
NSA is monitoring key Internet routers (1996) - joshavant
http://marc.info/?l=best-of-security&m=96843702620513&w=2
======
runjake
Tossing aside that Assange didn't actually make this statement: In 1996, the
possibility that the NSA was sniffing the Internet was largely considered
"tinfoil" even by most tech experts.

But anyone who read Bamford knew there was good circumstantial evidence that
mass surveillance was occurring -- except back then, the bad word was
"ECHELON", not "PRISM".

It's important to remember that while Snowden brought this to the masses (and
to that we owe him a great debt), long before Snowden, we had Mark Klein,
Binney, Cryptome, and James Bamford.

The NSA has been under strong suspicions for decades at this point. Back in
the 80s, the exposes were about their mass surveillance of telephone calls.
This was even in the popular press. There was a particular 60 Minutes episode
that described a post worker shocked that she was intercepting a mom talking
about her kid's soccer game in English.

Having lived through multiple very public NSA scandals over the decades, I
think the only effective change will come from the grassroots: strong crypto,
secure software, privacy focused. It sure as hell won't come from our
lawmakers.

~~~
samstave
> __ _Tossing aside that Assange didn 't actually make this statement: In
> 1996, the possibility that the NSA was sniffing the Internet was largely
> considered "tinfoil" even by most tech experts._ __

In 1997 I was working at a company where we built and delivered all software
by SUn and many other companies.

We had a Cisco 3640 that I inherited when I got there and I needed to recover
the password.

I hired a CCIE to come in and walk me through the recovery and rebuild of this
and the other Cisco gear I had at the time.

During the hours that we spent rebuilding the network, we talked a lot about
security in general, cisco in specific, and I recall him telling me then ___"
Cisco is required by the NSA to provide them a backdoor into all our routers"_
__.

~~~
runjake
This is not a myth. He was probably referring to the CALEA backdoors. You can
Google for "cisco calea 6500" and obtain some public documentation.

It's more likely the FBI would actually interface to it and give said data to
the NSA. But your point stands.

The NSA doesn't seem to like to directly interact with ISPs and corporations,
so they have the FBI act as their public face, so to speak.

------
yzh
As a Chinese, I really wonder whether the Chinese government is doing the same
thing (or maybe several countries' governments are doing this?) I did have a
friend who received immediate warning phone call from Ministry of State
Security just a few minutes after he posted something controversial about
government's ethnic policy. It was 2009 and he was using a campus computer.
That's why I never put personal data on campus computers back in China.

~~~
diminoten
You _wonder_ if the Chinese government is doing the same thing?

I guess the answer is technically 'no', insofar that the NSA isn't doing
anything like what the Chinese government is doing. I feel weird giving you
these links, because frankly you should know more about this than I, but here
you go anyway:

    
    
      http://en.wikipedia.org/wiki/Golden_Shield_Project
    
      http://newsfeed.time.com/2013/09/04/the-grass-mud-horse-dictionary-how-chinese-bloggers-evade-censorship/

~~~
mud_horse
At least send him a https link to wikipedia...

And a request to the site admins: could you rewrite all http links to
wikipedia as https? This occurrence is common, and https-rewriting cannot be
easily automated on all client browsers/platforms.

~~~
scott_karana
The Chinese Government has certificate authorities that are trusted in most
browsers, and could easily MITM him from within the Great Firewall of China.
How is HTTPS going to make a difference? :(

------
dchest
Looks like it's a repost of an article from NorthStar newsletter:
[http://iahushua.com/WOI/nsanet.html](http://iahushua.com/WOI/nsanet.html)

It doesn't list Assange as the author, he only sent it to the newsgroup.

~~~
acqq
That makes much more sense then. At that moment the newsletters were a good
way to distribute the links even if the author of the newsletter didn't
necessarily agree with everything behind every link (like the PGP claim).

To get the better idea of the time, remember that Google didn't exist then.

------
nerdy
It sounds nuts at the time, now we just think "of course."

+1 "told ya so" point for Mr Assange.

Gotta love the PCMCIA mentions; brings back memories.

~~~
elchief
PCMCIA = People Can't Memorize Computer Industry Acronyms

~~~
madaxe_again
TWAIN = Toolkit Without an Important Name

Always my favourite.

~~~
caf
I heard it as Thing Without An Interesting Name

------
some1else
Echelon-like capture of unencrypted information was widely accepted as reality
during my time on IRC (2000-2007). The Slovenian Government was actually
sloppy enough to let the knowledge out in public [1]. We were provided the
technology by the Germans, but it's possible USA just wanted to stay out of he
way.

[1]
[https://www.dnevnik.si/249095/slovenija/249095](https://www.dnevnik.si/249095/slovenija/249095)

------
higherpurpose
> _" A knowledgeable government source claims that the NSA has concluded
> agreements with Microsoft, Lotus and Netscape to permit the introduction of
> the means to prevent the anonymity of Internet electronic mail, the use of
> cryptographic key-escrow, as well as software industry acceptance of the
> NSA-developed Digital Signature Standard (DSS)."_

Nice. Microsoft has been collaborating with the NSA to make their spying
easier for its own products and services for at least _two decades_ now,
something the Snowden docs confirmed in 2013 [1], but we didn't know it went
back _that far_ then.

But that was the _old_ Microsoft (up until 1-2 years ago). The _new_ Microsoft
could never possibly.

[1] - [http://www.theguardian.com/world/2013/jul/11/microsoft-
nsa-c...](http://www.theguardian.com/world/2013/jul/11/microsoft-nsa-
collaboration-user-data)

~~~
acqq
> we didn't know it went back that far then.

Who "we?" There was this export control back then, mandatory weak crypto, the
Clipper chip initiative etc. If you wanted to say "a lot of people didn't
care" well they don't care now too. Snowden raised the level of awareness for
a moment, that's true...

Here's one article from 1995 about the process against Phil Zimmerman, the
original author of PGP:

[http://virtualschool.edu/mon/Crypto/LostInKafkaTerritory](http://virtualschool.edu/mon/Crypto/LostInKafkaTerritory)

Edit: The Clipper Chip, 1993:

[http://en.wikipedia.org/wiki/Clipper_chip](http://en.wikipedia.org/wiki/Clipper_chip)

------
gadgetcopter
Actually, Assange was wrong. A leaked NSA Inspector General's report provides
specifics about historical NSA surveillance programs. It's apparent that the
agency only scaled up its domestic Internet presence after 9/11.

[https://www.aclu.org/files/natsec/nsa/20130816/NSA%20IG%20Re...](https://www.aclu.org/files/natsec/nsa/20130816/NSA%20IG%20Report.pdf)

Pages 29-34 provide detail on when the agency gained access to Internet
content and metadata.

~~~
vidarh
Did you read the linked message? Assange is citing claims from a number of
other sources. He made very few claims of his own. The messages ends with:

> Is the NSA really snooping on the Net? If they are, would that violate the
> agency's charter, which specifically prohibits it from spying within the US?
> "Well, Net traffic is routed from God knows where to God knows where around
> the world," says George Washington University Professor Lance Hoffman, a
> professor of Communications and Telecommunications Systems Policy at George
> Washington University. "So if the NSA is doing this, they could say they are
> not violating their charter not to spy in the US. That's the thing.
> Intelligent routers send stuff any which way."

Which claim is wrong?

In terms of your claim, it's worth looking at page 28, where it specifically
states that "two of the most productive SIGINT collection partnerships that
NSA has with the private sector are with COMPANY A and COMPANY B. These two
relationships enable NSA to access large volumes of foreign-to-foreign
communications transiting the United States through fiber-optic cables,
gateway switches, and data networks. They also provide foreign intelligence
authorized under the FISA. "

It is clear on page 29 that "COMPANY A and COMPANY B" approached the NSA after
9/11 to offer _further assistance_ , but this contact was, according to the
report, made via an existing NSA contact, and the new approach was regarding
call records, not internet traffic.

It is not at all clear what portion of the interception described on page 28
and top of page 29 started before 9/11, but it is worth noting that this
interception specifically occurs in the section about "history of NSA
Partnerships with the Private Sector" and not under the subsequent
"Partnerships after 11 September 2001" section.

You are right that the report appears to support your claim that the NSA
scaled up after 9/11, but it in no way makes clear from what foundation the
scaled up.

------
golergka
Starting the first paragraph with a 1984 reference and the second one with
McCarthy is a great way to look like a boy crying wolf.

Even if there is really a wolf. Especially if there's really a wolf — you
don't want people to immediately write you off as a conspiracy theorist and
alarmist. Even if you believe that you live in a true dystopian society, if
your goal is to persuade people, you should try not to sound or look like
character from The Lone Gunmen.

Sometimes I wonder how many conspiracy theorists are actually right, but when
I begin to stuff like this, I can't bring myself to take it seriously, just
because of pompous, self-righteous, anti-establishment way it is written.

~~~
madaxe_again
I see anti-establishment, but I see neither pompous or self-righteous - nor
does being anti-establishment imply pomposity or self-righteousness.

I wonder how you'd view this piece if you realised it wasn't written by
Assange, rather just him re-posting an article from a magazine.

Priming's a bitch - and 1984's Big Brother is a perfectly apt analogue for the
surveillance apparatus's influence on the control of the range of human
thought - or do you disagree that limiting speech and culturally enforced
self-censorship limits thoughts and ideas?

------
rdtsc
I do remember laughing at such claims back then.

~~~
antocv
What do you laugh at now?

~~~
niklasni1
I've stopped laughing altogether.

------
rilita
Key portion from the article: "Puzzle Palace co-author Wayne Madsen, in an
article written for the June 1995 issue of Computer Fraud & Security Bulletin
(Elsevier Advanced Technology Publications), wrote that "according to well-
placed sources within the Federal Government and the Internet service provider
industry, the National Security Agency (NSA) is actively sniffing several key
Internet router and gateway hosts."

edit: Title is better now; thanks.

------
aburan28
Assange is a very intelligent individual. In fact the people posting that
Assange's pgp related post warrants laughter now won't get the last laugh (in
due time).

~~~
andreyf
Are you suggesting someone can break PGP encryption? What evidence is there of
this claim?

~~~
xnull2guest
NSA is known for breaking cryptosystems with implementation flaws, side
channels, the bleeding edge of cryptanalysis (which in cases of things like
padding oracles and chaining modes make practical differences), and by brute
force (when key sizes are within their top notch cracking capability).
Furthermore they are known to have sabotaged software to insert exploitable
flaws and the CIA today will compromise compilers of specific individuals so
that they compile backdoored binaries. Unlikely then, but replacing a popular
hosted binary wouldn't have been beyond their capability.

It's not that unlikely they could crack some instances of PGP some of the
time. Today the NSA docs reference being able to crack things like OTR
sometimes, though unlikely.

------
yuhong
I wonder how often they actually brute forced 40-bit and 56-bit encryption
back then (which NSA pushed for in the first place).

------
simula67
> Americans would not have any privacy left

> I don't want to see this country ever go across the bridge. I know the
> capability that is there to make tyranny total in America

Isn't he Australian ? I can understand if he was opposed to being spied on by
US but if the democratically elected government of US chooses to spy on its
own people, isn't it morally presumptuous for Assange to intervene ?

~~~
dlss
Moral truths don't change just because an election was held / that new laws
are passed is evidence that current laws aren't always what's moral.

Democracies have a better track record than most governments with respect to
human rights, but they are not perfect. For the obvious example in the US,
slavery was always immoral, and didn't suddenly become so when an elected
official decided to outlaw it.

~~~
simula67
As I understand it, there are some things called natural and legal rights.
Rights such as 'Right to life', 'Right to liberty' etc are natural. While
'Right to Privacy', 'Right to Freedom or Religion' etc are legal. One set is
inalienable and the other the society can decide for themselves to forfeit.
This arrangement is there so as to appeal to cultures and societies with
different inclinations.

------
andreyf
The NSA today certainly has great power, but what evidence do we have that
they are abusing it a way comparable to McCarthyism or the CIA in the 60's
[1]?

1\. [http://www.nytimes.com/2014/11/16/magazine/what-an-
uncensore...](http://www.nytimes.com/2014/11/16/magazine/what-an-uncensored-
letter-to-mlk-reveals.html)

~~~
rndgermandude
Just because they _may_ not do it today, doesn't mean they won't tomorrow.

And just because there is no reliable evidence of systematic wrong-doings to
further political agendas yet (re: the new surveillance machinery, of course),
it doesn't mean it hasn't been done already. E.g. if you successfully
blackmail people with data you gained from your surveillance system, it is
unlikely the blackmailed person will speak up immediately or even later.

There already is plenty of evidence that the surveillance system was abused,
although maybe not by the state itself, or at least not for nefarious
purposes.

Think of NSA employees (not just one or two) spying on various people "for
personal use", mostly love interests:
[http://blogs.wsj.com/washwire/2013/08/23/nsa-officers-
someti...](http://blogs.wsj.com/washwire/2013/08/23/nsa-officers-sometimes-
spy-on-love-interests/)

Even before that, Echelon was abused to spy on (allied) nation states to gain
economic advantages:
[http://www.heise.de/tp/artikel/6/6662/1.html](http://www.heise.de/tp/artikel/6/6662/1.html)
... and to spy on Princess Diana for whatever reason:
[http://www.washingtonpost.com/wp-
srv/national/daily/dec98/di...](http://www.washingtonpost.com/wp-
srv/national/daily/dec98/diana12.htm) (and being a German myself, the Merkel
phone story made some huge waves over here)

US citizens are also affected, like the woman who researched pressure cookers
online shortly before the Boston attack:
[http://www.theguardian.com/world/2013/aug/01/new-york-
police...](http://www.theguardian.com/world/2013/aug/01/new-york-police-
terrorism-pressure-cooker) (Given the current MO of many LEA in the US, I
wouldn't have been surprised if they showed up with a SWAT team instead, at
least demolishing the door and shooting their dog, if any)

Then there is that Parallel Construction mess to hide the fact that evidence
was first obtained using illegal, warrant-less eavesdropping:
[http://www.reuters.com/article/2013/08/05/us-dea-sod-
idUSBRE...](http://www.reuters.com/article/2013/08/05/us-dea-sod-
idUSBRE97409R20130805)
[http://en.wikipedia.org/wiki/Parallel_construction](http://en.wikipedia.org/wiki/Parallel_construction)

I'll stop listing examples of abuse and overreach now, but there are plenty
more, of course.

~~~
vidarh
You don't even need to use it. The mere knowledge that it likely happens (not
even evidence) is sufficient to substantially affect how people act.

I was involved with left wing groups in Norway in the early 90's, and pretty
much everyone I knew who were a bit older than me either flat out knew, or had
strong reasons to believe, they were under active, blatantly illegal,
surveillance (the evidence finally came to the surface in the mid 90's after
decades of insisting there was nothing going on). This included intimidation
on open street (a former editor of the communist party newspaper told me how
he regularly had intelligence officers walk up to him in public and recite
portions of conversations he had had with his wife in their flat the previous
day, in order to taunt him and make it clear to him he did not have any
privacy; a trade union organiser I met whose commute had him walk past the
Soviet embassy told me of how he had a too-obvious-not-to-be-intentional tail
to and from work every day for years).

It pushed people away, and it made many of these groups act in ways that were
detrimental to their ability to carry out their political works (e.g. keeping
tight security around member lists; many member who would not talk about their
involvement in public etc.). It had a massively negative effect on getting
these small groups to cooperate, because cooperation involved meetings with
untrusted people. Etc.

Overall, the mere _perception_ of the existence of pervasive surveillance does
massive damage to democracy.

~~~
andreyf
Great points. If I hear of a US intelligence agent intimidating someone in the
USA as you describe happening in 90's Norway, I will be shocked and consider
my original question to have been answered. Are you aware of anything like
this going on in the US now?

