Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

[DeepSec 2015] Can societies manage the SIGINT monster?


Can societies manage the SIGINT monster?
Duncan Campbell (IPTV Ltd)

Behind closed doors, ubiquitous surveillance systems have evolved in parallel to and hidden within the global communications infrastructure. Developments in signals intelligence (Sigint) technology and tradecraft have shadowed all new telecommunications developments. Sigint agencies have covertly sought to lead, change, and subvert arrangements that IT practitioners make for security and privacy.

Everybody with an open data connection is being monitored and recorded at all time.

We can do privacy and security. The fallacy that we can’t have both needs to be disproven.

Even though there’s no wall of sheep here, there is an embassy only meters from the hotel were this conference takes place. On the rooftop of the British embassy there is massive surveillance and recording equipment. Phased arrays trying to scan and record anything within range.

This kind of system was exposed in the Snowden document leaks, and boasts a range of collection types (WiFi, CDMA, GSM, Satellite, WiMAX, Microwave, …).

To the other side of the Danube, sitting atop the United Nations tower is an almost identical tower (part of a project called STATEROOM). These are covert special collection sites.

Other collection points exist at the US embassy in Vienna… and are listed in the Snowden leaks.

Outside of Vienna, there are obviously other monitoring stations, including the famous event in Athens were GSM networks were monitored resulting in the death of a telecom employee.

Austria has a history of being central to monitoring within europe dating back many years. These capabilities have only expanded under the RAMPART program, accessing international communications from around the world. These 3rd party relationships are key to the US monitoring plans.

Access to communications data and monitoring is traded for access to advanced techniques and technologies.

Austria is only one part of the process… with data flowing through Germany and back to Washington for further analysis.

Without knowing the language used to describe things, the Snowden documents (and others) are hard to decipher. The word hacking isn’t used, instead being replaced with words such as “touch” and “implant” to describe malware.

A brief history of sessionizers

  • 1998 First optical fibre rate sessionizers
  • 2000 Grandmaster
  • 2002 WEALTHCLUSTER (known publicly as DPI)
  • 2006 TURMOIL (also known as TULLURIAN)
  • 2010 Increased to 10 Gbps
  • 2013 100 Gbps (post Snowden information)

This data is all then fed into projects like XKeystore… however this is a broken system as the recent attacks in Paris show.

Extraordinary mis-purposing of systems designed for one use, but resulting in the large-scale collection of data from civilians.

Massive amounts of information, incompetent tools, coupled with wide reaching monitoring.

XKeystore runs on MySQL, relies on Crontab, and uses CADENCE, an ancient and inefficiently designed system (scaled up from the days of telegraphy).

Little intelligence value…

You give them big data, and they screw up badly”

Anything that they can’t get is their biggest target. Access to mobile communications, leading to attacks on Belgacom to get insight into their network and communications.

Even with all that access however, they still don’t do their job. Stealing data, but not stopping the attacks that they are meant to detect by invading this privacy.

Recent Wikeleaks data shows that US monitoring stations in the EU are targeting politicians and business talks… and not attempting to try and find the bad guys.

Going for data at scale, exposes their overreach and inability to gain meaningful insight from the data.

Privacy and Security do not trade-off against each other… it’s not a zero sum game!


[LHS Microcast] DeepSec 2015


Chris sits down with Mika and René from the DeepSec conference to talk a little bit about what the upcoming conference and how embedded dependencies are causing such headaches in security.

[LHS Microcast] Interview w/ Jen Ellis

Martin and I took the time to sit down with Jen Ellis at DEF CON this year to discuss the legal system in the US and how it effects researchers and hackers, how the system is flawed, and what steps we should be taking to influence future legal measures. Jen also gives us a little background into the Wassenaar Arrangement and what it could mean to researchers internationally.


[Download MP3]

Taking out the Eurotrash

eurotrash_sqRegular listeners are probably already aware by now, that the Eurotrash is no more! As with all good things, there had to be an end, and with the last Christmas episode, we got the old crew back together for one last go around! We’d like to say that we’re throwing in the towel because our efforts to solve world hunger and push the middle east peace process through is taking up most of our time, but if I did I’d only be telling half the truth.

A While ago the crew decided that we weren’t having enough time to record and edit the way we wanted to… as you can see, the number of episodes in 2014 was down on the previous years, because of lack of time and so many other projects. So, something had to give. We hope you’ve had a fun journey with us over the years, and it’s been a pleasure to do.

So, thank you Ben, Craig, Dale, Wim… thank you to the guests over the years for putting up with our silly questions… and most of all, thank YOU the listeners for making us want to do this thing again and again until our hands bled from the editing, and our families were starving on the streets*

So, this Christmas time, don’t cry for us! Light a candle (or a cigarette), and raise a glass (or a bottle of vodka) to the Eurotrash Security Podcast… gone but not forgotten! Episode 50: The Final One… evar

“Doesn’t Ben look hawt in his new work outfit!”

Note: Past episodes will remain available on http://eurotrashsecurity.eu until such time as  Craig gets so drunk that he forgets to renew the domain… or he pawns it to buy cheap aftershave! So probably a few months at least 😉

* Not actually starving