The Ultimate Net Monitoring Tool

You too can spy on the Internet, just like the NSA.

(And while we're on the topic, you really should read about the equipment the NSA installed at the AT&T switches. Wow.)

Posted on May 25, 2006 at 2:21 PM • 16 Comments

Comments

Pat CahalanMay 25, 2006 2:29 PM

The Narus device was talked about some time ago on another thread...

BLPMay 25, 2006 3:33 PM

@cranrob:

Probably the point, but I took the bait:

does a slightly different task than the fiber-optic splitter... (lets two ethernet signals (two pair each) share a common 4-pair wire)

=)

NSAMay 25, 2006 5:46 PM

s/installed/allegedly installed/g

I'd hate for anyone to have to take an unplanned tropical vacation on account of one word...

AnonymousMay 25, 2006 6:03 PM

The "Cheating on tests" blog entry is broken - every link purporting to take me to it gets a blank page. (The link to source article is fine.)

Feel free to delete this comment once the problem is fixed.

(Linux, Firefox 1.5.0, but I've never had problems with any other part of this site.)

pat sutlawMay 25, 2006 6:05 PM

This is amazing and depressing. The days of the Internet as an anarchic forum are well and truly over. Big Brother isn't just watching me ... he records my every action for data mining and analysis. What happened to Web idealism?

engineerMay 25, 2006 7:25 PM

Ok, that's the source, and it's a real, real big one. What's the sink? What size disk farm is needed to capture that data? And then what's done with it?

WebbMay 25, 2006 11:26 PM

@engineer

Well, the free e-mail servers obviously have enough space to hold the e-mails. And they're all in a central location. I guess it beats the carnivore plan.

RogerMay 25, 2006 11:33 PM

I have to say, my suspicions about the USA Today story are growing. I'm not yet bold enough to call "bogus", but, well, I'm now _very_ suspicious.

First, Leslie Cauley, a previously little-known reporter from the telecom beat, breaks a big intelligence story, based entirely on anonymous sources.

Anonymous sources are always a worry, but not necessarily a fatal one if you can rely on the journalist to have checked up on them properly. So I tried to check up on Cauley's journalistic reputation -- and found nothing big enough to be google-visible. But she had written a book about the collapse of AT&T, and there were a lot of reviews online. A disturbing number of these referred to her research as sloppy, careless, relying too much on unfounded sources, full of obvious errors, etc.

Another aspect of the story struck me as odd: this source is supposedly providing he said/she said dialogue of the negotiations between Qwest and NSA. It seemed to me that either that dialogue was made up, or else the NSA is going to take about 5 minutes to figure out who is committing the Federal felony.

Next, Bell South, and slightly later Verizon, come out to say that they have completed internal investigations of Cauley's claims and categorically deny them, in terms which would almost certainly broaden their vulnerability to lawsuits if they are lying. Verizon goes so far as to call USA Today liars, which means USA Today gets to sue Verizon if they think they have anything that will stand up in court. USA Today doesn't sue, they just say they "have faith" in their reporter. Uh oh.

Then, rumours circulate which claim to have identified Cauley's supposed high ranking intelligence sources as actually a low ranking AT&T tech. Hmm. Only rumours, mind, which are even worse than anonymous sources; but in view of claims of Cauley's carelessness, her history of having contacts in AT&T but not in intel, and the fact that AT&T are the only accused party not to categorically deny the allegations, this lifts the suspicion meter a couple more notches.

And now we find that Matt Klein is part of the story somewhere. Matt Klein is a former AT&T tech who made allegations about AT&T collaborating with the NSA back in 2004 or thereabouts. For several reasons, it didn't cause much of a fuss back then. For the main reason, read _very_carefully_ the PDF which Bruce linked to above, which contains Klein's testimony.

Finished reading carefully? What did you notice?


That's right; Klein's claim that he was looking at a classified NSA monitoring program is purely conjectural. (The thing most people notice first is they way he jumps from the project name -- Study Group 3 -- to the conclusion that there are at least two other "monitoring facilities", without even considering the possibility that SG 3 is the third version of the same facility, or that SG 1 and 2 do something altogether different, or that *if* it is an intelligence program, the names are selected at random precisely to avoid giving these sorts of clues.) The only thing that even links the NSA to it is that one person involved with the project once spoke to a person identified to Klein as an NSA agent by an (unnamed) 2nd hand source. If it wasn't for that point, you would probably dismiss Klein's entire tale as paranoia. As it stands, that gives it a hmm, maaaybeee, feel, but it's several leagues short of evidence. The "link" that Narus also supplies equipment to the NSA is ridiculous; Narus produces telecoms analysis equipment and has many customers, including several of the world's largest telecoms.

Noting that the equipment Klein saw was monitoring internet connections, not voice lines, here's another possible explanation for everything Klein saw: AT&T, like many telecoms who have traditionally made their big bucks from long distance calls, want to know how much money its own broadband arm is taking from it by carrying VoIP traffic. To that end, they wish to monitor the volume of VoIP packets on their broadband networks, and possibly one day block them. (Whatever you might think of this personally, it's completely legal). So, they buy and install a Narus system, designed for exactly that purpose. The project is somewhat confidential because there might be a public outcry if someone hinted that AT&T was going to block VoIP, but it isn't classified (notice the lack of national security markings on the documents freely handed to Klein?) The NSA guy may have been there to ask "if we presented you with a warrant to monitor a VoIP telephone call, can you do that?", or he may have been there for a totally unrelated purpose, or the 2nd hand source who told Klein the guy was an NSA agent may have been pulling his leg.

SkepticMay 26, 2006 9:27 AM

@Roger--- read about Project Shamrock and Project Minaret, then get back to us on why you don't think that it is reasonable that NSA is involved in exactly the way that Klein has alleged.

Note that those two projects are historical fact, and the result of those projects is the FISA court that we all know and love.

AGMay 26, 2006 12:32 PM

I have been involved in some "legal discovery" processes recently and they were terrible experiences.
There is SO much data on even the smallest messaging system.
So much of this data could be important. Ip addresses, admin connections, conversations, attachments, modified attachments, etc.
On top of this add the legal roadblocks and you have entered a new level of he11.

From an intelligence angle you have to add the complexity of a constant, changing, and growing data flow combined with an ever constant, changing, and growing list of High Priority targets.
Also, as your Targets change historic data may hold important clues and insight to the current information flow, so any change in your targets requires a review of past data.

About the NSA data searching... at least we will have a really excellent record of exactly how everything went wrong when the next big thing happens.

ALSO, I'm lost an important email a few weeks ago can the NSA restore it for me? :-P

winsnomoreMay 27, 2006 12:07 AM

@skeptic
your name is appropo .. roger is right, you can't extrapolate situations without any relevant proof.

klien may be on a war path of his choosing -- without relevant facts. I didn't see anything in the original link (pdf) insinuating what USA today claimed .. and I think the proof it's all NSA is non-existent, there are a lot of areas in CO's where only "specially cleared" tech's are allowed .. it appears klien wasn't one of them.

winsnomoreMay 27, 2006 12:13 AM

Part of this thread http://www.wired.com/news/technology/...
are lunacy.
Software only analyzer on standard dell/hp servers running linux and examining 10G IP pipes in realtime.

come on .. get real .. such hardware doesn't exist .. a lot of crap get's published these days and I think Bruce surely should know.

HurumphMay 27, 2006 10:40 AM

Re: This is amazing and depressing

This kind of monitoring capability has existed in various forms for a very long time and the associated activities that make use of them have been going on for a very long time. After all, this is what we pay our intel capability to do.

Questions about "if it all should exist" are interesting, but what is really important is how it is goverened.

As someone said earlier (in one of these threads?), absolute secrecy corrupts absolutely.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..