netflow in the core used for surveillance
https://www.vice.com/en/article/jg84yy/data-brokers-netflow-data-team-cymru used to get dissidents, activists, and journos killed at&t, comcast, ... zayo, please tell us you do not do this. randy
I would go on the assumption they do (or allow others to), always have and always will. And if not this way, they will find other ways such as one infamous example- https://en.wikipedia.org/wiki/Room_641A *-Brandon* On Wed, Aug 25, 2021 at 2:16 PM Randy Bush <randy@psg.com> wrote:
https://www.vice.com/en/article/jg84yy/data-brokers-netflow-data-team-cymru
used to get dissidents, activists, and journos killed
at&t, comcast, ... zayo, please tell us you do not do this.
randy
You know they do. On 8/25/2021 4:13 PM, Randy Bush wrote:
https://www.vice.com/en/article/jg84yy/data-brokers-netflow-data-team-cymru
used to get dissidents, activists, and journos killed
at&t, comcast, ... zayo, please tell us you do not do this.
randy
randy> https://www.vice.com/en/article/jg84yy/data-brokers-netflow-data-team-cymru randy> at&t, comcast, ... zayo, please tell us you do not do this. aaron> You know they do. No, you don't know that. The above all certainly collect this info. Not all sell it to anyone who asks.
You don't know that I don't know that. On 8/25/2021 4:32 PM, Paul Ebersman wrote:
randy> https://www.vice.com/en/article/jg84yy/data-brokers-netflow-data-team-cymru
randy> at&t, comcast, ... zayo, please tell us you do not do this.
aaron> You know they do.
No, you don't know that.
The above all certainly collect this info. Not all sell it to anyone who asks.
On Wed, Aug 25, 2021 at 5:39 PM Aaron Wendel <aaron@wholesaleinternet.net> wrote:
You don't know that I don't know that.
some probably do? you don't know which though? I think, though, that part of the problem the article does not point out is: 1) I run a network 2) I need (for reasons) netflow data and analysis 3) I can't do that my self <reasons> 4) several companies put hands up: "I can do that for you, costs $X/month and I have a nice dashboard! with graphs!" ok, so I bought that... and for another slice of product the company providing ALSO provides 'threat intelligence' or other things, based on my netflow and yours and hers... It's unclear to me that (if done properly) the data shown to me about 'threats' (or whatever): is not a conglomeration of all other customers of <fancy graph provider> (FGP) netflow data... is not available to internal tools of FGP, and internal users at FGP. is not being made available from FGP to <others> for money OR for 'good'. I don't think it's a surprise to anyone that netflow stitched together can reveal a lot about what's going on on your network, including: "who uses vpn service X?" or "vpn user X is possibly browsing site Y" etc...
On 8/25/2021 4:32 PM, Paul Ebersman wrote:
randy> https://www.vice.com/en/article/jg84yy/data-brokers-netflow-data-team-cymru
randy> at&t, comcast, ... zayo, please tell us you do not do this.
aaron> You know they do.
No, you don't know that.
The above all certainly collect this info. Not all sell it to anyone who asks.
On Wed, Aug 25, 2021 at 4:33 PM Paul Ebersman <list-nanog2@dragon.net> wrote:
randy> https://www.vice.com/en/article/jg84yy/data-brokers-netflow-data-team-cymru
randy> at&t, comcast, ... zayo, please tell us you do not do this.
aaron> You know they do.
No, you don't know that.
The above all certainly collect this info. Not all sell it to anyone who asks.
Well, not just anyone who asks. But perhaps some of those who ask. You, for example, as a random guy, might not have much luck. Various and sundry other organizations, on the other hand, would likely have much better luck, were they to pursue such a thing. Matt Harris|Infrastructure Lead 816-256-5446|Direct Looking for help? Helpdesk|Email Support We build customized end-to-end technology solutions powered by NetFire Cloud.
Randy, It is quite possible that some are simply the victim of their own ignorance. I know of an ISP where one of their last-mile hardware vendors was pushing hard to get junior technical staff and senior non-technical staff to agree to share netflow data. When senior technical staff found out, they told the vendor that they would not share the data and to stop. The vendor persisted. After probing to find out what vendor was used in the core & peering parts of the ISP's network, one of the vendor's staff kindly provided netflow configuration to the junior technical staff, along with specific instructions to apply it to their transit/peering ports. The destination of the flows was a server under the complete control of the vendor, not the ISP. This was brought to the attention of senior technical staff and you can guess what happened. The vendor is not one of the majors, they are still relatively young. I won't share the name on the list. -- Stephen On 2021-08-25 17:13, Randy Bush wrote:
https://www.vice.com/en/article/jg84yy/data-brokers-netflow-data-team-cymru
used to get dissidents, activists, and journos killed
at&t, comcast, ... zayo, please tell us you do not do this.
randy
Randy, We all know many folks send their *flow to someone or somewhere. In exchange for pretty graphs for intelligence. I suspect in many cases this data is then reused in many cases for many purposes. But let's not overplay the risk here. There would be much easier ways for rogue nations, bad guys/good/in the middle nation to find out about dissidents, activists, and journos than flow data. I think letting any of those people think ToR is safe as being a much bigger risk. -jim Disclosures for those that don't know. I've never worked with Team Cymru, I do know them fairly well and believe them to be the good guys, I do currently have a relationship with them, I do not currently work for a large SP that sends them data. I have worked A LOT with flow data over the last 20 years, for large SPs, small vendors, and all things in between. On Wed, Aug 25, 2021 at 6:15 PM Randy Bush <randy@psg.com> wrote:
https://www.vice.com/en/article/jg84yy/data-brokers-netflow-data-team-cymru
used to get dissidents, activists, and journos killed
at&t, comcast, ... zayo, please tell us you do not do this.
randy
On Wed, Aug 25, 2021 at 6:15 PM Randy Bush <randy@psg.com <mailto:randy@psg.com>> wrote: https://www.vice.com/en/article/jg84yy/data-brokers-netflow-data-team-cymru used to get dissidents, activists, and journos killed at&t, comcast, ... zayo, please tell us you do not do this. ------------------------------------------------------------------------------------- After the SF room thing a decade ago (or whatever timeframe it was) we have to know AT&T is doing it. On 8/25/21 11:01 PM, jim deleskie wrote:
:: I think letting any of those people think ToR is safe as being a much bigger risk.
Especially since ToR was developed by the US Navy to support spying operations.
:: ...Team Cymru...and believe them to be the good guys,
Agreed and I have thought so for a very long time, but sadly this casts a shadow over my interpretation of their work. Hopefully, someone there clarifies and we can go on knowing they're one of the (few) good guys. scott
The NY Times did a story within the last couple years showing how easy it was to identify an individual solely from purchasing anonymized data commonly sold by advertisers and the like. Now take that and be able to pin a person to an IP, and aggregate flow data to find out everything someone does. On Wed, Aug 25, 2021 at 7:02 PM jim deleskie <deleskie@gmail.com> wrote:
Randy,
We all know many folks send their *flow to someone or somewhere. In exchange for pretty graphs for intelligence. I suspect in many cases this data is then reused in many cases for many purposes. But let's not overplay the risk here. There would be much easier ways for rogue nations, bad guys/good/in the middle nation to find out about dissidents, activists, and journos than flow data. I think letting any of those people think ToR is safe as being a much bigger risk.
-jim
Disclosures for those that don't know. I've never worked with Team Cymru, I do know them fairly well and believe them to be the good guys, I do currently have a relationship with them, I do not currently work for a large SP that sends them data. I have worked A LOT with flow data over the last 20 years, for large SPs, small vendors, and all things in between.
On Wed, Aug 25, 2021 at 6:15 PM Randy Bush <randy@psg.com> wrote:
https://www.vice.com/en/article/jg84yy/data-brokers-netflow-data-team-cymru
used to get dissidents, activists, and journos killed
at&t, comcast, ... zayo, please tell us you do not do this.
randy
Im finding this really hard to believe for the "Team Cymru" part at least. Being originally a provider of security centric configuration of network components... IOS ... Juniper etc... and maintaining such a high standard for years that they turn foot and resell/sell data on customer traffic obtained from other networks they themself are a customer of for resale of data. This feels like a hit job on a company that secures more than it insecures by gov't passage. Not trying to start a flame war here but... what do you do to your most secure threat? (That has financial and influential aspects)... -- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume.
On Aug 25, 2021, at 16:13, Randy Bush <randy@psg.com> wrote:
https://www.vice.com/en/article/jg84yy/data-brokers-netflow-data-team-cymru
used to get dissidents, activists, and journos killed
at&t, comcast, ... zayo, please tell us you do not do this.
randy
On 26/08/2021 00:13, Randy Bush wrote:
https://www.vice.com/en/article/jg84yy/data-brokers-netflow-data-team-cymru
used to get dissidents, activists, and journos killed
at&t, comcast, ... zayo, please tell us you do not do this.
randy
I'm confused. Quoting from the article: "In a recent research report on an Israeli spyware vendor called Candiru, Citizen Lab thanked Team Cymru. Thanks to Team Cymru for providing access to their Pure Signal Recon product. Their tool’s ability to show Internet traffic telemetry from the past three months provided the breakthrough we needed to identify the initial victim from Candiru’s infrastructure," the report reads. Citizen Lab did not respond to multiple requests for comment." So Team Cymru helped expose themselves as to getting dissidents, activists and journalists killed? -Hank Caveat: The views expressed above are solely my own and do not express the views or opinions of my employer
On 8/25/21 23:13, Randy Bush wrote:
https://www.vice.com/en/article/jg84yy/data-brokers-netflow-data-team-cymru
used to get dissidents, activists, and journos killed
at&t, comcast, ... zayo, please tell us you do not do this.
I guess Cambridge Analytica ain't just for the FaceMash... Mark.
participants (13)
-
Aaron Wendel -
Brandon Svec -
Christopher Morrow -
Hank Nussbacher -
J. Hellenthal -
jim deleskie -
Mark Tinka -
Matt Harris -
Paul Ebersman -
Randy Bush -
scott -
Stephen Fulton -
Tom Beecher