on Wednesday, September 21, media reported about the initiative of the FSB, the Ministry of communications and Ministry of industry and trade on the decipherment and analysis of data transferred in the networks of operators in real-time. Now agencies are studying the possible technical solutions for the implementation of this proposal.
One of the discussed variants of deciphering is the installation of networks of operators able to perform a MITM-attack (Man in the Middle — the man in the middle). For the analysis of unencrypted and already decrypted traffic is encouraged to use the system DPI, which are already used by Telecom corporations to filter forbidden sites.
almost immediately after the appearance of this information the initiative has been criticized by the Internet community. In particular, the “profile” Ombudsman Dmitry Marinichev, in conversation with radio “Moscow Speaks” called unacceptable the decryption of user traffic.
the founder of the “society for the protection of the Internet,” Leonid Volkov in your Facebook account analyzed in detail the methods offered by the authorities.
“MITM is a type of hacking attack that involves an attacker P is embedded in an encrypted channel between subscribers A and B, when A and B think that encrypting the message to each other, in fact they encrypt them all in the address P, which reveals the message, then perelitsovyvat and sends them on,” — said the expert.
the Problem for this task, according to Volkov, is the fact that used on the Internet software attempt to substitute certificate for perelitsovki content looks like a hoax. When the operating system or browser determines that filed a false certificate, they immediately block.
In an interview with “Газетой.Ru” Volkov noted that the fresh initiative agencies looks more real than the full data storage, but “still far from marketability right here and now.”
In turn, senior virus analyst ESET Russia Artem Baranov believes that from a technical point of view the proposals of the FSB, the Ministry of communications and Ministry of industry and trade are real. “While initiatives are limited to analysis of unencrypted and collect basic information about users. The new proposal could require the providers and users installs in system the special digital certificate for the analysis of encrypted traffic, e.g. HTTPS”, — he told. “Газете.Ru”.
Encrypted foreigners
Director of information-analytical Agency TelecomDaily Denis Kuskov said “Газете.Ru” that decryption of traffic is not a simple process. “The ministries that undertake this task do not fully understand what can and can’t handle”, he added.
the Analyst noticed that it is still not resolved the question of activities of foreign companies responsible for user communication. First and foremost we are talking about the messenger with end-to-end encryption.
“I don’t see any shifts in terms of working with organizations from a legal point of view, are not in Russia. But with our companies easier, they can always be slapped,” said Grand.
In the anti-terrorist package of amendments in addition to the operators referred to the so-called organizers of the dissemination of information. For them in 2014 in the Russian legislation provides its own registry, administered by Roskomnadzor.
currently the list includes about 70 items. Among them the social network “Vkontakte”, “Odnoklassniki”, “My circle”, the postal service Mail.Ru “Yandex” and “Rambler”, storage “Yandex.Disc” and “Облако@Mail.Ru” portals “Habrahabr” and “Roy”, a Dating site “Mamba”, the video service RuTube, blog platform LiveInternet, imageboard “Dvach” and others.
In the register for the duration of his work did not hit any one foreign portal and neither the messenger.
How to break HTTPS
broadly Known method of encryption is not only end-to-end, but the HTTPS secure Protocol used by the web sites.
Director General REG.RU Alex Korolyuk believes that the existing technical capabilities of the Ministry of communications, Ministry of industry and trade and the FSB will allow to remove encryption only in centralized nodes, such as sites that are protected via HTTPS.
%”But not in any way affect encrypted P2P encrypted messages that will make the system bulky, expensive and almost useless in combat technically equipped persons to commit offences”, — concluded the expert in conversation with “Газетой.Ru”.
In turn, the Executive Director Unolabo Konstantin Nikonov believes, “traffic analysis for” the law of Spring is not needed. “For this is the Internet-backup-server, which stores all the essential for this analysis and so. Everything is reduced to a textual database, which the FSB will analyze a team “search by keyword”, shared his forecast with “Газетой.Ru” expert.
Hardware, which is not
Another aspect closely related to the implementation of the law Spring, according to Kommersant, is a full transition to the Russian Telecom equipment. The authors of the road map in the framework of the subgroup “IT+Sovereignty” at the Institute of development Internet (IRI) has allegedly proposed to require operators and data centers by 2020, 85% go to the Russian-made equipment. As one of the ideologists of this approach, the publication pointed out the former communications Minister and current presidential aide Igor Shchegolev.
In this later, talking to “Roy”, head of the Foundation for information democracy Ilya massukh, who just deals with IT-the independence of the Runet in the framework of IRI, called the idea “nonsense.”
Pieces in conversation with “Газетой.Ru” a possible move for the full import substitution is also dubbed unlikely.
Cellular currently, 100% is imported. It’s not just the base station, and a hardware-software complex. At the moment, all this can not be replaced.
you have not made a serious step on the part of the Ministry of Finance, the Ministry of communications and Ministry of industry and trade, it could be bad in that direction. I don’t see the real action, which would allow us to say that Russia may go to domestic equipment in the near future”, — concluded Telecom expert.
the mobile Operators declined to comment. The communications Ministry on request “Газеты.Ru” did not answer.
No comments:
Post a Comment