Big Brother Has Unstoppable Online Spies
A powerful type of snooping called traffic analysis takes a new twist on old military techniques to break through almost any attempt to maintain your privacy online.
In a book I’m reading called Blink, Malcom Gladwell writes about Allied military intelligence in WWII listening in on Morse Code transmissions from the Germans. The transmissions themselves were coded, so the listeners couldn’t figure out just what was being said.
But by listening to the transmissions over and over, people were able to identify individual people by virtue of their ‘fist,’ or the particular way they would tap out messages. The length of time a person would spend on dots or dashes, pauses between sequences and other information was enough to positively ID individuals.
And once we knew just who was sending messages, we were able to make associations like ‘that’s John’s fist, and he travels with this particular tank battalion, so that battalion must be mobilizing in this area.’ Very useful intelligence – and it didn’t require knowing anything about what was actually being transmitted.
Fast-forward 60-odd years, and we’re seeing the same types of techniques being applied today for Internet traffic analysis. In a session this morning at the BlackHat security conference, presenters talked about how someone able to watch Internet traffic flows could identify particular computers, figure out what OS a particular computer or server is running (useful info if you want to launch an attack), or even possibly crack SSH passwords.
By looking at things like the destination, the timing of the traffic flow, where the data comes from and other information, Jon Callas, CTO of the PGP Corporation, says it may even be possible to watch encrypted traffic and still be able to identify when a particular movie is played, or a particular song is downloaded or played. According to Callas, the popular CDDB music database uses just this type of traffic analysis and pattern recognition – ie. how many songs, how long they are – to attempt to identify a particular album without knowing what’s in the music files.
Countermeasures like the Tor privacy network can defend against traffic analysis snooping from small players who only tap into one point to spy, according to Nick Mathewson, one of Tor’s developers. But he says “there’s no way to resist stronger eavesdroppers” like the government or a huge network provider like AT&T who can pull in a lot of data from two or more points and use these techniques. Such protection could be 10 years away or more, he says.
AT&T, by the way, recently announced it would develop anti-piracy technology for its network to catch movie and music pirates. It didn’t give any details as to how they might go about it, but considering that people might scream bloody murder if the company tried to pry into the actual information any given person sent in search of pirated material, I could easily see the company using some sort of traffic analysis for their to-come technology.
While I for one don’t much like the thought of an inescapably watchful online eye, there could be a silver lining here with an application for the fight against botnets. The increasingly common distributed networks of malware-infected computers are becoming harder to shut down as online crooks use stealthier techniques to hide their tracks, but traffic analysis could help pinpoint where the bots are hiding.
PC World's Marketplace
PC World's Free Whitepapers
tech news tech blogs community & forums laptop prices software reviews downloads
