FBI: all your P2P communication are belong to us

Chilling, and ummm...technically retarded.

Federal law enforcement and national security officials are preparing to seek sweeping new regulations for the Internet, arguing that their ability to wiretap criminal and terrorism suspects is “going dark” as people increasingly communicate online instead of by telephone...

...To counter such problems, officials are coalescing around several of the proposal’s likely requirements:

¶ Communications services that encrypt messages must have a way to unscramble them.

¶ Foreign-based providers that do business inside the United States must install a domestic office capable of performing intercepts.

¶ Developers of software that enables peer-to-peer communication must redesign their service to allow interception...

They might be able to strong arm genuine businesses into doing the first two points, but the 3rd is insane and opens the door to the FBI being fed bogus information.

First of all, you don't even need elaborate P2P "software" per se to communicate on a peer level. The ubiquitous PING utility can be used for this, since pings can be sent out with a data block attached, so two people who know each other's IP's can simply sit there sending each other pings with an encrypted payload attached, and have a ICMP packet filter installed to peel out data blocks and queue/feed them to a display utility when an ICMP comes from one of the specific IP addresses you're looking for.

This is NOT freaking rocket science. Any programmer with even a casual knowledge of TCP/IP programming could easily hack up such a workaround in a day or less. I know I could.

There's plenty of public domain sources for PING utilities. The mods to add a user specified and encrypted data block would be trivial. I'd bet such already mod'ed PING already exist if I were to bother searching for them.

Packet filters are pretty easy, so suppose the FBI manages to strong arm everyone hawking P2P software (any online 2 player game for instance) and they all install some sort of backdoor into their apps?

The specifics of what trigger that backdoor are going to remain secret for about 10 nanoseconds, and anyone can write a packet filter to figure out if they're being monitored.

Of course, once you know you're being monitored, its easy enough to create another packet filter to generate/insert bogus outbound data directed to the FBI and/or send the recipient a PING with a data payload indicating your connection is being monitored and everyone should dummy up.

posted by Purp at 12:09 PM

| Access Comments