On Jun 6, 2013, at 10:25 PM, jamie rishaw <j@arpa.com> wrote:
<tinfoilhat> Just wait until we find out dark and lit private fiber is getting vampired. </tinfoilhat>
well, that's exactly and the only thing what would not surprise me, given the eff suit and mark klein's testimony about room 421a full of narus taps. mark klein is an utterly convincing and credible guy on this subject of tapping transit traffic. but the ability to assemble intelligence out of taps on providers' internal connections would require reverse engineering the ever changing protocols of all of those providers. and at least at one of the providers named, where i worked on security and abuse, it was hard for us, ourselves, to quickly mash up data from various internal services and lines of business that were almost completely siloed -- data typically wasn't exposed widely and stayed within a particular server or data center absent a logged in session by the user. were these guys scraping the screens of non-ssl sessions of interest in real time? with asymmetric routing, it's hard to reassemble both sides of a conversation, say in IM. one side might come in via a vip and the other side go out through the default route, shortest path. only *on* a specific internal server might you see the entire conversation. typically only the engineers who worked on that application would log on or even know what to look for. and also, only $20m/year? in my experience, the govt cannot do anything like this addressing even a single provider for that little money. and pretty much denials all around. so at the moment, i don't believe it. (and i hope it's not true, or i might have to leave this industry in utter disgust because i didn't notice this going on in about 8 years at that provider and it was utterly contrary to the expressed culture. take up beekeeping, or alcohol, or something.).
-- Jamie Rishaw // .com.arpa@j <- reverse it. ish. arpa / arpa labs