[liberationtech] Massive passive wiretapper: How to technically troll them?

Dan Staples dan at disman.tl
Mon Sep 16 09:25:48 PDT 2013 

Interesting ideas...don't know about the feasibility, but it's worth
discussing.

For generating raw data that can have the potential to confuse automated
analysis and flagging, or to otherwise hide/obfuscate legit comms, I
wrote a proof-of-concept project called NOISE: http://disman.tl/noise.html.

It basically includes a Markov generator for creating "real-looking"
text from a reference corpus, and periodically sending that in emails,
tweets, web searches, etc. Use a reference corpus of 'suspicious' texts,
stuff that would get flagged by surveillance filters, and you'd be
generating plenty of red herrings. It can even generate fake
PGP-encrypted emails.

I don't have a lot of background knowledge on how the mass digital
surveillance systems are architected or run, so I have no idea whether
this type of approach is effective. But I think it's an avenue worth
investigating further. Helen Nissenbaum's recent talk on obfuscation at
PETS was enlightening on the subject, and she has some relevant
publications as well.[1][2]


-Dan

[1] http://firstmonday.org/ojs/index.php/fm/article/view/3493/2955

[2]
http://books.google.com/books?id=2c9v5-fzU9EC&pg=PA171&lpg=PA171&dq=%22Political+and+Ethical+Perspectives+on+Data+Obfuscation%22&source=bl&ots=f2K_NsP77r&sig=c1OwymUgYxTZcZ4oebXMD7zuZ4o&hl=en&sa=X&ei=dVz6UbWmJqfa4AP30IDgBw&ved=0CCsQ6AEwAA#v=onepage&q=%22Political%20and%20Ethical%20Perspectives%20on%20Data%20Obfuscation%22&f=false


On 09/16/2013 06:16 AM, Claudio wrote:
> Run a Tor exit node? ;)
> 
> On 09/14/2013 05:35 PM, Fabio Pietrosanti (naif) wrote:
>> Hi,
>>
>> i was wondering how it could be possible to bring some kind of denial of
>> service to impact the functionalities and/or reduce the performance of
>> the systems users by massive passive wiretapper listening on the fibers.
>>
>> So, what a massive passive tapping is listening and how it's processing
>> it's data?
>>
>> I expect that's recording:
>> - Content of all traffic, with very specific exception to record only
>> what's useful [1]
>> - Database's stored transaction of all new connection with timestamp,
>> source, destination
>> - Database's stored metadata of processed traffic's content
>>
>> On the recorded data, there's a set of batchs that process the internet
>> traffic to apply "normalization" and "parsing" logic, that extract
>> useful metadata and load that into a database. This is to enable
>> analyst's automated and manual query over that data.
>>
>> So, given the previously defined assumption, what cipherpunks can do to
>> engage in trolling the massive passive wiretapper?
>>
>> We can use different strategies:
>> - Fill up the transaction records, stored into the database
>> - Fill up the metadata records, stored into the database
>> - Fill up what is being recorded into the Petabyte storage (raw records)
>> - Attacks the backend processing's batch process that analize the data
>> to extract metdata
>>
>> This can be done by carefully generating internet traffic, specifically
>> targeting our goals, and only "good traffic" that must be recorded and
>> processed.
>>
>> The first thing to do is to choose the two phisical locations between
>> where to generate the traffic.
>>
>> We want "inject" our traffico into the massive passive wirtapper system,
>> so can choose to target their wiretapping system on international fiber
>> that are known to be recorded, for example between UK and US.
>> Bandwidth in US and UK is also quite cheap, so this would be a nice
>> place to work on.
>> We may choose to make traffic between UK and US, where bandwidth is
>> cheap and there's a reasonable evidence that fibers are being massively
>> recorded.
>>
>> Then we need to prepare the right pattern of traffic, being cleartext
>> SMTP, HTTP, POP3, other, that will be exchanged between the two peers at
>> full speed.
>>
>> The traffic we need to generate has to be compressed, in order to
>> increase the load we put on the massive passive wiretapper decoding
>> processes, amplifying the amount of data generated. If we assume a
>> properly done 400% protocol compression ratio, with 100TB monthly data
>> we may generate 400TB of data on wiretapper system.
>>
>> By some calculation 100TB of traffic can cost $250/month, so two peer
>> could cost $500/month generating on the target system 400TB of data
>> (100TB with an amplification factor of 400% due to protocol compression) .
>>
>> If 100 volounteer invest $500/month, so $50.000/month, we would be
>> generating 40.000TB/month, 40 Petabyte/month, on the massive passvie
>> wiretapper infrastructure.
>>
>> Those would be only "good traffic to be processed" and not
>> youtube/youporn traffic that the wiretapper is likely to discard.
>>
>> It would be a nice way to technically troll them?
>>
>> [1] It's reasonable that there are exception not recording traffic to
>> very high bandwidth video services (such as youtube or netfliex) because
>> they are not very useful from intelligence perspective but represent
>> between 50-70% of internet traffic. So, unuseful traffic recorded would
>> use 50-70% of storage? Just don't record it!
>>
> 

-- 
http://disman.tl
OpenPGP key: http://disman.tl/pgp.asc
Fingerprint: 2480 095D 4B16 436F 35AB 7305 F670 74ED BD86 43A9

More information about the liberationtech mailing list