SSL and internet security news

Tag Archive: surveillance

Auto Added by WPeMatico

How Did the Feds Identity Dread Pirate Roberts?

Last month, I wrote that the FBI identified Ross W. Ulbricht as the Silk Road’s Dread Pirate Roberts through a leaky CAPTCHA. Seems that story doesn’t hold water:

The FBI claims that it found the Silk Road server by examining plain text Internet traffic to and from the Silk Road CAPTCHA, and that it visited the address using a regular browser and received the CAPTCHA page. But [Nicholas] Weaver says the traffic logs from the Silk Road server (PDF) that also were released by the government this week tell a different story.

“The server logs which the FBI provides as evidence show that, no, what happened is the FBI didn’t see a leakage coming from that IP,” he said. “What happened is they contacted that IP directly and got a PHPMyAdmin configuration page.” See this PDF file for a look at that PHPMyAdmin page. Here is the PHPMyAdmin server configuration.

But this is hardly a satisfying answer to how the FBI investigators located the Silk Road servers. After all, if the FBI investigators contacted the PHPMyAdmin page directly, how did they know to do that in the first place?

“That’s still the $64,000 question,” Weaver said. “So both the CAPTCHA couldn’t leak in that configuration, and the IP the government visited wasn’t providing the CAPTCHA, but instead a PHPMyAdmin interface. Thus, the leaky CAPTCHA story is full of holes.”

My guess is that the NSA provided the FBI with this information. We know that the NSA provides surveillance data to the FBI and the DEA, under the condition that they lie about where it came from in court.

NSA whistleblower William Binney explained how it’s done:

…when you can’t use the data, you have to go out and do a parallel construction, [which] means you use what you would normally consider to be investigative techniques, [and] go find the data. You have a little hint, though. NSA is telling you where the data is…

Powered by WPeMatico

NSA Has Undercover Operatives in Foreign Companies

The latest Intercept article on the Snowden documents talks about the NSA’s undercover operatives working in foreign companies. There are no specifics, although the countries China, Germany, and South Korea are mentioned. It’s also hard to tell if the NSA has undercover operatives working in companies in those countries, or has undercover contractors visiting those companies. The document is dated 2004, although there’s no reason to believe that the NSA has changed its behavior since then.

The most controversial revelation in Sentry Eagle might be a fleeting reference to the NSA infiltrating clandestine agents into “commercial entities.” The briefing document states that among Sentry Eagle’s most closely guarded components are “facts related to NSA personnel (under cover), operational meetings, specific operations, specific technology, specific locations and covert communications related to SIGINT enabling with specific commercial entities (A/B/C)””

It is not clear whether these “commercial entities” are American or foreign or both. Generally the placeholder “(A/B/C)” is used in the briefing document to refer to American companies, though on one occasion it refers to both American and foreign companies. Foreign companies are referred to with the placeholder “(M/N/O).” The NSA refused to provide any clarification to The Intercept.

That program is SENTRY OSPREY, which is a program under SENTRY EAGLE.

The document makes no other reference to NSA agents working under cover. It is not clear whether they might be working as full-time employees at the “commercial entities,” or whether they are visiting commercial facilities under false pretenses.

Least fun job right now: being the NSA person who fielded the telephone call from the Intercept to clarify that (A/B/C)/(M/N/O) thing. “Hi. We’re going public with SENTRY EAGLE next week. There’s one thing in the document we don’t understand, and we wonder if you could help us….” Actually, that’s wrong. The person who fielded the phone call had no idea what SENTRY EAGLE was. The least fun job belongs to the person up the command chain who did.

Wired article. Slashdot and Hacker News threads.

Powered by WPeMatico