Saturday, December 8, 2018

BGP hijack prevention

https://www.manrs.org
---------------------------------
https://www.blackhat.com/presentations/bh-dc-09/Zmijewski/BlackHat-DC-09-Zmijewski-Defend-BGP-MITM.pdf
---------------------------------
all of the team members needed to be able to work creatively, independently and yet still in concert with each other, sometimes under circumstances of limited communications.
---------------------------------

     International detours and routing changes happen automatically, without human intervention. Even so, they offer an opportunity to the NSA. With some exceptions, the surveillance of raw Internet traffic from foreign points of interception can be conducted entirely under the authority of the president.   

     Congressional and judicial limitations come into play only when that raw Internet traffic is used to “intentionally target a U.S. person,” a legal notion that is narrowly interpreted to exclude the bulk collection, storage, and even certain types of computerized data analysis.8
     This is a crucial issue, because American data are routed across foreign communications cables. Several leading thinkers,9 including Jennifer Granick in her recent report for The Century Foundation, have drawn attention to the creeping risk of domestic surveillance that is conducted from afar.
      This report describes a novel and more disturbing set of risks. As a technical matter, the NSA does not have to wait for domestic communications to naturally turn up abroad.
     In fact, the agency has technical methods that can be used to deliberately reroute Internet communications. The NSA uses the term “traffic shaping to describe any technical means the deliberately reroutes Internet traffic to a location that is better suited, operationally, to surveillance.
     Since it is hard to intercept Yemen’s international communications from inside Yemen itself, the agency might try to “shape” the traffic so that it passes through friendly communications cables located on friendlier territory.10

     Think of it as diverting part of a river to a location from which it is easier (or more legal) to catch fish.
     The NSA has clandestine means of diverting portions of the river of Internet traffic that travels on global communications cables.

     If, for example, the Federal Bureau of Investigations (FBI) wants to monitor electronic communications between two Americans as part of a criminal investigation, it is required by law to obtain a warrant.12
     If the intelligence community wants to intercept Americans’ communications inside the United States, for national security reasons, then it must follow rules established by the Foreign Intelligence Surveillance Act (FISA).13
    Meanwhile, when the intelligence community wants to intercept traffic abroad, its surveillance is mostly regulated by Executive Order 12333 (EO 12333),14 issued by Ronald Reagan in 1981.15
     Surveillance programs conducted under FISA are subject to oversight by the FISA Court and regular review by the intelligence committees in Congress.
     Meanwhile, surveillance programs under EO 12333 are largely unchecked by either the legislative16 or judicial branch. EO 12333 programs are conducted entirely under the authority of the president.

     The narrow interpretation of “targeting” has significant implications on privacy for U.S. persons. For instance, the NSA has built a “search engine44 that allows analysts to hunt through raw data collected in bulk through various means. If a human analyst uses that search engine to search for communications linked to a specific email address, Facebook username, or other personal identifier—a “selector45—then that counts as “intentional targeting.”
     However, if an analyst obtains information using search terms that do not implicate a single individual—for example, words or phrases such as “Yemen” or “nuclear proliferation”—the communications swept up as part of this search, such as an email between two Americans discussing current events in Yemen, are not considered to be “intentionally targeted.”46 Instead, these communications are merely “incidentally collected.”47
      U.S. surveillance techniques are classified, which prevents outside observers from making categorical statements about how far the intelligence community stretches this notion of “incidental collection.”

     But how do communications between two Americans typically travel abroad?
    It can sometimes be faster or cheaper for Internet service providers (ISP) to send traffic through a foreign country. The United States has a well-connected communications infrastructure, so it is rare to find a case where traffic sent between two domestic computers naturally travels through a foreign country. 
     Nevertheless, these cases do occur. One such case (identified by Dyn Research’s Internet measurement infrastructure) is presented below
(Figure 1)
     The “traceroute” presented below shows how Internet traffic sent between two domestic computers travels through foreign territory. The traffic originates at a computer in San Jose and is routed through Frankfurt before arriving at its final destination in New York. The left column shows the Internet Protocol (IP) address of each Internet device on the route, the middle column names the Internet Service Provider (ISP) that owns this device, and the right column shows the location of the device.




Replicating U.S.-based data in foreign data centers is a common industry practice, in order to ensure that data can be recovered even in the face of local disasters (power outages, earthquakes, and so on).53 Google, for instance, maintains data centers in the United States, Taiwan, Singapore, Chile, Ireland, the Netherlands, Finland, and Belgium, and its privacy policy states: “Google processes personal information on our servers in many countries around the world. We may process your personal information on a server located outside the country where you live.”54 If two Americans use their Google accounts to communicate, their emails and chat logs may be backed up on Google’s data centers abroad, and thus can be “incidentally collected” as part of EO 12333 surveillance.

Traffic Shaping by “Port Mirroring” at Hacked Routers

It has been reported that the NSA already employs a technique to “shape” traffic so that it travels through a tapped communication cable. The traffic-shaping technique involves hacking into an Internet infrastructure device, for example, a router. A router is a device that forwards Internet traffic to its destination.73 In Figure 3, which was hand-drawn by a hacker employed by the NSA and later leaked, the hacked device74 is called a “CNE midpoint.”75

“Electronic surveillance”
is a legal term that is defined the FISA statute; in fact, despite several amendments, FISA’s definition of “electronic surveillance” remains largely unchanged from its original 1978 version. The FISA definition of “electronic surveillance” has two clauses that could be potentially cover hacking into a U.S. router and instructing it to perform traffic shaping via port-mirroring.
One clause in the FISA statute defines “electronic surveillance” to be
the installation or use of an electronic, mechanical, or other surveillance device in the United States for monitoring to acquire information, other than from a wire or radio communication, under circumstances in which a person has a reasonable expectation of privacy and a warrant would be required for law enforcement purposes.81
In other words, this clause covers the installation of a device in the United States for surveillance. Hacking a U.S. router could certainly be considered the installation of a device. However, a router is a “wireline” device, and this clause does not cover devices that acquire information from a “wire.”82 As such, this clause is not relevant to the discussion.

Another clause in the FISA statute defines “electronic surveillance” as
the acquisition by an electronic, mechanical, or other surveillance device of the contents of any wire communication to or from a person in the United States, without the consent of any party thereto, if such acquisition occurs in the United States, but does not include the acquisition of those communications of computer trespassers that would be permissible under section 2511(2)(i) of title 18, United States Code.83

     This clause covers the “acquisition” of communications inside the United States. However, one could argue that communications are not “acquired” when a U.S. router is hacked and instructed to perform port mirroring. The hacked router is merely instructed to copy traffic and pass it along, but not to read, store, or analyze it. Therefore, “acquisition” occurs at the tapped communication cable (abroad) rather than at the hacked router (inside the United States). As such, this clause is also not relevant.84


     The intelligence community does not have to hack into routers or use other clandestine techniques to shape traffic—it could simply ask the corporations that own those routers to provide access, or shape the traffic themselves. A document leaked by Edward Snowden suggests that the NSA has done this through its FAIRVIEW program.
(FAIRVIEW was revealed to be a code name for AT&T100). The document states:
FAIRVIEW—Corp partner since 1985 with access to int[ernational] cables, routers, and switches. The partner operates in the U.S., but has access to information that transits the nation and through its corporate relationships provide unique access to other telecoms and ISPs. Aggressively involved in shaping traffic to run signals of interest past our monitors.101

     There is no evidence that the FAIRVIEW program is being used to shape traffic from inside the United States to foreign communications cables. But it is worth noting that, with the cooperation of corporations such as AT&T, traffic could easily be shaped to a collection point abroad without the need to hack into any routers, thus obviating many of the legal questions previously discussed.

      Modern networking protocols and technologies can be manipulated in order to shape Internet traffic from inside the United States toward tapped communications cables located abroad. It is possible that traffic shaping is regulated by EO 12333, and not by FISA,102 since the techniques shape traffic in bulk, in a way that does not “intentionally target” any specific individual or organization.
    Moreover, while FISA covers the “acquisition” of Internet traffic on U.S. territory, but the traffic shaping methods discussed merely move traffic around, but do not read, store, analyze, or otherwise “acquire” it. Instead, acquisition is performed on foreign soil, at the tapped communication cable. Finally, while the Fourth Amendment may require a warrant for hacking U.S. routers, the warrant requirement could be avoided by performing traffic shaping with the consent of corporations that own the routers (e.g. via the FAIRVIEW program), or by hacking foreign routers (and then using BGP manipulations).

Technical Solutions Will Not Work

     One might be tempted to eliminate these loopholes via technical solutions. For instance, traffic shaping could be made more difficult by designing routers that are “unhackable,” and Internet protocols could be made secure against traffic-shaping manipulations. Or the confidentiality of traffic could be protected just by encrypting everything.
     While this approach sounds good in theory, in practice it is unlikely to work.
First, it is highly unlikely that we will ever have Internet infrastructure devices (e.g. routers) that cannot be hacked. Router software is complicated, and even the best attempt at an “unhackable” router is likely to contain bugs.104 Intelligence agencies have dedicated resources to finding and using these bugs to hack into routers.105 And even if we somehow manage to create bug-free router software, the intelligence community has been known to physically intercept routers as they ship in the mail, and tamper with their hardware.106

     Second, it will take many years to develop and implement secure Internet protocols that prevent traffic shaping. A key challenge is that the Internet is a global system, one that transcends organizational and national boundaries. Deploying a secure Internet protocol requires cooperation from thousands of independent organizations in different nations. This is further complicated by the fact that many secure Internet protocols do not work well when they are used only by a small number of networks.107

     Finally, while encryption can be used to hide the contents of Internet traffic, it does not hide metadata (that is, who is talking to whom, when they are talking, and for how long). Metadata is both incredibly revealing, and less protected by the law.108 Intelligence agencies have also dedicated resources toward compromising encryption.109 Moreover, EO 12333 allows the NSA to retain encrypted communications indefinitely.110 This is significant because the technology used to break encryption tends to improve over time—a message that was encrypted in the past could be decryptable in the future, as technology improves.111
     This is not to say that technical solutions are unimportant. On the contrary, they are crucial, especially because they protect American’s traffic from snoopers, criminals, foreign intelligence services, and other entities that do not obey American laws. Nevertheless, technologies evolve at a rapid pace, so solving the problem using technology would be a continuous struggle.

     It is much more sensible to realign the legal framework governing surveillance to encompass the technologies, capabilities, and practices of today and of the future.

1 comment:

  1. Good Information on BGP hijack prevention By using Black Hat techniques Keep posting.
    Best Java Training institute in Kphb

    ReplyDelete

Thank you for your comment. Will try to react as soon as possible.

Regards,

Networ King