"Your concerns in http://cryptome.org/gov-deepnet.htm are very practical. Your site is *deep*, targeted, very insightful research material. More than any site I've seen on the net, it directly helps us all be informed netizens of the world. I am a computer scientist with experience in security issues, privacy, cyber ethics, and an interest in civil rights, etc.
If I were 'on the other side' I'd be:
- putting sniffers in upstream;- pulling the IP addresses of the readers from the packets;
- look at the keywords people used in the search engines to find your sites in the case of new readers;
- compile dossies on folks in cyber space who are regulars.
- I'd consider them possible 'black hats'.- I'd use cyber sleuthing to check them out (port scans, out and out exploits, trojans, viruses etc).
What I'm getting to, is that it behooves you not to let your service become a drawing card, that intelligence agencies use to target individuals for further observing. Your comments in that posting are a good start. There are techniques to detect packet sniffing, and other cyber measures. I'm sure you already are doing a lot, I just want to underscore the enormous possibility (especially post 9/11) that your site will be used against the its readers, which I imagine is wholly repugnant to you."
-- Anonymous, 29 January 2002
Cryptome welcomes comments on its possible use as a covert snare for its readers and any information concerning other sites being used for that purpose, as well as suggested countermeasures for public sites and their readers. Confidential and anonymous info invited from sysadmins who see and are disgusted at these operations now that the USG is pouring huge amounts of funding into covertly cooperating, patriotically greedy telecommunications, ISPs and cyber security snake oil firms. Protect yourself by using an anonymizing service that has not been coopted by the deep black hats. Send to: jya@pipeline.com
11 January 2002
An anonymous ISP representative responds to "ISPs Not Filtering Viruses:"
A major US ISP which is a subsidiary of a foreign corporation hosts a US government operation to monitor all traffic handled by the ISP at a central network operations center. This operation was set up as a condition for the foreign corporation to acquire the ISP and as far as known is not the result of a court order. No officer or employee of the foreign corporation or the ISP subsidiary has access to or control over the operation. Traffic is monitored by personnel who have security clearances for handling confidential information acquired by monitoring. Streaming data may be searched for key words or other information, collected and transmitted to the sponsoring agency for analysis and evaluation.
The representative claims that another US government surveillance activity set up after September 11 is for ISPs to host sites set up to offer information likely to be sought by terrorists, such as detailed airline schedules or other dangerous information. The logs of access to these sites are copied to CDs daily and sent to the supervising agency. ISP personnel are forbidden to monitor the sites or examine the logs. Numerous US ISPs are allegedly involved in this activity. As far as known this activity is not the result of a court order.
Cryptome would appreciate learning more about such non-court-ordered governmental Internet monitoring for publication here. In particular, leads on information on the central monitoring operation at the foreign-owned ISP -- which sounds like a description of Verio, Cryptome's host, now owned by Japan's NTT Corporation. At the time of NTT's purchase of Verio, there were news reports of FBI objection to the sale unless arrangements were made to prevent foreign espionage and to avoid interference with lawful interceptions.
Cryptome has no knowledge that its logs are forwarded to officials but it would be a snap to do -- our two machines are located in Virginia (Cryptome) and California (JYA), traces below. So consider anonymizing your visits.
Anonymous contributions welcomed. Encrypt if preferred. Public key on Cryptome home page. Send to: jya@pipeline.com
================================================== === VisualRoute report on 11-Jan-02 4:12:49 PM === ================================================== Report for cryptome.org [161.58.201.197] Analysis: 'cryptome.org' [cryptome.vwh.net] was found in 14 hops (TTL=235). --------------------------------------------------------------------------------------------------------------------------------------------------------- | Hop | %Loss | IP Address | Node Name | Location | Tzone | ms | Graph | Network | --------------------------------------------------------------------------------------------------------------------------------------------------------- | 0 | | xxx.xxx.xxx.xxx | xxx | ... | | | | (private use) | | 1 | | 10.39.160.1 | - | ... | | 15 | -x- | (private use) | | 2 | | 24.29.98.105 | - | ?Herndon, VA 20171 | | 21 | -x----- | ServiceCo LLC - Road Runner | | 3 | | 24.29.98.5 | - | ?Herndon, VA 20171 | | 19 | -x--- | ServiceCo LLC - Road Runner | | 4 | | 24.29.97.21 | - | ?Herndon, VA 20171 | | 26 | --x---- | ServiceCo LLC - Road Runner | | 5 | | 24.29.97.38 | - | ?Herndon, VA 20171 | | 28 | --x---- | ServiceCo LLC - Road Runner | | 6 | | 66.185.137.193 | pop1-nye-P0-2.atdn.net | ?Reston, VA 20191 | | 15 | -x- | AOL Transit Data Network | | 7 | | 209.249.119.245 | above-aol.lga1.above.net | New York, NY, USA | -05:00 | 13 | x- | Abovenet Communications, Inc. | | 8 | | 208.184.233.61 | iad1-lga1-oc192-2.iad1.above.net | Vienna, VA, USA | -05:00 | 18 | x | Abovenet Communications, Inc. | | 9 | | 208.185.0.141 | core3-core4-oc48.iad1.above.net | Vienna, VA, USA | -05:00 | 18 | x- | Abovenet Communications, Inc. | | 10 | | 209.133.31.106 | p1-0.mfn.mclnva01.us.bb.verio.net | Mclean, VA, USA | -05:00 | 18 | x | Abovenet Communications, Inc. | | 11 | | 129.250.2.146 | p4-6-2-0.r00.stngva01.us.bb.verio.net | Sterling, VA, USA | -05:00 | 51 | x-- | Verio, Inc. | | 12 | | 129.250.27.186 | ge-1-1.r0709.stngva01.us.wh.verio.net | Sterling, VA, USA | -05:00 | 51 | x | Verio, Inc. | | 13 | | 161.58.129.85 | ge-26.a0711.stngva01.us.wh.verio.net | Sterling, VA, USA | -05:00 | 49 | x- | ?161.58.129.0 | | 14 | | 161.58.201.197 | cryptome.org | - | | 49 | x- | ?161.58.201.0 | --------------------------------------------------------------------------------------------------------------------------------------------------------- Roundtrip time to cryptome.org, average = 49ms, min = 48ms, max = 53ms -- 11-Jan-02 4:12:49 PM
================================================== === VisualRoute report on 11-Jan-02 4:14:24 PM === ================================================== Real-time report for jya.com [128.121.222.215] (70% done) Analysis: 'jya.com' [jya1.vwh.net] was found in 15 hops (TTL=237). ----------------------------------------------------------------------------------------------------------------------------------------------------------- | Hop | %Loss | IP Address | Node Name | Location | Tzone | ms | Graph | Network | ----------------------------------------------------------------------------------------------------------------------------------------------------------- | 0 | | xxx.xxx.xxx.xxx | xxx | ... | | | | (private use) | | 1 | | 10.39.160.1 | - | ... | | 19 | -x- | (private use) | | 2 | | 24.29.98.105 | - | ?Herndon, VA 20171 | | 20 | -x- | ServiceCo LLC - Road Runner | | 3 | | 24.29.98.5 | - | ?Herndon, VA 20171 | | 22 | -x- | ServiceCo LLC - Road Runner | | 4 | | 24.29.97.21 | - | ?Herndon, VA 20171 | | 26 | -x-- | ServiceCo LLC - Road Runner | | 5 | | 24.29.97.38 | - | ?Herndon, VA 20171 | | 26 | -x-- | ServiceCo LLC - Road Runner | | 6 | | 66.185.137.193 | pop1-nye-P0-2.atdn.net | ?Reston, VA 20191 | | 23 | -x- | AOL Transit Data Network | | 7 | | 209.249.119.245 | above-aol.lga1.above.net | New York, NY, USA | -05:00 | 14 | x | Abovenet Communications, Inc. | | 8 | | 216.200.127.66 | sea1-lga1-oc48.sea1.above.net | Seattle, WA, USA | -08:00 | 99 | -x- | Abovenet Communications, Inc. | | 9 | | 208.184.102.177 | sjc2-sea1-oc48-2.sjc2.above.net | San Jose, CA, USA | -08:00 | 101 | x | Abovenet Communications, Inc. | | 10 | | 208.185.175.162 | pao1-sjc2-oc48-2.pao1.above.net | Palo Alto, CA, USA | -08:00 | 101 | x | Abovenet Communications, Inc. | | 11 | | 129.250.9.129 | p4-2-0-0.r06.plalca01.us.bb.verio.net | Palo Alto, CA, USA | -08:00 | 113 | x | Verio, Inc. | | 12 | | 129.250.3.162 | p16-0-0-0.r04.snjsca03.us.bb.verio.net | San Jose, CA, USA | -08:00 | 95 | x- | Verio, Inc. | | 13 | | 129.250.28.197 | ge-1-1.r03.snjsca03.us.wh.verio.net | San Jose, CA, USA | -08:00 | 97 | x--- | Verio, Inc. | | 14 | | 129.250.155.251 | ge-v-2.a0426.snjsca03.us.wh.verio.net | San Jose, CA, USA | -08:00 | 96 | x- | Verio, Inc. | | 15 | | 128.121.222.215 | jya.com | - | | 95 | x-- | Verio, Inc. | ----------------------------------------------------------------------------------------------------------------------------------------------------------- Roundtrip time to jya.com, average = 95ms, min = 94ms, max = 115ms -- 11-Jan-02 4:14:24 PM