dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
940
share rss forum feed

MaynardKrebs
Heave Steve, for the good of the country
Premium
join:2009-06-17
kudos:4

Pervasive DPI in Russia starts today

»www.wired.com/dangerroom/2012/11···nce/all/

“You open the envelope, not just read the address on a letter,” said an engineer dealing with DPI.

“There may be devices to copy traffic. DPI helps analyze it. And there will be a detailed log: what is downloaded by whom, and who looked for what on the internet.”

....small ISPs seem to have already found a cheap solution, Shkalikov explained. “There is a big market of used CISCO DPI solutions, you can buy them for truly laughable sums. Something like $2,000 (in the US — in Russia the real figure is $7,000, bearing in mind that a new device costs over $100,000). And software can be stolen. CISCO is less functional than Sandvine, but it might at least satisfy the state regulator.”

-----

In the mid 1980s a KGB research institute developed the technical foundations of what was later to be known as SORM — a nationwide of automated and remote legal interception on all kinds of communications.

Full implementation of the project only happened in 1992, when the Ministry of Communications signed-off on the first SORM-related document, forcing telecom operators to allow the secret services to intercept phone conversations and mail. The public first became aware of SORM in 1998 when the FSB, Ministry of Communications, and supervisory agencies developed new regulations for installing interception devices on servers run by ISPs. In the first decade of the millennium, SORM equipment was installed by all ISPs and operators of mobile and landline networks.

The idea of connecting SORM with operators’ DPI seemed not to bother anybody in the room. Alexander Pershov, long-serving official with the Ministry of Communications, outlined the Ministry’s general way of thinking: “The requirements for building networks need to be coordinated with the FSB to ensure that everything is done properly in terms of SORM.”

Technically it poses no problem, we were told by engineers dealing with DPI.

“Allot is perfectly compatible with SORM, and we know it,” Roman Ferster confirmed. “There is a very simple solution,” Alexander Shkalikov said. “We did it. [With] DPI, [we] can simply mirror traffic, not redirect it. This is very convenient because DPI [helps] you copy not all traffic but only a certain protocol or traffic of certain customers. For example, if you know that [Alexei] Navalny, one of the most famous opposition leaders, is a customer of a known operator, you may get all Navalny traffic to be copied through the DPI to the external system. It’s real. And it even shows you which sites he has been to.”


The surveillance technology that works for tracking Navalny can work for millions of Russians. And the switch gets flipped on today.

----------------------

Beware all Canadians doing business via e-mail and file transfer in Russia. And you don't have to be in Canada either or communicating with a Russian .... say you're in Europe on business and need to correspond with a supplier/customer in Japan. Chances are good the routing will take it on a trans-Siberian fibre connection. Do you think the Russians won't intercept? The Americans intercept everything that crosses their borders.

Time for PGP 100% of the time.

alpovs

join:2009-08-08
Looks like they are just catching up with the Americans.

I read somewhere that 80% of the Russian external traffic goes (or used to go) through Sweden. And the Swedish dump/mirror this traffic to the Americans. Now the Russians can spy on their own traffic too.


mlerner
Premium
join:2000-11-25
Nepean, ON
kudos:5
reply to MaynardKrebs
Just use VPN tunnels or encrypted emails and you'll be fine. Hell, I wouldn't be surprised if the use of VPN services in Russia sky rockets.

ConstantineM

join:2011-09-02
San Jose, CA
reply to MaynardKrebs

Trans-Siberian fibre is myth

said by MaynardKrebs:

Beware all Canadians doing business via e-mail and file transfer in Russia. And you don't have to be in Canada either or communicating with a Russian .... say you're in Europe on business and need to correspond with a supplier/customer in Japan. Chances are good the routing will take it on a trans-Siberian fibre connection.

Bullshit. All traffic between even Moscow and Japan goes thorough the US of A. Trans-Siberian fibre is a myth!

# traceroute www.allbsd.org
traceroute to www.allbsd.org (133.31.130.35), 64 hops max, 40 byte packets
 1  gw.webdc.ru (188.120.247.254)  0.993 ms  0.728 ms  1.325 ms
 2  xe200-40.webdc.ru (92.63.108.89)  1.393 ms  0.573 ms  0.376 ms
 3  xe012-438.RT.MR.MSK.RU.retn.net (87.245.254.61)  0.975 ms  0.971 ms  0.971 ms
 4  xe000-8.RT.TLX.NYC.US.retn.net (87.245.233.114)  124.940 ms  124.901 ms  124.915 ms
 5  198.32.160.42 (198.32.160.42)  124.913 ms  124.912 ms  124.903 ms
 6  sjc002bb01.IIJ.net (206.132.169.206)  210.386 ms  210.274 ms  210.348 ms
 7  sjc002bf01.IIJ.net (206.132.169.245)  210.376 ms
    sjc002bf00.IIJ.net (206.132.169.241)  240.850 ms
    sjc002bf02.IIJ.net (206.132.169.249)  210.359 ms
 8  tky001bf00.IIJ.net (206.132.169.106)  304.305 ms  304.396 ms
    tky001bf01.IIJ.net (206.132.169.161)  309.738 ms
 9  tky009bb11.IIJ.Net (58.138.80.194)  314.201 ms
    tky009bb10.IIJ.Net (58.138.80.190)  312.278 ms
    tky009bb11.IIJ.Net (58.138.80.210)  311.295 ms
10  tky009ipgw10.IIJ.Net (58.138.112.154)  315.308 ms
    tky009ipgw11.IIJ.Net (58.138.112.150)  333.802 ms
    tky009ipgw11.IIJ.Net (58.138.112.158)  313.303 ms
11  tky009ip71.IIJ.Net (58.138.112.110)  315.279 ms
    tky009ip71.IIJ.Net (58.138.112.102)  307.802 ms  310.305 ms
12  210.138.9.166 (210.138.9.166)  315.855 ms  313.302 ms  310.320 ms
13  133.31.14.2 (133.31.14.2)  317.851 ms  315.746 ms  319.372 ms
14  vlsi03.si.noda.tus.ac.jp (133.31.130.35)  310.748 ms  314.301 ms  307.839 ms
0.000u 0.012s 0:20.37 0.0%0+0k 0+0io 0pf+0w
 

Find me a single traceroute between Europe and Japan that doesn't go through NYC and SJC.

said by MaynardKrebs:

Do you think the Russians won't intercept? The Americans intercept everything that crosses their borders.

Yes, I think Russians won't intercept, because Europe/Japan traffic hardly ever (if at all) goes through Russia. Arguably, the US of A still has an undisputed monopoly on global traffic interception. Your example is quite poor and unsupported by any evidence. :p

On a serious note, do you think it's fair that the NSA of the US gets to inspect Russian traffic between Moscow and Japan, and FSB would not? Where's the notion of sovereign independence and equality?! :p

MaynardKrebs
Heave Steve, for the good of the country
Premium
join:2009-06-17
kudos:4
said by ConstantineM:

# traceroute www.allbsd.org
traceroute to www.allbsd.org (133.31.130.35), 64 hops max, 40 byte packets
1 gw.webdc.ru (188.120.247.254) 0.993 ms 0.728 ms 1.325 ms
2 xe200-40.webdc.ru (92.63.108.89) 1.393 ms 0.573 ms 0.376 ms
3 xe012-438.RT.MR.MSK.RU.retn.net (87.245.254.61) 0.975 ms 0.971 ms 0.971 ms
4 xe000-8.RT.TLX.NYC.US.retn.net (87.245.233.114) 124.940 ms 124.901 ms 124.915 ms
4a totalinformationawareness.NSA.gov (redacted.redacted.redacted.redacted) 0.001 ms 0.001 ms 0.001 ms
5 198.32.160.42 (198.32.160.42) 124.913 ms 124.912 ms 124.903 ms
6 sjc002bb01.IIJ.net (206.132.169.206) 210.386 ms 210.274 ms 210.348 ms
7 sjc002bf01.IIJ.net (206.132.169.245) 210.376 ms
sjc002bf00.IIJ.net (206.132.169.241) 240.850 ms
sjc002bf02.IIJ.net (206.132.169.249) 210.359 ms
8 tky001bf00.IIJ.net (206.132.169.106) 304.305 ms 304.396 ms
tky001bf01.IIJ.net (206.132.169.161) 309.738 ms
9 tky009bb11.IIJ.Net (58.138.80.194) 314.201 ms
tky009bb10.IIJ.Net (58.138.80.190) 312.278 ms
tky009bb11.IIJ.Net (58.138.80.210) 311.295 ms
10 tky009ipgw10.IIJ.Net (58.138.112.154) 315.308 ms
tky009ipgw11.IIJ.Net (58.138.112.150) 333.802 ms
tky009ipgw11.IIJ.Net (58.138.112.158) 313.303 ms
11 tky009ip71.IIJ.Net (58.138.112.110) 315.279 ms
tky009ip71.IIJ.Net (58.138.112.102) 307.802 ms 310.305 ms
12 210.138.9.166 (210.138.9.166) 315.855 ms 313.302 ms 310.320 ms
13 133.31.14.2 (133.31.14.2) 317.851 ms 315.746 ms 319.372 ms
14 vlsi03.si.noda.tus.ac.jp (133.31.130.35) 310.748 ms 314.301 ms 307.839 ms
0.000u 0.012s 0:20.37 0.0%0+0k 0+0io 0pf+0w

You left out one hop


mlerner
Premium
join:2000-11-25
Nepean, ON
kudos:5
reply to MaynardKrebs

Re: Pervasive DPI in Russia starts today

That would be some magic routing considering 0.001 ms would logically be around hop 1.


hm

@videotron.ca
said by mlerner:

That would be some magic routing considering 0.001 ms would logically be around hop 1.

They might use Bell's Fibe-to-the-Air
»Re: [Mobile] Bell Freedom Day Approaches

Or it could be Bell's wireless:
»Re: [Mobile] Bell Freedom Day Approaches

MaynardKrebs
Heave Steve, for the good of the country
Premium
join:2009-06-17
kudos:4
reply to mlerner
said by mlerner:

That would be some magic routing considering 0.001 ms would logically be around hop 1.

NSA can do anything with the budget they have

funny0

join:2010-12-22
reply to MaynardKrebs
said by MaynardKrebs:

»www.wired.com/dangerroom/2012/11···nce/all/

“You open the envelope, not just read the address on a letter,” said an engineer dealing with DPI.

“There may be devices to copy traffic. DPI helps analyze it. And there will be a detailed log: what is downloaded by whom, and who looked for what on the internet.”

....small ISPs seem to have already found a cheap solution, Shkalikov explained. “There is a big market of used CISCO DPI solutions, you can buy them for truly laughable sums. Something like $2,000 (in the US — in Russia the real figure is $7,000, bearing in mind that a new device costs over $100,000). And software can be stolen. CISCO is less functional than Sandvine, but it might at least satisfy the state regulator.”

-----

In the mid 1980s a KGB research institute developed the technical foundations of what was later to be known as SORM — a nationwide of automated and remote legal interception on all kinds of communications.

Full implementation of the project only happened in 1992, when the Ministry of Communications signed-off on the first SORM-related document, forcing telecom operators to allow the secret services to intercept phone conversations and mail. The public first became aware of SORM in 1998 when the FSB, Ministry of Communications, and supervisory agencies developed new regulations for installing interception devices on servers run by ISPs. In the first decade of the millennium, SORM equipment was installed by all ISPs and operators of mobile and landline networks.

The idea of connecting SORM with operators’ DPI seemed not to bother anybody in the room. Alexander Pershov, long-serving official with the Ministry of Communications, outlined the Ministry’s general way of thinking: “The requirements for building networks need to be coordinated with the FSB to ensure that everything is done properly in terms of SORM.”

Technically it poses no problem, we were told by engineers dealing with DPI.

“Allot is perfectly compatible with SORM, and we know it,” Roman Ferster confirmed. “There is a very simple solution,” Alexander Shkalikov said. “We did it. [With] DPI, [we] can simply mirror traffic, not redirect it. This is very convenient because DPI [helps] you copy not all traffic but only a certain protocol or traffic of certain customers. For example, if you know that [Alexei] Navalny, one of the most famous opposition leaders, is a customer of a known operator, you may get all Navalny traffic to be copied through the DPI to the external system. It’s real. And it even shows you which sites he has been to.”


The surveillance technology that works for tracking Navalny can work for millions of Russians. And the switch gets flipped on today.

----------------------

Beware all Canadians doing business via e-mail and file transfer in Russia. And you don't have to be in Canada either or communicating with a Russian .... say you're in Europe on business and need to correspond with a supplier/customer in Japan. Chances are good the routing will take it on a trans-Siberian fibre connection. Do you think the Russians won't intercept? The Americans intercept everything that crosses their borders.

Time for PGP 100% of the time.

and guess what scaremonger this has been case for what ...
LIKE FOREVER....if whatever your doing requires security get an aes 256 encryption app and share keys in secure ways....

then enjoy
every other known way of encryption has exploits....
your vpns are not secure , ssl is not secure....and they want it this way....