Skip

NSA: Linux Journal an 'extremist forum'
July 3, 2014 10:26 AM   Subscribe

Use Linux or Tor? Search for information about online privacy? The NSA is keeping an eye on you

A report in Germany's Das Erste (written in part by MeFi's own Jacob Appelbaum) reveals that:

* Merely searching the web for the privacy-enhancing software tools outlined in the XKeyscore rules causes the NSA to mark and track the IP address of the person doing the search. Not only are German privacy software users tracked, but the source code shows that privacy software users worldwide are tracked by the NSA.

* Among the NSA's targets is the Tor network funded primarily by the US government to aid democracy advocates in authoritarian states.

*The XKeyscore rules reveal that the NSA tracks all connections to a server that hosts part of an anonymous email service at the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) in Cambridge, Massachusetts. It also records details about visits to a popular internet journal for Linux operating system users called "The Linux Journal - the Original Magazine of the Linux Community", and calls it an "extremist forum".

Bruce Schneier believes the documents on which the article is based likely came from an NSA whistleblower other than Edward Snowden.

More from Tagesschau [Google translate].
posted by ryanshepard (56 comments total) 35 users marked this as a favorite

 
They apparently watch the big proxy services, too. So if you've ever used a proxy to view region-restricted content (for example), you're in the system.
posted by mr_roboto at 10:36 AM on July 3, 2014


Wait -- So installing "privacy" software developed by the US government and military might not actually be beneficial to your privacy?

Shocked. Shocked!
posted by Sys Rq at 10:40 AM on July 3, 2014 [1 favorite]


All the more reason for everyone to run a relay node if they can.
posted by Aizkolari at 10:42 AM on July 3, 2014 [2 favorites]


As someone who used to subscribe to Linux Journal, let me just say: fuck you you fucking fucks.
posted by zachlipton at 10:45 AM on July 3, 2014 [12 favorites]


On a semi-related note, an Austrian court recently found a TOR exit node operator guilty as an accomplice for crimes committed over his node. I'm sure the same rules apply to the major network operators, over whose routers untold numbers of crimes are being committed all the time.
posted by zachlipton at 10:48 AM on July 3, 2014 [5 favorites]


Well I'm running Linux and I googled Tor because I didn't know what it was so now I guess I'm a potential national security risk.
posted by shakespeherian at 10:55 AM on July 3, 2014


Bruce Schneier believes the documents on which the article is based likely came from an NSA whistleblower other than Edward Snowden.

Cory Doctorow thinks so as well. That is encouraging.
posted by ChurchHatesTucker at 10:57 AM on July 3, 2014


The rules related to Tails clearly demonstrate how easily web searches and website visits can be spied on by XKeyscore.

If Google is really opposed to NSA surveillance, they should just quietly, invisibly, and randomly insert selections from the XKeyscore selector list into every search entered.
posted by ryanshepard at 11:05 AM on July 3, 2014 [3 favorites]


So if you bought your son a Raspberry Pi to try to encourage him to learn coding, you're a terrorist suspect?
posted by saulgoodman at 11:18 AM on July 3, 2014


No, but he is.
posted by flabdablet at 11:19 AM on July 3, 2014 [2 favorites]


And of course you should immediately turn him in, just to be on the safe side.
posted by flabdablet at 11:20 AM on July 3, 2014 [13 favorites]


Why do you want to learn to work with a so-called "open source" (by which you of course mean "anti-capitalist") operating system? Because you're a commie Muslim atheist terrorist, obviously.
posted by Holy Zarquon's Singing Fish at 11:20 AM on July 3, 2014 [6 favorites]


I have always assumed being on Metafilter put me on a list, frankly. This whole place is nothing but a bunch of subversives.
posted by emjaybee at 11:27 AM on July 3, 2014 [21 favorites]


activate reston 5
posted by quonsar II: smock fishpants and the temple of foon at 11:30 AM on July 3, 2014 [2 favorites]




it actually seems to make sense that there's another leaker -- appelbaum leaked the nsa ant catalog at 30c3 in january, and i haven't actually heard of any direct collusion between him and poitras/greenwald, though i could be wrong. also, the ant catalog was by far the juciest leak we've gotten; uncharacteristically so, imo. here's an interesting related comment from schneier's post:
"I also think this is not a Snowden leak -- for the simple fact that this leak comes very close to addressing what the Snowden doc disclosures and Team Snowden have steadfastly avoided for over a year now. Namely, that the only possible purpose for spying on this scale is the creation and cultivation of government informants.

This very specific targeting of tech security and somewhat tech savvy persons is precisely the sort of thing you would do were you looking to create informants, under the theory that these people are both self-selecting as having information and relationships they want to keep private and that they move in circles that you want to infiltrate.

If I am right, the next leak from this source will explicitly address the topic of informants."
posted by p3on at 11:47 AM on July 3, 2014 [8 favorites]


I read the fantasy and science fiction on Tor.com, but I'm pretty sure that's a different Tor. Unless maybe it's not fantasy but some kind of coded message, and by selecting stories I am somehow aiding in the development of full scale plots to do Bad Things?
posted by routergirl at 11:48 AM on July 3, 2014 [1 favorite]


To be fair, I find many Open Source advocates *cough* Stallman *cough* to be extremists.
posted by MrGuilt at 12:23 PM on July 3, 2014 [2 favorites]


I read the fantasy and science fiction on Tor.com, but I'm pretty sure that's a different Tor.

Do you think the "intelligence" community can tell the difference?
posted by Ray Walston, Luck Dragon at 12:31 PM on July 3, 2014 [5 favorites]


From the Boing Boing piece linked to above:

I have known that this story was coming for some time now, having learned about its broad contours under embargo from a trusted source. Since then, I've discussed it in confidence with some of the technical experts who have worked on the full set of Snowden docs, and they were as shocked as I was.

One expert suggested that the NSA's intention here was to separate the sheep from the goats -- to split the entire population of the Internet into "people who have the technical know-how to be private" and "people who don't" and then capture all the communications from the first group.

posted by ryanshepard at 12:35 PM on July 3, 2014 [2 favorites]


Namely, that the only possible purpose for spying on this scale is the creation and cultivation of government informants.

Schneier is probably right about the second source of information, but this idea about informants is off the wall. The entire history of the NSA is permeated with all-SIGINT, all the time. This is how they defined and defended their institutional role in the competition between CIA, DIA, NRO, and the air force, army, and navy intelligence departments. They've literally spent decades trying to show that SIGINT is more useful than agents. But now all of a sudden they build XKEYSCORE because they want to run spies? It's not impossible, but it doesn't really make any sense.
posted by kiltedtaco at 12:40 PM on July 3, 2014 [3 favorites]


It's a lot more efficient to have people who will just tell you stuff than actually digging it up.
posted by edeezy at 12:42 PM on July 3, 2014


As any metafilter thread involving informants will tell you, people lie all the time. That fact has been NSA's selling point since 1952.
posted by kiltedtaco at 12:49 PM on July 3, 2014


Good luck, I'm behind 7 proxies!

What?

...

oh.

posted by entropicamericana at 1:17 PM on July 3, 2014 [1 favorite]


I use copious bittorrent traffic to hide my posts on the jihadi messageboards. My story is that I'm just using these vpns to evade the copyright police.
posted by ryanrs at 1:24 PM on July 3, 2014 [1 favorite]


Darn they found out about my plans for world domination with my Linux Beowulf cluster of supermen robots.
posted by Orion Blastar at 1:28 PM on July 3, 2014


WooHoo! I'm on a list!

Um. Actually I don't feel comfortable about this at all, but I guess it's good to actually know that the NSA is storing every packet of mine that they can get their hands on, rather than merely being vaguely aware that it was possible that they were doing so.
posted by pharm at 1:37 PM on July 3, 2014 [1 favorite]


At least somebody's backing up all my stuff.
posted by gimonca at 1:42 PM on July 3, 2014 [8 favorites]


Welp, I guess setting my dad up with a VPN to stream the world cup from the BBC was a bad idea... Should have stuck with Univision.
posted by RedOrGreen at 1:51 PM on July 3, 2014


To be fair, I find many Open Source advocates *cough* Stallman *cough* to be extremists.

The more time passes, the more Richard Stallman seems prescient rather than extreme.
posted by JHarris at 1:55 PM on July 3, 2014 [27 favorites]


At least somebody's backing up all my stuff.

Given all the problems the US government has with money, I think the NSA should step up and offer a premium universal back up service.

[sad, upset person] Oh shit, I lost all of those text messages from last night! How will I find that cute guy I met at the bar?!

[voice over] Don't worry! At the press of a button, you can get your own NSA data analysis retrieval specialist on the line. She'll have your precious data back to you faster than you can say "habeas corpus"!

[smiling person] I got my texts back in no time! Thanks NSA!
posted by mondo dentro at 1:59 PM on July 3, 2014 [3 favorites]


>>To be fair, I find many Open Source advocates *cough* Stallman *cough* to be extremists.

Stallman would thank you to describe him as a proponent of Free Software rather than Open Source.

> The more time passes, the more Richard Stallman seems prescient rather than extreme.

Unfortunately, this is exactly right, and I'm reminded of "The right to read" every time I have to deal with Blu-ray discs or ebooks of various flavors.
posted by RedOrGreen at 2:13 PM on July 3, 2014 [7 favorites]


So just throwing it out there - but if someone wrote a worm virus that did nothing more than install and then run random search queries for NSA tagged searches, wouldn't it quickly render the NSA searches obsolete?
posted by iamck at 2:15 PM on July 3, 2014


Perhaps the whole point of this "information release" is to actually discourage (more) people from visiting the sites or trying the software, or even reading about them. If you can get people (who are about to fall into the abyss of actually caring about what's happening to them) to censor stuff, it's much more cost-efficient.

As with 911, there's some non-zero probability that the FUD created by this whole issue has been engineered. Keeping us thinking certainly takes energy away from potential action.
posted by Twang at 2:20 PM on July 3, 2014 [1 favorite]


Linux today has millions of users, thousands of developers, and a growing market. It is used in embedded systems; it is used to control robotic devices; it has flown on the space shuttle. I'd like to say that I knew this would happen, that it's all part of the plan for world domination.

- Linus Torvalds, "Open Sources: Voices from the Open Source Revolution" 1999
posted by Poldo at 2:26 PM on July 3, 2014 [2 favorites]


The more time passes, the more Richard Stallman seems prescient rather than extreme.

Industrial Society and Its Future
Theodore Kaczynski

posted by bukvich at 2:38 PM on July 3, 2014 [3 favorites]


Will 2014 finally be the year of Linux on the desktop in the gulag?
posted by hap_hazard at 2:40 PM on July 3, 2014 [3 favorites]


It's like there is no separation between the corporate and the state...
posted by CautionToTheWind at 2:48 PM on July 3, 2014


I wonder if addressing my journal entries to the NSA would help me keep it up. I tend to be motivated by the thought that someone will notice if I don't do something...
posted by PMdixon at 2:56 PM on July 3, 2014 [2 favorites]


> Perhaps the whole point of this "information release" is to actually discourage (more) people from visiting the sites or trying the software, or even reading about them.

It sounds more like free advertising to me. All this Tor and encryption and anonymity has the NSA visibly frustrated. So much that they've resorted to ad hominem attacks. This 'technological stuff' is so good that anyone who supports it must be labelled extremist.

It's too humbling for them to concede that free software anonymity is better than their billion dollar budget and giant secret base in the desert. And the free software guys and gals aren't even trying that hard.
posted by Johann Georg Faust at 3:45 PM on July 3, 2014


In the particular case of Tor : If they control large fraction / a majority / all of the exit nodes they get to do traffic analysis of that much of the communication with the outside world, right?

What besides money /pipe prevents them doing so?
posted by PMdixon at 4:26 PM on July 3, 2014


Stallman may have "extreme" views on software licensing and related commercial practices, as well as an unhealthy distaste for bathing but he's not a threat in any way.
posted by juiceCake at 5:19 PM on July 3, 2014 [3 favorites]


I could easily be missing something, but I don't see why money would be much of an issue for them, actually. The tor network reports about 5500 relays, with a total bandwidth of about 10GB/s. For comparison, AWS is estimated to run on 158000 servers, is estimated to use total bandwidth of about 120GB/s, and uses almost 8 million IP addresses (assuming the address ranges published there are contiguous, and I counted correctly.) So if they're running half the relay nodes, I guess it would be about 5% of AWS operating costs? AWS was estimated to earn 3.2 billion dollars in revenue in 2013. Assuming it's break-even, that's a pretty small amount for NSA, whose total budget, in 2013 I think, was $52 billion.
posted by Coventry at 5:34 PM on July 3, 2014 [3 favorites]




I've seen a claim floating around recently that the NSA now controls 50% of Tor relays. If this is the case, and they have the privileged network positions to route traffic as they see fit and get their nodes in first, could they not ensure that every pair of non-NSA Tor relays has a NSA one between them, and then use traffic analysis to pair up incoming and outgoing traffic? Presto, Tor cracked.
posted by acb at 2:35 AM on July 4, 2014


Also, “we hunt sysadmins”.

So they flag people of potential interest (not just political/religious hotheads but people with the technical skills to form a resistance or insurrection) and log all their traffic. Earlier leaks have shown that they have the capability (codenamed QUANTUM) to intercept traffic from a target individual to a site and inject malware payloads into the reply. I wonder whether they've put those together and routinely ensure that, should you have the nous to set up a Tor relay or host your own webmail, any machines you own are kept pwned by the NSA at all times.
posted by acb at 7:53 AM on July 4, 2014


Apparently a Germany has arrested a double agent with the BND who spied for the Americans (sueddeutsche.de, spiegel.de, lol)
posted by jeffburdges at 8:45 AM on July 4, 2014






I'm currently at the Tor developer meeting in Paris, acb. There are very few known NSA controlled Tor nodes. And I've met numerous rather trustworthy folks here who run a significant fraction of the Tor nodes.

Could the NSA have hacked numerous Tor nodes? Sure, but Snowden docs show the NSA takes care with exposing it's exploits to security people.

Could the NSA do correlation attacks by passively observing Tor nodes? Yes, but they could not deanonymize all Tor users all the time, according to Snowden's documents. Why? I donno, maybe too many Tor nodes live in ISPs who's sysadmins the NSA dislikes. Could that've changed post-Snowden? Yeah maybe.
posted by jeffburdges at 9:43 AM on July 4, 2014 [2 favorites]


What fraction do they run, out of curiosity?
posted by Coventry at 9:59 AM on July 4, 2014


@erratarob thinks that the code isn't actual source code, but a compilation of fragments and comments from documents and presentations
posted by p3on at 8:06 PM on July 4, 2014


At present, there are no Tor servers known to be run by the NSA, but apparently they ran 10 on Amazon's EC2 for a little while. At least some folks think they know why the NSA ran those servers, not from a leak though, just guesswork. I believe the majority of Tor servers are run by the torservers.net partners and the CCC or CCC members. I haven't listened too closely to the server discussions.

I presume the NSA would attack Tor users by passively listening to traffic at the ISP level, or maybe backbone level, and doing correlation attacks. You cannot just task high-bandwidth Tor relays with additional work without impacting their performance. And performance gets noticed.

I'd imagine the NSA cannot deanonymize all Tor users all the time mostly because they've better uses for that monitoring capacity. We now know they do some monitoring of users who use cryptographic tools, thanks to this article, but that does not mean they monitor everything those users do. Installing Tor, GPG, SSH, etc. probably just elevate your overall surveillance profile.
posted by jeffburdges at 1:06 AM on July 5, 2014


One expert suggested that the NSA's intention here was to separate the sheep from the goats -- to split the entire population of the Internet into "people who have the technical know-how to be private" and "people who don't" and then capture all the communications from the first group.

When I realized that "using ssh" would trigger this match, I was disturbed. I hope it's not true.
posted by Pronoiac at 7:06 PM on July 9, 2014


Well, fuck it. Might as well run a TOR node...
posted by ChurchHatesTucker at 9:04 PM on July 9, 2014 [1 favorite]


It's helpful if you can start communicating with more people over end-to-end and forward secure channels like Pond and OtR too
posted by jeffburdges at 5:03 AM on July 20, 2014


« Older I'm leaving my body to science, not medical but...   |   You have 0 gunk Newer »


This thread has been archived and is closed to new comments



Post