How Big Brother (or That Shady Cousin You Never Liked) Can Steal Your Data

7 Minutes

“Let me count the ways to steal your data in a network…”; this sounds like a scary proclamation and it is.

The fact is, there are multiple opportunities, once data leaves your computer, to capture it. The most alarming part – in most cases, you will have no way to even know it happened.

There are a few things at play that make this all possible. First, the Internet was not built with security in mind. It was designed to allow for easy diagnosis of problems. Because of this, things like Man in the Middle attacks, packet injection and IP spoofing are all possible. This is actually by design as the Internet was for research. From that perspective, allowing these types of things to happen is favorable.

The other issue was the rush to get the Internet to the public. In that haste, a law called CALEA came into existence. This requires all core Internet routers, aka “Autonomous Systems” or AS for short, to have the ability to intercept and record any data on their networks. This was done to allow law enforcement to eavesdrop on criminals but, like most laws or rules with a technical prescription, the ramifications allow anyone with an AS router to eavesdrop on anyone else simply by knowing an IP address and an originating virtual port. This law does have provisions for “lawful intercept” but, since the Internet is global, there are ways around that (more on this to come). Have you heard about the mass warrantless data collection that has happened in the US? That is actually a gray area taking CALEA and The Patriot Act together. This AS feature also means that someone halfway around the world can record your data if they know your IP and the port you are connecting to. Also, law enforcement can now record your VoIP (voice) data without needing a warrant if it’s part of an incidental collection as part of a data sweep under section 702 of the Foreign Intelligence Surveillance Act, or FISA (and almost all phone calls now use VoIP at some point in the connection). You will be none the wiser and all of this is currently legal in the US thanks to CALEA, The Patriot Act and FISA. If the FBI, NSA or CIA think it might be questioned in the courts, they will simply ask one of the partner agencies in another country to do the recording for them (this is according to the FBI during the DNC email leaks of 2016). This means, even if the US were to pass a law or not renew section 702 of FISA (currently in the Senate as of this writing), US law enforcement will still be able to get around it and present it as “shared intelligence”.

There is a third method that requires access to your network switch or being in your network domain. Without getting too technical, if you are on the wi-fi at a coffee shop, anyone in the shop can record nearly everyone’s data if they have the right tools installed. If you don’t believe it, get a copy of Wireshark and see what happens when you go to your favorite coffee shop. Wireshark will record all the data it captures at a push of a button. It’s just that simple.

This is similar to how the DNC got hacked. They recorded all the data on the local network, filtered out the email exchanges, shipped it back to Russia and decrypted the data. That last point is a sign as it’s the first time a state actor has tipped their hat as to what they are capable of with decryption. When you are changing election results that will affect your adversary for generations to your favor, I guess pushing all the chips on the table makes sense. Knowing you can decrypt everyone’s data really doesn’t matter with that kind of win. The punch line is Russia showed their hand with decryption capabilities. The most critical techniques for collecting the data, past the decryption and obfuscation, are things nearly anyone can do without too much effort or expertise. …and don’t forget, data recorded today can be decrypted at any time later – for instance when Quantum Computers become mainstream and virtually everyone has access to one.

Are you scared yet…well you really should be. So let’s put these in order of easiest to hardest:

  1. Layer 2 Recording – This is getting on a public wi-fi router or attaching to a switch at work and recording the data coming across that local network. This is as simple as installing Wireshark and pressing record.
  2. AS Recording – While this requires owning an Internet AS router, recording as required by the CALEA law is quite simple. Get an IP address, know the port they are going after and start recording. Since it’s an Autonomous System, this is all automated once you tell the router what you are after. Getting a router on the Internet itself, while somewhat expensive, is not as hard as you might think. A small player can get an AS on the Internet with a modest network if they are contributing bandwidth (which they are actually required to do). You also might be concerned about the hacker halfway around the world. As with everything else in the Web, physical location does not matter when you are in cyberspace.
  3. The Man in the Middle attack has plenty of tools built and available to make intercepting and recording data possible for anyone to do. That said, you now need to know two targets and then precisely the time to get in the middle. There are also tools and means to potentially detect the attack has happened. So, while administering the attack may not be a big deal, starting it and keeping it going may prove difficult. It’s much simpler to get an AS router or simply pay someone that already has one like a struggling Mom and Pop Internet Service Provider.

So, you might be wondering, “How do I stop this from happening?”. To address that problem, we have a solution. Introspective Networks’ Streaming Transmission One-time-pad Protocol (STOP) protects data at Layer 2 in the easiest case and removes the ability to record in cases 2 and 3. In the protection case, to crack the data, one would need to record both the data and the corresponding key stream. In most cases, the keystream is sufficiently cached before you sit down at the coffee shop and should be a sufficient amount of key cache to handle the time it takes to drink your latte. Also, the actual keys are never sent. What is sent is information used to generate the key on either end. It’s also done through randomness and not calculations so there is nothing to decrypt. There is a simple premise to STOP technology: anything calculated can be solved for (legacy encryption) and anything random can not (STOP). Lastly, the encryption is the same algorithm as Type 1 Military encryption – the strongest type of encryption known and provably uncrackable. This has not been available to you at home until now.

In the next two cases, AS recording and Man in the Middle, STOP leaves the originating port (think web page Port 80) unknown. These ports change constantly and are never known. This also makes putting the pieces together in Layer 2 recording much, much harder. The two (or more) streams of data have to be aligned in both virtual space (port) and time (the offset between the Streaming Key and the encrypted data stream). Since they are moving by changing ports and networks, just finding the encrypted data and corresponding key stream could prove challenging.

STOP is offered in a simple VPN solution: SmokeVPN. The ease of configuration and the auto-failover for multiple carriers makes it behave like SDWAN (making this an even easier decision on how to spend your cybersecurity and network budget). Contact us today to get a 15 day free trial. It won’t take long to figure out this is the most secure solution for data in motion on the planet.

Trusted partners throughout the industry.