

GCHQ report on 'Mullenize' program to 'stain' anonymous electronic traffic - ethanhunt_
http://apps.washingtonpost.com/g/page/world/gchq-report-on-mullenize-program-to-stain-anonymous-electronic-traffic/502/

======
ethanhunt_
There's no specific details of how they're staining. The two clues I can find:

\- It's called "User Agent staining" \- "Each stain is visible in passively
collected SIGINT and is stamped into every packet, which enables all the
events from that stained machine to be brought back together to recreate a
browsing session."

I'm wondering if they're not staining the browser user-agent string itself,
but somehow modifying another part of the browser fingerprint (e.g., any of
the things listed at
[https://panopticlick.eff.org/index.php?action=log&js=yes](https://panopticlick.eff.org/index.php?action=log&js=yes)).
If it's in "every packet", it would have to be a piece of info that is always
sent by the browser.

~~~
KwanEsq
Yeah, while the Post seems to be talking about the user agent string, I don't
think that's what they used, the Post just misinterpreted the document's use
of the phrase User Agent to refer to the browser.

~~~
dobbsbob
Indeed
[http://en.wikipedia.org/wiki/User_agent](http://en.wikipedia.org/wiki/User_agent)

Some slides on a way to do this: [http://prezi.com/p5et9yawg2c6/ip-packet-
staining/](http://prezi.com/p5et9yawg2c6/ip-packet-staining/)

Their solution was to re-route traffic to a package management device which
clamps on a stain. Ipv6 makes this easy, if the traffic is Ipv4 they tunnel it
inside Ipv6 with the stain header in Destination Option header.

Not sure how you would prevent this, besides the obvious answer (dont visit
terrorist forums). Jondonym routing traffic through 3 mix servers might help
so long as they don't stain your traffic at source by compromising your
system. Making your own Tor bridge node is another solution to at least have
some sort of safe entrance into the network. Seems they are unwilling to
exploit relay nodes and bridges in the leaked slides.

~~~
GoodIntentions
and this naturally comes to mind:

[https://tools.ietf.org/html/rfc3514](https://tools.ietf.org/html/rfc3514)

------
skue
It baffles me that the Post and Guardian decided to release this on a Friday.

~~~
nullc
For several days Jacob Appelbaum has been complaining that the Guardian has
been sitting on articles about Tor at the request of intelligence agencies.

You could speculate here that their response to his public pressure was to
release with additional redaction and on a friday. ::shrugs::

~~~
contingencies
The UK is a _terrible_ place for challenging anything potentially remotely
conceviable as a national security concern in journalism. I think Assange said
it has the highest concurrent number of active media gag orders of any nation.

------
imglorp
I think more telling than this disclosure is a reader's reaction to to it:

    
    
      > Why is the WaPo obsessed to publish every secret it can?
      > If we are going to be kept safe from terrorists, then
      > some techniques need to stay secret. However, I expect 
      > the WaPo would be the first to run articles wondering 
      > why something gets blown up, after those who would kill
      > us, now can plot and organize without fear of being
      > caught. Shame on you.
    

The fact that endpoint attacks are occurring should be obvious to anyone
understanding the motivations and capabilities of the agencies. What is not
obvious is that the general public fail to understand where this trend leads.
They also don't understand how far it has already progressed.

~~~
csandreasen
The commenter you cite certainly doesn't articulate it very well - his comment
is pretty knee-jerk with a healthy dose of fear mongering. There is a
reasonable argument buried in there, though (I think). From a civil liberties
point of view, it matters a lot more to convey to the public an understanding
of who and why they're targeting rather than how. Here's a hypothetical,
admittedly contrived analogy:

We've all seen crime movies where the criminal calls the police from an
unknown location to make their demands and state what horrible outcome will
occur if their demands aren't met. They're using the communication method to
hide their location and (sometimes) identity. The police immediately flip on
their call tracing device which starts counting down the time it takes to
identify the caller's location. The criminal mastermind always hangs up with 2
seconds left on the clock because he knows it takes exactly N seconds to trace
the call, for whichever value of N the scriptwriter chose. Fast forward a few
years and our hypothetical police department now has access to technology that
allows them to trace calls phone calls instantly. Until the criminals find out
about it, they'll continue to call in and make their demands, giving away
their location and enabling the protagonist to jump in and save the hostage or
defuse the bomb or whatever. When the knowledge becomes widespread that phone
calls are instantly traceable, the criminals start conveying their demands
through some other non-traceable means. The advantage moves from the side
working to protect the public over to the side working to harm it.

The only people it would benefit to have outside knowledge of this technology
are the ones being targeted by it. It doesn't matter to general public how the
police are getting their information, only that it's being used solely against
legitimate targets. What the public needs to know is that independent review
is being conducted to ensure the technology isn't abused and turned against
them, and to be immediately informed if it ever is. Showing the public the
police department's sources and methods in my hypothetical example had the net
effect of making the public less safe. In real life, if it turns out that the
NSA is establishing a huge Orwellian surveillance network for nefarious
purposes then the public needs to see real examples - politicians being
blackmailed, backdoor financial manipulation, ordinary people being threatened
and coerced, etc. That would enable the public to stand up and take action
against the NSA; if the public can't get their elected government officials to
stop overt abuse, that's when a leak of sources and methods would be justified
so that the public can protect itself. If it turns out that the NSA has been
using its technology to collect against legitimate foreign intelligence
targets, then the public hasn't benefitted at all from finding out how the NSA
collects against its targets.

Personally, I prefer the solution mentioned recently on the EFF website [1] -
establish independent oversight panels with both the legal and technical
expertise to identify abuse and either stop it or notify the public.

[1] [https://www.eff.org/deeplinks/2013/10/47-prominent-
technolog...](https://www.eff.org/deeplinks/2013/10/47-prominent-
technologists-nsa-review-panel-we-need-better-technical-oversight)

------
tommis
"[redacted] mechanism that leverages GCHQ's huge passive SIGINT access to
deliver CNE payloads to targets."

It doesn't sound very passive, if they are delivering content to target
machines trough this. If we are discussing "evercookie", this would mean they
could have capability to modify http traffic and inject "evercookie code" into
it. If they do have capability todo this, it would sound more feasible than
actually owning the target machines and using rootkits/malware to deliver
things.

------
mdisraeli
From a security operations perspective... if this is simply causing unique
markers to be placed on the end user systems, then looking for these to appear
in the clear... it's nothing new, really. Still rather cool, but not new or
ground breaking.

