Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Massive passive wiretapper: How to technically troll them?

Fabio Pietrosanti (naif) lists at
Sat Sep 14 08:35:14 PDT 2013


i was wondering how it could be possible to bring some kind of denial of
service to impact the functionalities and/or reduce the performance of
the systems users by massive passive wiretapper listening on the fibers.

So, what a massive passive tapping is listening and how it's processing
it's data?

I expect that's recording:
- Content of all traffic, with very specific exception to record only
what's useful [1]
- Database's stored transaction of all new connection with timestamp,
source, destination
- Database's stored metadata of processed traffic's content

On the recorded data, there's a set of batchs that process the internet
traffic to apply "normalization" and "parsing" logic, that extract
useful metadata and load that into a database. This is to enable
analyst's automated and manual query over that data.

So, given the previously defined assumption, what cipherpunks can do to
engage in trolling the massive passive wiretapper?

We can use different strategies:
- Fill up the transaction records, stored into the database
- Fill up the metadata records, stored into the database
- Fill up what is being recorded into the Petabyte storage (raw records)
- Attacks the backend processing's batch process that analize the data
to extract metdata

This can be done by carefully generating internet traffic, specifically
targeting our goals, and only "good traffic" that must be recorded and

The first thing to do is to choose the two phisical locations between
where to generate the traffic.

We want "inject" our traffico into the massive passive wirtapper system,
so can choose to target their wiretapping system on international fiber
that are known to be recorded, for example between UK and US.
Bandwidth in US and UK is also quite cheap, so this would be a nice
place to work on.
We may choose to make traffic between UK and US, where bandwidth is
cheap and there's a reasonable evidence that fibers are being massively

Then we need to prepare the right pattern of traffic, being cleartext
SMTP, HTTP, POP3, other, that will be exchanged between the two peers at
full speed.

The traffic we need to generate has to be compressed, in order to
increase the load we put on the massive passive wiretapper decoding
processes, amplifying the amount of data generated. If we assume a
properly done 400% protocol compression ratio, with 100TB monthly data
we may generate 400TB of data on wiretapper system.

By some calculation 100TB of traffic can cost $250/month, so two peer
could cost $500/month generating on the target system 400TB of data
(100TB with an amplification factor of 400% due to protocol compression) .

If 100 volounteer invest $500/month, so $50.000/month, we would be
generating 40.000TB/month, 40 Petabyte/month, on the massive passvie
wiretapper infrastructure.

Those would be only "good traffic to be processed" and not
youtube/youporn traffic that the wiretapper is likely to discard.

It would be a nice way to technically troll them?

[1] It's reasonable that there are exception not recording traffic to
very high bandwidth video services (such as youtube or netfliex) because
they are not very useful from intelligence perspective but represent
between 50-70% of internet traffic. So, unuseful traffic recorded would
use 50-70% of storage? Just don't record it!

Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights - -

More information about the liberationtech mailing list