[talk] a Guardian article

Peter Varga pvarga at pvrg.net
Fri Mar 31 13:20:47 EDT 2017 


On Fri, Mar 31, 2017, at 12:32, Antti Kantee wrote:
> On 31/03/17 15:56, George Rosamond wrote:
> > Ike had a story about Russian mitigation of German radio surveillance
> > during WWII. The Russians had numbers and relied on that for their
> > solution. *Everyone* spoke on the wire, about *everything*. The weather,
> > the latest radio broadcast performances, their kids' birthdays... and
> > since German radio surveillance relied upon individuals who could
> > understand Russian, the volume was beyond their capacity. The German
> > surveillance solution couldn't scale. Meanwhile, unencrypted high-value
> > communications continued in this large pool of noise.
> >
> > Apparently this tactic continued well into the Cold War against US
> > surveillance.
> >
> > The difference today is scaling. Digitized communications are easier to
> > collect in volume, and to store and process, without relying on
> > individuals to listen-in.

Even mid size companies can do on their connections, less data then
tapping the backbones.

> 
> Nice story.  I assume they were talking about the weather etc. because 
> everyone is not capable of creating believable military-like traffic. 
> Since everyone can listen now, like we've been discussing, the key is to 
> figuring out how to generate military-like traffic instead of just 
> birthdays and the rainy weather.

You mean military-grade traffic with all the characteristics of network
traffic.  I parse military-like as in traffic similar to military
traffic.  e.g.: military like vehicle, versus military grade vehicle.

> 
> > Digital surveillance can also more easily parse and discover anomalies
> > in  the traffic. And then it can be correlated with cell phone traffic, etc.
> 
> That's just one more reason why my cell phones only do voice/sms, and 
> why I don't really carry them around all that often.  (well, the real 
> reason is that I don't get disturbed very often that way)
> 
> > Your local ISP surveillance device says: "I am watching lots of traffic,
> > and while I see the usual queries to the news www sites, I also see that
> > they are accessing Chase bank on the first of each month."
> 
> That's the computer science solution to figuring out which bank we use. 
> The [computer] engineering solution would be for the ISP to look at the 
> check.

Adversary knows the date and approximate time is already a help to an
attack, in some case an MITM could work.  As happened before many many
years ago, certain routers at big ISPs would send out spam for say an
hour, inside job.

> 
> > The point is white noise needs to be customized insofar as anomalies
> > can't be easily identified.  It has to be lots of banks that are
> > accessed, including (you) the target's own banks, at regular sloppy
> > intervals.
> 
> Maybe the solution is to feed normal traffic into some machine learning 
> algorithm?  I've been wanting to do machine learning anyway, here's a 
> nice itch to [not] scratch.

Yes, it is a solution, that works.  This should have its own thread. 
:-)

> 
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk

More information about the talk mailing list