Tuesday, September 20, 2016

The FSB is looking for a way to decipher Internet traffic of the Russians – Вести.Ru

the FSB, the Ministry of communications and the Ministry for the execution of so-called “law of Spring” to discuss a number of technical solutions that would enable to decrypt and analyze the entire Internet traffic of the Russians. About this newspaper “Kommersant”, citing a top Manager of one of manufacturers of equipment and sources in the presidential Administration and one of the IT companies.

According to the “law of Spring” owners of the Internet sites capable of transmitting electronic communications — for example, Google, “Yandex”, Mail.ru Group, Whatsapp, Telegram, Viber, Facebook, “Vkontakte” — July 20, obliged to hand over encryption keys at the request of the FSB. However, foreign companies can simply choose not to comply with this requirement, also in the Internet a huge number of websites that are not the organizers of the dissemination of information and use a secure https connection. So without decrypting the traffic is not always possible to understand which website the user has visited, not to mention the fact that he was doing there, said one of the interlocutors edition.

the “store exabytes of encrypted Internet traffic does not make sense — it didn’t find anything,” he told the newspaper a source in the presidential Administration. “The FSB supports to decrypt all traffic in real-time mode and analyze its key parameters, relatively speaking, with the word “bomb”, but the Ministry insist on decrypting traffic only to subscribers that will attract the attention of law enforcement bodies”,— said the source.

According to interlocutors of “Kommersant”, one of the discussed variants of deciphering the installation of networks of operators able to perform a MITM-attack (Man in the Middle). To the user this equipment pretending to be the requested site and site — user. It turns out that the user will establish an SSL connection with this equipment, and it has — with the server accessed by the user.

Hardware decode intercepted from the server traffic, and before sending the user to re-encrypt it with the SSL certificate issued by Russian certification authority (CA). To the user’s browser did not give him notifications about insecure connection, the Russian UTS should be added to the trusted root certification authorities on the user’s computer,” explained one of them.

About the plans of creation in Russia of the certification authority to issue SSL certificates and add it to the trusted root certification authorities in all popular browsers “Kommersant” wrote earlier. Thus the interviewed experts believe such a scheme decryption of the traffic non-ideal and not always feasible.

For the analysis of unencrypted and already decrypted traffic is planned to use DPI system (Deep Packet Inspection) — many operators use them now, e.g. for URL filtering on lists of banned sites.

System DPI work directly with the contents of the data packets, and not only their headers, which packets are processed by the network equipment. “Next steps with this information limited only by the imagination of the customer and computing power solutions. This may be a banal search for keywords and build a complete behavioral profile of the user with the assessment of his psychological state and identify the taste preferences and aptitudes” — said the newspaper CEO of Qrator Labs Alexander Lyamin.

LikeTweet

No comments:

Post a Comment