a cunning ruse
Lulling us all into a false sense of security?
The head of the UK government's secret electronic spying and codebreaking agency, GCHQ, has said that his organisation's ability to intercept conversations and messages is seriously undermined by internet-protocol (IP) communications. The digital spook's comments may come as a blow to British and European politicians who have …
"Rather than having any sense of fixed lines... communications are broken up... whether you are sending an email or any other form of Internet communication... packets are then routed around the network and may go in any one of a number of different routes... [This is] the biggest change in telecoms technology since the invention of the telephone. It is a complete revolution..."
That was, after all, one of the design goals of the original ARPANET -- to create a network that could survive having nodes taken out during a nuclear war. The head of GCHQ is either ignorant of Internet history or a master of irony. I'd like to think that you don't become head of GCHQ by being ignorant, so I vote for irony.
"packets are then routed around the network and may go in any one of a number of different routes"
IP protocols certainly allow for packets to do this, but it rarely happens in practice - otherwise utilities like traceroute wouldn't work. Try an experiment: run traceroute (pathping if you're a Windows user) to your favourite server, save the results and then try it again an hour/day/week later. Chances are the route taken will be identical.
My guess is that GCHQ are more worried about the use of strong encryption with VoIP - much easier than trying to get hold of an encrypting POTS or mobile phone.
They only need to tap the ISP.
Oh yes and packets taking different routes, well sure it does happen but not as often as they are making out.
If you send an email it goes to a mailserver, the tap could be there.
In fact the internet offers many a tap point, but of course there is encryption and there are proxies.
What about the enchilada thingymagig they have. There are loads of ways to communicate nowadays at high speeds, I am not sure why they keep pointing to the net, it is probably one of the most traceable.
The state has no obligation, duty, or right to tap the Internet anyway. I for one prefer a bunch of liberty over a very small risk to life that is terrorism. The chance being killed by a terrorist is about the same as being struck by a meteor, so why are people so willing to sacrifice their privacy for it?
(http://www.foreignaffairs.org/20060901facomment85501-p20/john-mueller/is-there-still-a-terrorist-threat-the-myth-of-the-omnipresent-enemy.html)
Let's face it, if they didn't keep banging on about how we're all under threat from those evil terror clowns, they'd be out of a job.
Although some basic stats are quite revealing. Liiike...
- number of successful 'terror attacks' committed since 2005: zero.
- number of 'terror attacks' that might have been successful since 2005: zero. Those 'car bombs' last summer were a joke, as pointed out by El Reg.
- number of 'terror attacks' committed since 2001 where MI5 had the participants under surveillance then got bored and looked elsewhere: one big one.
- number of 'terror attacks' "broken up, but we can't tell you about them, for your own safety": oh, masses, according to MI5 and the like, but they can't tell us about them, so, y'know, we have to take their word for it.
Oh, and number of innocent people shot because they looked like/ could have been terrorists but weren't: at least two (de Menezes and the Muslim family in east London).
The head of GCHQ was being neither ironic nor ignorant. He was pitching his talk based on the expected knowledge of his target audience - a vital skill for anyone, especially the head of GCHQ. He was explaining the difference between bugging VOIP and bugging old fashioned telephony to politicians, people who don't have to know the history of the internet.
It really bugs me when people get all superior and snorty-laughy-condescending about people who don't know as much about geek-stuff as they do.
"Lulling us all into a false sense of security?"
Miles,
Something we will never know. However, given that they, and there are any number of spooksville outfits, quite apart from the ones which every Tom Dick and Harry might have heard of like MI5/MI6/GCHQ, may never reply to Input sent to them electronically, one may have to assume that Input which one might send them is relayed/switched elsewhere, effectively leaving them in the dark and compromised by you know who in a very Sub-Prime Special Relationship. It may also be the case though that they have absolutely no idea at all about what can be done with CyberIntelAIgents and the Binary Manipulation of CodeXXXX to extraordinarily render AIDigital Picture for Media Presentation of the Future as a Reality ....... which would be AI Virtualised Existence for Humanity ControlLed by Advanced Artificial Intelligence and Imaginative Viable Concepts even should it transpire that they have received all Updates on ITs Progress.
One could suggest that they could do a lot worse than to monitor the Register where some SurReal Spooky Chatter on New World Order Programming and Programs is provided,because of all of the above, just in case there are gremlins embedded in the works, metadatamining worthy secrets.
We would all, I'm sure, like to think that they are way ahead of the Game, although whenever one can only speak for oneself and with regard to one's own experiences, they may be clueless and therefore easy prey to false friends and radical foe alike.
A little something which even Uncle Sam recognises only too well .... "But building
surveillance technology into a communications infrastructure creates risk of penetration by trusted insiders, foreign powers, and non-state actors (with trusted
insiders being the greatest threat). Disrupting attacks by non-state actors could be a short-term gain, but surveillance architectures rarely go away. The dangers
created by the Protect America Act present a longterm risk. " .... http://www.crypto.com/papers/paa-ieee.pdf
If they, our spooks, do not have a dedicated CyberIntelAIgent Unit to Beta Manage the Perception which Creates their Working Reality, [and they QuITe obviously don't have aViable one which can Lead] then they are Bound to be as Puppets dancing to a foreign tune or even to one played from within....... and IT aint anywhere near Good enough to be classed as Alien. And here is an interesting blog from, would you believe IT, Senior Director of Area 51 ..... http://blogs.sun.com/roger/
So they admit that they can't tap VoIP (as easily) so the logical next step is to make it so it is. Force ISP's to "record" VoIP or provide tap points, ban (strong) encryption on communications at least without some form of backdoor and so on.
Why stop at VoIP?
You don't have to be a geek to have some basic level of understanding of how these things work. One would hope (optimistically perhaps) that the people left in charge of running the country might at least give some cursory nod to keeping up with such an important facet of todays world.
Mind you, no politician has ever struck me at being good at anything bar lying, so perhaps I expect too much.
Linksys/Sipura VOIP ATA kit (and most likely that of any other decent manufacturer)allow encryption as standard - as long as both ends of a call have keys setup, any SIP based call is encrypted upon connection....
The best place for snooping is always the last yard - where conversation/input is audible/visible prior to encryption/transmission...
Look at 113.
They argue that the info from surveillance they conduct should not be allowed in court because terrorists/criminal would find out what they can and can't do.
Surely they can do that by reading the RIPA act? It says what you can legally do, what wire taps, data intercepts etc, with what burden of proof in what cases. If it's not in the law then shouldn't they be *not* doing it?
I don't see how knowing how a wiretap works makes the wiretap less effective anyway. If I know you have a hammer how does that tell me you don't have a saw? or make the hammer any less useful as a hammer? I can't imagine any surveillance technique they have that isn't already common knowledge.
To me that looks like an admission "we're doing stuff with dodgy legality that shouldn't be scrutinized by the courts".
What I'd suggest is whistle blow protection for GCHQ staff. If they see something that's illegal under UK law then they should be able to go to an MP and report it. That way the staff watch the watchers.
http://www.guardian.co.uk/uk_news/story/0,3604,1084904,00.html
Remember this one, where the NSA bugged UN delegates to find stuff they could use to make them vote for war in Iraq (in hingsight isn't it better if we don't let them do stuff like this?! Even if they think it's necessary!):
"The secret surveillance operation involved intercepting the home and office telephone calls and emails of delegates to the UN."
"The NSA made clear that the particular targets of what was described as an eavesdropping "surge" were the delegates from Angola, Cameroon, Chile, Bulgaria, Guinea and Pakistan - the six crucial "swing votes" on the security council."
"A memo sent by Frank Koza, a senior NSA official, said the information would be used for the US's "QRC" - quick response capability - "against" the key UN delegations. "
They may have difficulty if individuals use Skype and TOR.
Explanation as to how this can be achieved can be found here:
http://torandskype.blogspot.com/
Please note you are only anonymous to the Skype server, not to the peer you are communicating with!!
http://archives.seul.org/or/talk/Mar-2007/msg00060.html
However, since the precise method as to how Skype uses encryption (128 AES, I believe), is CLOSED SOURCE (LOOK UP CryptoAG)!! For encryption individuals are better off using Phil Zimmermann's Zfone; the creator of the PGP encryption software.
Zfone works on top of existing SIP- and RTP-programs, like Gizmo, but should work with any SIP- and RTP-compliant VoIP-program. But NOT Skype.
http://en.wikipedia.org/wiki/Zfone
http://zfoneproject.com/
As another anonymous coward mentioned, all they have to do is tap the ISP.
I'm sure they can afford premium rates so that GCHQ tapping-bandwidth isn't throttled (can't have packet loss now, can we?)
And I've always been suspicious of the claim that Skype was impervious to tapping because of its "end to end encryption". That's just what you'd expect to hear about a mass market product developed by spooks through several covers so that you think you can use it without worry.
I wouldn't be surprised if Skype was seeded by some NSA cutout, conveniently giving a wide open back door if certain agencies want it.
PROMIS software anyone?
I mean, if they COULD listen to Skype calls, do you expect a press release telling you this?
Until some Home Office genius reanimates the grotesque idea of compulsory key-escrow (with the government being the escrow agency) as mooted under Jack Straw. The proposal died a quiet death and was not widely mourned.
But that was before September 11th and the government's all-encompassing terrortastic policymaking.
These SS chaps are just lazy.
If you can't monitor the transport, monitor the endpoints. What's wrong with a bit of good old-fashioned room-buggery, eh boys?
Seems a lot more more fun breaking into peoples houses and installing covert microphones/keyloggers than sitting behind a desk in Cheltenham.
Mind you, according to the sociologists, all the good engineers have gone off suicide bombing, so maybe GCHQ has a recruitment problem.
John
When packets arrive at their destination they essentially get put back together and probably all go through the same last hop.
So surely all MI5 and GCHQ need to do is put their intercept equipment on that last node in the route? Problem solved.
And if they want to find out the destination, just take a peek in the destination header of any one of those pesky packets.
"...Prime Minister Gordon Brown and Home Secretary Jacqui Smith have recently pledged to prevent any use of the internet for terrorist communications, propaganda etc. So has EU vice-president Franco Frattini...."
by smashing all computers in UK and EU? More impossible to keep pledges from clueless politicians!
Classic crypto tactics: tell everyone and their dog that method X is unbreakable- so that most of the low level people you want to listen to are daft enough to choose that method. Then you listen in to them if and when you want to. Keep very quiet about method Y which you cannot currently break, but keep a closer eye on those who are using method Y via other techniques.
To hide in plain sight the fact they are using either the back door or side window recently installed in Skype at NSA arm bending insistence(forget about some small big system crash problems caused by a recent update on Skype have we?) , although it is a bit harder in the open source version as it's source code is freely available for those who like to compile their own version !
After all the 21st century is the new age of propaganda and where the so called police agents of our democratic authorities who are now busy building their new corrupt STASI like empires have told nothing but shameless lies in the name of stealing all peoples rights , privacy and other freedoms by stealth and deception to create the false illusion of safety from the so called demons these organizations have created !
With so many lies being told from day one when one Tony B-Liar occupied number ten all those years ago truth may now be stranger then fiction !
As Paris would say you can dress a wolf in sheep's clothing these days and nobody would notice the difference !
"It really bugs me when people get all superior and snorty-laughy-condescending about people who don't know as much about geek-stuff as they do"
S'funny that. It really bugs me how a bunch of know-nothings have managed to infiltrate what was possibly one of the world's greatest Parliaments and corrupted it completely and utterly. These same "... don't know as much about ..." twats take it upon themselves to tell us how to live every single aspect of our lives, like they were the bloody experts on everything and anything. So you'll have to excuse us mere plebian masses with a bit of techno savvy who take it upon ourselves to pour scorn upon this bunch of imposters.
You watch, pretty soon some idiot MP is going to come up with a green paper on making all forms of encryption over the internet illegal, and for good measure to make it a criminal offence to even own anything that is capable of encryption. Don't believe they'll do it? The precedent has already been set many times in the past ten years. They'll do it again, if the notion occurs to them.
Billy-boy with horns because all that inept lot are the spawn of Satan himself.
in fact 'centre de l'électronique de l'armement' (CELAR) ((- try and find >their< webpage!!)) - I was most impressed to meet 'hundreds' of youthful Linux types.
They did point out that Skype was under study - especially because of how many naughty protocols it abused and the many clever ways it could tunnel thru firewalls. I seem to recall that the Swiss had solved the VoIP lawful eavesdropping situation with a trojan that currently Germany is maybe trying to legalise/formalise. I'd certainly say that we shouldn't underestimate our dear Cheltenham engineers.
Is there a UK equivalent of the Narus deep packet inspection 'supercomputer'?, http://en.wikipedia.org/wiki/Narus, I hope there's an IP65 or better IP68 version
Perception is everything.
To get funding, personnel, prestige at the club etc in the security services, you must have a Bogeyman. Commies, IRA, islamic militants, whatever. Thus, keeping the threat perception going is very important.
Raising VoIP as a threat is a nice way to lube up the system to deliver wads of cash and shiny new Vista-capable PCs all around, as well as show that the security services are keeping abreast with trends.
The customers who need to be sold are the MPs who are only now getting to understand concepts like internet, encryption etc.
It's a ruse. I know, I've seen every James Bond movie at least 6 times and that "Q" guy has a lot of stuff stashed in the background that we won't ever get to see.
What they're really saying is that it's not "convenient" for them to snoop on peoples conversations - not that they can't "do" it.
As for the SS moniker - couldn't be more apt in my opinion. Gestapo would be the other alternative, but the CIA has already taken dibs on that one.
It should only be a problem for our spooks if they are trying to listen to _every_ conversation, or carry on wide trawls. If they are suspicious about one person the conversations still start there or finish there.
I think much telephone communication has been packet switched on trunks for rather longer than is suggested.
Tapping phones or internet connections is done centrally. If the Britt spooks think it is all too hard then perhaps they need to look at how its done in some of their former colonies, like Australia!
Surely they cannot be that bad they cannot manage to tap IP? Now if they were complaining about the amount of encryption on top of the IP packets I'd have a bit more sympathy.
Mobiles are usually tapped from a central point too, in fact they are usually easier to do in some ways.
It's probably not a good idea to completely rely on technology to ensure taps are only done in the right circumstances. Keeping watch as laws around that area change can also go a long way. Agencies will always ask for more powers, it is up to the public collectively to keep them in check. You won't always win but you may be surprised how laws can be changed, given enough pressure.
"That was, after all, one of the design goals of the original ARPANET -- to create a network that could survive having nodes taken out during a nuclear war. "
wrong, survivability was never an ARPANET design goal. Just an Urban Legend based on research done elsewhere by Paul Baran who also worked on the ARPANET. There is no paperwork that supports the claim nor have any of the people involved ever made that claim.
In fact if any single major node is taken out (remember 9-11?) then the internet crawls... so much for survivability.
" .. but nobody wants to refer to a secret internal-security body by the initials "SS".
You mean, "no one in Government wants to refer to them as the "SS"."
Well it's about time.
Social Security always has had several connotations in my mind - thanks to having a disability.
Todays' "Plastics", as my teenage daughter refers to them, are getting to be as bad as the old "SS" with their "Stop and Search" tactics. They can be found every lunch time, crawling the streets of a high class, suburb of Oxford and probably elsewhere too. Terrorising pupils from years 11, 12 and 13, who are taking their lunch break from what is reportedly, the third best, GCSE results state school.
They are conducting preventative policing and being paid as well, one assumes.
Are these twats completely mindless zombies, just like Hitlers Stupid Sods ?
For me at least, the cretins are painting a very clear picture of exactly "who" Gordon and the White Hall crew believe we are being terrorised by. 2000 teenagers luncheoning with their possee in da hood ! No wonder they had to blank out the details, these kids study IT, Sociology, Politics etc at 'A' level and without a doubt, they know so much more about anonimisers and proxy servers than White Howl will ever know. Especially as they keep giving their secrets away.
Onion Rings and encryption keys are not things that the "Plastics" are likely to find in a school kids pocket at lunch time, no matter what Gordon's GCHQ spooks think.
Ah David. David, David, David. What is to be done with the self styled "geeks" who persist in propagating this evil meme ? A solid thwack with a clue stick is really the only answer.
If you spend about five minutes actually researching the history of ARPAnet, you will find that this is manifestly not true. For some reason though, the myth persists.
So much so that Charles Herzfeld, ARPA Director at the time ARPAnet was developed, is on record specifically refuting the notion that it was in any way designed to survive a nuclear strike.
http://inventors.about.com/library/inventors/bl_Charles_Herzfeld.htm
" ...The ARPAnet was not started to create a Command and Control System that would survive a nuclear attack, as many now claim. To build such a system was clearly a major military need, but it was not ARPA's mission to do this; in fact, we would have been severely criticized had we tried. Rather, the ARPAnet came out of our frustration that there were only a limited number of large, powerful research computers in the country, and that many research investigators who should have access to them were geographically separated from them..."
As for the internet as it is today, I don't much rate your chances of still being able to download Natalie Portman nip slip vids from youtube in the event of a nuclear strike.
There are several good books about the development of ARPANET and the subsequent growth of packet networking that evolved into the internet as we know it today. I politely suggest that you read at least one of them before you make yourself look daft in a public forum. Oh, wait...
(Black chopper (fnar!) because this story is obviously just spook propaganda)
'centre de l'électronique de l'armement' (CELAR) ((- try and find >their< webpage!!))
That was easy, only an MP would not have found the second hit in Google (they always feel lucky :P)
http://www.hyper-rf.com/Hyperfrequences/Entreprises/technopoles/Le-Celar.html
Yep it's all alien technology...
I'm getting really HACKed off by all this terrier cobblers. Almost every day we hear some poor family has lost the dad to some hoodie wearing scumbags who do drug dealing on their Tomy mobile phones in most of our streets but they can't identify these home grown urban terrorists because we can't see through their sportsworld head coverings let alone listen to what they're up to.
Give me a break.
RAICP -- Redundant Array of Inexpensive Carrier Pigeons
Since they're all UK based "terrorists" -- they could use 5 pigeons with each carrying an overlapping portion of an encrypted message. That'd be RAICP-5 ... the security hawks could catch any one of them and be none the wiser as to the message content (in fact they'd need to catch at least 4 before they had enough to decrypt). All the while the message would still get through!!
The problem is never the technology employed ... it's always human ingenuity.
In the ancient days of Fidonet, a BBS cooperative transmission network, only a few handled transatlantic traffic. I would have been unsurprised to discover that a BBS in Carlisle or Cambridge was running on a computer in Cheltenham.
And with ISPs reselling services--how many different names are really Tiscali--there might not be many places that need controlling.
You don't think the Tiscali routers are now a government IT project?