NSA patent.
Results 1 to 9 of 9

Thread: NSA patent.

  1. #1
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668

    NSA patent.

    From Here: http://patft.uspto.gov/netacgi/nph-P...S=PN/6,947,978

    Method for geolocating logical network addresses

    Abstract

    Method for geolocating logical network addresses on electronically switched dynamic communications networks, such as the Internet, using the time latency of communications to and from the logical network address to determine its location. Minimum round-trip communications latency is measured between numerous stations on the network and known network addressed equipment to form a network latency topology map. Minimum round-trip communications latency is also measured between the stations and the logical network address to be geolocated. The resulting set of minimum round-trip communications latencies is then correlated with the network latency topology map to determine the location of the network address to be geolocated.
    Anyone who thinks you can hide online should read this.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  2. #2
    Hm............interesting.........I wonder how accurate the information gleaned from this patent concur with the real world location.

  3. #3
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    Wow. Interesting. We all knew somehting likethis was possible, but now we have sen it explained in practical and technical terms. From what I understand, the NSA would select a number of locations around the world and set the lag time, or round trip time, to those destinations manually.

    So let's say the RoadRunner network is set at 30 ms, Rogers at 50 ms, and Level 3 at 70 ms. They have a computer they wish to locat, and communicate with it somehow, getting a response time of 53 ms. This would indicate that the target computer is somewhere on the rogers network. These latencies can then be adjusted to allow for normally present latencies inherent in individual networks.

    For further accuracy, they can place hosts on individual subnetworks of those networks. Say they find a host is on the RoadRunner network. The NSA now has hosts on each subnetwork of Roadrunner, with latencies set at 100 ms for Ohio, 200 ms for New York, and 300 ms for Alabama (I think they have Internet there by now). A response time of 124 ms would indicate that the target is in Ohio.

    I can see at least one flaw at this time; the design relies upon reliable communications with the target and every point during the geolocation. I could deny communication from any point along the geolocation resolution process to limit the accuracy of thier search.

    This patent brings up same very good challenges with ideas such as onion routing, tor, and FreeWeb. For one, it relies on an endpoint-to-endpoint communication with the host, and therfore relies on the theory that the Internet is heirarchical in structure. While this is essentially true, that assumption will fail to hold when I apply another mesh network on top of the endpoints of the Internet, as would be the case in the Tor network or Onion Routing.

    But... counterpoint.

    They could easily develop an implementation of this patent to place on the Tor network, or for use with onion routing networks. Unfortunately I am famailer enough with neither to accurately envision what a showdown between this new geolocation technique and an onion routed netork, or Tor, would look like.

    As for FreeWeb, they may in fact have tens or hundreds of targets to track down, where the individuals providing the hosting for the target data are completely unaware of its content. The geolocation of such a target may prove to be fruitless, especially when it is replicated across several, if not thousnds, of endpoints.

    So it will work in theory for endpoint to endpoint communication along a heirarchical Internet with single targets, but how well will it work against onion routed networks, Tor
    routed networks, or distributed storage networks such as FreeNet?Or in the case where they simply have no reliable means of communications with the target?

    Ok wow. My brain is racing with attacks and defense mechanisms against this. And I need to sleep. So what happens when the targets address is only known through participation in a non-tradidional Internet?

    Your insights and opinions would be appreciated.

    P.S. That got my mind off the gas prices and the pending apocalypse(?). I can already feel my brain being oiled. It's something to think about, that's for sure. It's like a game of chess.
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

  4. #4
    Banned
    Join Date
    Jun 2005
    Posts
    445
    Anyone who thinks you can hide online should read this.
    If the attack is coming from a compromised machine, not a proxy, but a fully compromised machine being used as a zombie, wouldn't geolocation be a moot point?

  5. #5
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    If all you care about is finding the source of the attack yes. But the NSA will sieze the zombie computer under the Patriot Act, and use that to find the real prepetrator. Besides, I think the NSA if aster people who compromise corporate, university, or governent networks, not end user machines.

    Anyway, no offense d0pp, I was trying to help a theoretical discussion get going... just trying to keep it pointed that way.

    The compromised machine could be part of a network on top of the Intenet, too. They may in fact need to find ways to infiltrate these botnets with this techniqe to find the master of them, so that raises an interesting question, too.
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

  6. #6
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,535
    Originally posted here by Striek
    If all you care about is finding the source of the attack yes. But the NSA will sieze the zombie computer under the Patriot Act, and use that to find the real prepetrator.
    That would only work if the computer is in the USA..

    Most botnets I've seen are actualy quite lame..
    A simple disection of the bot or even a netstat or ettercap will reveale the controling system of the bot..
    Usualy an irc server..
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  7. #7
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    That would only work if the computer is in the USA..
    Indymedia might disagree with that Some or their servers hosted in the UK were seased by USA agencys acting on behalf of Swiss and Italian agencys.

    A little off topic, I know, but does go to show the level of international cooperation these days.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  8. #8
    Banned
    Join Date
    May 2003
    Posts
    1,004
    Originally this idea was for dealing with cell phones.

    I know the guy who was attempting to sell this project to the NSA... they said "we don't understand... (he gave more info) we don't understand... (he gave still more info) that can't be done... (he gave even more infor) that can't be done... (he gave up nearly all the info) oh yeah... we're already doing that (which voids any NDA), and we've decided this has national security concerns, you are no longer allowed to work on this... thanks!"

    The joys of dealing with the government, if you're small they'll just rip you off and if you're large... well the FBI just scapped SAIC's search engine project after giving SAIC ~$130mil because it didn't work and was deemed unfixable. No fines, no nothing.

    Ah special interest...

    cheers,

    catch

  9. #9
    Frustrated Mad Scientist
    Join Date
    Dec 2004
    Posts
    1,152
    Could you introduce a random delay into the functions of the network card?

    If the system relies on latency if you could randomise the latency by 50ms would that throw out the NSA locator without affecting your connection?

    I don't know if it's even possible, just throwing the idea out..

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides