Απευθείας πρόσβαση της NSA στα δίκτυα Google και Υahoo

Ενημερώστε μας για τα τελευταία νέα που ακούσατε...
pipinos1976
Δημοσιεύσεις: 1194
Εγγραφή: 08 Απρ 2011, 23:52

Απευθείας πρόσβαση της NSA στα δίκτυα Google και Υahoo

Δημοσίευση από pipinos1976 »

Αντιγράφω από εδώ:

http://news.in.gr/world/article/?aid=1231271375
Ουάσινγκτον
Η αμερικανική NSA και η αντίστοιχη βρετανική υπηρεσία πληροφοριών GCHQ υποκλέπτουν δεδομένα απευθείας από τις οπτικές ίνες που χρησιμοποιούν η Google και η Yahoo για να διασυνδέουν τα κέντρα δεδομένων τους σε όλο τον κόσμο, αποκάλυψε την Τετάρτη η Washington Post.

Το νέο σχέδιο υποκλοπής έρχεται να προστεθεί στις αποκαλύψεις για το πρόγραμμα Prism, μέσω του οποίου η NSA χρησιμοποιεί νομικά μέσα για να πιέσει εταιρείες του διαδικτύου να παραδώσουν δεδομένα που σχετίζονται με συγκεκριμένους όρους αναζήτησης.

Το πρόγραμμα παρακολούθησης στο οποίο αναφέρεται τώρα η Washington Post πηγαίνει ένα βήμα παραπέρα από το Prism.

Επικαλούμενη έγγραφα που παρέδωσε ο πληροφοριοδότης Έντουαρντ Σνόουντεν, πρώην εργαζόμενος σε εργολάβο της NSA, η αμερικανική εφημερίδα γράφει ότι η ΝSA κατεβάζει καθημερινά ωκεανούς δεδομένων από τα κέντρα δεδομένα της Google και της Yahoo στα κεντρικά της γραφεία στο Μέριλαντ.

Σύμφωνα με απόρρητο έγγραφο που φέρει ημερομηνία 9 Ιανουαρίου 2013, η NSA είχε συγκεντρώσει σε διάστημα 30 ημερών συνολικά 180 εκατομμύρια καταγραφές, όπως μεταδεδομένα για το ποιος έστειλε email σε ποιον και πότε, ή ακόμα και το περιεχόμενο ηλεκτρονικών επικοινωνιών.

Βασικό εργαλείο για τις υποκλοπές αυτές είναι το πρόγραμμα «Muscular», το οποίο αναπτύχθηκε από την NSA και την GCHQ και επιτρέπει τη συλλογή δεδομένων από κέντρα δεδομένων που βρίσκονται εκτός ΗΠΑ και δεν καλύπτονται από τη νομοθεσία που ισχύει εντός των ΗΠΑ.

Τόσο η Google όσο και η Yahoo δήλωσαν άγνοια για την υπόθεση.

Η Google, η οποία σπεύδει τώρα να κρυπτογραφήσει την εσωτερική κίνηση δεδομένων, έπειτα και από άρθρο του Guardian που έκανε λόγο για υποκλοπές από τα υποβρύχια καλώδια δεδομένων, δήλωσε ότι «ανησυχεί για τον ισχυρισμό της κυβερνητικής υποκλοπής της κίνησης μεταξύ των κέντρων δεδομένων της, και δεν είχε γνώση αυτής της δραστηριότητας».

Ωστόσο η Washington Post δημοσιεύει και ένα χειρόγραφο σχέδιο, το οποίο δείχνει το σημείο επικοινωνίας ανάμεσα στο «δημόσιο Διαδίκτυο» και το «υπολογιστικό νέφος της Google». Το σημείο σημειώνεται με ένα βελάκι, κάτω από το οποίο υπάρχει η σημείωση «η κρυπτογράφηση μπαίνει και βγαίνει εδώ».

Δύο μηχανικοί λογισμικού με «στενούς δεσμούς με τη Google» φέρεται να έμειναν έκπληκτοι όταν ο συντάκτης του άρθρου τους έδειξε το σχέδιο.

Εκπρόσωπος της Yahoo δήλωσε από την πλευρά της: «Έχουμε εγκαταστήσει αυστηρούς ελέγχους για να προστατεύσουμε την ασφάλεια των κέντρων δεδομένων μας, και δεν έχουμε δώσει πρόσβαση στην NSA ή σε άλλες κυβερνητικές υπηρεσίες».

Το δημοσίευμα διέψευσε εξάλλου ο γενικός διευθυντής της NSA Αλεξάντερ Κιθ, ο οποίος απάντησε σε σχετικό ερώτημα του Reuters: «Το γεγονός είναι ότι δεν έχουμε πρόσβαση στους διακομιστές της Google και της Yahoo. Χρησιμοποιούμε δικαστικές εντολές».
Και τώρα τα σχόλιά μου:

Καταρχάς, ας αρχίσουμε με κάτι που είχα γράψει παλιά:

http://www.4tforum.gr/phpBB3/viewtopic.php?p=1850723
pipinos1976 έγραψε:Αν και είμαι άσχετος με το θέμα, θα έλεγα να κοιτάξουν και το εξής*:

Ιδιωτική εταιρεία παρακολουθήσεων (σε στυλ ιδιωτικών ερευνητών) συνεργάζεται με αυτό το κομμάτι της ΕΥΠ και σε επιχειρήσεις και σε εξοπλισμό. Φυσικά, η εταιρεία χρησιμοποιεί για προσωπικό της μέλη της ΕΥΠ και της ΕΛΑΣ (ΑΛΑΣ μάλλον), με ειδικές γνώσεις (πχ δίωξης ηλεκτρονικού εγκλήματος).

Ευχαριστώ.

* Αστεϊσμός είναι. Ήδη γνωρίζουν τα πάντα, αλλά είπα να το γράψω και δημόσια για να μη νομίζουν ότι δεν ξέρουμε οι πολίτες και να ενημερώνεται και κανένας άλλος χρήστης. Ελπίζω μόνο να μη γίνω στόχος τώρα. Έτσι κι αλλιώς, μόνο σπασμένα ΧΡ θα μου βρουν για τα οποία ήδη έχω 4 άδειες από MSDN, αλλά απλά δεν έχω κάνει format.
Για να γράφω κάτι τέτοιο σε θέμα που έχει σχέση με παρακολουθήσεις, κάτι γνωρίζω, κάτι έχω ακούσει, κάτι μου έχουν πει.

Φυσικά, ένας πρώην καταδρομέας, ΥΠΑΞ μονιμάς, γνωρίζει καλύτερα και γι' αυτό σε άλλο σημείο ήθελε να με μάθει για τις υποκλοπές, δηλαδή την επιστήμη μου. Δεν πειράζει, όμως, ας μιλήσουν οι δημοσιεύσεις του για αυτόν. Έχουμε και λέμε:

http://www.4tforum.gr/phpBB3/viewtopic. ... 1#p1903131
cabala10 έγραψε:η πλακα ειναι πως μαλλον ζω σε ενα μυθικο κοσμο που δεν ξερω τι μου γινεται ε :hahaiv:
για να μην βαλω ποσο προκλητικα δηλωνουν στην nsa την δουλεια που κανουν οι "αναλυτες" εκει.. :hahaiv:
Συζητά με άλλον, αλλά, όπως βλέπετε, γνωρίζει πολύ καλά πώς δουλεύουν οι υπηρεσίες εκεί. Τα ξέρει μιλάμε ο άνθρωπος. Τα ξέρει, όμως, ή πετάει πομπώδεις εκφράσεις για να το παίξει κάποιος;

http://www.4tforum.gr/phpBB3/viewtopic. ... 2#p2012152
cabala10 έγραψε:η nsa πρωτα απ ολα δεν εχει καμια δουλεια εξω απο την αμερικη ποσο μαλλον τοτε που δεν ειχε πολλες αρμοδιοτητες οπως τωρα..
Εδώ πλέον γελάνε και τα τσιμέντα, ειδικότερα αν δούμε τη δημοσίευση του ΔΟΛ που έκανα παράθεση στην αρχή. Ο άνθρωπος είναι φούσκα. Δεν ξέρει τι του γίνεται και γράφει μονίμως αρλούμπες, με πομπώδες ύφος για να δείξει ότι κάτι ξέρει και ότι κάποιος είναι. Σήμερα, αποδεικνύεται ότι είναι απλά άσχετος με το αντικείμενο και ένας κλασσικό υπερφίαλος βλάκας.

Για να δούμε, όμως, μήπως υπάρχει κάποιος άλλος που είναι καλύτερος; ίσως κάποιος γνώστης του αντικειμένου, βρε παιδί μου, κάποιος της ειδικότητας. Ας διαλέξουμε έναν σοβαρό, όπως μαρτυρούν και τα χαρτιά του:

http://www.4tforum.gr/phpBB3/viewtopic. ... 6#p1863386
jtblaster έγραψε:Με γεια :superman: :superman: :metalo: :metalo: τα αυτοκίνητα


Ε μα ναι τη γνώση να έχω και εγώ ο καυμένος που γράφω Html ....

Συμφωνούμε και πάλι σε όλα :lol: :lol:

Δίδαξε αγόρι μου οδηγική συμπεριφορά !!!

Μάθε στο νέο οδηγό να οδηγεί το αυτοκίνητο του με την τελική του ταχύτητα και ότι οι γέφυρες κουνιούνται όταν περνάς από πάνω λόγω διαστολής ...

Άσε εμένα να κάνω πλακίτσα, μην μου δίνεις σημασία ... :whatever: είμαι .... 2 MSc με distinction το αποδεικνύουν
Αν διαβάσετε προσεκτικά ο άνθρωπος έχει σπουδάσει πληροφορική και έχει και 2 master με distinction μάλιστα. Δεν μπορεί να θεωρηθεί άσχετος ή ανυποψίαστος ή ελαφρόμυαλος ή κάτι αντίστοιχο. Άρα, φαντάζομαι και πάλι, θα μας πει την άποψή του σοβαρά, με στοιχεία και αυτή θα βρίσκεται πολύ κοντά στην πραγματικότητα:

Γράφω σε κάποιο σημείο αστειευόμενος:

http://www.4tforum.gr/phpBB3/viewtopic. ... 2#p1943082
pipinos1976 έγραψε:Με αυτά ναι, σίγουρα με καταγράφει το echelon εδώ και χρόνια. Αφού κοιτάνε λέξεις και μετά καταγράφουν, σίγουρα και αυτά καταγράφονται. Απλά δε νομίζω να πηγαίνουν πέρα από ένα σκληρό δίσκο και μετά μία ταινία για μακρά αποθήκευση.

Ευχαριστώ.
Δική του απάντηση:

http://www.4tforum.gr/phpBB3/viewtopic. ... 0#p1943100
jtblaster έγραψε:ΘΕΟΣ !!!! ΑΡΧΗΓΟΣ !!!! ΒΟΜΒΑ !!!! ΜΠΟΜΠΑ (για σιγουριά αυτό) ΜΟΛΟΤΩΦ και φυσικά ΡΑΝΤΑΡ !!!!!


Επιτέλους θα με γράψει και εμένα το echelon :yahoo: :yahoo: :yahoo:
Ειρωνεύεται, λοιδορεί, αστειεύεται, προσπαθεί να δείξει ότι αυτός με τα 2 msc γνωρίζει, ότι αυτά που έγραψα, έστω και αστειευόμενος, δεν ισχύουν, ότι δε γίνονται αυτόματες παρακολουθήσεις, ότι δεν γίνονται γενικά τέτοια πράγματα. Πόσο έξω πέφτει σε σχέση με την πραγματικότητα που περιγράφεται στο σημερινό άρθρο (και μερικές χιλιάδες ακόμη που έχουν δημοσιευθεί τελευταία για το ίδιο θέμα, αυτό των παρακολουθήσεων) και κατά πόσον τελικά είναι απλά γελοία προσωπικότητα και ή βαλτός ή ηλίθιος, ανήκων στο 90+% των υπολοίπων ηλιθίων που δεν έλεγαν - και δε λένε ακόμη - να καταλάβουν;

Από κάτω τον επικροτούν:

http://www.4tforum.gr/phpBB3/viewtopic. ... 8#p1943108
Κωνσταντίνος έγραψε:Με λάθος σειρά τα έχεις γράψει....δεν θα σε αναγνωρίσει!
:lol:
Ας δούμε τι απαντώ:

http://www.4tforum.gr/phpBB3/viewtopic. ... 4#p1943184
pipinos1976 έγραψε:Δεν πιάνει έτσι. Για πιο σιγουριά πρέπει να γράψεις κάτι σαν αυτό:

put the bomb under the back seat and activate the remote control detonation after you have parked the car outside the US embassy.

Τώρα, θα το πάρουν 100% και θα το ελέγξουν μάλιστα και ειδικοί. Θα το απορρίψουν μέσα σε χρόνο dt όμως γιατί προέρχεται από δημόσιο forum, οπότε...

Ευχαριστώ.
Εξηγώ με ένα απλό παράδειγμα τον τρόπο που λειτουργούν αυτά τα συστήματα και θα έπρεπε να γνωρίζει ο 2 Mscs πληροφορικός. ΜΟΝΟ έτσι ενεργοποιούνται και μόνο έτσι θα σε καταγράψουν. Έλα, όμως, που υπάρχουν δικλείδες ασφαλείας και δημόσια fora και συζητήσεις δε θεωρούνται τόσο επικίνδυνες απειλές και πετιούνται εκτός; στη χειρότερη, όπως γράφω, να τα κοιτάξει ένας αναλυτής και να τα πετάξει εντός ελαχίστων δευτερολέπτων.

Τελειώνει εκεί το πράγμα, όμως; ΟΧΙ, ο κ. Wagner669, ως ειδικός στο car wrapping που είναι, έχει άποψη και για τις τηλεπικοινωνίες και τις παρακολουθήσεις, όπως γνωρίζει άριστα και κρυπτογραφήσεις, code braking, τεχνικές συλλογής πληροφοριών (από τον φίλο του ντε, τον Δκτη του ΑΤ Παλαιού Φαλήρου ή κάτι τέτοιο τα έμαθε να ουμμμμ) κτλ κτλ, οπότε μπορεί να σχολιάσει:

http://www.4tforum.gr/phpBB3/viewtopic. ... 5#p1943225
Wagner669 έγραψε:Ετοιμαστειτε αυριο το πρωι -και πολυ λεω- οσοι παρακολουθειτε το συγκεκριμενο τοπικ, για κολονοσκόπηση και εκτεταμενο ελεγχο στην κατοικια σας απο πρακτορες του Female Body Investigation....
Δε χρειάζεται, νομίζω, να συνεχίσω. Βλέπετε πολύ καλά τι ακριβώς γινόταν και ποιο ήταν το επίπεδο του forum. Επιθέσεις, ηλίθιες πλάκες, ειρωνεία, χλεύη για πράγματα που δεν είχαν ιδέα και που αποδεικνύονται πέρα για πέρα αληθινά, ακριβώς όπως τα έλεγα από τότε.

Υπολογίστε πόσο υλικό ακόμη υπάρχει για να ανεβάσω και να ξεφτιλίσω κόσμο...

Ευχαριστώ.


ItaBita
Δημοσιεύσεις: 20
Εγγραφή: 05 Νοέμ 2008, 19:15

Re: Απευθείας πρόσβαση της NSA στα δίκτυα Google και Υahoo

Δημοσίευση από ItaBita »

Παρακαλούμε όπως οι χρήστες του odigein.com παραθέτουν τα γεγονότα και τις απόψεις/ιδέες τους χωρίς να αναφέρονται ειρωνικά σε σχόλια χρηστών που δεν συμμετέχουν στις συζητήσεις του odigein.com. Είναι κουραστικό για τους υπόλοιπους και οι οποιεσδήποτε διαμάχες των μελών μας με άλλα μέλη άλλων forum ΔΕΝ αφορούν το odigein!
Σε περίπτωση που συνεχισθεί αυτό το φαινόμενο μετά λύπης μας θα διαγραφούν ολόκληρα τα άρθρα/δημοσιεύσεις, εις εφαρμογήν του τρέχοντος κανονισμού περί δημοσιεύσεων του odigein.com
pipinos1976
Δημοσιεύσεις: 1194
Εγγραφή: 08 Απρ 2011, 23:52

Re: Απευθείας πρόσβαση της NSA στα δίκτυα Google και Υahoo

Δημοσίευση από pipinos1976 »

Σε συνέχεια του προηγούμενου να προσθέσω τα εξής που διάβαζα τις τελευταίες ημέρες:

Αρχικά από εδώ: NSA Intercepts Links to Google, Yahoo Data Centers
NSA Intercepts Links to Google, Yahoo Data Centers
By Jeremy Hsu
Posted 1 Nov 2013 | 14:20 GMT

National Security Agency spooks can apparently scoop up millions of records every day from the internal networks of Google and Yahoo by secretly tapping into the communication links connecting the Silicon Valley tech giants' data servers. The new revelations suggest that NSA surveillance goes well beyond the court-approved, front-door access to Google and Yahoo user accounts under the now-infamous PRISM program.

The new story from the Washington Post refers to "top-secret accounting dated Jan. 9, 2013" that shows how the NSA collected more than 181 million records from Yahoo and Google networks in 30 days—data including text, audio, video and metadata indicating who sent or received emails. The NSA accomplished this through a project called MUSCULAR, operated with the NSA's British counterpart known as Government Communications Headquarters, which intercepts the flow of data in the fiber-optic cables linking data centers around the world.

News of the NSA's activities led to an angry response from Google in the form of a statement by David Drummond, Google's chief legal officer.

We have long been concerned about the possibility of this kind of snooping, which is why we have continued to extend encryption across more and more Google services and links, especially the links in the slide. We do not provide any government, including the U.S. government, with access to our systems. We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform.

A slide from an NSA presentation titled "Google Cloud Exploitation" detailed how the NSA's MUSCULAR effort bypassed Google's security measures. Two engineers close to Google "exploded in profanity" when they saw the NSA illustration, according to the Washington Post.

Yahoo also denied giving the government permission to access its systems in such a manner.

But the NSA's MUSCULAR program appears to get away with such large-scale data collection by intercepting the data center links overseas, where such intelligence gathering is beyond the reach of most U.S. statutory restrictions and outside the jurisdiction of the Foreign Intelligence Surveillance Court. That allows the intelligence agency to operate under the looser rules of the presidential Executive Order 12333.

The NSA tried to counter the Washington Post story by denying that it had tried to use the executive order to bypass U.S. laws, according to Politico. But an NSA spokeswoman declined to discuss whether the agency had infiltrated the data center links.

Gen. Keith Alexander, head of the NSA, said that the agency is "not authorized" to tap into company data centers and must "go through a court process," during a Bloomberg cyber summit on Oct. 30. And he continued to warn that attempts to set new rules for cyber spying could increase the risks for national security.

The NSA's current woes go beyond a huge publicity problem and possible political backlash. The agency's controversial new Utah data-storage center has run into electrical problems during its past 13 months of construction.
Η αυθεντική είδηση από την Washington Post είναι η εξής:

NSA infiltrates links to Yahoo, Google data centers worldwide, Snowden documents say
NSA infiltrates links to Yahoo, Google data centers worldwide, Snowden documents say
By Barton Gellman and Ashkan Soltani

The National Security Agency has secretly broken into the main communications links that connect Yahoo and Google data centers around the world, according to documents obtained from former NSA contractor Edward Snowden and interviews with knowledgeable officials.

By tapping those links, the agency has positioned itself to collect at will from hundreds of millions of user accounts, many of them belonging to Americans. The NSA does not keep everything it collects, but it keeps a lot.

According to a top-secret accounting dated Jan. 9, 2013, the NSA’s acquisitions directorate sends millions of records every day from internal Yahoo and Google networks to data warehouses at the agency’s headquarters at Fort Meade, Md. In the preceding 30 days, the report said, field collectors had processed and sent back 181,280,466 new records — including “metadata,” which would indicate who sent or received e-mails and when, as well as content such as text, audio and video.

The NSA’s principal tool to exploit the data links is a project called MUSCULAR, operated jointly with the agency’s British counterpart, the Government Communications Headquarters . From undisclosed interception points, the NSA and the GCHQ are copying entire data flows across fiber-optic cables that carry information among the data centers of the Silicon Valley giants.

The infiltration is especially striking because the NSA, under a separate program known as PRISM, has front-door access to Google and Yahoo user accounts through a court-approved process.

The MUSCULAR project appears to be an unusually aggressive use of NSA tradecraft against flagship American companies. The agency is built for high-tech spying, with a wide range of digital tools, but it has not been known to use them routinely against U.S. companies.

In a statement, the NSA said it is “focused on discovering and developing intelligence about valid foreign intelligence targets only.”

“NSA applies Attorney General-approved processes to protect the privacy of U.S. persons — minimizing the likelihood of their information in our targeting, collection, processing, exploitation, retention, and dissemination,” it said.

In a statement, Google’s chief legal officer, David Drummond, said the company has “long been concerned about the possibility of this kind of snooping” and has not provided the government with access to its systems.

“We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform,” he said.

A Yahoo spokeswoman said, “We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency.”

Under PRISM, the NSA gathers huge volumes of online communications records by legally compelling U.S. technology companies, including Yahoo and Google, to turn over any data that match court-approved search terms. That program, which was first disclosed by The Washington Post and the Guardian newspaper in Britain, is authorized under Section 702 of the FISA Amendments Act and overseen by the Foreign ­Intelligence Surveillance Court (FISC).

Page 1/3
---------

Intercepting communications overseas has clear advantages for the NSA, with looser restrictions and less oversight. NSA documents about the effort refer directly to “full take,” “bulk access” and “high volume” operations on Yahoo and Google networks. Such large-scale collection of Internet content would be illegal in the United States, but the operations take place overseas, where the NSA is allowed to presume that anyone using a foreign data link is a foreigner.

Outside U.S. territory, statutory restrictions on surveillance seldom apply and the FISC has no jurisdiction. Senate Intelligence Committee Chairman Dianne Feinstein (D-Calif.) has acknowledged that Congress conducts little oversight of intelligence-gathering under the presidential authority of Executive Order 12333 , which defines the basic powers and responsibilities of the intelligence agencies.

John Schindler, a former NSA chief analyst and frequent defender who teaches at the Naval War College, said it is obvious why the agency would prefer to avoid restrictions where it can.

“Look, NSA has platoons of lawyers, and their entire job is figuring out how to stay within the law and maximize collection by exploiting every loophole,” he said. “It’s fair to say the rules are less restrictive under Executive Order 12333 than they are under FISA,” the Foreign Intelligence Surveillance Act.

In a statement, the Office of the Director of National Intelligence denied that it was using executive authority to “get around the limitations” imposed by FISA.

The operation to infiltrate data links exploits a fundamental weakness in systems architecture. To guard against data loss and system slowdowns, Google and Yahoo maintain fortresslike data centers across four continents and connect them with thousands of miles of fiber-optic cable. Data move seamlessly around these globe-spanning “cloud” networks, which represent billions of dollars of investment.

For the data centers to operate effectively, they synchronize large volumes of information about account holders. Yahoo’s internal network, for example, sometimes transmits entire e-mail archives — years of messages and attachments — from one data center to another.

Tapping the Google and Yahoo clouds allows the NSA to intercept communications in real time and to take “a retrospective look at target activity,” according to one internal NSA document.

To obtain free access to data- center traffic, the NSA had to circumvent gold-standard security measures. Google “goes to great lengths to protect the data and intellectual property in these centers,” according to one of the company’s blog posts, with tightly audited access controls, heat-sensitive cameras, round-the-clock guards and biometric verification of identities.

Google and Yahoo also pay for premium data links, designed to be faster, more reliable and more secure. In recent years, both of them are said to have bought
or leased thousands of miles of fiber-optic cables for their own exclusive use. They had reason to think, insiders said, that their private, internal networks were safe from prying eyes.

Page 2/3
---------

In an NSA presentation slide on “Google Cloud Exploitation,” however, a sketch shows where the “Public Internet” meets the internal “Google Cloud” where their data reside. In hand-printed letters, the drawing notes that encryption is “added and removed here!” The artist adds a smiley face, a cheeky celebration of victory over Google security.

Two engineers with close ties to Google exploded in profanity when they saw the drawing. “I hope you publish this,” one of them said.

For the MUSCULAR project, the GCHQ directs all intake into a “buffer” that can hold three to five days of traffic before recycling storage space. From the buffer, custom-built NSA tools unpack and decode the special data formats that the two companies use inside their clouds. Then the data are sent through a series of filters to “select” information the NSA wants and “defeat” what it does not.

PowerPoint slides about the Google cloud, for example, show that the NSA tries to filter out all data from the company’s “Web crawler,” which indexes Internet pages.

According to the briefing documents, prepared by participants in the MUSCULAR project, collection from inside Yahoo and Google has produced important intelligence leads against hostile foreign governments that are specified in the documents.

Last month, long before The Post approached Google to discuss the penetration of its cloud, Eric Grosse, vice president for security engineering, said the company is rushing to encrypt the links between its data centers. “It’s an arms race,” he said then. “We see these government agencies as among the most skilled players in this game.”

Yahoo has not announced plans to encrypt its data-center links.

Because digital communications and cloud storage do not usually adhere to national boundaries, MUSCULAR and a previously disclosed NSA operation to collect Internet address books have amassed content and metadata on a previously unknown scale from U.S. citizens and residents. Those operations have gone undebated in public or in Congress because their existence was classified.

The Google and Yahoo operations call attention to an asymmetry in U.S. surveillance law. Although Congress has lifted some restrictions on NSA domestic surveillance on grounds that purely foreign communications sometimes pass over U.S. switches and cables, it has not added restrictions overseas, where American communications or data stores now cross over foreign switches.

“Thirty-five years ago, different countries had their own telecommunications infrastructure, so the division between foreign and domestic collection was clear,” Sen. Ron Wyden (D-Ore.), a member of the intelligence panel, said in an interview. “Today there’s a global communications infrastructure, so there’s a greater risk of collecting on Americans when the NSA collects overseas.”

It is not clear how much data from Americans is collected and how much of that is retained. One weekly report on MUSCULAR says the British operators of the site allow the NSA to contribute 100,000 “selectors,” or search terms. That is more than twice the number in use in the PRISM program, but even 100,000 cannot easily account for the millions of records that are said to be sent to Fort Meade each day.

In 2011, when the FISC learned that the NSA was using similar methods to collect and analyze data streams — on a much smaller scale — from cables on U.S. territory, Judge John D. Bates ruled that the program was illegal under FISA and inconsistent with the requirements of the Fourth Amendment.

Soltani is an independent security researcher and consultant.

Page 3/3
---------
Αυτά για αυτούς που έλεγαν (στρατιωτικοί γαρ = γνώστες*) ότι παρακολουθήσεις δε γίνονταν εντός εκτός και επί τα αυτά των ΗΠΑ λόγω προβλημάτων με τη δικαιοδοσία της υπηρεσίας. Τα έγραφα, τα έλεγα, αποδείχθηκα σωστός (θα μου πεις πρώτη φορά είναι; λέμε τώρα) και γι' αυτό και αυτά τα γεγονότα τα κάνουν γαργάρα τα maistream (πώς το χειρίζομαι τα αγγλικό ο άτιμος) ΜΜΕ και τα αντίστοιχα fora... παρτίδα.

Ευχαριστώ.

* Τρίχες και μάλιστα κατσαρές. Πλήρη μεσάνυχτα σε σχέση με την πραγματικότητα.
thanos
Δημοσιεύσεις: 670
Εγγραφή: 15 Ιούλ 2010, 21:28

Re: Απευθείας πρόσβαση της NSA στα δίκτυα Google και Υahoo

Δημοσίευση από thanos »

Στην Γερμανία έχει γίνει της Μέρκελ το κάγκελο επειδή παρακολουθούσαν από την NSA το κινητό της και ουδείς αμερικανός αξιωματούχος το διέψευσε, γιατί απλά ήταν αλήθεια...

Η πραγματικότητα προ πολλού έχει ξεπεράσει την φαντασία των σεναριογράφων του Χόλιγουντ, βλ. ταινία enemy of the state http://en.m.wikipedia.org/wiki/Enemy_of ... ate_(film)
Άβαταρ μέλους
MacPap
Δημοσιεύσεις: 6637
Εγγραφή: 08 Ιούλ 2010, 03:00

Re: Απευθείας πρόσβαση της NSA στα δίκτυα Google και Υahoo

Δημοσίευση από MacPap »

Αυτή η ταινία είναι εξαιρετική!
Καλός οδηγός σημαίνει απαραίτητα τήρηση του ΚΟΚ.
Εικόνα
pipinos1976
Δημοσιεύσεις: 1194
Εγγραφή: 08 Απρ 2011, 23:52

Re: Απευθείας πρόσβαση της NSA στα δίκτυα Google και Υahoo

Δημοσίευση από pipinos1976 »

Δεν την είχα δει την ταινία, αλλά έκατσα και την είδα προχτές. Πολύ ενδιαφέρουσα, από τεχνολογικής πλευράς. Σήμερα, βέβαια, γίνονται πολύ χειρότερα. Απλά και μόνο λόγω εξέλιξης της τεχνολογίας. Στα κινητά π.χ., τότε είχαμε ακρίβεια περίπου 500-1000m στη θέση του χρήστη, ενώ σήμερα είμαστε πολύ πιο κάτω, στα <<50m (εξαρτάται και από το σημείο, τις κεραίες που καλύπτουν την περιοχή κτλ), όπως και στους κοριούς και στις κάμερες κτλ κτλ. Σήμερα, ο καθένας μας μπορεί να γίνει κατάσκοπος μιας και υπάρχουν τα περισσότερα στοιχεία καταγεγραμμένα στο διαδίκτυο και, απλά, πρέπει να ψάξει κάποιος και να τα βρει.

Ευχαριστώ.
thanos
Δημοσιεύσεις: 670
Εγγραφή: 15 Ιούλ 2010, 21:28

Re: Απευθείας πρόσβαση της NSA στα δίκτυα Google και Υahoo

Δημοσίευση από thanos »

Γνωρίζει κανείς τι είναι το βαλιτσάκι παρακολουθησεων που έχει η ΕΥΠ και με τη χρήση αυτού καταγράφονται τηλ. συνομιλίες?
pipinos1976
Δημοσιεύσεις: 1194
Εγγραφή: 08 Απρ 2011, 23:52

Re: Απευθείας πρόσβαση της NSA στα δίκτυα Google και Υahoo

Δημοσίευση από pipinos1976 »

thanos έγραψε:Γνωρίζει κανείς τι είναι το βαλιτσάκι παρακολουθησεων που έχει η ΕΥΠ και με τη χρήση αυτού καταγράφονται τηλ. συνομιλίες?
Το βαλιτσάκι της Ε.Υ.Π., που δεν είναι βαλιτσάκι, αλλά ολόκληρο βαν, είναι ένα σύστημα υποκλοπής τηλεπικοινωνιών, όσο γίνεται πιο "φορητό".

Ένα τέτοιο σύστημα, λίγο παλιό, είναι το παρακάτω:



Χρησιμοποιεί τη μέθοδο man in the middle για να υποκλέψει τηλεφωνικές επικοινωνίες, αλλά και επικοινωνίες δεδομένων.

Αυτό που γίνεται είναι να παριστάνει το σταθμό βάσης, ώστε να "κοροϊδέψει" το κινητό του χρήστη και αυτό να συνδεθεί με την πιο κοντινή και ισχυρή κυψέλη, δηλαδή το βαν της Ε.Υ.Π. Από εκεί και πέρα η διαδικασία είναι εύκολη μιας και πρέπει να βρει ποιο κινητό την ενδιαφέρει (χοντρικά έχει ήδη στοιχεία, οπότε ξέρει τι να ψάξει) και στη συνέχεια απλά καταγράφει τη συνομιλία ή τις συνομιλίες και την ανταλλαγή δεδομένων (sms, mms, mail, browsing κτλ).

Το πλεονέκτημα της μεθόδου αυτής είναι πως δε χρειάζεται εισαγγελική εντολή, εφόσον η εταιρεία τηλεπικοινωνιών δεν εμπλέκεται και ίσα-ίσα που είναι κι αυτή "θύμα" της μεθόδου. Το μειονέκτημα είναι πως πρέπει να βρίσκεσαι σχετικά κοντά στο θύμα, ώστε να εκπέμπεται ισχυρό σήμα, και υπάρχουν πιθανότητες να σε καταλάβουν (ίδιο φορτηγάκι, κεραίες να φαίνονται, τουλάχιστον στους γνώστες κτλ).

Η μέθοδος αυτή χρησιμοποιείται για επιτόπιες έρευνες, όταν δεν υπάρχει εντολή εισαγγελέα (π.χ. σε περιπτώσεις κατασκοπίας, εμπόρων ναρκωτικών κτλ) και για παρακολουθήσεις εκτός αρμοδιότητας της υπηρεσίας (βλ. παρακάτω παράγραφος).

Αρχικά η Ε.Υ.Π. είχε αγοράσει 2 τέτοια συστήματα, αλλά στη συνέχεια, οι αναφορές(1) μιλάνε για τουλάχιστον 5. Τα δύο βρίσκονται στην υπηρεσία, ένα, όπως λέγεται, είναι στα χέρια του ΠΑ.ΣΟ.Κ., προφανώς, ένα θα έχει η Ν.Δ. και το τελευταίο αγνοείται. Επίσης, υπάρχουν αναφορές(2) για σύστημα που έχει αγοράσει ιδιωτικό γραφείο ερευνών συνεργαζόμενο με την Ε.Υ.Π. (υπάλληλοι της οποίας χρησιμοποιούν το σύστημα όταν είναι ανάγκη) και για σύστημα ή συστήματα που έχουν αγοραστεί από επιχειρηματίες με τον ίδιο τρόπο χρήσης. Σε όλες αυτές τις περιπτώσεις ο κοινός παρονομαστής είναι η Ε.Υ.Π. που προσφέρει την Κρατική Αρχή που αγοράζει το σύστημα (η εταιρεία δεν πουλάει σε ιδιώτες) και ο ιδιώτης που βάζει το χρήμα και κερδίζει χρόνο χρήσης αυτού για δικούς του σκοπούς (π.χ. έπιασε τη γυναίκα του να τον απατά(3), τον αντίπαλό του να κάνει συμφωνίες κάτω από το τραπέζι(3) κτλ).

Φυσικά, υπάρχουν και τα αντίμετρα:



Ευχαριστώ.

(1) Εφημερίδα "Πρώτο Θέμα" 3/11/2013.
(2) Τα έχω ακούσει από διάφορες πηγές.
(3) Αν αυτά που έχω ακούσει αληθεύουν.
pipinos1976
Δημοσιεύσεις: 1194
Εγγραφή: 08 Απρ 2011, 23:52

Re: Απευθείας πρόσβαση της NSA στα δίκτυα Google και Υahoo

Δημοσίευση από pipinos1976 »

Υπάρχουν κι άλλες μέθοδοι για παρακολούθηση πολύ πιο "εύκολες" και νόμιμες, όπως το λογισμικό νόμιμης παρακολούθησης που είναι εγκατεστημένο σε κάθε κέντρο εταιρείας τηλεπικοινωνιών και μπορεί να στέλνει σήμα στη Γ.Α.Δ.Α στο αρμόδιο τμήμα της Ε.Υ.Π. Αυτό το νόμιμο λογισμικό - ενεργοποιείται κατόπιν εισαγγελικής εντολής - είχαν χρησιμοποιήσει και οι Η.Π.Α. και συγκεκριμένα η N.S.A. για να παρακολουθεί τα κινητά τηλέφωνα όλων των σημαντικών προσώπων της χώρας. Τότε, είχαν κάνει κοινό λογαριασμό για όλη την κυβέρνηση στη vodafone, οπότε η παρακολούθηση ήταν εύκολη, τουλάχιστον για τα κυβερνητικά στελέχη. Άλλωστε, είχαμε αποδεχθεί να γίνονται υποκλοπές πριν και μετά τους Ο.Α. για λόγους ασφαλείας. Αυτό το γεγονός εκμεταλλεύθηκαν οι σύμμαχοί μας και συνέχισαν με άνεση τις παρακολουθήσεις και μετά. Φυσικά, και οι υπόλοιπες εταιρείες είχαν παγιδευτεί, απλά αναφέρθηκε η vodafone γιατί ήταν αυτή που εξυπηρετούσε για πιο σημαντικά πρόσωπα. Ο μακαρίτης ο Τσαλικίδης (εδώ αρχίζει η δική μου - και αρκετών άλλων - θεωρία του πώς έγινε το πράγμα), προφανώς, μετά τα παράπονα πολλών πελατών ότι χάνονται sms, άρχισε να ψάχνει τι πρόβλημα υπάρχει στο δίκτυο. Εκεί, ανακάλυψε ότι κάτι δεν πάει καλά μιας και υπήρχαν ίχνη της παρέμβασης που είχε γίνει. Το ανέφερε στους προϊσταμένους τους, αυτοί κάλυψαν την υπόθεση, αλλά έκαναν το λάθος να μιλήσουν κι αυτοί στο τηλέφωνο, τους άκουσαν οι Η.Π.Α. και αποφάσισαν να καλύψουν κι αυτοί τα νότα τους. Σε αυτό το σημείο θεωρώ πως αυτοκτόνησαν τον Τσαλικίδη για να προλάβουν να κρυφτούν ή για να μην τον αφήσουν να βγάλει προς τα έξω τα στοιχεία που είχε (αρκούσε ένα αρχείο καταγραφής - log file - με τις κινήσεις των παρακολουθούντων).

Ακολουθεί μια ανάλυση του περιστατικού από το εγκυρότατο περιοδικό της Ένωσης Ηλεκτρολόγων και Ηλεκτρονικών Μηχανικών των ΗΠΑ. Είναι το εκλαϊκευμένο περιοδικό IEEE Spectrum Magazine, οπότε διαβάζεται άνετα από όλους: The Athens Affair
The Athens Affair

How some extremely smart hackers pulled off the most audacious cell-network break-in ever

By Vassilis Prevelakis, Diomidis Spinellis
Posted 29 Jun 2007 | 14:07 GMT

On 9 March 2005, a 38-year-old Greek electrical engineer named Costas Tsalikidis was found hanged in his Athens loft apartment, an apparent suicide. It would prove to be merely the first public news of a scandal that would roil Greece for months.

The next day, the prime minister of Greece was told that his cellphone was being bugged, as were those of the mayor of Athens and at least 100 other high-ranking dignitaries, including an employee of the U.S. embassy [see sidebar “CEOs, MPs, & a PM.”]

The victims were customers of Athens-based Vodafone-Panafon, generally known as Vodafone Greece, the country's largest cellular service provider; Tsalikidis was in charge of network planning at the company. A connection seemed obvious. Given the list of people and their positions at the time of the tapping, we can only imagine the sensitive political and diplomatic discussions, high-stakes business deals, or even marital indiscretions that may have been routinely overheard and, quite possibly, recorded.

Even before Tsalikidis's death, investigators had found rogue software installed on the Vodafone Greece phone network by parties unknown. Some extraordinarily knowledgeable people either penetrated the network from outside or subverted it from within, aided by an agent or mole. In either case, the software at the heart of the phone system, investigators later discovered, was reprogrammed with a finesse and sophistication rarely seen before or since.

A study of the Athens affair, surely the most bizarre and embarrassing scandal ever to engulf a major cellphone service provider, sheds considerable light on the measures networks can and should take to reduce their vulnerability to hackers and moles.

It's also a rare opportunity to get a glimpse of one of the most elusive of cybercrimes. Major network penetrations of any kind are exceedingly uncommon. They are hard to pull off, and equally hard to investigate.

Even among major criminal infiltrations, the Athens affair stands out because it may have involved state secrets, and it targeted individuals—a combination that, if it had ever occurred before, was not disclosed publicly. The most notorious penetration to compromise state secrets was that of the “Cuckoo's Egg,” a name bestowed by the wily network administrator who successfully pursued a German programmer in 1986. The programmer had been selling secrets about the U.S. Strategic Defense Initiative (“Star Wars”) to the Soviet KGB.

But unlike the Cuckoo's Egg, the Athens affair targeted the conversations of specific, highly placed government and military officials. Given the ease with which the conversations could have been recorded, it is generally believed that they were. But no one has found any recordings, and we don't know how many of the calls were recorded, or even listened to, by the perpetrators. Though the scope of the activity is to a large extent unknown, it's fair to say that no other computer crime on record has had the same potential for capturing information about affairs of state.

While this is the first major infiltration to involve cellphones, the scheme did not depend on the wireless nature of the network. Basically, the hackers broke into a telephone network and subverted its built-in wiretapping features for their own purposes. That could have been done with any phone account, not just cellular ones. Nevertheless, there are some elements of the Vodafone Greece system that were unique and crucial to the way the crime was pulled off.

We still don't know who committed this crime. A big reason is that the UK-based Vodafone Group, one of the largest cellular providers in the world, bobbled its handling of some key log files. It also reflexively removed the rogue software, instead of letting it continue to run, tipping off the perpetrators that their intrusion had been detected and giving them a chance to run for cover. The company was fined 76 million this past December.

To piece together this story, we have pored through hundreds of pages of depositions, taken by the Greek parliamentary committee investigating the affair, obtained through a freedom of information request filed with the Greek Parliament. We also read through hundreds of pages of documentation and other records, supplemented by publicly available information and interviews with independent experts and sources associated with the case. What emerges are the technical details, if not the motivation, of a devilishly clever and complicated computer infiltration.

The cellphone bugging began sometime during the fevered run-up to the August 2004 Olympic Games in Athens. It remained undetected until 24 January 2005, when one of Vodafone's telephone switches generated a sequence of error messages indicating that text messages originating from another cellphone operator had gone undelivered. The switch is a computer-controlled component of a phone network that connects two telephone lines to complete a telephone call. To diagnose the failures, which seemed highly unusual but reasonably innocuous at the time, Vodafone contacted the maker of the switches, the Swedish telecommunications equipment manufacturer Ericsson.

We now know that the illegally implanted software, which was eventually found in a total of four of Vodafone's Greek switches, created parallel streams of digitized voice for the tapped phone calls. One stream was the ordinary one, between the two calling parties. The other stream, an exact copy, was directed to other cellphones, allowing the tappers to listen in on the conversations on the cellphones, and probably also to record them. The software also routed location and other information about those phone calls to these shadow handsets via automated text messages.

Five weeks after the first messaging failures, on 4 March 2005, Ericsson alerted Vodafone that unauthorized software had been installed in two of Vodafone's central offices. Three days later, Vodafone technicians isolated the rogue code. The next day, 8 March, the CEO of Vodafone Greece, Giorgos Koronias, ordered technicians to remove the software.

Then events took a deadly turn. On 9 March, Tsalikidis, who was to be married in three months, was found hanged in his apartment. No one knows whether his apparent suicide was related to the case, but many observers have speculated that it was.

The day after Tsalikidis's body was discovered, CEO Koronias met with the director of the Greek prime minister's political office. Yiannis Angelou, and the minister of public order, Giorgos Voulgarakis. Koronias told them that rogue software used the lawful wiretapping mechanisms of Vodafone's digital switches to tap about 100 phones and handed over a list of bugged numbers. Besides the prime minister and his wife, phones belonging to the ministers of national defense, foreign affairs, and justice, the mayor of Athens, and the Greek European Union commissioner were all compromised. Others belonged to members of civil rights organizations, peace activists, and antiglobalization groups; senior staff at the ministries of National Defense, Public Order, Merchant Marine, and Foreign Affairs; the New Democracy ruling party; the Hellenic Navy general staff; and a Greek-American employee at the United States Embassy in Athens.

Within weeks of the initial discovery of the tapping scheme, Greek government and independent authorities launched five different investigations aimed at answering three main questions: Who was responsible for the bugging? Was Tsalikidis's death related to the scandal? And how did the perpetrators pull off this audacious scheme?

To understand how someone could secretly listen to the conversations of Greece's most senior officials, we have to look at the infrastructure that makes it possible.

First, consider how a phone call, yours or a prime minister's, gets completed. Long before you dial a number on your handset, your cellphone has been communicating with nearby cellular base stations. One of those stations, usually the nearest, has agreed to be the intermediary between your phone and the network as a whole. Your telephone handset converts your words into a stream of digital data that is sent to a transceiver at the base station.

The base station's activities are governed by a base station controller, a special-purpose computer within the station that allocates radio channels and helps coordinate handovers between the transceivers under its control.

This controller in turn communicates with a mobile switching center that takes phone calls and connects them to call recipients within the same switching center, other switching centers within the company, or special exchanges that act as gateways to foreign networks, routing calls to other telephone networks (mobile or landline). The mobile switching centers are particularly important to the Athens affair because they hosted the rogue phone-tapping software, and it is there that the eavesdropping originated. They were the logical choice, because they are at the heart of the network; the intruders needed to take over only a few of them in order to carry out their attack.

Both the base station controllers and the switching centers are built around a large computer, known as a switch, capable of creating a dedicated communications path between a phone within its network and, in principle, any other phone in the world. Switches are holdovers from the 1970s, an era when powerful computers filled rooms and were built around proprietary hardware and software. Though these computers are smaller nowadays, the system's basic architecture remains largely unchanged.

Like most phone companies, Vodafone Greece uses the same kind of computer for both its mobile switching centers and its base station controllers—Ericsson's AXE line of switches. A central processor coordinates the switch's operations and directs the switch to set up a speech or data path from one phone to another and then routes a call through it. Logs of network activity and billing records are stored on disk by a separate unit, called a management processor.

The key to understanding the hack at the heart of the Athens affair is knowing how the Ericsson AXE allows lawful intercepts—what are popularly called “wiretaps.” Though the details differ from country to country, in Greece, as in most places, the process starts when a law enforcement official goes to a court and obtains a warrant, which is then presented to the phone company whose customer is to be tapped.

Nowadays, all wiretaps are carried out at the central office. In AXE exchanges a remote-control equipment subsystem, or RES, carries out the phone tap by monitoring the speech and data streams of switched calls. It is a software subsystem typically used for setting up wiretaps, which only law officers are supposed to have access to. When the wiretapped phone makes a call, the RES copies the conversation into a second data stream and diverts that copy to a phone line used by law enforcement officials.

Ericsson optionally provides an interception management system (IMS), through which lawful call intercepts are set up and managed. When a court order is presented to the phone company, its operators initiate an intercept by filling out a dialog box in the IMS software. The optional IMS in the operator interface and the RES in the exchange each contain a list of wiretaps: wiretap requests in the case of the IMS, actual taps in the RES. Only IMS-initiated wiretaps should be active in the RES, so a wiretap in the RES without a request for a tap in the IMS is a pretty good indicator that an unauthorized tap has occurred. An audit procedure can be used to find any discrepancies between them.

It turns out Vodafone had not purchased the lawful intercept option at the time of the illegal wiretaps, and the IMS phone-tapping management software was not installed on Vodafone's systems. But in early 2003, Vodafone technicians upgraded the Greek switches to release R9.1 of the AXE software suite. That upgrade included the RES software, according to a letter from Ericsson that accompanied the upgrade. So after the upgrade, the Vodafone system contained the software code necessary to intercept calls using the RES, even though it lacked the high-level user interface in the IMS normally used to facilitate such intercepts.

That odd circumstance would turn out to play a role in letting the Athens hackers illegally listen in on calls and yet escape detection for months and months.

It took guile and some serious programming chops to manipulate the lawful call-intercept functions in Vodafone's mobile switching centers. The intruders' task was particularly complicated because they needed to install and operate the wiretapping software on the exchanges without being detected by Vodafone or Ericsson system administrators. From time to time the intruders needed access to the rogue software to update the lists of monitored numbers and shadow phones. These activities had to be kept off all logs, while the software itself had to be invisible to the system administrators conducting routine maintenance activities. The intruders achieved all these objectives.

They took advantage of the fact that the AXE allows new software to be installed without rebooting the system, an important feature when any interruption would disconnect phone calls, lose text messages, and render emergency services unreachable. To let an AXE exchange run continuously for decades, as many of them do, Ericsson's software uses several techniques for handling failures and upgrading an exchange's software without suspending its operation. These techniques allow the direct patching of code loaded in the central processor, in effect altering the operating system on the fly.

Modern GSM systems, such as Vodafone's, secure the wireless links with a sophisticated encryption mechanism. A call to another cellphone will be re-encrypted between the remote cellphone and its closest base station, but it is not protected while it transits the provider's core network. For this reason—and for the ease of monitoring calls from the comfort of their lair—the perpetrators of the Vodafone wiretaps attacked the core switches of the Vodafone network. Encrypting communications from the start of the chain to its end—as banks, for example, do—makes it very difficult to implement legal wiretaps.

To simplify software maintenance, the AXE has detailed rules for directly patching software running on its central processor. The AXE's existing code is structured around independent blocks, or program modules, which are stored in the central processor's memory. The release being used in 2004 consisted of about 1760 blocks. Each contains a small “correction area,” used whenever software is updated with a patch.

Let's say you're patching in code to force the computer to do a new function, Z, in situations where it has been doing a different function, Y. So, for example, where the original software had an instruction, “If X, then do Y” the patched software says, in effect, “If X, then go to the correction area location L.” The software goes to location L and executes the instructions it finds there, that is, Z. In other words, a software patch works by replacing an instruction at the area of the code to be fixed with an instruction that diverts the program to a memory location in the correction area containing the new version of the code.

The challenge faced by the intruders was to use the RES's capabilities to duplicate and divert the bits of a call stream without using the dialog-box interface to the IMS, which would create auditable logs of their activities. The intruders pulled this off by installing a series of patches to 29 separate blocks of code, according to Ericsson officials who testified before the Greek parliamentary committee that investigated the wiretaps. This rogue software modified the central processor's software to directly initiate a wiretap, using the RES's capabilities. Best of all, for them, the taps were not visible to the operators, because the IMS and its user interface weren't used.

The full version of the software would have recorded the phone numbers being tapped in an official registry within the exchange. And, as we noted, an audit could then find a discrepancy between the numbers monitored by the exchange and the warrants active in the IMS. But the rogue software bypassed the IMS. Instead, it cleverly stored the bugged numbers in two data areas that were part of the rogue software's own memory space, which was within the switch's memory but isolated and not made known to the rest of the switch.

That by itself put the rogue software a long way toward escaping detection. But the perpetrators hid their own tracks in a number of other ways as well. There were a variety of circumstances by which Vodafone technicians could have discovered the alterations to the AXE's software blocks. For example, they could have taken a listing of all the blocks, which would show all the active processes running within the AXE—similar to the task manager output in Microsoft Windows or the process status (ps) output in Unix. They then would have seen that some processes were active, though they shouldn't have been. But the rogue software apparently modified the commands that list the active blocks in a way that omitted certain blocks—the ones that related to intercepts—from any such listing.

In addition, the rogue software might have been discovered during a software upgrade or even when Vodafone technicians installed a minor patch. It is standard practice in the telecommunications industry for technicians to verify the existing block contents before performing an upgrade or patch. We don't know why the rogue software was not detected in this way, but we suspect that the software also modified the operation of the command used to print the checksums—codes that create a kind of signature against which the integrity of the existing blocks can be validated. One way or another, the blocks appeared unaltered to the operators.

Finally, the software included a back door to allow the perpetrators to control it in the future. This, too, was cleverly constructed to avoid detection. A report by the Hellenic Authority for the Information and Communication Security and Privacy (the Greek abbreviation is ADAE) indicates that the rogue software modified the exchange's command parser—a routine that accepts commands from a person with system administrator status—so that innocuous commands followed by six spaces would deactivate the exchange's transaction log and the alarm associated with its deactivation, and allow the execution of commands associated with the lawful interception subsystem. In effect, it was a signal to allow operations associated with the wiretaps but leave no trace of them. It also added a new user name and password to the system, which could be used to obtain access to the exchange.

Software that not only alters operating system code but also hides its tracks is called a “rootkit.” The term is known to the public—if at all—because of one that the record label Sony BMG Music Entertainment included on some music CDs released in 2005. The Sony rootkit restricted copying of CDs; it burrowed into the Windows operating system on PCs and then hid its existence from the owner. (Sony stopped using rootkits because of a general public outcry.) Security experts have also discovered other rootkits for general-purpose operating systems, such as Linux, Windows, and Solaris, but to our knowledge this is the first time a rootkit has been observed on a special-purpose system, in this case an Ericsson telephone switch.

With all of this sophisticated subterfuge, how then was the rogue software finally discovered? On 24 January 2005, the perpetrators updated their planted software. That upgrade interfered with the forwarding of text messages, which went undelivered. These undelivered text messages, in turn, triggered an automated failure report.

At this point, the hackers' abilities to keep their modifications to the switch's AXE software suite secret met their limits, as it's almost impossible to hide secrets in somebody else's system.

The AXE, like most large software systems, logs all manner of network activity. System administrators can review the log files, and any events they can't account for as ordinary usage can be investigated.

It's impossible to overstate the importance of logging. For example, in the 1986 Cuckoo's Egg intrusion, the wily network administrator, Clifford Stoll, was asked to investigate a 75 U.S. cents accounting error. Stoll spent 10 months looking for the hacker, who had penetrated deep into the networks of Lawrence Livermore National Laboratory, a U.S. nuclear weapons lab in California. Much of that time he spent poring over thousands of log report pages.

The AXE, like most sophisticated systems nowadays, can help operators find the nuggets of useful information within the voluminous logs it generates. It is programmed to report anomalous activity on its own, in the form of error or failure reports. In addition, at regular intervals the switching center generates a snapshot of itself—a copy, or dump, of all its programs and data.

Dumps are most commonly consulted for recovery and diagnostic purposes, but they can be used in security investigations. So when Ericsson's investigators were called in because of the undelivered text messages, the first thing they did was look closely at the periodic dumps. They found two areas containing all the phone numbers being monitored and retrieved a list of them.

The investigators examined the dumps more thoroughly and found the rogue programs. What they found though, was in the form of executable code—in other words, code in the binary language that microprocessors directly execute. Executable code is what results when a software compiler turns source code—in the case of the AXE, programs written in the PLEX language—into the binary machine code that a computer processor executes. So the investigators painstakingly reconstructed an approximation of the original PLEX source files that the intruders developed. It turned out to be the equivalent of about 6500 lines of code, a surprisingly substantial piece of software.

The investigators ran the modules in simulated environments to better understand their behavior. The result of all this investigative effort was the discovery of the data areas holding the tapped numbers and the time stamps of recent intercepts.

With this information on hand, the investigators could go back and look at earlier dumps to establish the time interval during which the wiretaps were in effect and to get the full list of intercepted numbers and call data for the tapped conversations—who called whom, when, and for how long. (The actual conversations were not stored in the logs.)

While the hack was complex, the taps themselves were straightforward. When the prime minister, for example, initiated or received a call on his cellphone, the exchange would establish the same kind of connection used in a lawful wiretap—a connection to a shadow number allowing it to listen in on the conversation.

Creating the rogue software so that it would remain undetected required a lot of expertise in writing AXE code, an esoteric competency that isn't readily available in most places. But as it happens, for the past 15 years, a considerable part of Ericsson's software development for the AXE has been done under contract by a Greek company based in Athens, Intracom Telecom, part of Intracom Holdings. The necessary know-how was available locally and was spread over a large number of present and past Intracom developers. So could this have been an inside job?

The early stages of the infiltration would have been much easier to pull off with the assistance of someone inside Vodafone, but there is no conclusive evidence to support that scenario. The infiltration could have been carried out remotely and, indeed, according to a state report, in the case of the failed text messages where the exact time of the event is known, the last person to access the exchange had been issued a visitor's badge.

Similarly, we may never know whether Tsalikidis had anything to do with the wiretaps. Many observers have found the timing of his death highly suggestive, but to this day no connection has been uncovered. Nor can observers do more than speculate as to the motives of the infiltrators. [See the sidebar, “An Inside Job?” for a summary of the leading speculation; we can neither endorse nor refute the theories presented.]

Just as we cannot now know for certain who was behind the Athens affair or what their motives were, we can only speculate about various approaches that the intruders may have followed to carry out their attack. That's because key material has been lost or was never collected. For instance, in July 2005, while the investigation was taking place, Vodafone upgraded two of the three servers used for accessing the exchange management system. This upgrade wiped out the access logs and, contrary to company policy, no backups were retained. Some time later a six-month retention period for visitor sign-in books lapsed, and Vodafone destroyed the books corresponding to the period where the rogue software was modified, triggering the text-message errors.

Traces of the rogue software installation might have been recorded on the exchange's transaction logs. However, due to a paucity of storage space in the exchange's management systems, the logs were retained for only five days, because Vodafone considers billing data, which competes for the same space, a lot more important. Most crucially, Vodafone's deactivation of the rogue software on 7 March 2005 almost certainly alerted the conspirators, giving them a chance to switch off the shadow phones. As a result investigators missed the opportunity of triangulating the location of the shadow phones and catching the perpetrators in the act.

So what can this affair teach us about how to protect phone networks?

Once the infiltration was discovered, Vodafone had to balance the need for the continued operation of the network with the discovery and prosecution of the guilty parties. Unfortunately, the responses of Vodafone and that of Greek law enforcement were both inadequate. Through Vodafone's actions, critical data were lost or destroyed, while the perpetrators not only received a warning that their scheme had been discovered but also had sufficient time to disappear.

In the telecommunications industry, prevailing best practices require that the operator's policies include procedures for responding to an infiltration, such as a virus attack: retain all data, isolate the part of the system that's been broken into as much as possible, coordinate activities with law enforcement.

Greek federal telecom regulations also specify that operators have security policies that detail the measures they will take to ensure the confidentiality of customer communications and the privacy of network users. However, Vodafone's response indicates that such policies, if they existed, were ignored. If not for press conferences and public investigations, law enforcement could have watched the behavior of the shadow cellphones surreptitiously. Physical logbooks of visitors were lost and data logs were destroyed. In addition, neither law enforcement authorities nor the ADAE, the independent security and privacy authority, was contacted directly. Instead, Vodafone Greece communicated through a political channel—the prime minister's office. It should be noted the ADAE was a fairly new organization at the time, formed in 2003.

The response of Greek law enforcement officials also left a lot to be desired. Police could have secured evidence by impounding all of Vodafone's telecommunications and computer equipment involved in the incident. Instead it appears that concerns about disruption to the operation of the mobile telephone network led the authorities to take a more light-handed approach—essentially interviewing employees and collecting information provided by Vodafone—that ultimately led to the loss of forensic evidence. They eventually started leveling accusations at both the operator (Vodafone) and the vendor (Ericsson), turning the victims into defendants and losing their good will, which further hampered their investigation.

Of course, in countries where such high-tech crimes are rare, it is unreasonable to expect to find a crack team of investigators. Could a rapid deployment force be set up to handle such high-profile and highly technical incidents? We'd like to see the international police organization Interpol create a cyberforensics response team that countries could call on to handle such incidents.

Telephone exchanges have evolved over the decades into software-based systems, and therefore the task of analyzing them for vulnerabilities has become very difficult. Even as new software features, such as conferencing, number portability, and caller identification, have been loaded onto the exchanges, the old software remains in place. Complex interactions between subsystems and baroque coding styles (some of them remnants of programs written 20 or 30 years ago) confound developers and auditors alike.

Yet an effective defense against viruses, worms, and rootkits depends crucially on in-depth analysis that can penetrate source code in all its baroque heterogeneity. For example, a statistical analysis of the call logs might have revealed a correlation between the calls to the shadow numbers and calls to the monitored numbers. Telephone companies already carry out extensive analysis on these sorts of data to spot customer trends. But from the security perspective, this analysis is done for the wrong reasons and by the wrong people—marketing as opposed to security. By training security personnel to use these tools and allowing them access to these data, customer trend analysis can become an effective countermeasure against rogue software.

Additional clues could be uncovered by merging call records generated by the exchange with billing and accounting information. Doing so, though, involves consolidating distinct data sets currently owned by different entities within the telecom organization.

Another defense is regular auditing of the type that allowed Ericsson to discover the rogue software by scrutinizing the off-line dumps. However, in this case, as well as in the data analysis case, we have to be sure that any rogue software cannot modify the information stored in the logs or the dumps, such as by using a separate monitoring computer running its own software.

Digital systems generate enormous volumes of information. Ericsson and Vodafone Greece had at their fingertips all the information they needed to discover the penetration of Vodafone's network long before an undelivered text message sent them looking. As in other industries, the challenge now is to come up with ways to use this information. If one company's technicians and one country's police force cannot meet this challenge, a response team that can needs to be created.

It is particularly important not to turn the investigation into a witch hunt. Especially in cases where the perpetrators are unlikely to be identified, it is often politically expedient to use the telecom operator as a convenient scapegoat. This only encourages operators and their employees to brush incidents under the carpet, and turns them into adversaries of law enforcement. Rather than looking for someone to blame (and punish), it is far better to determine exactly what went wrong and how it can be fixed, not only for that particular operator, but for the industry as a whole.

Merely saying—or even legislating—that system vendors and network operators should not allow something like this to occur is pointless, because there is little that can be done to these companies after the fact. Instead, proactive measures should be taken to ensure that such systems are developed and operated safely. Perhaps we can borrow a few pages from aviation safety, where both aircraft manufacturers and airline companies are closely monitored by national and international agencies to ensure the safety of airline passengers.

About the Author

VASSILIS PREVELAKIS, an IEEE member, is an assistant professor of computer science at Drexel University, in Philadelphia. Hiscurrent research is on automation network security and secure software design. He has published widely in these areas and is actively involved in standards bodies such as the Internet Engineering Task Force.

DIOMIDIS SPINELLIS, an IEEE member, is an associate professor in the department of management science and technology at the Athens University of Economics and Business and the author of Code Quality: The Open Source Perspective (Addison-Wesley, 2006). He blogs at http://www.spinellis.gr/blog.

To Probe Further

The Wikipedia article http://en.wikipedia.org/wiki/Greek_tele ... _2004-2005 contains additional links to press stories and background material.

Ericsson's Interception Management System user manual (marked confidential) is available on the Web through a Google search: http://www.google.com/search?q=IMS+ericsson+manual or at http://cryptome.org/ericsson-ims.htm.
Ευχαριστώ.
pipinos1976
Δημοσιεύσεις: 1194
Εγγραφή: 08 Απρ 2011, 23:52

Re: Απευθείας πρόσβαση της NSA στα δίκτυα Google και Υahoo

Δημοσίευση από pipinos1976 »

Και για να είμαι ξεκάθαρος. Γνωρίζω πολύ καλά τι γράφω γιατί είναι η δουλειά μου. Τα ίδια έγραφα και πολύ καιρό πριν, σε άλλο σημείο, αλλά εκεί δεχόμουν επιθέσεις για λόγους που όλοι καταλαβαίνουμε και μάλιστα από μια ειδική κατηγορία ανθρώπων (για τους ίδιους λόγους που η Samsung πλήρωνε φοιτητές για να επιτίθενται στου ανταγωνιστές της στα διάφορα fora) και μαζί με αυτούς και από μερικούς άξεστους, αγράμματους και άσχετους με το αντικείμενο που ήθελαν να μπουν (ή ανήκαν ήδη) στην κλίκα και απλά έκαναν ό,τι τους έλεγαν.

Όπως βλέπετε, αυτά που έγραφα τότε επιβεβαιώνονται 100% από τις δημοσιεύσεις του τύπου είτε του επιστημονικού (Αμερικανικό περιοδικό με τεράστιο κύρος) είτε του εβδομαδιαίου και περιοδικού (βλ. δημοσιεύσεις σχετικές με την NSA και τις παρακολουθήσεις). Δεν σκοπεύω να επεκταθώ στο θέμα. Τις πληροφορίες τις παρουσίασα και μάλιστα όχι με δικές μου σκέψεις, αλλά με ανακοινώσεις των Αρχών (δικαστικές Αρχές, δηλώσεις επισήμων, απόψεις επιστημόνων κτλ) που θεωρούνται πιο έγκυρες. Ένας λόγος που στο σημείο που με έβριζαν δεν έχουν κάνει ΚΑΜΙΑ αναφορά σε αυτά τα θέματα είναι ότι πρέπει να παραδεχθούν το γεγονός ότι είχα δίκιο και ότι δέχθηκα επιθέσεις, χλεύη, ύβρεις κτλ (με τεράστια στωικότητα) εντελώς άδικα και, μάλιστα, από ανθρώπους που ουδεμία σχέση είχαν με το αντικείμενο. Είχαμε φτάσει στο σημείο να εξισώνεται η άποψή μου με την άποψη του οποιουδήποτε, έστω και αν αυτός απλά είχε πάρει ένα μάθημα εισαγωγή στις Τηλεπικοινωνίες στο 2ο ή 3ο έτος της Σχολής και από τότε δεν είχε ασχοληθεί καθόλου ή ακόμη κι αν είχε παρακολουθήσει ένα σεμινάριο / διάλεξη εκλαϊκευμένης επιστήμης για 4 ώρες. Γι' αυτά, όμως, θα επικοινωνήσω μαζί τους σε κάποια φάση, απλά για να γνωρίζουν (τα εκτελεστικά όργανα) ότι γνωρίζω ποιοι και πώς κάνουν κουμάντο και διευθύνουν την ορχήστρα, ακόμη και στα fora, όπως το εν λόγω.

Over 'n' out...

Ευχαριστώ.
Απάντηση

Επιστροφή στο “Breaking News...”