Saturday, May 27, 2006

Pre-writing history

C-Net News via RawStory -

AT&T leaks sensitive info in NSA suit

AT&T's attorneys this week filed a 25-page legal brief striped with thick black lines that were intended to obscure portions of three pages and render them unreadable (click here for PDF).

But the obscured text nevertheless can be copied and pasted inside some PDF readers, including Preview under Apple Computer's OS X and the xpdf utility used with X11.

The deleted portions of the legal brief seek to offer benign reasons why AT&T would allegedly have a secret room at its downtown San Francisco switching center that would be designed to monitor Internet and telephone traffic.

"AT&T notes that the facts recited by plaintiffs are entirely consistent with any number of legitimate Internet monitoring systems, such as those used to detect viruses and stop hackers," the redacted pages say.
Now why would AT&T redact these "benign reasons"? It is a clear admission that the project IS NOT about monitoring telephone traffic. It is purely an Internet monitoring project. Why do I believe that? One simple reason:

YOU CANNOT "DETECT VIRUSES AND STOP HACKERS" ON A PHONE LINE!!!

Why do I keep reading what I wrote 6 months ago?

We have placed our monitoring devices at certain “target rich environments” on the Internet: the major switches and routers controlled by the carriers, the twenty or so hubs through which most of the world’s packets flow, most of which are located on U.S. territory. We have software, let’s say a package very similar to Snort, that can monitor and inspect these packets at around 2Gb/sec. Indeed, as we have seen, many carriers already have such monitors already in place and sell monitoring services to their customers (AT&T monitors). (Such tools are generally used to defend against a network attack based on patterns or signatures in the data.)


And they've even got a picture of it on their website.



Wonder what that little guy at the bottom is looking at?
Is he someone you know?
Is he someone you trust?


Monday, May 22, 2006

Wired gets the Goods

So here we are. via TalkLeft and Wired Magazine. This seals the deal as far as collusion between the Internet carriers and the police state.

Since the framing of this issue has, despite protestations, turned on "listening to phone calls" and "wiretapping", etc. the major media will not pick this up, since it's NOT "listening to phone calls".

I'll dive into this document in more detail after study. Suffice to say, this is NOT a wiretap in the legal sense of the word.

Update: Mark Klein is an American Hero

Friday, May 19, 2006

Alma Mater

Well at least my daughter chose a school where the students give a damn.

McCain at New School: Honeymoon is Over

"I stand that ground because I believed, rightly or wrongly, that my country's interests and values required it."

"Wrongly!" one student boomed from the back. Sitting directly behind us, Maureen Dowd and Adam Nagourney of the New York Times, chuckled.

As McCain droned on, students became increasingly restless. One cried, "This speech sucks!" Several students walked out early.

Summing up the mood of the day, another shouted, "We're graduating, not voting."


Ain't youth grand???

Life Lesson

Somebody asked me once, "How do you deal with assholes?"

Feingold has his own special way. He's getting fed up.

Sen. Feingold walks out as Marriage Amendment Hearing moved behind closed doors

Wednesday, May 17, 2006

The Apotheosis of Capitalism


Judge: Documents On AT&T Surveillance Allowed


U.S. District Judge Vaughn Walker rejected a bid by AT&T Inc. to return the records that were given to the privacy advocate Electronic Frontier Foundation by a former AT&T technician. But Walker said the records would remain under seal until it can be determined whether they reveal trade secrets.
Spying on your customers is a trade secret????

Amazing

Meet Your New Masters

Max Boot in the LA Times

Forget Privacy, we need to spy more.
This archaic law(FISA) should be euthanized. Replace it with legislation that gives the president permission to order any surveillance deemed necessary, subject to only one proviso: If it is later determined that an intelligence-gathering operation was not ordered for legitimate national security objectives — if, for instance, it was designed to gather dirt on political opponents — then the culprits would be punished with lengthy prison sentences.


I see your "lengthy prison sentence" and raise you a "rendition" and a side bet of "death sentence" for treason. I'm sure the inhabitants of the White House would agree. They're certainly not "civil liberties absolutists."

Either that or blow me.

666

Six month's from now...
Any day now...
We're turning the corner...


Tiny bubbles

Dusty Foggo was a bigger ho than the Don himself.

Aesthetics



Hey you!!  Better not be singing our songs on that guitar!


LOS ANGELES (Reuters)
- The recording industry on Tuesday
sued XM Satellite Radio Holdings Inc., alleging its Inno device
that can store music infringes on copyrights and transforms a
passive radio experience into the equivalent of a digital
download service like iTunes.

Tuesday, May 16, 2006

Sigh

Never mind.....

Greenwald -
A front-page article in this morning's The Hill reports that Sen. Specter has finally made enough concessions to secure the support of the more right-wing members of the Judiciary Committee for his legislation that (along with a bill from Sen. DeWine) would render legal the NSA warrantless eavesdropping program.
So we're all good Amerikans now. We have now given away the "Fourth Amendment" without even a fight, without even a whimper from the Judiciary Branch and without even knowing what the "program" is.

Devo was right.
They tell us that
We lost our tails
Evolving up
From little snails
I say its all
Just wind in sails
Are we not men?
We are devo!
Were pinheads now
We are not whole
Were pinheads all
Jocko homo
Are we not men?
D-e-v-o
Monkey men all
In business suit
Teachers and critics
All dance the poot
Are we not men?
We are devo!
Are we not men?
D-e-v-o
God made man
But he used the monkey to do it
Apes in the plan
Were all here to prove it
I can walk like an ape
Talk like an ape
I can do what a monkey can do
God made man
But a monkey supplied the glue
We must repeat
O.k. lets go!
- Devo, Jocko Homo (1988)

Sunday, May 14, 2006

The Questions

The Right Questions: Question One

Tony Snow: Well, in this particular case, again, we're neither confirming or denying the existence of the program. The President was pretty clear --I mean, I'll just -- this is where I will reiterate the points he made yesterday, which is number one, we don't listen to domestic phone calls without court approval. You have all reported that, that the allegations in USA Today have nothing to do with listening in....via Holden's obsession

Dana Perino: There is no listening-in on domestic phone calls without court approval...The government has no interest in knowing what innocent Americans are talking about on their domestic phone calls.
Stephen Hadley: I can't, sitting here, confirm or deny the claims that are in the USA Today story. But it's very interesting what that story does not claim. It does not claim that the government was listening on domestic phone calls. It does not claim that names were passed, that addresses were passed, that content was passed. It's really about calling records, if you read the story--who was called when and how long did they talk. And these are business records that have been held by the courts not to be protected by a right of privacy. And there are a variety of ways in which those records lawfully can be provided to the government.

Of course they don't "listen to domestic phone calls". You cannot "listen" to numbers passing over a fiber optic cable. However, you can certainly capture the numbers that, if decoded correctly, can be transformed into audible sounds of conversations.

DO NOT ASK THIS QUESTION:

Does the Terrorist Surveillance program capture domestic conversations?

ASK THIS QUESTION:

Does any program within the purview of the NSA capture the content of domestic conversations in digital format?


Saturday, May 13, 2006

"Absence of Evidence is not Evidence of Absence"
Donald Rumsfeld



As I had said earlier in the pieces regarding this surveillance program and has been borne out in every detail during it's entire history, phone call surveillance is a crimson red and monstrous herring. Talk about phone conversations is absolutely irrelevant. The real story, the program which this administration and AT&T/Verizon/Sprint etc. want to keep muffled, is the Internet Surveillance program. Let me explain again in very simple terms.

This is a phone.


When you call somebody long distance from this little contraption, your voice, as an audible SOUND, is carried from the handset through several switches and more often than not, will be converted into NUMBERS that looks like this.

100100011110100100011110101101001011011


At the point your call reaches the big backbone that AT&T or (insert favorite telco here). Those numbers join billions of other promiscuous numbers over a fiber about this wide ||.

Along with those numbers that represent phonecalls are numbers that represent email, numbers that represent web browsing, numbers that represent porn, numbers that represent poems, numbers that represent other numbers. Numbers that represent corporate data which represent your medical data, your financial data going across these backbones. NUMBERS PEOPLE. NUMBERS, NUMBERS, NUMBERS


Now let me "speak" slowly and clearly. NUMBERS ARE NOT SOUNDS. I repeat. NUMBERS ARE NOT SOUNDS. This was understood pretty well by our ancestors, some time before the Greeks, but apparently in this era of mass insanity, those particular brain cells concerned with logic and clear thinking are somehow missing. From this seemingly small and self-evident fact comes an important, vitally important message:
99% of the time, politicians, both Democrat and Republican, and all of corporate media and polling firms will be using the words "WIRETAP", "LISTENING ON CONVERSATIONS" or some reference to audible communications. When anybody says "WIRETAP", BY LAW, they are not talking about looking at these NUMBERS going across AT&Ts backbone network. Nobody can hook a "WIRETAP" to a fiber. It is impossible. When anybody uses the word "WIRETAP" they ARE NOT talking about the current program. When anybody uses the phrase "COLLECTING NUMBERS" or the word "PEN REGISTER", they ARE talking about this program.
Senator Sessions and the rest of Republican cloaking device liberally sprinkled these words and others in their first attempt Thursday before the Committee on the Judiciary to put forth a legal claim that will be used continuously in the future by this Executive Branch and it's Congress and presented as justification to the Judicial Branch. Their frame will be:
There is no wiretapping or listening or datamining of conversations. We are collecting numbers, using pen trap registers, according to law. We are not invading privacy, because there is no 'reasonable expectation of privacy' for numbers on AT&T's network. That's the law.
And insofar as we allow these people to use these words and we in turn use them uncritically, we will ignore the real threat to our Fourth Amendment.

Now read the posts below for the detail. CorrenteWire, the original host of edited versions of these pieces, seems to be down.
Follow the Words
(12/21/05)

These fuckers are scared silly about this surveillance story. NYT bonzos called in to the White House. Gonzo and Condi fumbling for the right words. Cheney cuts his trip short.


What would be the legal ramifications of one agency, which is forbidden to spy domestically, were to set up the technical apparatus and then hand over the apparatus to another agency who actually had such domestic powers?

Why does the administration or it's mouthpieces always refer to “wiretaps” and phonecalls, i.e. analog type conversations? I draw your attention to the EFF's Analysis of Section 214 & 216 of the 2001 Patriot Act
http://www.eff.org/patriot/sunset/214.php

Before the PATRIOT Act, the government could only get a FISA pen-trap order when the communications to be monitored were likely to be either (1) those of an international terrorist or spy or (2) those of a foreign power or its agents relating to the criminal activities of an international terrorist or spy. PATRIOT 214 threw out this requirement. Now, any innocent person's communications can be tapped with a pen-trap so long as it is done "for" an intelligence investigation. The FBI doesn't have to demonstrate to the FISA court that the communications are relevant to its investigation. Nor can the court deny the FBI's request; if the FBI certifies the tap is "for" such an investigation, the FISA court must issue the order.

That Section 214 lowered the standard for FISA pen-traps is even more disturbing in light of the fact that PATRIOT Section 216 expanded their reach. Unlike regular wiretaps issued under much stricter standards, pen-traps aren't supposed to collect the actual content of your communications, such as what you say on the telephone. Instead, they capture "non-content" information about your communications, such as the telephone numbers that you dial or the numbers of people who call you.

Before PATRIOT, the statute defined pen registers and trap-and-trace devices solely in the context of telephone communications. But Section 216, which does not sunset, expanded the pen-trap definition to include devices that monitor Internet communications, without clarifying what portions of Internet communications are "content," requiring a full wiretap order, versus "non-content," which can be legally acquired only with a pen-trap order. At the very least, this change means that the government can use a pen-trap to see the email addresses of people you’re sending email to and the addresses of people who send email to you, along with the timestamp and size in bytes of each email. The FBI can monitor the IP addresses of all the computers you interact with over the Internet, or capture the IP addresses of every person visiting a particular website. Under the vaguely written statute, it may even be able to capture the URL of every web page that you read, although the FBI refuses to confirm or deny whether it has done so.

So what does this mean?

  • Anytime anyone in the administration says that everything remains the same with “wiretaps”, they are parsing words. This has nothing to with “wiretaps.” “Wiretap”, in this instance, is a term of art referring to analog communications. The above section of the Patriot Act is referring to Internet monitoring.

  • As most online discussion has pointed out, this gave Bush the powers he needed. So why did he not get the warrants needed retroactively? I believe that the law was drafted in haste by lawyers and staff who had only a cursory knowledge of the technology. Once this was put into operation and the administration saw the result (e.g. 9,000 traffic flows with 18000 IP addrs) the career DOJ guys freaked. They probably registered their opinion which is probably sitting in the NYTimes safe, still unpublished. Now that's happened before.

Network Architecture of Treason

(12/24/05)

So how would an agency go about surveillance on overseas Internet traffic on a massive scale?

First of all, one has to place monitors, probes or taps on the Internet. Where would one place them? That's pretty simple. Let's look at CAIDA's Internet topology map. http://www.caida.org/analysis/topology/as_core_network/AS_Network.xml











This shows a snapshot of the major "choke" points for Internet traffic as it exists today. There are not that many core points, especially if we are only concerned with international traffic.

(Post Post - Does this image look familiar??)











(Courtesy CorrenteWire placeholder)


Let's just say that we want to set up monitoring on the top 20 nodes in this diagram. Now what does our monitor or probe need to look like in terms of compute power and storage.

For that we can go to a typical packet trace analysis of one the core carriers at this link.

http://ipmon.sprint.com/packstat/packet.php?040206

Notice anything interesting here? Link utilization for these links is minimal. These OC48 links can support up to 2.5 gigabits/sec but the utilization is barely more than 100 megabits per second. And the storage needed for these traces is minimal as well.

But do we have to monitor all that traffic? If we look at the application breakdown, we see that appr. 50% is http traffic. If we add email, the total is about 60%. That means that we're looking at doing deep packet inspection, etc. on only about 50 or 60 megabits/ sec. You can do that with an off-the-shelf $1000 Dell server. Storage is just as cheap. In fact, I found a little Powerpoint slide on the Internet that Amogh Dhamdhere from Georgia Tech did, illustrating the Sprint IPMON architecture.

http://www.cc.gatech.edu/classes/AY2004/cs8803ntm_fall/amogh.ppt

Monitoring like this for research and Quality of Service motives has been going on for years. Remember, when TCP/IP was first developed, security was not the issue, survivability was the issue. More recently, packet inspection techniques have been applied by the major ISPs to thwart Denial of Service attacks, worms and so on.

So how does one spot a DoS attack or worm? Simply by recognizing a pattern or signature in the traffic. What is the difference between a malicious pattern and a certain set of words in an email or an http flow? Simple semantics…or semiotics depending on your philosophy.



Monday, May 08, 2006

Military coups don't happen in our neck of the woods.

Vidiot Speak

and now a word from our sponsor.