used to select messages of interest, while
discarding the majority of communications. 

GCHQ was not normally permitted to encroach on domestic
communications. Now the RIP Act says that as many domestic internet
communications travel on the same "trunks" as external communications,
GCHQ will be allowed to trawl through these messages without

Another limitation, which had prevented the direct targeting of
people in Britain by GCHQ without specific authorisation has also been
dropped. The Home Secretary has been given powers under Section 16(3)
of the Act to sign an "overriding" warrant every three months. This
will allow general surveillance without the need for individual

This will apply to "serious crime", which can include organising
demonstrations that may affect public order. The government has
offered no justification for its willingness to allow GCHQ to intrude
on domestic political and policing matters. The RIP act will also
allow any agency nominated by the Home Secretary to tap into the
addresses of emails sent and received (though not their content)
without a warrant. 

Caspar Bowden, whose lobbying organisation, the Foundation for
Information Policy Research, FIPR, helped to bring some important
changes to the RIP Act, believes that letting Dictionary type
computers carry out broad-ranging surveillance on much internal UK
traffic will break the new Human Rights Act. 

The FBI has just been granted funds for an $85m electronic
surveillance programme called Digital Storm. This foresees the
quadrupling of telephone tapping in the US over the next decade,
because of the convenience of digital processing and the automated
delivery of intercepted messages and conversations to FBI agents. 

The FBI hopes to build in automated transcription and translation
systems. According to its budget application for the next US fiscal
year, a related programme called Casa de Web will include central
computer archives for intercepted audio and data reports. It will also
provide "analytic tools for automated speaker identification, text key
word spotting, and voice key word spotting". 

The existence of Carnivore, the FBI tapping system, was revealed
three months ago as the result of a lawsuit between a US ISP and
federal marshals, who demanded that the ISP wire a Carnivore box into
its network. The FBI initially wanted to install its own version of a
commercial "sniffer" programme called Etherpeek. Then it turned up
with Carnivore and a court order to install it. 

The FBI claims there are only 20 Carnivores, and that they have been
used only 25 times in the last 18 month. But the system is so
controversial that the US Congress held special hearings two weeks
ago. A judge has ordered the FBI to answer requests for details made
under the Freedom of Information Act. 

Carnivore consists of a laptop computer and communications interface
cards. It runs a packet sniffer programme to select the data it wants
from inside the ISP local network. According to Marcus Thomas, head of
the FBI's Cyber Technology Section, they are PCs using proprietary
software and acting as a "specialized sniffer". 

The bureau claims that although Carnivore's hardware sees all the
traffic passing through the ISP where it is installed, its software
looks only at the origin and the destination of each internet packet.
If the addresses correspond with those specifically authorised in a
court order, then the information and/or the contents are extracted
and forwarded to the FBI. The agency claims no other data is recorded
or examined. 

But US computer experts do not believe this is possible. For example,
many ISPs dynamically allocate internet addresses to their customers.
This means that every time you dial in to your ISP, you will use a
different internet address. Unless Carnivore is also intercepting this
type of data, it cannot work. 

The experts have asked the FBI to reveal the source code of
Carnivore. The FBI has refused, but says it will arrange a "privacy
audit". US Attorney General Janet Reno has publicly regretted the
woodenheaded selection of the codename Carnivore. She says it will
soon be changed to a less threatening name. 

Despite the power of systems such as Echelon or Carnivore, they face
many practical difficulties in conducting the type of extensive
surveillance that some people fear. 

The risk they pose to civil liberties has often been questioned
because of the simple techniques that criminals or terrorists can use
to outrun surveillance. 

Setting up new internet accounts and email addresses to use for a few
days or weeks takes barely a minute to do, yet can limit or defeat law
enforcement or intelligence targeting. 

For the ordinary computer user who wants their email and web surfing
activities to regain at least the same level of privacy enjoyed by
ordinary letters, the best and probably the only tool to use is a
system called Freedom. 

Pioneered by the Canadian-based Zero Knowledge company, Freedom uses
multiple encrypted links to carry every kind of internet traffic. The
first step is a secure connection to a local ISP running a Freedom
server. Several are now operating in Britain. Your message,
re-encrypted each time it travels, is passed among one or more Freedom
servers before being inserted onto the internet at a distant location.
The system used means that no one, including Zero Knowledge itself and
the ISPs you use, knows what messages are being sent or who is sending

For those less worried about intelligence agencies but infuriated by
the privacy-destroying habits of some websites and internet companies,
the American-based Junkbusters group offers an excellent free tool
which stops unwarranted data collection and also limits the
time-wasting effects of downloading of advertising material. 

Systems like Carnivore and the black boxes, which MI5 and the police
want to install soon in British ISPs, are based on internet
technologies used every day by network managers and trouble-shooters.

Packet sniffers utilise the fact that all the traffic being handled by
an ISP will travel on one or more very high-speed data links. These
typically handle hundreds or even thousands of megabits of data every

Everyone's data travels on these shared links, in the form of
datagrams, or packets of data. Each packet contains details of the
sender and the intended destination of the data packet. In principle,
this information can be used to select only the data being sent to or
received by the target of a government approved warrant. 

But the ISP has no way of knowing how much data is being extracted
from their clients' private messages. It all depends on how the
software is programmed, and this is kept secret. 

One program used by the FBI to tap email is Etherpeek, which can be
programmed to select any type of data from an internet data stream.
Its manufacturers say it can "capture all conversations on a network
segment, much like a telephone tap". It costs less than $1,000 to buy
and may be the proprietary software used for Carnivore. 

Another commercial packet sniffer modified for internet surveillance
is WireSpeed, which can analyse more than 300 different network types.
The WireSpeed analyser, developed by a US corporation, Radcom, was
recommended for use in a recent Home Office report, which noted that
it was "a major component of another country's interception solution
-- it would enable the user to view the content portion(s) of
electronic messages". 

Industry and civil liberties critics in Britain and the US say that
packet-sniffing technology is so powerful and undetectable, that it
poses a threat to civil liberties and privacy that could not have
existed previously. As even the ISP to whose equipment it is connected
will not know what it is doing, there can be no means of verifying
that surveillance is being limited to what is legally allowed. 


Freedom internet privacy protection system 
WireSpeed Internet Analyser 
Etherpeek packet sniffer 

  *  Duncan Campbell is a freelance investigative journalist and not
     the Guardian's Los Angeles correspondent of the same name. 
- -----
Owen Blacker
Senior Internet Developer and InfoSec Consultant, pres.co
DSS: 0x7e3c8eab | 2f45 c60d 6a0a 0007 193d  d994 cd36 e021 7e3c 8eab
RSA: 0x38fee6c3 |      7c41 e69c 5b8a 484d  22af 1859 f4c9 307b

Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
Comment: Due to RIP, pls check for revocation before using this key!


This message has been checked for all known viruses by UUNET delivered
through the MessageLabs Virus Control Centre. For further information
visit http://www.uk.uu.net/products/security/virus/

------- End of forwarded message -------