From a single detection of one hostile email you can often expand the picture to many mail recipients. A little open source research identifies the common community the recipients belong to. It's pretty straight forward. Mike ------Original Message------ From: Nathan Eisenberg To: nanog@nanog.org Subject: RE: more news from Google Sent: Jan 13, 2010 12:53 PM
-----Original Message----- From: Leo Bicknell [mailto:bicknell@ufp.org] Sent: Wednesday, January 13, 2010 12:49 PM To: nanog@nanog.org Subject: Re: more news from Google
It's not clear to me you have to read any e-mail to figure out that "help_us_free_tibet@gmail.com" might be someone who's taking a political position. A search company may also, say, look for e-mail addresses listed on the web sites that must be censored, and when it's the same list being hacked, draw a conclusion.
It's also possible that far less questionable means are being utilized. Perhaps there are a sufficient number of pro-free-speech'ers at Google.cn (which is presumably largely composed of Chinese nationals) that are privy to such information. It only takes one guy going "hey! I know some of these email addresses!"... Nathan Sent on the Sprint® Now Network from my BlackBerry®
On Jan 13, 2010, at 5:26 PM, msheldon@cox.net wrote:
From a single detection of one hostile email you can often expand the picture to many mail recipients. A little open source research identifies the common community the recipients belong to. It's pretty straight forward.
The magic phrase is "traffic analysis" -- look at the accounts of known targets of interest, and see the usernames, IP addresses, etc., of their correspondents. Recurse as needed. --Steve Bellovin, http://www.cs.columbia.edu/~smb
On Jan 13, 2010, at 5:26 PM, msheldon@cox.net wrote:
From a single detection of one hostile email you can often expand the picture to many mail recipients. A little open source research identifies the common community the recipients belong to. It's pretty straight forward.
The magic phrase is "traffic analysis" -- look at the accounts of known targets of interest, and see the usernames, IP addresses, etc., of their correspondents. Recurse as needed.
This could, however, go beyond traffic analysis. What happens when China slaps Google by taking over "google.cn" and places a web site that appears to be Google there? This then leads to the interesting question of exactly what sort of things were taken from Google (which is what I guess based on "corporate infrastructure [...] theft of intellectual property). Is it completely outside the realm of possibility that China might have stolen sufficient technology to replicate resources such as Google search and mail? Or things such as SSL certificates? I keep thinking about it, and it seems to me like Google decided it was better to cry fire now... before Chinese citizens ended up submitting searches to "Google.cn" and having them intercepted and analyzed by the Chinese government. There are, of course, numerous possibilities as to what's really going on, but whatever it is, I get the distinct feeling that we're getting a carefully spun story. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
On 1/14/10 12:31 AM, Steven Bellovin wrote:
On Jan 13, 2010, at 5:26 PM, msheldon@cox.net wrote:
From a single detection of one hostile email you can often expand the picture to many mail recipients. A little open source research identifies the common community the recipients belong to. It's pretty straight forward.
The magic phrase is "traffic analysis" -- look at the accounts of known targets of interest, and see the usernames, IP addresses, etc., of their correspondents. Recurse as needed.
I am unsure about the term straight-forward, as even the easy cases take a lot of time. Gadi
--Steve Bellovin, http://www.cs.columbia.edu/~smb
-- Gadi Evron, ge@linuxbox.org. Blog: http://gevron.livejournal.com/
participants (4)
-
Gadi Evron -
Joe Greco -
msheldon@cox.net -
Steven Bellovin