Realistic Probabilities In Modern Signals Intellig

From Capacious Macaque, 6 Years ago, written in Plain Text.

URL http://geopaste.scratchbook.ch/view/8abbcf52

Embed

Global Spying:

Realistic Probabilities In Modern Signals Intelligence

Jonathan Logan

Steve Topletz (presenter, editing)

PREFACE

In this article

,

we will present insight to the realistic possibilities of Internet mass surveillance. When

talking about the threat of Internet surveillance

,

the

common

argument is that there is so much traffic

that any one conversation or email won't be picked up unless there is reason to suspect those

concerned; it is impossible that

“

they

”

can

listen to us all

.

This argument assumes that there is a scarcity of resources and motivation required for mass

surveillance. The truth is that motivation and resources are directly connected. If the resources are

inexpensive enough

,

then the motivations present are sufficient to use them. This is visible in the

economic effect of supply availability increasing

the

demand. The effect is that since it is more easily

done, it will be done more readily. Another fault in th

e above

argument

is that it

assumes that there is

only all-or-nothing surveillance, which is incorrect.

INDEX

I.

Resource Requirements

II.

Methods of Post-Tap and Offsite Analysis

III.

Implications

IV.

Threat Assessment

V.

Clandestine Intelligence Gathering

VI.

End Notes

VII.

Q&A

VIII.

About the Authors

IX.

Exhibits

X.

Citations

I. RESOURCE REQUIREMENTS

It is important to break down the resources required and methods available as well as the means of

surveillance

in order

to understand what realistic threat mass surveillance of digital communication is.

The resources required are Access, Storage, Traffic, and Analysis. In this paper, we

are

speaking about

digital communications, and these methods do not fully apply to purely analog communication, such as

POTS (normal telephone service).

ACCESS

Surveillence requires access to the communication to be surveilled. Data today is transmitted via

copper cable lines, fiber-optics, directed micro-wave communication, broadcast radio (W

i

MAX

,WiFi

etc.), satellite, and a few other arcane methods . The most profitable transmission media for

surveillance, by far, are fiber, broadcast, directed micro-wave, and satellite. Fiber provides the benefit

of large amount

s

of data from a single “cable.” Broadcast radio provides the benefit of non-physical

accessibility. Directed micro-wave is easily acquired through classic stand-in-the-middle listening.

Satellite provides a very big footprint, where one needs only to be standing near the receiver of the

transmission.

Fiber cables provide the most interesting targets for surveillance. Almost all international

communication eventually goes over a few particular fiber lines, so this is where the tapping is focused.

This is a practice far different from the UK / USA Echelon system of the 1980s

,

which operated mostly

by targeting direct micro-wave and satellite transmissions, because international fiber-optic lines were

more rare. Today, tapping into fiber is easily accomplished through a variety of methods:

splicing the

fiber-optic line, connecting to the repeaters, or tapping into the endpoint routers

,

and

through

even

more esoteric methods

,

like bending the fiber and detecting stray “ghost” photons

1

. Tapping in most

cases is purely passive, which means two things. First, the signals are being listened to and not

intercepted or modified. Second, surveillance

-

induced artifacts are non-trivial to detect by the endpoint,

which means there is no

“

click

”

on the phone to tell you that someone is listening in. This is especially

true in digital communications espionage, which is the focus of this paper.

Access to fiber-optic lines is mostly accomplished by connecting to repeaters and tapping endpoint

routers. That is what is being performed by AT&T at the request of the NSA. This method is

inexpensive in resources

and

easy to implement,

plus it

requires very few people to know

about it

and

to

operate

it

. In the case of repeater connections, even the fiber owner

s

may not be aware

that their

lines are being tapped

unless they find the tap during routine maintenance.

Civilians generally assume that the Internet consists of millions of independent lines that would have to

be tapped individually for mass surveillance. Luckily for signal

s

intelligence gathering and analysis,

this is not the case. To tap into 90% of traffic connecting the Eastern Hemisphere to the Western

Hemisphere (GUS / RUS / AFRICA / MIDDLE EAST / EU to US), agencies only need access to either

30 fiber cables

2

or half of the 45 landing points

3

. An alternate method to achieve such access to this

traffic is to install access devices in just

seven

of the correct

Internet Exchanges

4

(I

Xs

), which

are

where ISPs and backbones interconnect at a single location. Rest assured, all of above has happened at

various scales

5

as intelligence agencies are pitted against each other to gain power through knowledge.

are as a surveillance target. In fact, anyone reading this paper, especially those reading it

online

for a

longer time or

increased

frequency, would almost certainly elevate their status as a surveillance target.

Staying below the radar can be extremely hard if you are in any way different

from

the majority of the

populus.

When surveillance becomes trivial for an unrestrained party

,

then it will be done, and sadly

,

there is no

good reason that they should not do it if

they are

unrestrained. Most of the notions against the reality of

mass surveillance are based on "scarcity of resources and motivation"

arguments.

It has been

demonstrated

in this document

that there is no scarcity of resources to do surveillance or store its

results, only to act upon it by human resources. In our current world, there is no scarcity of motivation

to do it

either

. In fact, there is a whole industry and even political parties lobbying on the behalf of

surveillance. There are enough power-hungry people that want to stay in power and institutions

that

exist to self-perpetuate

. Someone once said that the Internet is not only the best tool for mass

communication but also the best tool for mass surveillance and control ever created. That person was

right.

V. CLANDESTINE INTELLIGENCE GATHERING

Clandestine intelligence gathering is spying performed by agencies and corporations that do not have

"lawful interception"

28

privileges, lacking legal authority and legitimate access to infrastructure. This is

the traditional idea of espionage, where one country or company is spying on another or a target group.

The stages are similar to traditional surveillance; however, the methods used tend to be less traditional

since the spying organization involved does not have conventional communications access but

also

is

not confined by the rule of law.

Clandestine intelligence may be as insignificant as one auto dealer spying on another to gain an

advantage

29

, or as disturbing as a country spying on the government employees of a rival country to

cripple their defense infrastructure in preparation for

a future war

30

.

Data collection for clandestine operations follows the path of least resistance

,

depending on the

objective. Because clandestine data collection is not lawful, it cannot be overtly employed,

but

instead

,

it

must be covertly deployed using either Open Source Intelligence (OSINT) or

"covert

intelligence

"

techniques. Open Source Intelligence gathering "involves finding, selecting, and acquiring information

from publicly available sources and analyzing it to produce actionable intelligence... The term

open

refers to overt, publicly available sources"

31

as opposed to

covert intelligence

which refers to

private,

classified,

or illegal

sources.

One example of

an

Open Source Intelligence gathering source is the Tor Network. The Tor Network is

an anonymity network that is participation-based and allows anyone to access communications traffic

of i

t

s users

; however, it also

attempts to obfuscate the origins of the traffic in order to render the user

anonymous. The inherent weakness of the Tor

N

etwork is that each node in the network acts like a

miniature

IX

, routing the traffic of other users

and

giving easy eavesdropping access to anyone who

wants to abuse it. The Tor

N

etwork provides an endless supply of interesting traffic, specifically

because the users are those who wish not to be observed or identified. Because this traffic is

both

suspicious

and

interesting, it is the natural target of surveillance by both

state

agencies

32

and hackers

33

.

In an

O

pen

S

ource

I

ntelligence gathering model, the spying organization might operate Tor nodes and

perform traffic analysis to identify political dissidents

34

, capture sensitive government credentials

35

,

and even to deanonymize

36

and correlate traffic back to reporters, bloggers, and governments agents.

C

overt

intelligence gathering for clandestine surveillance uses non-traditional methods to acquire

communications access. These are typically

B

lack Ops programs which employ trojans

37

, bribery,

blackmail

38

, misdirection

39

, and infiltration

40

.

VI. END NOTES

This article exclusively deals with the possibilities and methods for passive surveillance of non-

participants of the communication being surveilled. There are numerous other methods of surveillance

and data collection existing on the Internet. Those include cookies, spyware, log file aggregation,

system fingerprinting, and many other methods.

VII. Q&A

Q: What about using word scrambling to defeat language analysis?

A: The technology used in most word processors is good enough to instantly reconstruct large portions

of a scrambled text.

The approaches by s

ystems working with semantic analysis, context and subject

discovery

,

as well as whole text probability

,

are even better. They might not be able to reconstruct every

single word

,

but

rather, just

enough of the content to make sense of it. The same is true for most if not

all "good advice" given by friends. Good security is not that easy. If advice does not include strong

cryptography, it is uninformed at best, and disinformation at worst.

Q: Are encryption users more likely to become targets?

A: As mentioned in the article

,

one of the methods used is to find out unusual traffic and content

patterns. Using e

-

mail encryption is something unusual for the normal population. There have been

several cases where the use of encryption increased the interest of investigating agencies. However

,

we

still think that it is a necessary and smart

move

to encrypt everything you can. Surely you cannot beat

context analysis with encryption alone, but content analysis and interpretation can be

rendered

much

less effective or even impossible.

The advi

c

e we would give is to encrypt all your communication

every time

. It is better to have a

consistent communication pattern than to only encrypt occasionally because the total amount of

valuable data collected will be lower. If you are only encrypting information you think is sensitive, then

it is also known which communications should be more heavily analyzed.

Q: Are people using anonymity networks more likely to become targets?

A: Yes. The total number of available anonymization services is small. Just a few thousand computers

in total are serving in publicly available anonymity networks. To target all traffic going to or from those

computers is trivial. However

,

only a really big adversary

would

be able to automatically trace and

connect the various relayed packets to each other, and those adversaries surely exist.

Looking at the network layouts of the more popular anonymization networks

,

it is actually not hard to

watch all traffic they relay. Some services make it hard to identify single communication events when

watching only a limited set of the total connections that exist

;

at the same time

, this increases

the

crowding effect (hiding in the crowd). With effectively executed crowding, you will be seen but not

necessarily identified.

Q: But company X said they use technology Y

.

W

on't that protect me from all adversaries?

A: No. It is true that technologies exist to drastically increase your privacy on the Internet. However,

none of them protect you against an omnipotent attacker. Most are good for evading nosy marketing

groups,

though

few are good enough to hide yourself from the eyes of domestic security agencies.

However, none will protect you against a motivated attacker with global access to the Internet. If your

anonymization service is decent

,

then they will have a note in their website or documentation that

effectively states

,

"

D

o not rely on this technology if you require strong anonymity." If they aren't

decent,

they will say

,

"

W

e make you 100% anonymous on the Internet."

Q: What can be done?

A: Writing to your congressional representive will not stop spying. Politics and public opinion will not

help at all to reduce or even solve this problem, because politics and public naivet

e

created the

problem. There are only

seven

things you can effectively do:

1.

Accept that the world is

not

a place where everyone believes others should be free.

2.

Use self-defense technology such as

adequate

anonymity services and best practices.

3.

Use encryption on all your traffic, and support programs that employ opportunistic encryption.

Even weak and poorly-implemented encryption is better than plaintext, because it cripples

spying by reducing it to context analysis.

4.

Call up your ISP and tell them you want a dynamic IP address, because static IP addresses are a

threat to your privacy. If you work at an ISP, insist that it assigns IP addresses dynamically, not

statically.

5.

Prepend common data to the first 1k of your data transfers to defeat modern checksum analysis.

6.

Fight against any force that wants you to give up your freedoms and privacy.

7.

Teach others how to fight for their privacy as well.

Protecting your privacy does not come for free today, and it never has. One last word to the wise:

t

hose

that shout the loudest that they will protect you or those that do it for free are not necessarily those that

have your freedom and privacy in mind

.

T

here

is

n

o

s

uch

t

hing

a

s

a

f

ree

l

unch!

VIII. ABOUT THE AUTHORS

Jonathan Logan works as a communication network consultant for Cryptohippie PA Inc. and Xero

Networks AG. He can be reached via email at j.logan at cryptohippie.net (PGP Key: 0xE82210E6)

Steve Topletz is the operations advisor for XeroBank, an anonymity service operated by Xero

Networks AG. The opinions expressed in this article are those of the author

s

and do not reflect the

views of Cryptohippie PA Inc., Xero Networks AG, their management, or their respective owners. If

you want to distribute this article

,

please contact the author

s

.

IX. EXHIBITS

Note: Figures used in calculations are designed to be rough and larger than actual costs, in order to

demonstrate maximum reasonable costs.

Exhibit A: (

http://www.dtc.umn.edu/mints/home.php

) 5000 ~ 8000 PB / month. Presume ~85

th

percentile at 7500 Petabytes * 12 months = ~90 Exabytes (94,371,840,000 GB). Data warehousing

costs are approximated to $0.35 / GB / year, ($0.168 / GB hardware, $0.014 / GB power, $0.091 / GB

housing, $0.077 / GB maintenance; breakdown derived from classified source, traffic costs not

included). 94,371,840,000 GB * $0.35 / GB = $33,030,144,000 USD / year.

Exhibit

B

: 1% *

(94,371,840,000 GB)

x $0.02 / GB

fiber-optic transfer

x 2 destinations

(

collection and

endpoint)

= $37,748,736 total fiber-optic transmission costs. Note that although internet traffic doubles,

unique traffic does not increase at the same rate, so 1% is a shrinking figure as total traffic increases.

Non-unique traffic is typically limited to personal communications such as VOIP, email, and instant

messaging.

Exhibit C: IBM BladeCenter PN41, 20 Gbps @ $90,000 = $4.5k / Gbps. Similar costs across the board

(90k wholesale, 106k ~ 120k retail) with other DPI / traffic analysis solutions (Narus, Sandvine, LSI,

Qosmos, Interphase, Ellacoya etc).

Exhibit D: ~90 Exabytes raw analysis / 1 year = ~24 Tbps (23.36) average usage (20Tbps domestic, 4

Tbps international) @ 20% utilization = 117 Tbps (@ 100% utilization) x $4.5k Gbps = $526,500,000

USD. Hardware has a yearly cost of 48% of costs before traffic (power, housing, maintenance). Costs

before traffic are $570,375,000 ($526,500,000 / 0.48 * 0.52), and traffic costs of $37,748,736 bring the

total to $1,134,623,736 for all costs post-tap / pre-analysis.

Exhibit E: Maximum 5000 tapping points worldwide x $3,000,000 / tap / year for physical surveillance,

compliance, black operations, tap installation, and maintenance, and upkeep costs. In Germany alone,

there are 30 major backbone loops, and 10 major IXs, which require multiple taps for total surveillance.

Exhibit F: The cost of Access is $2.027b, consisting of $527m for Traffic Analysis, and $1.5b in Tap

Installation and Management (Exhibit E). The cost of Storage is $570m (Exhibit D), favoring the larger

cost against the 1% of $33b (Exhibit A). The cost of Traffic is $38m, and the cost of Analysis can reach

as high as $1.5b. $2,027m + $570m + $38m + $1,500m = $4,135m.

X. CITATIONS

1.

Olzak, Tom (2007, May 3). Protect your network against fiber hacks. Retrieved July 18, 2009

,

from

TechRepublic Web site:

http://blogs.techrepublic.com.com/security/?p=222&tag=nl.e036

.

2.

(2004). Map of U.S. city connectivity. Retrieved July 18, 2009

,

from TeleGeography Web site: 2.

http://www.telegeography.com/ee/free_resources/figures/ib-04.php

.

3.

(2006). Submarine cable system diagram. Retrieved July 18, 2009

,

from TeleGeography Web site:

http://www.telegeography.com/ee/free_resources/figures/ib-02.php

.

4.

List of Internet exchange points by size. (2009). In Wikipedia [Web]. Retrieved July 18, 2009

,

from

http://en.wikipedia.org/wiki/List_of_Internet_exchange_points_by_size

.

5.

Information awareness office. (2009). In Wikipedia [Web]. Retrieved July 18, 2009

,

from

http://

en.wikipedia.org/wiki/Information_Awareness_Office

.

6.

Nash equilibrium. (2009). In Wikipedia [Web]. Retrieved July 18, 2009

,

from

http://

en.wikipedia.org/wiki/Nash_equilibrium

.

7.

Brams, S

.

, & Kilgour, D

.

(1991).

Game theory and national security

.

New York: Wiley-Blackwell.

8.

Libbenga, Jan (2005, Nov 28). Iceland left in the cold after cable cut. The Register, Retrieved July

18, 2009

,

from

http://www.theregister.co.uk/2005/11/28/iceland_without_broadband

.

9.

(2005). Navy commissions spy submarine Jimmy Carter. Retrieved July 18, 2009

,

from Cryptome

Web site:

http://eyeball-series.org/mmp/jimmy-carter.htm

.

10.

(2001). Ships, sensors, and weapons. Undersea Warfare, 3, Retrieved July 18, 2009

,

from

http://

www.navy.mil/navydata/cno/n87/usw/issue_11/ship_sensors_weapons.html

.

11.

Kent, S.

, & Atkinson, R.

(1998). IP encapsulating security payload. Retrieved July 18, 2009

,

from

The Internet Engineering Task Force Web site:

http://tools.ietf.org/html/rfc2406

.

12.

Pike, J. (1996). Intelligence agency budgets. Retrieved July 18, 2009

,

from Federation of American

Scientists Web site:

http://www.fas.org/irp/commission/budget.htm

.

13.

(2007, May 3). HP launches DRAGON to help telecoms manage data in fight against global

terrorism . Retrieved July 18, 2009

,

from PR Domain Web site:

http://www.prdomain.com/

companies/H/HP/newsreleases/20075440637.htm

.

14.

O'Brien, D. (2008, June 15). Sweden and the borders of the surveillance state. Retrieved July 18,

2009

,

from Electronic Frontier Foundation Web site:

http://www.eff.org/deeplinks/2008/06/

sweden-and-borders-surveillance-state

.

15.

(2009). NarusInsight is the most scalable traffic intelligence system for capturing, analyzing and

correlating IP traffic in real time. Retrieved July 18, 2009

,

from Narus Web site:

http://

narus.com/index.php/product

.

16.

(2008). About BND. Retrieved July 18, 2009

,

from Bundesnachrichtendienst Web site:

http://

www.bnd.de/nn_1435078/EN/WirUeberUns/WirUeberUns__node.html

.

17.

Pike, J. (2009). World wide military expenditures. Retrieved July 18, 2009

,

from Global Security

Web site:

http://www.globalsecurity.org/military/world/spending.htm

.

18.

(2006).

Directive 2006/24/EC of the European parliament and of the council. Official Journal of the

European Union, 105, 54-62.

Retrieved on July 18, 2009, from

http://www.ispai.ie/DR%20as

%20published%20OJ%2013-04-06.pdf

.

19.

Krempl, S

.

(2009, June 7). CCC: Vorratsdatenspeicherung bringt unkontrollierbare Überwachung.

Heise, Retrieved July 18, 2009

,

from

http://www.heise.de/newsticker/CCC-

Vorratsdatenspeicherung-bringt-unkontrollierbare-Ueberwachung--/meldung/141623

.

20.

Zetter, K. (2009, June 22). WSJ: Nokia, Siemens help Iran spy on internet users. Retrieved July 18,

2009

,

from Wired Web site:

http://www.wired.com/threatlevel/2009/06/wsj-nokia-and-siemens-

help-iran-spy-on-internet-users

.

21.

Cheung, H. (2006, June 27). ISP heavyweights join forces to fight child porn. Retrieved July 18,

2009

,

from TG Daily Web site:

http://www.tgdaily.com/content/view/27256/118

.

22.

Bundeskriminalamt. (2006). The Bundeskriminalamt Profile [Brochure]. Bad Homburg, Germany

.

Retrieved on July 18, 2009, from:

http://www.bka.de/profil/broschueren/profile2006.pdf

23.

Latent semantic analysis. (2009). In Wikipedia [Web]. Retrieved July 18, 2009

,

from

http://

en.wikipedia.org/wiki/Latent_semantic_analysis

.

24.

Li, J., Zheng, R., & Chen, H. (2008). From fingerprint to writeprint. University of Arizona

.

Retrieved from

http://ai.eller.arizona.edu/COPLINK/publications/CACM_From%20Fingerprint

%20to%20Writeprint.pdf

.

25.

Chaos Computer Clubs. (2009). Stellungnahme des Chaos Computer Clubs zur

Vorratsdatenspeicherung [

Report

]. Germany

:

Kurz, C., & Rieger, F.

Retrieved July 18, 2009,

from

http://www.ccc.de/vds/VDSfinal18.pdf

.

26.

Stokes, J. (2009, July 6). NSA's power- and money-sucking datacenter buildout continues.

Retrieved July 18, 2009

,

from ARS Technica Web site:

http://arstechnica.com/tech-policy/news/

2009/07/r2e-nsas-power--and-money-sucking-datacenter-buildout-continues.ars

.

27.

(2004, Apr 13). Google's gmail could be blocked. Retrieved July 18, 2009

,

from BBC News Web

site:

http://news.bbc.co.uk/2/hi/business/3621169.stm

.

28.

Lawful interception. (2009). In Wikipedia [Web]. Retrieved July 18, 2009

,

from

http://

en.wikipedia.org/wiki/Lawful_interception

.

29.

Roth, D. (2009, Apr 23). Auto espionage: Koenigsegg dealer caught spying on competing Ferrari

dealer. Retrieved July 18, 2009

,

from Auto Blog Web site:

http://www.autoblog.com/

2009/04/23/auto-espionage-aston-dealer-caught-spying-on-competing-ferrari

.

30.

Anderson, N. (2007, Sept 3). Pentago hacked, Chinese army suspected: Report. Retrieved July 18,

2009

,

from ARS Technica Web site:

http://arstechnica.com/security/news/2007/09/chinese-

military-accused-of-hacking-pentagon-computers.ars

.

31.

Open source intelligence. (2009). In Wikipedia [Web]. Retrieved July 18, 2009

,

from

http://

en.wikipedia.org/wiki/Open_Source_Intelligence

.

32.

Soghoian, C. (2007, Sept 16). Tor anonymity server admin arrested. Retrieved July 18, 2009

,

from

Cnet Web site:

http://news.cnet.com/8301-13739_3-9779225-46.html

.

33.

Lemos, R. (2007, Mar 8). Tor hack proposed to catch criminals. Retrieved July 18, 2009

,

from

Security Focus Web site:

http://www.securityfocus.com/news/11447?ref=rss

.

34.

(2009). Who uses Tor?. Retrieved July 18, 2009

,

from Tor Project Web site:

http://

www.torproject.org/torusers.html.en#activists

.

35.

Gray, P. (2007, Nov 13). The hack of the year. Retrieved July 18, 2009

,

from The Sydney Morning

Herald Web site:

http://www.smh.com.au/news/security/the-hack-of-the-year/

2007/11/12/1194766589522.html

.

36.

Deanonymizer (2009).

http://deanonymizer.com

.

37.

(2008, May 7). German intelligence caught spying on journalist's emails. EDRI-gram, 6, Retrieved

July 18, 2009

,

from

http://www.edri.org/edrigram/number6.9/german-intelligence-emails

.

38.

Davies, B. (2005). The spycraft manual: The insider's guide to espionage techniques. St. Paul, MN:

Zenith Press.

39.

Schneier, B. (2008, Feb 5). Fourth undersea cable failure in Middle East. Retrieved July 18, 2009

,

from Schneier Web site:

http://www.schneier.com/blog/archives/2008/02/fourth_undersea.html

.

40.

Acohido, B. (2009, Apr 9). Q&A on U.S. electrical grid infiltrated by Chinese, Russian cyberspies.

Retrieved July 18, 2009

,

from The Last Watchdog Web site:

http://lastwatchdog.com/chinese-

russian-cyberspies-lurk-us-electrical-grid

.

Author

Title

Language

Your paste - Paste your paste here

Global Spying: 
Realistic Probabilities In Modern Signals Intelligence
Jonathan Logan 
Steve Topletz (presenter, editing)
PREFACE
In this article
,
 we will present insight to the realistic possibilities of Internet mass surveillance. When 
talking about the threat of Internet surveillance
,
 the 
common 
argument is that there is so much traffic 
that any one conversation or email won't be picked up unless there is reason to suspect those 
concerned; it is impossible that 
“
they
”
can 
listen to us all
.
This argument assumes that there is a scarcity of resources and motivation required for mass 
surveillance. The truth is that motivation and resources are directly connected. If the resources are 
inexpensive enough
,
 then the motivations present are sufficient to use them. This is visible in the 
economic effect of supply availability increasing
 the
 demand. The effect is that since it is more easily 
done, it will be done more readily. Another fault in th
e above
 argument
 is that it
 assumes that there is 
only all-or-nothing surveillance, which is incorrect. 
INDEX 
I.
Resource Requirements
II.
Methods of Post-Tap and Offsite Analysis
III.
Implications
IV.
Threat Assessment
V.
Clandestine Intelligence Gathering
VI.
End Notes
VII.
Q&amp;A
VIII.
About the Authors
IX.
Exhibits
X.
Citations
I. RESOURCE REQUIREMENTS 
It is important to break down the resources required and methods available as well as the means of 
surveillance
 in order
 to understand what realistic threat mass surveillance of digital communication is. 
The resources required are Access, Storage, Traffic, and Analysis. In this paper, we 
are
 speaking about 
digital communications, and these methods do not fully apply to purely analog communication, such as 
POTS (normal telephone service). 
ACCESS 
Surveillence requires access to the communication to be surveilled. Data today is transmitted via 
copper cable lines, fiber-optics, directed micro-wave communication, broadcast radio (W
i
MAX
,WiFi
etc.), satellite, and a few other arcane methods . The most profitable transmission media for 
surveillance, by far, are fiber, broadcast, directed micro-wave, and satellite. Fiber provides the benefit 
of large amount
s
 of data from a single “cable.” Broadcast radio provides the benefit of non-physical 
accessibility. Directed micro-wave is easily acquired through classic stand-in-the-middle listening. 
Satellite provides a very big footprint, where one needs only to be standing near the receiver of the 
transmission. 
Fiber cables provide the most interesting targets for surveillance. Almost all international 
communication eventually goes over a few particular fiber lines, so this is where the tapping is focused. 
This is a practice far different from the UK / USA Echelon system of the 1980s
,
 which operated mostly 
by targeting direct micro-wave and satellite transmissions, because international fiber-optic lines were 
more rare. Today, tapping into fiber is easily accomplished through a variety of methods: 
splicing the 
fiber-optic line, connecting to the repeaters, or tapping into the endpoint routers
,
 and
 through
 even 
more esoteric methods
,
 like bending the fiber and detecting stray “ghost” photons
1
. Tapping in most 
cases is purely passive, which means two things. First, the signals are being listened to and not 
intercepted or modified. Second, surveillance
-
induced artifacts are non-trivial to detect by the endpoint, 
which means there is no 
“
click
”
 on the phone to tell you that someone is listening in. This is especially 
true in digital communications espionage, which is the focus of this paper.
Access to fiber-optic lines is mostly accomplished by connecting to repeaters and tapping endpoint 
routers. That is what is being performed by AT&amp;T at the request of the NSA. This method is 
inexpensive in resources
 and
 easy to implement, 
plus it
 requires very few people to know
 about it
 and
to
 operate
 it
. In the case of repeater connections, even the fiber owner
s
 may not be aware
 that their 
lines are being tapped
 unless they find the tap during routine maintenance.
Civilians generally assume that the Internet consists of millions of independent lines that would have to 
be tapped individually for mass surveillance. Luckily for signal
s
 intelligence gathering and analysis, 
this is not the case. To tap into 90% of traffic connecting the Eastern Hemisphere to the Western 
Hemisphere (GUS / RUS / AFRICA / MIDDLE EAST / EU to US), agencies only need access to either 
30 fiber cables
2
 or half of the 45 landing points
3
. An alternate method to achieve such access to this 
traffic is to install access devices in just 
seven
 of the correct 
Internet Exchanges
4
 (I
Xs
), which 
are
where ISPs and backbones interconnect at a single location. Rest assured, all of above has happened at 
various scales
5
 as intelligence agencies are pitted against each other to gain power through knowledge. 
are as a surveillance target. In fact, anyone reading this paper, especially those reading it 
online 
for a 
longer time or 
increased
 frequency, would almost certainly elevate their status as a surveillance target. 
Staying below the radar can be extremely hard if you are in any way different 
from
 the majority of the 
populus.
When surveillance becomes trivial for an unrestrained party
,
 then it will be done, and sadly
,
 there is no 
good reason that they should not do it if
 they are
 unrestrained. Most of the notions against the reality of 
mass surveillance are based on &quot;scarcity of resources and motivation&quot; 
arguments.
 It has been 
demonstrated 
in this document 
that there is no scarcity of resources to do surveillance or store its 
results, only to act upon it by human resources. In our current world, there is no scarcity of motivation 
to do it
 either
. In fact, there is a whole industry and even political parties lobbying on the behalf of 
surveillance. There are enough power-hungry people that want to stay in power and institutions 
that 
exist to self-perpetuate
. Someone once said that the Internet is not only the best tool for mass 
communication but also the best tool for mass surveillance and control ever created. That person was 
right.
V. CLANDESTINE INTELLIGENCE GATHERING
Clandestine intelligence gathering is spying performed by agencies and corporations that do not have 
&quot;lawful interception&quot;
28
 privileges, lacking legal authority and legitimate access to infrastructure. This is 
the traditional idea of espionage, where one country or company is spying on another or a target group. 
The stages are similar to traditional surveillance; however, the methods used tend to be less traditional 
since the spying organization involved does not have conventional communications access but 
also 
is 
not confined by the rule of law.
Clandestine intelligence may be as insignificant as one auto dealer spying on another to gain an 
advantage
29
, or as disturbing as a country spying on the government employees of a rival country to 
cripple their defense infrastructure in preparation for 
a future war
30
.
Data collection for clandestine operations follows the path of least resistance
,
 depending on the 
objective. Because clandestine data collection is not lawful, it cannot be overtly employed, 
but
 instead
, 
it
 must be covertly deployed using either Open Source Intelligence (OSINT) or 
&quot;covert
intelligence
&quot; 
techniques. Open Source Intelligence gathering &quot;involves finding, selecting, and acquiring information 
from publicly available sources and analyzing it to produce actionable intelligence... The term 
open
refers to overt, publicly available sources&quot;
31
 as opposed to 
covert intelligence
 which refers to 
private, 
classified, 
or illegal
 sources.
One example of 
an 
Open Source Intelligence gathering source is the Tor Network. The Tor Network is 
an anonymity network that is participation-based and allows anyone to access communications traffic 
of i
t
s users
; however, it also
 attempts to obfuscate the origins of the traffic in order to render the user 
anonymous. The inherent weakness of the Tor 
N
etwork is that each node in the network acts like a 
miniature 
IX
, routing the traffic of other users
 and
 giving easy eavesdropping access to anyone who 
wants to abuse it. The Tor 
N
etwork provides an endless supply of interesting traffic, specifically 
because the users are those who wish not to be observed or identified. Because this traffic is 
both 
suspicious
 and
 interesting, it is the natural target of surveillance by both 
state 
agencies
32
 and hackers
33
. 
In an 
O
pen 
S
ource 
I
ntelligence gathering model, the spying organization might operate Tor nodes and 
perform traffic analysis to identify political dissidents
34
, capture sensitive government credentials
35
, 
and even to deanonymize
36
 and correlate traffic back to reporters, bloggers, and governments agents.
C
overt
 intelligence gathering for clandestine surveillance uses non-traditional methods to acquire 
communications access. These are typically 
B
lack Ops programs which employ trojans
37
, bribery, 
blackmail
38
, misdirection
39
, and infiltration
40
.
VI. END NOTES
This article exclusively deals with the possibilities and methods for passive surveillance of non-
participants of the communication being surveilled. There are numerous other methods of surveillance 
and data collection existing on the Internet. Those include cookies, spyware, log file aggregation, 
system fingerprinting, and many other methods. 
VII. Q&amp;A 
Q: What about using word scrambling to defeat language analysis? 
A: The technology used in most word processors is good enough to instantly reconstruct large portions 
of a scrambled text. 
The approaches by s
ystems working with semantic analysis, context and subject 
discovery
,
 as well as whole text probability
,
 are even better. They might not be able to reconstruct every  
single word
,
 but
 rather, just
 enough of the content to make sense of it. The same is true for most if not 
all &quot;good advice&quot; given by friends. Good security is not that easy. If advice does not include strong 
cryptography, it is uninformed at best, and disinformation at worst. 
Q: Are encryption users more likely to become targets? 
A: As mentioned in the article
,
 one of the methods used is to find out unusual traffic and content 
patterns. Using e
-
mail encryption is something unusual for the normal population. There have been 
several cases where the use of encryption increased the interest of investigating agencies. However
,
 we 
still think that it is a necessary and smart 
move
 to encrypt everything you can. Surely you cannot beat 
context analysis with encryption alone, but content analysis and interpretation can be 
rendered
 much 
less effective or even impossible. 
The advi
c
e we would give is to encrypt all your communication 
every time
. It is better to have a 
consistent communication pattern than to only encrypt occasionally because the total amount of 
valuable data collected will be lower. If you are only encrypting information you think is sensitive, then 
it is also known which communications should be more heavily analyzed. 
Q: Are people using anonymity networks more likely to become targets?
A: Yes. The total number of available anonymization services is small. Just a few thousand computers 
in total are serving in publicly available anonymity networks. To target all traffic going to or from those 
computers is trivial. However
,
 only a really big adversary 
would
 be able to automatically trace and 
connect the various relayed packets to each other, and those adversaries surely exist.
Looking at the network layouts of the more popular anonymization networks
,
 it is actually not hard to 
watch all traffic they relay. Some services make it hard to identify single communication events when 
watching only a limited set of the total connections that exist
;
 at the same time
, this increases 
the 
crowding effect (hiding in the crowd). With effectively executed crowding, you will be seen but not 
necessarily identified. 
Q: But company X said they use technology Y
.
 W
on't that protect me from all adversaries?
A: No. It is true that technologies exist to drastically increase your privacy on the Internet. However, 
none of them protect you against an omnipotent attacker. Most are good for evading nosy marketing 
groups, 
though 
few are good enough to hide yourself from the eyes of domestic security agencies. 
However, none will protect you against a motivated attacker with global access to the Internet. If your 
anonymization service is decent
,
 then they will have a note in their website or documentation that 
effectively states
,
 &quot;
D
o not rely on this technology if you require strong anonymity.&quot; If they aren't
decent, 
they will say
,
 &quot;
W
e make you 100% anonymous on the Internet.&quot;
Q: What can be done? 
A: Writing to your congressional representive will not stop spying. Politics and public opinion will not 
help at all to reduce or even solve this problem, because politics and public naivet
e
 created the 
problem. There are only 
seven
 things you can effectively do:
1.
Accept that the world is 
not
 a place where everyone believes others should be free.
2.
Use self-defense technology such as 
adequate
 anonymity services and best practices.
3.
Use encryption on all your traffic, and support programs that employ opportunistic encryption. 
Even weak and poorly-implemented encryption is better than plaintext, because it cripples 
spying by reducing it to context analysis.
4.
Call up your ISP and tell them you want a dynamic IP address, because static IP addresses are a 
threat to your privacy. If you work at an ISP, insist that it assigns IP addresses dynamically, not 
statically.
5.
Prepend common data to the first 1k of your data transfers to defeat modern checksum analysis.
6.
Fight against any force that wants you to give up your freedoms and privacy.
7.
Teach others how to fight for their privacy as well.
Protecting your privacy does not come for free today, and it never has. One last word to the wise: 
 t
hose 
that shout the loudest that they will protect you or those that do it for free are not necessarily those that
have your freedom and privacy in mind
.
 T
here 
is
n
o 
s
uch 
t
hing 
a
s 
a
f
ree 
l
unch!
VIII. ABOUT THE AUTHORS 
Jonathan Logan works as a communication network consultant for Cryptohippie PA Inc. and Xero 
Networks AG. He can be reached via email at j.logan at cryptohippie.net (PGP Key: 0xE82210E6) 
Steve Topletz is the operations advisor for XeroBank, an anonymity service operated by Xero 
Networks AG. The opinions expressed in this article are those of the author
s
 and do not reflect the 
views of Cryptohippie PA Inc.,  Xero Networks AG, their management, or their respective owners. If 
you want to distribute this article
,
 please contact the author
s
.
IX. EXHIBITS
Note: Figures used in calculations are designed to be rough and larger than actual costs, in order to 
demonstrate maximum reasonable costs.
Exhibit A: (
http://www.dtc.umn.edu/mints/home.php
) 5000 ~ 8000 PB / month. Presume ~85
th
percentile at 7500 Petabytes * 12 months = ~90 Exabytes (94,371,840,000 GB). Data warehousing 
costs are approximated to $0.35 / GB / year, ($0.168 / GB hardware, $0.014 / GB power, $0.091 / GB 
housing, $0.077 / GB maintenance; breakdown derived from classified source, traffic costs not 
included).  94,371,840,000 GB * $0.35 / GB = $33,030,144,000 USD / year.
Exhibit 
B
: 1% * 
(94,371,840,000 GB)
 x $0.02 / GB 
fiber-optic transfer
 x 2 destinations 
(
collection and 
endpoint) 
= $37,748,736 total fiber-optic transmission costs. Note that although internet traffic doubles, 
unique traffic does not increase at the same rate, so 1% is a shrinking figure as total traffic increases. 
Non-unique traffic is typically limited to personal communications such as VOIP, email, and instant 
messaging.
Exhibit C: IBM BladeCenter PN41, 20 Gbps @ $90,000 =  $4.5k / Gbps. Similar costs across the board 
(90k wholesale, 106k ~ 120k retail) with other DPI / traffic analysis solutions (Narus, Sandvine, LSI, 
Qosmos, Interphase, Ellacoya etc).
Exhibit D: ~90 Exabytes raw analysis / 1 year = ~24 Tbps (23.36) average usage (20Tbps domestic, 4 
Tbps international) @ 20% utilization = 117 Tbps (@ 100% utilization) x $4.5k Gbps  =  $526,500,000 
USD. Hardware has a yearly cost of 48% of costs before traffic (power, housing, maintenance). Costs 
before traffic are $570,375,000 ($526,500,000 / 0.48 * 0.52), and traffic costs of $37,748,736 bring the 
total to  $1,134,623,736 for all costs post-tap / pre-analysis.
Exhibit E: Maximum 5000 tapping points worldwide x $3,000,000 / tap / year for physical surveillance, 
compliance, black operations, tap installation, and maintenance, and upkeep costs. In Germany alone, 
there are 30 major backbone loops, and 10 major IXs, which require multiple taps for total surveillance.
Exhibit F: The cost of Access is $2.027b, consisting of $527m for Traffic Analysis, and $1.5b in Tap 
Installation and Management (Exhibit E). The cost of Storage is $570m (Exhibit D), favoring the larger 
cost against the 1% of $33b (Exhibit A). The cost of Traffic is $38m, and the cost of Analysis can reach 
as high as $1.5b. $2,027m + $570m + $38m + $1,500m = $4,135m.
X. CITATIONS
1.
Olzak, Tom (2007, May 3). Protect your network against fiber hacks. Retrieved July 18, 2009
,
 from 
TechRepublic Web site: 
http://blogs.techrepublic.com.com/security/?p=222&amp;tag=nl.e036
.
2.
(2004). Map of U.S. city connectivity. Retrieved July 18, 2009
,
 from TeleGeography Web site: 2. 
http://www.telegeography.com/ee/free_resources/figures/ib-04.php
.
3.
(2006). Submarine cable system diagram. Retrieved July 18, 2009
,
 from TeleGeography Web site: 
http://www.telegeography.com/ee/free_resources/figures/ib-02.php
.
4.
List of Internet exchange points by size. (2009). In Wikipedia [Web]. Retrieved July 18, 2009
,
 from 
http://en.wikipedia.org/wiki/List_of_Internet_exchange_points_by_size
.
5.
Information awareness office. (2009). In Wikipedia [Web]. Retrieved July 18, 2009
,
 from 
http://
en.wikipedia.org/wiki/Information_Awareness_Office
.
6.
Nash equilibrium. (2009). In Wikipedia [Web]. Retrieved July 18, 2009
,
 from 
http://
en.wikipedia.org/wiki/Nash_equilibrium
.
7.
Brams, S
.
, &amp; Kilgour, D
.
 (1991). 
Game theory and national security
.
New York: Wiley-Blackwell.
8.
Libbenga, Jan (2005, Nov 28). Iceland left in the cold after cable cut. The Register, Retrieved July 
18, 2009
,
 from 
http://www.theregister.co.uk/2005/11/28/iceland_without_broadband
.
9.
(2005). Navy commissions spy submarine Jimmy Carter. Retrieved July 18, 2009
,
 from Cryptome 
Web site: 
http://eyeball-series.org/mmp/jimmy-carter.htm
.
10.
(2001). Ships, sensors, and weapons. Undersea Warfare, 3, Retrieved July 18, 2009
,
 from 
http://
www.navy.mil/navydata/cno/n87/usw/issue_11/ship_sensors_weapons.html
.
11.
Kent, S.
, &amp; Atkinson, R.
 (1998). IP encapsulating security payload. Retrieved July 18, 2009
,
 from 
The Internet Engineering Task Force Web site: 
http://tools.ietf.org/html/rfc2406
.
12.
Pike, J. (1996). Intelligence agency budgets. Retrieved July 18, 2009
,
 from Federation of American 
Scientists Web site: 
http://www.fas.org/irp/commission/budget.htm
.
13.
(2007, May 3). HP launches DRAGON to help telecoms manage data in fight against global 
terrorism . Retrieved July 18, 2009
,
 from PR Domain Web site: 
http://www.prdomain.com/
companies/H/HP/newsreleases/20075440637.htm
.
14.
O'Brien, D. (2008, June 15). Sweden and the borders of the surveillance state. Retrieved July 18, 
2009
,
 from Electronic Frontier Foundation Web site: 
http://www.eff.org/deeplinks/2008/06/
sweden-and-borders-surveillance-state
.
15.
(2009). NarusInsight is the most scalable traffic intelligence system for capturing, analyzing and 
correlating IP traffic in real time. Retrieved July 18, 2009
,
 from Narus Web site: 
http://
narus.com/index.php/product
.
16.
(2008). About BND. Retrieved July 18, 2009
,
 from Bundesnachrichtendienst Web site: 
http://
www.bnd.de/nn_1435078/EN/WirUeberUns/WirUeberUns__node.html
.
17.
Pike, J. (2009). World wide military expenditures. Retrieved July 18, 2009
,
 from Global Security 
Web site: 
http://www.globalsecurity.org/military/world/spending.htm
.
18.
(2006).
Directive 2006/24/EC of the European parliament and of the council. Official Journal of the 
European Union, 105, 54-62.
 Retrieved on July 18, 2009, from  
http://www.ispai.ie/DR%20as
%20published%20OJ%2013-04-06.pdf
.
19.
Krempl, S
.
 (2009, June 7). CCC: Vorratsdatenspeicherung bringt unkontrollierbare Überwachung. 
Heise, Retrieved July 18, 2009
,
 from 
http://www.heise.de/newsticker/CCC-
Vorratsdatenspeicherung-bringt-unkontrollierbare-Ueberwachung--/meldung/141623
.
20.
 Zetter, K. (2009, June 22). WSJ: Nokia, Siemens help Iran spy on internet users. Retrieved July 18, 
2009
,
 from Wired Web site: 
http://www.wired.com/threatlevel/2009/06/wsj-nokia-and-siemens-
help-iran-spy-on-internet-users
.
21.
Cheung, H. (2006, June 27). ISP heavyweights join forces to fight child porn. Retrieved July 18, 
2009
,
 from TG Daily Web site: 
http://www.tgdaily.com/content/view/27256/118
.
22.
Bundeskriminalamt. (2006). The Bundeskriminalamt Profile [Brochure]. Bad Homburg, Germany
.  
Retrieved on July 18, 2009, from:  
http://www.bka.de/profil/broschueren/profile2006.pdf
23.
Latent semantic analysis. (2009). In Wikipedia [Web]. Retrieved July 18, 2009
,
 from 
http://
en.wikipedia.org/wiki/Latent_semantic_analysis
.
24.
Li, J., Zheng, R., &amp; Chen, H. (2008). From fingerprint to writeprint. University of Arizona
.  
Retrieved from  
http://ai.eller.arizona.edu/COPLINK/publications/CACM_From%20Fingerprint
%20to%20Writeprint.pdf
.
25.
Chaos Computer Clubs. (2009). Stellungnahme des Chaos Computer Clubs zur 
Vorratsdatenspeicherung [
Report
]. Germany
:
 Kurz, C., &amp; Rieger, F.
  Retrieved July 18, 2009, 
from 
http://www.ccc.de/vds/VDSfinal18.pdf
.
26.
Stokes, J. (2009, July 6). NSA's power- and money-sucking datacenter buildout continues. 
Retrieved July 18, 2009
,
 from ARS Technica Web site: 
http://arstechnica.com/tech-policy/news/
2009/07/r2e-nsas-power--and-money-sucking-datacenter-buildout-continues.ars
.
27.
(2004, Apr 13). Google's gmail could be blocked. Retrieved July 18, 2009
,
 from BBC News Web 
site: 
http://news.bbc.co.uk/2/hi/business/3621169.stm
.
28.
Lawful interception. (2009). In Wikipedia [Web]. Retrieved July 18, 2009
,
 from 
http://
en.wikipedia.org/wiki/Lawful_interception
.
29.
Roth, D. (2009, Apr 23). Auto espionage: Koenigsegg dealer caught spying on competing Ferrari 
dealer. Retrieved July 18, 2009
,
 from Auto Blog Web site: 
http://www.autoblog.com/
2009/04/23/auto-espionage-aston-dealer-caught-spying-on-competing-ferrari
.
30.
Anderson, N. (2007, Sept 3). Pentago hacked, Chinese army suspected: Report. Retrieved July 18, 
2009
,
 from ARS Technica Web site: 
http://arstechnica.com/security/news/2007/09/chinese-
military-accused-of-hacking-pentagon-computers.ars
.
31.
Open source intelligence. (2009). In Wikipedia [Web]. Retrieved July 18, 2009
,
 from 
http://
en.wikipedia.org/wiki/Open_Source_Intelligence
.
32.
Soghoian, C. (2007, Sept 16). Tor anonymity server admin arrested. Retrieved July 18, 2009
,
 from 
Cnet Web site: 
http://news.cnet.com/8301-13739_3-9779225-46.html
.
33.
Lemos, R. (2007, Mar 8). Tor hack proposed to catch criminals. Retrieved July 18, 2009
,
 from 
Security Focus Web site: 
http://www.securityfocus.com/news/11447?ref=rss
.
34.
(2009). Who uses Tor?. Retrieved July 18, 2009
,
 from Tor Project Web site: 
http://
www.torproject.org/torusers.html.en#activists
.
35.
Gray, P. (2007, Nov 13). The hack of the year. Retrieved July 18, 2009
,
 from The Sydney Morning 
Herald Web site: 
http://www.smh.com.au/news/security/the-hack-of-the-year/
2007/11/12/1194766589522.html
.
36.
Deanonymizer (2009).  
http://deanonymizer.com
.
37.
(2008, May 7). German intelligence caught spying on journalist's emails. EDRI-gram, 6, Retrieved 
July 18, 2009
,
 from 
http://www.edri.org/edrigram/number6.9/german-intelligence-emails
.
38.
Davies, B. (2005). The spycraft manual: The insider's guide to espionage techniques. St. Paul, MN: 
Zenith Press.
39.
Schneier, B. (2008, Feb 5). Fourth undersea cable failure in Middle East. Retrieved July 18, 2009
,
from Schneier Web site: 
http://www.schneier.com/blog/archives/2008/02/fourth_undersea.html
.
40.
Acohido, B. (2009, Apr 9). Q&amp;A on U.S. electrical grid infiltrated by Chinese, Russian cyberspies. 
Retrieved July 18, 2009
,
 from The Last Watchdog Web site: 
http://lastwatchdog.com/chinese-
russian-cyberspies-lurk-us-electrical-grid
.

Create Shorturl - Create a shorter url that redirects to your paste?

Private - Private paste aren't shown in recent listings.

Delete After - When should we delete your paste?

Realistic Probabilities In Modern Signals Intellig

Reply to "Realistic Probabilities In Modern Signals Intellig"