[liberationtech] New report on Internet Censorship and Surveillance in Turkmenistan
Jacob Appelbaum
jacob at appelbaum.net
Mon Jan 7 17:02:32 PST 2013
Rafal Rohozinski:
> John,
>
> With respect to SORM-II, the "signatures" are based upon the
> technical characteristics of the system rather than something that's
> detectable by protocol scanning.
What are the technical characteristics of SORM-II?
> In a nutshell, SORM-II boxes
> located on remote network segments (i.e. ISP's or other providers)
> require a separate command channel for tasking and data backhaul.
Detectable by what means? Is this the Kim Dot Com extra latency issue?
Is this just another box found on a related network?
> In some installations, this is a separate physical channel, and
> others it is virtualized through the ISPs connection their upstream
> provider or IXP (usually at the the central telephone switch).
> Consequently, while the device itself does not have a detectable
> signature, the control channel is a defining feature. The
> challenge is in detecting the control channel. We have report
> pending on SORM that should be released sometime during the late
> spring of 2013.
Can you give us a simple example?
> We are trying to decide how and what to publish so
> as to share usable knowledge without revealing tradecraft that would
> allow the developers of SORM (II and III) to reduce detectability.
This is a rather difficult thing to do - it seems not worth doing. These
guys are already working on reducing detectability, aren't they?
> BTW - SORM II is commercially available in the European, US and
> Canadian under the brand name "NetBeholder" so those of you with
> deep pockets should buy a set up and reverse engineer it
> http://www.netbeholder.com/en/products.html … the company even has a
> street address in Toronto, for those of you that want to visit. :-)
>
Has it been found on Canadian networks? Who uses it?
All the best,
Jacob
More information about the liberationtech
mailing list