Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

[DeepSec 2015] Can societies manage the SIGINT monster?


Can societies manage the SIGINT monster?
Duncan Campbell (IPTV Ltd)

Behind closed doors, ubiquitous surveillance systems have evolved in parallel to and hidden within the global communications infrastructure. Developments in signals intelligence (Sigint) technology and tradecraft have shadowed all new telecommunications developments. Sigint agencies have covertly sought to lead, change, and subvert arrangements that IT practitioners make for security and privacy.

Everybody with an open data connection is being monitored and recorded at all time.

We can do privacy and security. The fallacy that we can’t have both needs to be disproven.

Even though there’s no wall of sheep here, there is an embassy only meters from the hotel were this conference takes place. On the rooftop of the British embassy there is massive surveillance and recording equipment. Phased arrays trying to scan and record anything within range.

This kind of system was exposed in the Snowden document leaks, and boasts a range of collection types (WiFi, CDMA, GSM, Satellite, WiMAX, Microwave, …).

To the other side of the Danube, sitting atop the United Nations tower is an almost identical tower (part of a project called STATEROOM). These are covert special collection sites.

Other collection points exist at the US embassy in Vienna… and are listed in the Snowden leaks.

Outside of Vienna, there are obviously other monitoring stations, including the famous event in Athens were GSM networks were monitored resulting in the death of a telecom employee.

Austria has a history of being central to monitoring within europe dating back many years. These capabilities have only expanded under the RAMPART program, accessing international communications from around the world. These 3rd party relationships are key to the US monitoring plans.

Access to communications data and monitoring is traded for access to advanced techniques and technologies.

Austria is only one part of the process… with data flowing through Germany and back to Washington for further analysis.

Without knowing the language used to describe things, the Snowden documents (and others) are hard to decipher. The word hacking isn’t used, instead being replaced with words such as “touch” and “implant” to describe malware.

A brief history of sessionizers

  • 1998 First optical fibre rate sessionizers
  • 2000 Grandmaster
  • 2002 WEALTHCLUSTER (known publicly as DPI)
  • 2006 TURMOIL (also known as TULLURIAN)
  • 2010 Increased to 10 Gbps
  • 2013 100 Gbps (post Snowden information)

This data is all then fed into projects like XKeystore… however this is a broken system as the recent attacks in Paris show.

Extraordinary mis-purposing of systems designed for one use, but resulting in the large-scale collection of data from civilians.

Massive amounts of information, incompetent tools, coupled with wide reaching monitoring.

XKeystore runs on MySQL, relies on Crontab, and uses CADENCE, an ancient and inefficiently designed system (scaled up from the days of telegraphy).

Little intelligence value…

You give them big data, and they screw up badly”

Anything that they can’t get is their biggest target. Access to mobile communications, leading to attacks on Belgacom to get insight into their network and communications.

Even with all that access however, they still don’t do their job. Stealing data, but not stopping the attacks that they are meant to detect by invading this privacy.

Recent Wikeleaks data shows that US monitoring stations in the EU are targeting politicians and business talks… and not attempting to try and find the bad guys.

Going for data at scale, exposes their overreach and inability to gain meaningful insight from the data.

Privacy and Security do not trade-off against each other… it’s not a zero sum game!



Comments are closed.

%d bloggers like this: