I heard that since the CIA can view our emails, at least in the US, they can also monitor all instant messages. Is this true?

If so, does Pidgin provide more security than Windows Messenger?

I'm sure there must be a US agency capable of monitoring instant messages in the US (Chinese government does it in China), but they aren't going to be able to monitor messages that don't go through networks they have access to. So if you're outside the US and your government doesn't have some kind of reciprocal arrangement with the US government then the US government aren't going to be the ones listening to you...

If you're paranoid then encryption is the way to go.

How does the CIA do this?

I'm sure there must be a US agency capable of monitoring instant messages in the US (Chinese government does it in China)...

I live in China, the government does not do this. The sheer amount of people using IM services (QQ) is almost impossible to monitor in real-time, certain words are blocked (much like the Great Firewall) but they simply don't care enough to listen to what everybody is talking about - they are most interested in expanding their monstrous bureaucracy

I'm sure there must be a US agency capable of monitoring instant messages in the US...

...but they aren't going to be able to monitor messages that don't go through networks they have access to.

I doubt they could look at entire messages, most likely they have filters that flag certain keywords.

Ever heard of Echelon (http://en.wikipedia.org/wiki/Echelon_(signals_intelligence))? They seem to have sites across the globe.

They have access to most of the major US-based messging services. They probably have a set of popularly used encryption codes too if they ever need to crack something. They will generally only target people of interest. Ie. possible criminals, terrorists, other politicians and business people. They might however to random samplings, to try and find people they were previously unaware of.

As well as messaging, Facebook is one of the CIAs greatest tools. From a persons facebook account alot of personal information can be deducted. The server side facebook databases hold more information on people than any other database in the world. The CIA and also many companies have access to it. Applications developers also get limited access.

certain protocols cannot be monitored. Anything that uses to peer to peer encryption such as skype for example. Pidgin has encryption plugins that can provide the same functionality or simply ssh'ing into a VPS and using private IRC channels etc. Privacy isn't all that difficult to attain if you're willing to jump through a few hoops.

would not be to hard to record every instant message. if you then have a suspicion about someone you can look though their history.

there is the off the record (OTR) plugin for pidgin.


certain protocols cannot be monitored. Anything that uses to peer to peer encryption such as skype for example.

search 'skype backdoor'.

... Ever heard of Echelon (http://en.wikipedia.org/wiki/Echelon_(signals_intelligence))? They seem to have sites across the globe.

''...if you're outside the US and your government doesn't have some kind of reciprocal arrangement with the US government then...'' ;)


I live in China, the government does not do this. The sheer amount of people using IM services (QQ) is almost impossible to monitor in real-time, certain words are blocked (much like the Great Firewall) but they simply don't care enough to listen to what everybody is talking about - they are most interested in expanding their monstrous bureaucracy

Apologies if I worded it badly. Obviously all IM traffic cannot be monitored in real time. The point is they can see the content of any IM, and filter it, or raise flags based on it - and they do, like you said.

supposedly the US government monitors all Internet traffic, emails, blogs, etc... looking for key words and patterns. They must employ people to read threw other people's messages when suspicious items are flagged. Cant imagine a weirder job.

They have caught some terrorists who thought simply saving email drafts and having cell members use the same account was not sending email.

http://www.nationaldefensemagazine.org/blog/Lists/Posts/Post.aspx?ID=249

it happens, so realize whatever you type in could conceivably be there forever available to a government.


In short, the Chinese could have carried out eavesdropping on unprotected communications — including emails and instant messaging — manipulated data passing through their country or decrypted messages, Dmitri Alperovitch, vice president of threat research at McAfee said.


Think this, the government agency could intercept your email or message and alter it, then send it along.
So they could theoretically criminally incriminate you and likely this would be undetectable. So you could be a target by a government agency if they wished.

The internet is based largely upon, and grew out of, ARPANET. ARPANET was developed (at least in part) by the U.S. Department of Defense. It would be naive to assume that the US government would develop such a network and allow the entire world to have access to it unless they (the US government) had some way to monitor all of the communication that went through the 'net.

Even if they could collect all the data, being able to process it would be extremely difficult due to the sheer size.

Robert David Steele has done some interesting talks on it and other similar topics.

''...if you're outside the US and your government doesn't have some kind of reciprocal arrangement with the US government then...'' ;)


I don't think they care much for sovereignty.

Ignoring the legal aspect of the issue, from a tech point of view, the CIA cannot monitor what everyone is doing. This is way too much information for them to process, just think about all the millions of people chatting in all the different languages and so on.

What CIA can do, is target a single individual. They track a single person, which is easy in the USA somewhat harder outside the easiest way is to work with the ISP. Your ISP can monitor what you are doing, unless it is encrypted. If the data is encrypted, they can still monitor you from the IM server (Skype can monitor your chats on Skype, and so can CIA).

It wouldn't be the Central Intelligence Agency that would monitor Instant Messaging, it would be the National Security Agency, who co-operate with some allied countries in eavesdropping on all telecommunications; Phones, Email and I would assume Instant Messaging.

http://en.wikipedia.org/wiki/Echelon_(signals_intelligence)

Echelon is a Signals Intelligence programme to collect and sift through data looking for codewords.

Given the wide range of available data on monitoring, it seems reasonable to assume that at a minimum sampled traffic from a wide range of telecommunications media is monitored.

In addition to the Echelon wikipedia link provided earlier, this FAS page includes a number of links that may be helpful in appreciating the scope of such surveillance:
http://www.fas.org/irp/program/process/echelon.htm

There's also the relatively new (c2000) program once named "Carnivore" (before someone tipped them off that the name sounded a bit too ominous to get buy-in <g>), ostensibly designed to monitor all Internet traffic for potential terrorist chatter.

I say "ostensibly" because the keyword-trigger system it is said to use is so easily thwarted by things as simple as basic steganography or even a simple Ceasar cypher that it's hard to believe anyone would put that much investment into a system so fundamentally flawed.

Instead, some of the more tin-foil-hat types have suggested that Carnivore's actual purpose isn't at all what it's stated to be in its funding proposal:
http://www.pbs.org/cringely/pulpit/2000/pulpit_20000713_000657.html

And speaking of tin-foil hats, the suggestion that tin-foil hats may protect someone from government mind-control airwaves may itself be government-sponsored misinformation, since this MIT study on the efficacy of tin-foil hats shows that they actually attenuate signals rather than block them:
http://berkeley.intel-research.net/arahimi/helmet/

Choose your hats wisely. :)

rg4w: Tin foil hats are intended to attenuate E/M signals. (Attenuation refers to the normal exponential decay that E/M fields experience as they penetrate into a conductor.) That study shows that the amplitudes of certain frequencies (known to lie in bands controlled by the US government :p) can actually increase inside of certain tin foil hats.

Ignoring the legal aspect of the issue, from a tech point of view, the CIA cannot monitor what everyone is doing. This is way too much information for them to process, just think about all the millions of people chatting in all the different languages and so on.

What CIA can do, is target a single individual. They track a single person, which is easy in the USA somewhat harder outside the easiest way is to work with the ISP. Your ISP can monitor what you are doing, unless it is encrypted. If the data is encrypted, they can still monitor you from the IM server (Skype can monitor your chats on Skype, and so can CIA).

Skype calls don't pass through any intermediary server, they're encrypted and decrypted at the client end and the two machines connect directly. There's no way to intercept unencrypted skype traffic unless you have some kind of monitoring software actually running on one of the client machines.

The question here is, "Does the US government have blueprints showing how civilian vendor encryption keys are created and the capability to quickly reverse engineer the keys to crack the encryption?" Which would make it fairly easy for them to crack your algorithm. Of course I believe that if they have this capability, then they still wouldn't have the computing power to do this with all encrypted communications.

I would bet that Skype only has a hand full of keys they use for all of their encryption and that their protocol flags would make them an easy target.

I think the thing that really helps with making our encrypted communications harder to track is the amount of torrenting flooding the the world's backbones with encrypted connections. Chasing all of those connections and trying to decrypt and read them would be like a blind, one legged cat trying to chase its tail.

Skype calls don't pass through any intermediary server, they're encrypted and decrypted at the client end and the two machines connect directly. There's no way to intercept unencrypted skype traffic unless you have some kind of monitoring software actually running on one of the client machines.

Are you sure? I would like for this to be the case, but Skype can connect two computers behind firewall/NAT. Something goes through their server and they at least know who you are talking to (i.e. which account). They may be able to monitor the entire traffic.

Are you sure? I would like for this to be the case, but Skype can connect two computers behind firewall/NAT. Something goes through their server and they at least know who you are talking to (i.e. which account). They may be able to monitor the entire traffic.

http://www.theregister.co.uk/2010/12/06/blackberry_india/
and
http://www.theregister.co.uk/2010/08/13/india_takes_on_voip/

"Arranging lawful interception of peer-to-peer services like Skype and Google Talk will be more difficult than for BlackBerry. The latter at least goes through a single server, while VoIP communications such as Skype are genuinely peer-to-peer in that once a call has been established the communication is entirely decentralised."

They could, but I doubt they do.

search 'skype backdoor'.

First result on Bing was this. (http://blog.tmcnet.com/blog/tom-keating/skype/skype-backdoor.asp) At the end, it says:


Ok, April fools was a few months ago. If you read this far, I'm joking about the top-secret Skype surveillance program. It's Friday, and I just thought I'd have some fun with the "legit" Austrian rumors about the ability to wiretap Skype calls.

We are Watching you!

certain protocols cannot be monitored.
BULL. Any, and all protocols, whether they're CSC, or P2P, can be monitored. P2P connections do go through a number of routers, any one of which may forward the packets to NSA.

And for the record, it's the NSA, not the CIA that operates on this turf.

Skype calls don't pass through any intermediary server, they're encrypted and decrypted at the client end and the two machines connect directly. There's no way to intercept unencrypted skype traffic unless you have some kind of monitoring software actually running on one of the client machines.
Or you have monitoring software on one of the intermediary routers.

i would assume any encryption can be decrypted. CESA for example.


so lets assume the developers/ programmers know how to get around, it's their design, so they deliberately left a hole, then CESA will have this information!

I don't think they care much for sovereignty.

My point was that Echelon means they have a formal arrangement with the government of the other country.

The US government and CIA is not omnipotent - they can't crush other governments beneath their feet, or do very much more than intelligence agencies in other countries can (although they are richer than most).

If the CIA can just monitor networks in other countries then there must be many dozens of foreign intelligence agencies likewise monitoring the networks in the USA.
In actual fact, neither of these things are happening, except where a formal agreement exists, or on a very, very small, secretive, limited scale.
i would assume any encryption can be decrypted. CESA for example.


Then you would assume wrong. Encryption is based on mathematical principles. Unless/until quantum computing changes the game, encryption like AES 256 is unbreakable - we don't even have access to enough *energy*, let alone time, to crack it.

Skype uses UDP hole punching to setup the peer-peer conversations. So as long as some eavesdropper can hear the request to start the conversation, then it can emulate the response and replace the desired peer with an alternate filtering one. The nature of UDP hole punching means that the construction of the UDP link is inherently unsafe. Combine that with apparently only a few (one?) encryption keys and it's not going to be hard to tap into conversations.

I tend to put more trust in encrypted channels when I've created and control the key pair. It's unwise to trust the network over which the data travels.

Likewise for ssl certs. Since it's likely not hard for the NSA to pressure a CA to provide an intermediate CA certificate it's more secure to generate your own self-signed certs for your own connections. Certainly we've seen documented other governments that have installed intermediate certs in network filtering devices (sold by US companies).

I would maintain my own personal philosophy of life applies here, I am a pessimistic optimistic. Does the CIA have the technical capabilities to monitor all the instant messaging in the world? Probably, if not then at least in the U.S. Do they have the computer resources to handle that sort of data? probably not. Do they have a protocol for sorting the data they get that is smart enough to give them reliable information without inundating them with trash? That would be highly unlikely. Finally, do they have the man power to shift through the monstrous amount of data they would get and come to some sort of actual understanding? No.

So I doubt the CIA is monitoring you, unless you've pissed them off. :D

Psh! It isn't the government you need to worry about, its the aliens. They can read your thoughts. That is why I keep a layer of aluminum foil wrapped around my head at all times, it keeps the little green buggers out of my brain and makes the voices stop. What we need to be worried about is if the CIA is working WITH the aliens.... ;)

Obviously 99.9% of the traffic is rubbish and they have no interest in filtering that. But to the small remainder that may be communicating something of interest, which may be whatever (who knows what they are actually interested in, certainly not teenagers idle chatter) I'd not be surprised that they have the ability to filter and reduce it to identify the key data streams worth watching.

BULL. Any, and all protocols, whether they're CSC, or P2P, can be monitored. P2P connections do go through a number of routers, any one of which may forward the packets to NSA.

And for the record, it's the NSA, not the CIA that operates on this turf.

True, quite true. On all counts. But does it matter?

The STRENGTH of the CIA/NSA/etc is that they're a government agency. Which means they have billions of your tax dollars with which to buy lots of gee-whiz toys to do all the eavesdropping with and can do a certain amount of arm-twisting with the ISPs.

The WEAKNESS of the CIA/NSA/etc is that they're a government agency. Gathering data is meaningless if you don't know what to DO with the data once you have it. As government agencies, they're bureaucracies just like any other. And most bureaucrats couldn't find their own *** with both hands stapled to their butt cheeks.

Political Thread, so locked. Now to check for bugs in my house.

Following review in the Resolution Center I have reopened this thread. Please remember the Forum no polotics rule when posting in this thread.

Would be interesting to know to what level they can intercept and analyse traffic. A lot of agencies/ISPs have technology installed made by the Narus company. Their website however does not have a lot of technical information and I can pretty much guess why.

I read about Skype servers having back doors to the NSA. Anything that goes through 3rd party server via a proprietary protocol cannot be trusted.
There is the OTR protocol of Pidgin (and other programs such as Sip Communicator) that encrypts the information end to end so even if it passes through a server that is monitored it is hard to decrypt.
Reportedly Google Talk uses this protocol aswell ( and i have seen it tunnel the conversation through a vpn to which i and the one i was talking to was connected so it is definitely peer to peer) - but being a proprietary protocol is not to be trusted.
Best is however to use a direct IP to IP connection (Through VPN if possible with locally generated keys) + use zrtp end to end encryption for instant messages + voip.

We are Watching you!

I'm watching you too! And for goodness sakes put some pants on! :P

I doubt they could look at entire messages, most likely they have filters that flag certain keywords.

Ever heard of Echelon (http://en.wikipedia.org/wiki/Echelon_%28signals_intelligence%29)? They seem to have sites across the globe.

I have seen those structures at a site near me. Very interesting.

I have seen those structures at a site near me. Very interesting.

Are you sure? Your location says you're in China.

I have seen those structures at a site near me. Very interesting.

Radar domes look the same so it could also be normal radar.

Radar domes look the same so it could also be normal radar.

Lolz. How do you know this?

Lolz. How do you know this?

The local airports radar is enclosed in a dome that looks the same and you see them elsewhere as well.

Lolz. How do you know this?

You can't really tell what kind of aerial or antenna is inside a radome. You can tell a lot about an antenna just by looking at it, but if you can't see it, it could be anything. In fact I suspect that's exactly why these particular antennas have been built with radomes.

Having said that, and i'm not a massive RF comms geek, but IMO it's unlikely to be regular radar with that many in one spot unless it's some kind of weird bistatic array.

Are you sure? Your location says you're in China.

My location says nothing about China.

Yes, I am sure that I have seen structures that look similar to those near me.


Radar domes look the same so it could also be normal radar.

That is possible. Who knows what is under the domes.

Who knows what is under the domes.

Kittens

Kittens

Hmm... I wonder if kittens under the dome would evolve in to 'Cat'.

http://www.reddwarf.co.uk/gallery/series-1/images/1-13.jpg

That is possible. Who knows what is under the domes.

I would hope it's radar seeing they have no other visible radar systems and that would not bode well for the airport or the planes & passengers ;)

I would hope it's radar seeing they have no other visible radar systems and that would not bode well for the airport or the planes & passengers ;)

The domes at airports -- yes I hope so too. I thought we were still discussion the domes near me -- which are not near the airport.

https://secure.wikimedia.org/wikipedia/en/wiki/NSAKEY

http://news.techworld.com/security/3253611/storm-over-openbsd-back-door/

so we need minimal open source oses.

my location says nothing about china.
...

24.8843 , 105.6091 ;)

https://secure.wikimedia.org/wikipedia/en/wiki/NSAKEY

http://news.techworld.com/security/3253611/storm-over-openbsd-back-door/

so we need minimal open source oses.

They came to the conclusion that there was no backdoor in openbsd. There is however, a backdoor in some operating systems such as Windows. Your computer usually isn't exploited unless you're a criminal or someone they consider suspicious. You have nothing to worry about. (^_^)

Network traffic goes through the network. That includes routers, servers, monitoring points (for maintenance and traffic control only...!) and in many cases DSL & Cable hub equipment and WiFi radio links. Some of it even traverses satellite radio links. All encryption schemes can eventually be broken. So, if you are so paranoid and are doing such illegal things that you are worried, you probably should not be using the Internet. Just because you are paranoid does not mean that they are not out to get you!

All encryption schemes can eventually be broken.

Pardon? Theoretically yes, but not in practice.

24.8843 , 105.6091 ;)

Not sure where you are getting that...

Not sure where you are getting that...

Have a look at it. It's 平静, China.

Not sure where you are getting that...
I was thinking maybe from this, "平静" but google translate says "Calm" for the translation. I think I am just as :confused: as you are.


Have a look at it. It's 平静, China.Multilingual maybe?

what about hardware backdoor?

http://hardware.slashdot.org/story/10/10/29/1456242/Hiding-Backdoors-In-Hardware?from=rss

http://theinvisiblethings.blogspot.com/2009/06/more-thoughts-on-cpu-backdoors.html

...

Have a look at it. It's 平静, China.

:)

平静 = serenity (or calm or tranquil) depending on what translator you use.

http://www.bashinginminds.com/wp-content/uploads/2007/07/tfaw_serenity_stencil_tee.jpg

So my location is the ship above; which is, of course, is not my real location.

True, quite true. On all counts. But does it matter?

The STRENGTH of the CIA/NSA/etc is that they're a government agency. Which means they have billions of your tax dollars with which to buy lots of gee-whiz toys to do all the eavesdropping with and can do a certain amount of arm-twisting with the ISPs.
Not quite true. CIA gets their under-the-table budget via their drug running activities. Of course, we have no statistics to go off of, but it's easily conceivable their black ops get more funding than their above-board ops.


The WEAKNESS of the CIA/NSA/etc is that they're a government agency. Gathering data is meaningless if you don't know what to DO with the data once you have it. As government agencies, they're bureaucracies just like any other. And most bureaucrats couldn't find their own *** with both hands stapled to their butt cheeks.
Don't make assumptions about these organizations. Their apparent ineptitude is a smokescreen, to make us believe they are less dangerous because they appear to stumble. You simply do not get into these organizations without a fully-functional and capable mind.

Anything they do that fails, inevitably covers something that does not.

I think IRS is better than CIA in this matter. They are after your money.

The cia act act like they are important, but they are just standard government workers. Some of them have skills, but a majority of them are just doing the act. The TSA are just as bad, always trying to make themselves feel important, but actually they are just glorified Airport bouncers/data entry clerks.

Don't make assumptions about these organizations. Their apparent ineptitude is a smokescreen, to make us believe they are less dangerous because they appear to stumble. You simply do not get into these organizations without a fully-functional and capable mind.

Anything they do that fails, inevitably covers something that does not.

I agree in part. I dont believe such an institution would intentionally make it self appear inept. However the public only hears about the failures of "secret" organisations. When they do their job well we, as a rule, know nothing about it.

I believe the quote is; "Our failures are known, our successes are not".

But back to the topic, no organisation can possibly process all the data they collect.

So what about data on the private web? For example, can the CIA find information on WebCT?

Can someone whose conversation is being monitored find out?

Can someone whose conversation is being monitored find out?

I bet they are paying close attention to this thread...

But seriously, the question you wish to have answered
is classified information. I cannot tell you, even
if I wanted to...

Sleep thread sleep