
“What Is That Box?” – When The NSA Shows Up At Your Internet Company - wikiburner
http://www.readability.com/read?url=http%3A//www.buzzfeed.com/justinesharrock/what-is-that-box-when-the-nsa-shows-up-at-your-internet-comp
======
Terretta
_We had to facilitate them to set up a duplicate port to tap in to monitor
that customer’s traffic. It was a 2U (two-unit) PC that we ran a mirrored
ethernet port to._

 _[What we ended up with was] a little box in our systems room that was
capturing all the traffic to this customer. Everything they were sending and
receiving._

And yet his lawyer could have written a truthful denial that they'd given the
govt "direct access to the server". See how that works?

------
Sanddancer
I used to work for a webhosting company, and had similar experiences. We'd get
requests for Men In Nice Suits to come in, rack up a nice non-descript 3u box
-- this was a few years prior to this experience, so I'm certain that the
tech's improved since then. As was described, the box just sat there, eating
power, under orders Not To Touch Under Any Circumstances, until the federales
came back in to take their box back.

Thinking back about it, again, this seems a lot of how the feds can keep
things like this from getting out. The people that know are given the gag
orders, the sysadmins racking and unracking know it's better for their
careers, and their not staying out of jail, not to say that they have weird
boxes on their network which have mirrored ports going to them. It's there,
it's suspect, but the consequences for discussing a suspect box make it
difficult to really discuss things.

~~~
toble
I am so glad that I don't work under gag orders like that. It just doesn't
seem ethical to be paid by a customer to spy on them. I understand why most
would say nothing, but it must be so tempting to inform the customer.

------
kabdib
So, mount webcams in the datacenter. Point them at your racks (front and back,
to show cables). This isn't a bad idea in any event, because sometimes it's
good to know what Figby Tenthumbs recabled on Monday morning when he was hung-
over.

Now make access to the cameras public.

"What's that new box?"

"We can't say."

"Ooohh, I see. Noted."

Watch the watchers watching.

~~~
eloisius
That's a similar mechanism to a warrant canary. I like it, and haven't heard
of it being used, but I doubt the effectiveness.

Though, I suppose if a company suddenly had to take down their datacenter
video feed for unspecified reasons, that would be tell tale.

~~~
btown
But could the FISA court order the datacenter operator to loop the feed? We'd
never know. And that's scary.

~~~
kabdib
You could trivially detect a loop by examining noise.

You could trivially defeat that by injecting noise.

You could less trivially defeat that by looking for "random" behavior in the
datacenter, such as people walking by, vibrations caused by folks moving
about, blinking patterns of the ubiquitous network activity LEDs in your rack
and other racks, etc.

I think a loop is trivial to detect.

~~~
Shish2k
Have your own server's LEDs blink in pseudo-random sequence; have a script
monitor the video feed, alerting if the sequence of LEDs doesn't match what is
expected

~~~
homeomorphic
This is the culmination of a very nice subthread. While there is certainly a
huge need for a systemic fix, the subthread shows how technology can help us
fight the problem on a temporary case-by-case basis. Brilliant!

~~~
kabdib
Also, our names are on lists now.

[I despise the fact that I am making a joke like this, and that it's probably
true. I'm writing my folks in congress again.]

------
beloch
Maybe I just don't pay enough attention to this, but this is the first place
where I've read that Google and other large companies are being paid for
monitoring their customers. This is making my sleaze-o-meter spike. What are
the rates like? Is it per user? Per message? Per kilobyte? It certainly
couldn't be per arrest...

Sometimes it seems like the rabbit hole just keeps going deeper, but then you
realize it's a damned sewer!

~~~
superuser2
When you receive paper from the government under FOIA, you are required to pay
for the photocopies. Responding to your FOIA request isn't a mission
directive, so it doesn't deserve budget money. It's just something the
government has to do. You are requiring the government to use resources
(toner, paper, time) so you have to pay for them.

Surveillance _by_ government is the same way. Police and three-letter agencies
are using engineer time, bandwidth, and potentially rack space of service
providers complying with warrants. They compensate providers for those
resources.

Similarly, if the police kick down an apartment door, they're supposed to
compensate the landlord for the cost of a new door. If your municipal police
department wanted to wiretap your cell phone, they would have to pay
Verizon/AT&T/whatever a monthly fee just like you do.

~~~
GigabyteCoin
Your statements are all valid, but it still doesn't detract from the parent's
statement that [sic] _something about companies being paid to spy on users is
just plain wrong_.

~~~
kbar13
your statement is illogical.

Parent broke down why the companies ask for compensation, and it's reasonable.
Why should the government get to take up resources for free?

~~~
arunkd13
The problem I see is, all this are asked to be kept secret. How much money the
Government gives the Telcos, ISPs and websites like Google, Facebook etc. for
monitoring people and how much these people charge etc. are being kept secret.

You create a ghost. Create fear of the ghost. Tell people that only you can
protect them from the ghost. But you don't tell them how they plan to protect
them from the ghost, nor are you willing to disclose how much you spend to
protect people from this ghost.

~~~
Amadou
Don't forget - when the ghost doesn't attack you claim credit for stopping the
ghost.

~~~
arunkd13
Yes. I think, the whole dialogue on terrorism should move away from the
abstract concept called 'terrorism'. Any disgruntled group which sees itself
as the underdog against a very powerful entity will resort to terrorism. You
cannot wipe out terrorism from the face of the earth, like you cannot wipe out
car accidents. The governments the world over are asking for enormous powers,
selling us the dream that there will not be one innocent life lost because of
another terrorist attack. They are dumbing down the actual issues behind these
problems.

People should realize that only bringing focus to the real issues and not
blanket regulations and restrictions on freedom is going to have some real
effect.

Why don't governments create the new laws or policies time bound and specific
to particular issues. If they see Al Queda activity in US, make it public.
Release information on the organizations. People behind these organizations,
the people helping to fund these organizations. Create embargoes on countries
and organizations funding these organizations. And do them more effective and
open manner than how it is done now.

Fill the media with real issues and educate people who sympathize with
terrorist organizations. Give a platform for these people to redress their
grievances. Create more opportunities for leaders of supposedly 'terrorist'
organizations and to have more debate and dialogue with others.

------
rachelbythebay
It's not always the NSA. Some of my datacenter friends told me stories about
times when "a box" would appear and they were officially to not go within 6
feet of it. Of course, actually working on neighboring customer boxes meant
sometimes violating that (without telling anyone), but for the most part they
would stay away.

I seem to recall they were chasing down online pill vendors this way. One
little box with power and two Ethernet ports can collect a whole bunch of
evidence, after all. They get what they need, and then they remove it.

This was 10 years ago... or more. I can only imagine what happens now.

------
phaer
I think the this excerpt is a fine description of the problem with secret
courts and so on:

"These programs that violate the Bill of Rights can continue because people
can’t go out and say, “this is my experience, this is what happened to me, and
I don’t think it is right.”"

------
Sukotto
Wait. They show you the warrant requiring your compliance. But you don't get
to keep a copy of that paper?

How do you later prove that you were required by law to make the actions that
you did? How do you ensure that you comply completely with the instruction if
you can't compare your action to the original warrant?

That seems strange.

~~~
dangrossman
> How do you later prove that you were required by law to make the actions
> that you did?

The gag order attached to it prevents you from telling anyone but your
attorney that you received the court order. Having the paper wouldn't help you
prove anything when you are not allowed to acknowledge its existence.

~~~
spiritplumber
Wait, the government can ask me to pretend that a physical object is not
there?

Do they really expect engineers to start ignoring the laws of physics?

~~~
dopamean
> Do they really expect engineers to start ignoring the laws of physics?

Well apparently they have been for a while already.

------
e12e
Direct link to the story:

[http://www.buzzfeed.com/justinesharrock/what-is-that-box-
whe...](http://www.buzzfeed.com/justinesharrock/what-is-that-box-when-the-nsa-
shows-up-at-your-internet-comp)

------
j_baker
This is likely the reason why lots of tech firms give the NSA access to their
servers. It's better than having a box installed on your network.

[http://news.cnet.com/8301-13578_3-57593538-38/how-
the-u.s-fo...](http://news.cnet.com/8301-13578_3-57593538-38/how-
the-u.s-forces-net-firms-to-cooperate-on-surveillance/)

~~~
Terretta
I'd say from technical or engineering POV it's a whole lot less hassle and
less likely to break things to just mirror a switch port.

~~~
wmf
A switch port tends to carry traffic for multiple customers. Supposedly
Carnivore does minimization, but I think companies like Google would rather
collect data themselves to make sure it's done right.

------
thingummywut
"A number of [larger] companies are getting paid for the information. If you
go establish a tap on Google’s network, they will charge X amount per month.
Usually the government pays it."

This is directly contrary to what every "larger" company has repeatedly stated
in response to Prism. People actually think that the companies are not only
forced to keep silent, but release public statements lying?

~~~
thyrsus
Yes - we have seen language contorted into meaninglessness by by lawyers and
courts. "Waterboarding is not torture." "Data recordings are not data
collection." "Drones cause one civilian casualty per hundreds known dead
terrorists."

I am a fervent believer in the power of government to do enormous good - but
is necessary that those actions be public or they will invariably be abused.
Whenever you contemplate government acting in secret, you must weigh that
against the cost of that action being abused - because at some point it will
be.

I'm angry and will let you imagine a link to foaas.com.

------
coldcode
If everyone said go stuff yourself and published it on the internet,
eventually they might get the message. But no one wants to be force-fed in
Cuba.

------
femto
Under such circumstances, why not extract as much monetary compensation as
possible from the government and donate it to the EFF, ACLU, or similar?

------
aspensmonster
I'm very curious to know if these little black boxes could function as a MITM.
I mean, if you're already there mirroring everything that's going across...

~~~
Sanddancer
No. Its entire job is logging. Doing MITMs could very potentially lead to
information leaking that shows surveillance is going on. Pretty much any
switch a datacenter's going to use has port mirroring, which allows for a
passive, invisible tap of a server.

~~~
justincormack
I do wonder if the NSA insists this functionality is there...

~~~
griffordson
This was probably the FBI. And if the data center's switch couldn't mirror the
customer port (I can't imagine any data center would use a switch that
couldn't - but it is within the realm of possibility), the investigating
agency would probably provide a 1U switch along with the 2U server that could
handle the mirroring and then they could force the data center to connect the
customer through that switch instead.

------
relaxitup
I wonder what the website was... The only one I can think of that might
possibly get this treatment might be Maddox, but thats total speculation of
course.

~~~
toyg
It could easily have been a community association or other similar group. A
group of gardeners? Well, they could be eco-terrorists. A bunch of software
enthusiasts? Why, these open-source people are borderline commies, better
check them out.

This is routine activity for police authorities, unfortunately.

------
jimwise
Dumb question, but the author kept running a TOR node at a site he knew was
under NSA surveillance? That doesn't strike me as very responsible...

~~~
thyrsus
Someone more knowledgeable than I should confirm or deny this, but my
understanding was that TOR should be resilient to a single point attack like
that. On the other hand, if they can watch packet timing on a significant
fraction of intermediate nodes, there is a problem.

And, hypothetically, the FISA authorized box was only getting traffic from the
one site, and not the entirety of network traffic. The room 641A attack is far
more problematic.

~~~
gizmo686
TOR is resilient to a single point. However, if an adversary can compromise
both the entrance and exit node, then they can de-anonomize the traffic.

------
D9u
Thanks for speaking of your experiences with the rogue spy apparatchik which
has recently reared its ugly head and I'd also like to thank you for running a
Tor node.

Together we stand, for freedom. For America.

------
kephra
/me wonders: why a link to readability who is just framing buzzfeed.com and
not a link to the original site?

And why do 245 people upvote it without noticing this link bait?

~~~
rpgmaker
Also, the buzzfeed site has a relatively good layout. None of that overlay
toolbar bullshit or popup shit. In fact, this readability link adds an overlay
toolbar to the site (one of the main reasons why I use readability in the
first place).

------
tlongren
So do these companies approach the government and say "Hey, give us $1000000
per month and we'll just give you full access."?

~~~
lawnchair_larry
Your numbers are inflated, but that's literally what AT&T and Verizon did.
_They_ approached the _government_.

~~~
mortehu
This sounds like something that warrants a hyperlink, even when considering
the cost of making one.

------
exit
could someone run an isp with a completely public inbox, so that they couldn't
receive a FISA without it becoming public?

are companies obligated to have a private means of contacting them?

~~~
Sanddancer
I imagine if someone tried that, the NSA/FBI would merely say, "hey, head down
to our office, we want to talk to you about something."

~~~
bostonvaulter2
Continuing that I wonder if you could have webcams in nearly every area of the
building and make it all publicly accessible.

------
captainmuon
I would be tempted to quit my job on the spot if I'd receive one of those
orders... (Not earning that much anyway so I could deal with it.)

------
vaadu
What if this ISP instead cancelled the service of the business to be tapped?

------
LekkoscPiwa
The whole American society is gagged and that's the problem. If you don't like
unconstitutional actions of the US Government then you are called: 1\. Traitor
2\. 9/11 Truther 3\. Terrorist

That's where the apathy originates from.

I strongly believe that in the USA of today saying out loudly that a radical
change is needed to get the country back on its Constitutional track could
make one a terrorism suspect. If they can label 82-year old nun a terrorist
and try her in court on this nonsense, then why not me or others who speak out
loud ?

