[Full-disclosure] Spy Agency Mined Vast Data Trove and other tales

Steve Kudlak chromazine at sbcglobal.net
Thu Dec 29 06:01:01 GMT 2005 


It is kind of think it is a "UFO story" to say that PGP and the likes 
don't work and have been quietlty changed to make them easy to break. 
The inventors being compromised is pretty much an MIB story. It is open 
code so you can read it and see if it is possible to break and how 
easily given current open knowledge. Now if the mathematicians in the 
NSA know things about factoring we don't well oh well.  What is depended 
on is that most people don't encrypt and most things are sent in the 
open. This includes most transactions that can be used to build a sort 
of profile. If I were to start spending other than cash quietly and 
using banks in any way at least my bankers would know some improvement 
had taken place and they at least have agreed to release a lot of 
information to competent authorities. Also this stuff is sent pretty 
much encrypted. SO there is a lot of information out there to gather and 
much of the idea about datamining is to get things out of easily 
available unencrypted  sources. The same with phone calls. Very few 
people have STU phones or equivelent.  it is amazing how stuff just gets 
known because people can't or most often won't be careful. The big 
problem with datamining is getting pattern out of data and telling what 
that pattern means. This is a problem in a lot of fields, there is a 
storm sitting out in the Pacific over a relatively sensor rich area and 
I have all sorts of information about its behavior, about SST (sea 
surface temperature) etc. but it is hard trying to figure out how that 
will impact where I live.

Those of us who have worked on big projects inside of large entities and 
the like know that the people there are often like you and me, despite 
what the X-Files and true believers say. But that scary stuff does make 
it more romantic. You are right that however that putting pressure on 
politicos will get them to change, and people in security agencies are 
human too and not inhuman monsters and many care a lot about the nature 
of their work and as onme might notice when someone goes too far little 
leaks sprout.


Have Fun,
Sends Steve

Full-Disclosure is hosted and sponsored by Secunia.