This is what you get when you mess with us.

/This is what you get when you mess with us.

The story of KARMA POLICE. No, not the Radiohead song. The plan by the GCHQ to record everything you do online.

One of the things to note in this article is the throwaway line of, GCHQ taps into Internet cables to monitor communications on a vast scale. This is one of those things I think a lot of people don’t get about network security. In short, anyone who controls a particular network can monitor the traffic going across that network. This is just as true for the Starbucks wifi as it is for your employer’s network as it is for the government’s national telecommunications infrastructure. And yes, this includes decrypting “secure” traffic.1

Things like VPNs and TOR can mitigate against some of this snooping, but a dedicated attacker–or, more accurately, a dedicated attacker with sufficient resources–can get around that. And the government? Yeah. The government is a pretty fucking dedicated attacker, hey.2

The other thing to note in this article is the fact that the utility in mass surveillance comes from data correlation. This is both what you need to keep in mind any time a politician starts talking about it being “just” metadata and where the term “Big Data” comes from. The latter in particular is cute tech conference buzzword bingo nowadays, but it’s worth keeping in mind just what exactly the concept is primarily used for…

(Also: I will never not lol about how terrible the leaked intelligence agency PowerPoint slides are.)

  1. Re-encrypting it, particularly in a way such that the end user doesn’t notice it’s been done, is trickier, but by no means impossible. I’ve mentioned this before, but if you access the internet from work, I can guarantee you that they have an appliance in their gateway that does this. To test it, click on the little green padlock next to the alisfranklin.com in the address bar of your browser, and find the “view certificate” window. If it’s issued by anything other than cloudflaressl.com, then someone is eavesdropping on your traffic. ^
  2. Also, both TOR and VPNs come with their own problems. For a VPN, I sure hope you trust your VPN provider. For TOR, it’s the exit nodes. Basically, nothing is “secure”, just some things are less susceptible to some attacks and more susceptible to others. ^
2018-05-01T10:19:15+00:00 10th December, 2015|Tags: infosec, xp|1 Comment

One Comment

  1. crymestorage 9th December, 2015 at 10:50 pm

Comments are closed.