Global Spying: Realistic Probabilities In Modern Signals Intelligence Jonathan Logan Steve Topletz (presenter, editing) PREFACE In this article , we will present insight to the realistic possibilities of Internet mass surveillance. When talking about the threat of Internet surveillance , the common argument is that there is so much traffic that any one conversation or email won't be picked up unless there is reason to suspect those concerned; it is impossible that “ they ” can listen to us all . This argument assumes that there is a scarcity of resources and motivation required for mass surveillance. The truth is that motivation and resources are directly connected. If the resources are inexpensive enough , then the motivations present are sufficient to use them. This is visible in the economic effect of supply availability increasing the demand. The effect is that since it is more easily done, it will be done more readily. Another fault in th e above argument is that it assumes that there is only all-or-nothing surveillance, which is incorrect. INDEX I. Resource Requirements II. Methods of Post-Tap and Offsite Analysis III. Implications IV. Threat Assessment V. Clandestine Intelligence Gathering VI. End Notes VII. Q&A VIII. About the Authors IX. Exhibits X. Citations I. RESOURCE REQUIREMENTS It is important to break down the resources required and methods available as well as the means of surveillance in order to understand what realistic threat mass surveillance of digital communication is. The resources required are Access, Storage, Traffic, and Analysis. In this paper, we are speaking about digital communications, and these methods do not fully apply to purely analog communication, such as POTS (normal telephone service). ACCESS Surveillence requires access to the communication to be surveilled. Data today is transmitted via copper cable lines, fiber-optics, directed micro-wave communication, broadcast radio (W i MAX ,WiFi etc.), satellite, and a few other arcane methods . The most profitable transmission media for surveillance, by far, are fiber, broadcast, directed micro-wave, and satellite. Fiber provides the benefit of large amount s of data from a single “cable.” Broadcast radio provides the benefit of non-physical accessibility. Directed micro-wave is easily acquired through classic stand-in-the-middle listening. Satellite provides a very big footprint, where one needs only to be standing near the receiver of the transmission. Fiber cables provide the most interesting targets for surveillance. Almost all international communication eventually goes over a few particular fiber lines, so this is where the tapping is focused. This is a practice far different from the UK / USA Echelon system of the 1980s , which operated mostly by targeting direct micro-wave and satellite transmissions, because international fiber-optic lines were more rare. Today, tapping into fiber is easily accomplished through a variety of methods: splicing the fiber-optic line, connecting to the repeaters, or tapping into the endpoint routers , and through even more esoteric methods , like bending the fiber and detecting stray “ghost” photons 1 . Tapping in most cases is purely passive, which means two things. First, the signals are being listened to and not intercepted or modified. Second, surveillance - induced artifacts are non-trivial to detect by the endpoint, which means there is no “ click ” on the phone to tell you that someone is listening in. This is especially true in digital communications espionage, which is the focus of this paper. Access to fiber-optic lines is mostly accomplished by connecting to repeaters and tapping endpoint routers. That is what is being performed by AT&T at the request of the NSA. This method is inexpensive in resources and easy to implement, plus it requires very few people to know about it and to operate it . In the case of repeater connections, even the fiber owner s may not be aware that their lines are being tapped unless they find the tap during routine maintenance. Civilians generally assume that the Internet consists of millions of independent lines that would have to be tapped individually for mass surveillance. Luckily for signal s intelligence gathering and analysis, this is not the case. To tap into 90% of traffic connecting the Eastern Hemisphere to the Western Hemisphere (GUS / RUS / AFRICA / MIDDLE EAST / EU to US), agencies only need access to either 30 fiber cables 2 or half of the 45 landing points 3 . An alternate method to achieve such access to this traffic is to install access devices in just seven of the correct Internet Exchanges 4 (I Xs ), which are where ISPs and backbones interconnect at a single location. Rest assured, all of above has happened at various scales 5 as intelligence agencies are pitted against each other to gain power through knowledge. are as a surveillance target. In fact, anyone reading this paper, especially those reading it online for a longer time or increased frequency, would almost certainly elevate their status as a surveillance target. Staying below the radar can be extremely hard if you are in any way different from the majority of the populus. When surveillance becomes trivial for an unrestrained party , then it will be done, and sadly , there is no good reason that they should not do it if they are unrestrained. Most of the notions against the reality of mass surveillance are based on "scarcity of resources and motivation" arguments. It has been demonstrated in this document that there is no scarcity of resources to do surveillance or store its results, only to act upon it by human resources. In our current world, there is no scarcity of motivation to do it either . In fact, there is a whole industry and even political parties lobbying on the behalf of surveillance. There are enough power-hungry people that want to stay in power and institutions that exist to self-perpetuate . Someone once said that the Internet is not only the best tool for mass communication but also the best tool for mass surveillance and control ever created. That person was right. V. CLANDESTINE INTELLIGENCE GATHERING Clandestine intelligence gathering is spying performed by agencies and corporations that do not have "lawful interception" 28 privileges, lacking legal authority and legitimate access to infrastructure. This is the traditional idea of espionage, where one country or company is spying on another or a target group. The stages are similar to traditional surveillance; however, the methods used tend to be less traditional since the spying organization involved does not have conventional communications access but also is not confined by the rule of law. Clandestine intelligence may be as insignificant as one auto dealer spying on another to gain an advantage 29 , or as disturbing as a country spying on the government employees of a rival country to cripple their defense infrastructure in preparation for a future war 30 . Data collection for clandestine operations follows the path of least resistance , depending on the objective. Because clandestine data collection is not lawful, it cannot be overtly employed, but instead , it must be covertly deployed using either Open Source Intelligence (OSINT) or "covert intelligence " techniques. Open Source Intelligence gathering "involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence... The term open refers to overt, publicly available sources" 31 as opposed to covert intelligence which refers to private, classified, or illegal sources. One example of an Open Source Intelligence gathering source is the Tor Network. The Tor Network is an anonymity network that is participation-based and allows anyone to access communications traffic of i t s users ; however, it also attempts to obfuscate the origins of the traffic in order to render the user anonymous. The inherent weakness of the Tor N etwork is that each node in the network acts like a miniature IX , routing the traffic of other users and giving easy eavesdropping access to anyone who wants to abuse it. The Tor N etwork provides an endless supply of interesting traffic, specifically because the users are those who wish not to be observed or identified. Because this traffic is both suspicious and interesting, it is the natural target of surveillance by both state agencies 32 and hackers 33 . In an O pen S ource I ntelligence gathering model, the spying organization might operate Tor nodes and perform traffic analysis to identify political dissidents 34 , capture sensitive government credentials 35 , and even to deanonymize 36 and correlate traffic back to reporters, bloggers, and governments agents. C overt intelligence gathering for clandestine surveillance uses non-traditional methods to acquire communications access. These are typically B lack Ops programs which employ trojans 37 , bribery, blackmail 38 , misdirection 39 , and infiltration 40 . VI. END NOTES This article exclusively deals with the possibilities and methods for passive surveillance of non- participants of the communication being surveilled. There are numerous other methods of surveillance and data collection existing on the Internet. Those include cookies, spyware, log file aggregation, system fingerprinting, and many other methods. VII. Q&A Q: What about using word scrambling to defeat language analysis? A: The technology used in most word processors is good enough to instantly reconstruct large portions of a scrambled text. The approaches by s ystems working with semantic analysis, context and subject discovery , as well as whole text probability , are even better. They might not be able to reconstruct every single word , but rather, just enough of the content to make sense of it. The same is true for most if not all "good advice" given by friends. Good security is not that easy. If advice does not include strong cryptography, it is uninformed at best, and disinformation at worst. Q: Are encryption users more likely to become targets? A: As mentioned in the article , one of the methods used is to find out unusual traffic and content patterns. Using e - mail encryption is something unusual for the normal population. There have been several cases where the use of encryption increased the interest of investigating agencies. However , we still think that it is a necessary and smart move to encrypt everything you can. Surely you cannot beat context analysis with encryption alone, but content analysis and interpretation can be rendered much less effective or even impossible. The advi c e we would give is to encrypt all your communication every time . It is better to have a consistent communication pattern than to only encrypt occasionally because the total amount of valuable data collected will be lower. If you are only encrypting information you think is sensitive, then it is also known which communications should be more heavily analyzed. Q: Are people using anonymity networks more likely to become targets? A: Yes. The total number of available anonymization services is small. Just a few thousand computers in total are serving in publicly available anonymity networks. To target all traffic going to or from those computers is trivial. However , only a really big adversary would be able to automatically trace and connect the various relayed packets to each other, and those adversaries surely exist. Looking at the network layouts of the more popular anonymization networks , it is actually not hard to watch all traffic they relay. Some services make it hard to identify single communication events when watching only a limited set of the total connections that exist ; at the same time , this increases the crowding effect (hiding in the crowd). With effectively executed crowding, you will be seen but not necessarily identified. Q: But company X said they use technology Y . W on't that protect me from all adversaries? A: No. It is true that technologies exist to drastically increase your privacy on the Internet. However, none of them protect you against an omnipotent attacker. Most are good for evading nosy marketing groups, though few are good enough to hide yourself from the eyes of domestic security agencies. However, none will protect you against a motivated attacker with global access to the Internet. If your anonymization service is decent , then they will have a note in their website or documentation that effectively states , " D o not rely on this technology if you require strong anonymity." If they aren't decent, they will say , " W e make you 100% anonymous on the Internet." Q: What can be done? A: Writing to your congressional representive will not stop spying. Politics and public opinion will not help at all to reduce or even solve this problem, because politics and public naivet e created the problem. There are only seven things you can effectively do: 1. Accept that the world is not a place where everyone believes others should be free. 2. Use self-defense technology such as adequate anonymity services and best practices. 3. Use encryption on all your traffic, and support programs that employ opportunistic encryption. Even weak and poorly-implemented encryption is better than plaintext, because it cripples spying by reducing it to context analysis. 4. Call up your ISP and tell them you want a dynamic IP address, because static IP addresses are a threat to your privacy. If you work at an ISP, insist that it assigns IP addresses dynamically, not statically. 5. Prepend common data to the first 1k of your data transfers to defeat modern checksum analysis. 6. Fight against any force that wants you to give up your freedoms and privacy. 7. Teach others how to fight for their privacy as well. Protecting your privacy does not come for free today, and it never has. One last word to the wise: t hose that shout the loudest that they will protect you or those that do it for free are not necessarily those that have your freedom and privacy in mind . T here is n o s uch t hing a s a f ree l unch! VIII. ABOUT THE AUTHORS Jonathan Logan works as a communication network consultant for Cryptohippie PA Inc. and Xero Networks AG. He can be reached via email at j.logan at cryptohippie.net (PGP Key: 0xE82210E6) Steve Topletz is the operations advisor for XeroBank, an anonymity service operated by Xero Networks AG. The opinions expressed in this article are those of the author s and do not reflect the views of Cryptohippie PA Inc., Xero Networks AG, their management, or their respective owners. If you want to distribute this article , please contact the author s . IX. EXHIBITS Note: Figures used in calculations are designed to be rough and larger than actual costs, in order to demonstrate maximum reasonable costs. Exhibit A: ( http://www.dtc.umn.edu/mints/home.php ) 5000 ~ 8000 PB / month. Presume ~85 th percentile at 7500 Petabytes * 12 months = ~90 Exabytes (94,371,840,000 GB). Data warehousing costs are approximated to $0.35 / GB / year, ($0.168 / GB hardware, $0.014 / GB power, $0.091 / GB housing, $0.077 / GB maintenance; breakdown derived from classified source, traffic costs not included). 94,371,840,000 GB * $0.35 / GB = $33,030,144,000 USD / year. Exhibit B : 1% * (94,371,840,000 GB) x $0.02 / GB fiber-optic transfer x 2 destinations ( collection and endpoint) = $37,748,736 total fiber-optic transmission costs. Note that although internet traffic doubles, unique traffic does not increase at the same rate, so 1% is a shrinking figure as total traffic increases. Non-unique traffic is typically limited to personal communications such as VOIP, email, and instant messaging. Exhibit C: IBM BladeCenter PN41, 20 Gbps @ $90,000 = $4.5k / Gbps. Similar costs across the board (90k wholesale, 106k ~ 120k retail) with other DPI / traffic analysis solutions (Narus, Sandvine, LSI, Qosmos, Interphase, Ellacoya etc). Exhibit D: ~90 Exabytes raw analysis / 1 year = ~24 Tbps (23.36) average usage (20Tbps domestic, 4 Tbps international) @ 20% utilization = 117 Tbps (@ 100% utilization) x $4.5k Gbps = $526,500,000 USD. Hardware has a yearly cost of 48% of costs before traffic (power, housing, maintenance). Costs before traffic are $570,375,000 ($526,500,000 / 0.48 * 0.52), and traffic costs of $37,748,736 bring the total to $1,134,623,736 for all costs post-tap / pre-analysis. Exhibit E: Maximum 5000 tapping points worldwide x $3,000,000 / tap / year for physical surveillance, compliance, black operations, tap installation, and maintenance, and upkeep costs. In Germany alone, there are 30 major backbone loops, and 10 major IXs, which require multiple taps for total surveillance. Exhibit F: The cost of Access is $2.027b, consisting of $527m for Traffic Analysis, and $1.5b in Tap Installation and Management (Exhibit E). The cost of Storage is $570m (Exhibit D), favoring the larger cost against the 1% of $33b (Exhibit A). The cost of Traffic is $38m, and the cost of Analysis can reach as high as $1.5b. $2,027m + $570m + $38m + $1,500m = $4,135m. X. CITATIONS 1. Olzak, Tom (2007, May 3). Protect your network against fiber hacks. Retrieved July 18, 2009 , from TechRepublic Web site: http://blogs.techrepublic.com.com/security/?p=222&tag=nl.e036 . 2. (2004). Map of U.S. city connectivity. Retrieved July 18, 2009 , from TeleGeography Web site: 2. http://www.telegeography.com/ee/free_resources/figures/ib-04.php . 3. (2006). Submarine cable system diagram. Retrieved July 18, 2009 , from TeleGeography Web site: http://www.telegeography.com/ee/free_resources/figures/ib-02.php . 4. List of Internet exchange points by size. (2009). In Wikipedia [Web]. Retrieved July 18, 2009 , from http://en.wikipedia.org/wiki/List_of_Internet_exchange_points_by_size . 5. Information awareness office. (2009). In Wikipedia [Web]. Retrieved July 18, 2009 , from http:// en.wikipedia.org/wiki/Information_Awareness_Office . 6. Nash equilibrium. (2009). In Wikipedia [Web]. Retrieved July 18, 2009 , from http:// en.wikipedia.org/wiki/Nash_equilibrium . 7. Brams, S . , & Kilgour, D . (1991). Game theory and national security . New York: Wiley-Blackwell. 8. Libbenga, Jan (2005, Nov 28). Iceland left in the cold after cable cut. The Register, Retrieved July 18, 2009 , from http://www.theregister.co.uk/2005/11/28/iceland_without_broadband . 9. (2005). Navy commissions spy submarine Jimmy Carter. Retrieved July 18, 2009 , from Cryptome Web site: http://eyeball-series.org/mmp/jimmy-carter.htm . 10. (2001). Ships, sensors, and weapons. Undersea Warfare, 3, Retrieved July 18, 2009 , from http:// www.navy.mil/navydata/cno/n87/usw/issue_11/ship_sensors_weapons.html . 11. Kent, S. , & Atkinson, R. (1998). IP encapsulating security payload. Retrieved July 18, 2009 , from The Internet Engineering Task Force Web site: http://tools.ietf.org/html/rfc2406 . 12. Pike, J. (1996). Intelligence agency budgets. Retrieved July 18, 2009 , from Federation of American Scientists Web site: http://www.fas.org/irp/commission/budget.htm . 13. (2007, May 3). HP launches DRAGON to help telecoms manage data in fight against global terrorism . Retrieved July 18, 2009 , from PR Domain Web site: http://www.prdomain.com/ companies/H/HP/newsreleases/20075440637.htm . 14. O'Brien, D. (2008, June 15). Sweden and the borders of the surveillance state. Retrieved July 18, 2009 , from Electronic Frontier Foundation Web site: http://www.eff.org/deeplinks/2008/06/ sweden-and-borders-surveillance-state . 15. (2009). NarusInsight is the most scalable traffic intelligence system for capturing, analyzing and correlating IP traffic in real time. Retrieved July 18, 2009 , from Narus Web site: http:// narus.com/index.php/product . 16. (2008). About BND. Retrieved July 18, 2009 , from Bundesnachrichtendienst Web site: http:// www.bnd.de/nn_1435078/EN/WirUeberUns/WirUeberUns__node.html . 17. Pike, J. (2009). World wide military expenditures. Retrieved July 18, 2009 , from Global Security Web site: http://www.globalsecurity.org/military/world/spending.htm . 18. (2006). Directive 2006/24/EC of the European parliament and of the council. Official Journal of the European Union, 105, 54-62. Retrieved on July 18, 2009, from http://www.ispai.ie/DR%20as %20published%20OJ%2013-04-06.pdf . 19. Krempl, S . (2009, June 7). CCC: Vorratsdatenspeicherung bringt unkontrollierbare Überwachung. Heise, Retrieved July 18, 2009 , from http://www.heise.de/newsticker/CCC- Vorratsdatenspeicherung-bringt-unkontrollierbare-Ueberwachung--/meldung/141623 . 20. Zetter, K. (2009, June 22). WSJ: Nokia, Siemens help Iran spy on internet users. Retrieved July 18, 2009 , from Wired Web site: http://www.wired.com/threatlevel/2009/06/wsj-nokia-and-siemens- help-iran-spy-on-internet-users . 21. Cheung, H. (2006, June 27). ISP heavyweights join forces to fight child porn. Retrieved July 18, 2009 , from TG Daily Web site: http://www.tgdaily.com/content/view/27256/118 . 22. Bundeskriminalamt. (2006). The Bundeskriminalamt Profile [Brochure]. Bad Homburg, Germany . Retrieved on July 18, 2009, from: http://www.bka.de/profil/broschueren/profile2006.pdf 23. Latent semantic analysis. (2009). In Wikipedia [Web]. Retrieved July 18, 2009 , from http:// en.wikipedia.org/wiki/Latent_semantic_analysis . 24. Li, J., Zheng, R., & Chen, H. (2008). From fingerprint to writeprint. University of Arizona . Retrieved from http://ai.eller.arizona.edu/COPLINK/publications/CACM_From%20Fingerprint %20to%20Writeprint.pdf . 25. Chaos Computer Clubs. (2009). Stellungnahme des Chaos Computer Clubs zur Vorratsdatenspeicherung [ Report ]. Germany : Kurz, C., & Rieger, F. Retrieved July 18, 2009, from http://www.ccc.de/vds/VDSfinal18.pdf . 26. Stokes, J. (2009, July 6). NSA's power- and money-sucking datacenter buildout continues. Retrieved July 18, 2009 , from ARS Technica Web site: http://arstechnica.com/tech-policy/news/ 2009/07/r2e-nsas-power--and-money-sucking-datacenter-buildout-continues.ars . 27. (2004, Apr 13). Google's gmail could be blocked. Retrieved July 18, 2009 , from BBC News Web site: http://news.bbc.co.uk/2/hi/business/3621169.stm . 28. Lawful interception. (2009). In Wikipedia [Web]. Retrieved July 18, 2009 , from http:// en.wikipedia.org/wiki/Lawful_interception . 29. Roth, D. (2009, Apr 23). Auto espionage: Koenigsegg dealer caught spying on competing Ferrari dealer. Retrieved July 18, 2009 , from Auto Blog Web site: http://www.autoblog.com/ 2009/04/23/auto-espionage-aston-dealer-caught-spying-on-competing-ferrari . 30. Anderson, N. (2007, Sept 3). Pentago hacked, Chinese army suspected: Report. Retrieved July 18, 2009 , from ARS Technica Web site: http://arstechnica.com/security/news/2007/09/chinese- military-accused-of-hacking-pentagon-computers.ars . 31. Open source intelligence. (2009). In Wikipedia [Web]. Retrieved July 18, 2009 , from http:// en.wikipedia.org/wiki/Open_Source_Intelligence . 32. Soghoian, C. (2007, Sept 16). Tor anonymity server admin arrested. Retrieved July 18, 2009 , from Cnet Web site: http://news.cnet.com/8301-13739_3-9779225-46.html . 33. Lemos, R. (2007, Mar 8). Tor hack proposed to catch criminals. Retrieved July 18, 2009 , from Security Focus Web site: http://www.securityfocus.com/news/11447?ref=rss . 34. (2009). Who uses Tor?. Retrieved July 18, 2009 , from Tor Project Web site: http:// www.torproject.org/torusers.html.en#activists . 35. Gray, P. (2007, Nov 13). The hack of the year. Retrieved July 18, 2009 , from The Sydney Morning Herald Web site: http://www.smh.com.au/news/security/the-hack-of-the-year/ 2007/11/12/1194766589522.html . 36. Deanonymizer (2009). http://deanonymizer.com . 37. (2008, May 7). German intelligence caught spying on journalist's emails. EDRI-gram, 6, Retrieved July 18, 2009 , from http://www.edri.org/edrigram/number6.9/german-intelligence-emails . 38. Davies, B. (2005). The spycraft manual: The insider's guide to espionage techniques. St. Paul, MN: Zenith Press. 39. Schneier, B. (2008, Feb 5). Fourth undersea cable failure in Middle East. Retrieved July 18, 2009 , from Schneier Web site: http://www.schneier.com/blog/archives/2008/02/fourth_undersea.html . 40. Acohido, B. (2009, Apr 9). Q&A on U.S. electrical grid infiltrated by Chinese, Russian cyberspies. Retrieved July 18, 2009 , from The Last Watchdog Web site: http://lastwatchdog.com/chinese- russian-cyberspies-lurk-us-electrical-grid .