Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Massive passive wiretapper: How to technically troll them?

Claudio cld at
Mon Sep 16 03:16:12 PDT 2013

Run a Tor exit node? ;)

On 09/14/2013 05:35 PM, Fabio Pietrosanti (naif) wrote:
> Hi,
> i was wondering how it could be possible to bring some kind of denial of
> service to impact the functionalities and/or reduce the performance of
> the systems users by massive passive wiretapper listening on the fibers.
> So, what a massive passive tapping is listening and how it's processing
> it's data?
> I expect that's recording:
> - Content of all traffic, with very specific exception to record only
> what's useful [1]
> - Database's stored transaction of all new connection with timestamp,
> source, destination
> - Database's stored metadata of processed traffic's content
> On the recorded data, there's a set of batchs that process the internet
> traffic to apply "normalization" and "parsing" logic, that extract
> useful metadata and load that into a database. This is to enable
> analyst's automated and manual query over that data.
> So, given the previously defined assumption, what cipherpunks can do to
> engage in trolling the massive passive wiretapper?
> We can use different strategies:
> - Fill up the transaction records, stored into the database
> - Fill up the metadata records, stored into the database
> - Fill up what is being recorded into the Petabyte storage (raw records)
> - Attacks the backend processing's batch process that analize the data
> to extract metdata
> This can be done by carefully generating internet traffic, specifically
> targeting our goals, and only "good traffic" that must be recorded and
> processed.
> The first thing to do is to choose the two phisical locations between
> where to generate the traffic.
> We want "inject" our traffico into the massive passive wirtapper system,
> so can choose to target their wiretapping system on international fiber
> that are known to be recorded, for example between UK and US.
> Bandwidth in US and UK is also quite cheap, so this would be a nice
> place to work on.
> We may choose to make traffic between UK and US, where bandwidth is
> cheap and there's a reasonable evidence that fibers are being massively
> recorded.
> Then we need to prepare the right pattern of traffic, being cleartext
> SMTP, HTTP, POP3, other, that will be exchanged between the two peers at
> full speed.
> The traffic we need to generate has to be compressed, in order to
> increase the load we put on the massive passive wiretapper decoding
> processes, amplifying the amount of data generated. If we assume a
> properly done 400% protocol compression ratio, with 100TB monthly data
> we may generate 400TB of data on wiretapper system.
> By some calculation 100TB of traffic can cost $250/month, so two peer
> could cost $500/month generating on the target system 400TB of data
> (100TB with an amplification factor of 400% due to protocol compression) .
> If 100 volounteer invest $500/month, so $50.000/month, we would be
> generating 40.000TB/month, 40 Petabyte/month, on the massive passvie
> wiretapper infrastructure.
> Those would be only "good traffic to be processed" and not
> youtube/youporn traffic that the wiretapper is likely to discard.
> It would be a nice way to technically troll them?
> [1] It's reasonable that there are exception not recording traffic to
> very high bandwidth video services (such as youtube or netfliex) because
> they are not very useful from intelligence perspective but represent
> between 50-70% of internet traffic. So, unuseful traffic recorded would
> use 50-70% of storage? Just don't record it!

More information about the liberationtech mailing list