OF ALL THE NSA surveillance documents Edward Snowden leaked, some of the most important exposed the spy agency’s so-called XKEYSCORE program, a massive system for vacuuming up and sifting through emails, chats, images, online search activity, usernames and passwords, and other private digital data from core fiber optics cables around the world.
XKEYSCORE, which the NSA calls its “widest reaching” surveillance program, was established around 2008 and consists of more than 700 servers that store data sucked from the internet’s backbone and mine this data for patterns and connections.
Only a well-resourced party like the NSA could deploy such a grandiose surveillance program. But if your spy needs are more modest, there are a number of existing tools available that offer similar surveillance capabilities, albeit at a smaller scale, says Nicholas Weaver.
Weaver, a senior researcher at the International Computer Science Institute at UC Berkeley who focuses on network surveillance and security issues, developed a little hobby after the Snowden leaks in 2013: to build a bulk surveillance system in miniature that would be capable of performing all the primary tasks of an NSA spy system—but on a small, 100 Mbps-size network. Those capabilities had to include bulk data collection, search functionality, the ability to track cookies and identify anonymous users, a method for injecting malware into a surveillance target’s computer for more directed surveillance, and a friendly web interface. Luckily, Weaver realized, he already had off-the-shelf equipment that met the criteria.
“When the Snowden stuff came out, I looked at the documents and said, ‘Hey they’re doing what I do. It’s literally the same [as the security research] I’ve been doing for a decade,’” Weaver told WIRED.
Speaking to WIRED in advance of a presentation he’s giving today about his system at the Enigma security conference in San Francisco, he described the components needed to emulate the spy agency.
Surveillance Tech Is ‘Banal and Basic’
Although the US intelligence community likes to operate under the notion that its systems are NOBUS (Nobody But Us), meaning its technologies are unique to the United States, Weaver says the reality is the opposite when it comes to surveillance technology. “It’s very banal and very basic, it’s very well-understood technology, and … there’s really nothing new,” he says.
The NSA’s super-secret surveillance system, in fact, works very much the way off-the-shelf intrusion detection systems (IDS) function: With these systems, when a data packet arrives to a network, a high-volume filter separates garbage traffic from the important traffic and passes the latter to aload balancer, which distributes data to a number of servers. In this case, it distributes the data to network intrusion detection nodes or devices. The IDS nodes then parse the traffic to determine if it’s benign or malicious and make decisions about what to do based on those conclusions, such as blocking the traffic if it’s malicious and issuing an alert to administrators.
DIY Surveillance
Following the same general design, Weaver developed a home-grown surveillance system that took less than a week to construct. To approximate a filter and load balancer, he used OpenFlow, a protocol for managing and directing traffic among routers and switches on a network. For his intrusion detection system, he used the Bro Network Security Monitor, an open-source framework developed by Vern Paxson, a fellow computer scientist at UC Berkeley. He had to write scripts to do things like extract the cookies in web traffic and parse out usernames from traffic, but this was minimal work.
Those looking to do more robust backbone monitoring and data parsing like the NSA does could opt instead for
<href=”https: www.vortexsystems.us”=””>Vortex, an IDS that the US defense contractor Lockheed Martin developed and released for free on GitHub. Weaver thinks, in fact, that the NSA’s XKEYSCORE system probably began its life as Lockheed Martin’s Vortex, based on XKEYSCORE system features described in the Snowden documents.
Read the Original Article at Wired
Reblogged this on lisaandrews1968.
Wow, awesome blog layout! How long have you been blogging for?
you make blogging look easy. The overall look of your website is magnificent,
let alone the content!