• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

NSA/General Terrorist Question: How is the government reading mail/faxes?

Page 2 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
DrPizza said:
If you really want secure communication between two people, agree on an encryption algorithm. Encode secret message on computer that isn't connected to the internet, save to flash, upload on another computer - post encoded messages online, say, on craigslist, or any other public place.

step 2: download encoded message, save to a flash device. Decode message on a computer that is NOT connected online. Thus, the two computers that have the encoding and decoding algorithms cannot (easily) be hacked. Though, that possibility could be completely eliminated by requiring data entry into a computer that doesn't even receive a flash drive.
Click to expand...

You seem to be pretty well read, so I imagine you're familiar with the concept of steganography. Innocuous items for sale on Craigslist could be used to hide data if the people who were communicating knew to look for them. Hide pieces of data across several unrelated listings from several different devices on different network connections.

Anybody who is sufficiently motivated to avoid detection can do so with a little thought and preparation.
 
BoberFett said:
You seem to be pretty well read, so I imagine you're familiar with the concept of steganography. Innocuous items for sale on Craigslist could be used to hide data if the people who were communicating knew to look for them. Hide pieces of data across several unrelated listings from several different devices on different network connections.

Anybody who is sufficiently motivated to avoid detection can do so with a little thought and preparation.
Click to expand...

Great point - though, there are more and more tools being developed to detect steganography. Nonetheless, I was pointing out that even if you KNOW that something is encrypted, it doesn't mean you or any bank of super computers is going to be able to break that encryption. If you know the encryption algorithm, then perhaps you might get lucky.

Your point shows that not only can you have unbreakable encryption, but you might be able to hide it so that no one even knows it's there. Though, with the NSA stuff, I suspect that photos on craigslist & elsewhere, as well as a myriad of other files are routinely checked for steganography. I'm going to guess that if they DO detect that you are using such encryption, while they may not see the messages, they might pay a little more attention to you.
 
DrPizza said:
Not really. It can be insanely difficult - if you know the encryption method. For example, I can use a different huge prime number for each letter of the alphabet. Put my message in matrix form, using a lot of 3x3 matrices. Multiply each matrix by different 3x3 matrix each, again, made up of incredibly large prime numbers, or mostly prime numbers - I can select numbers such that the inverse of the matrix consists of integers. Send all those matrices to a counterpart. He multiplies each 3x3 matrix by his own 3x3 matrix. He sends this further encoded message to me. I multiply by my inverse matrices and return it to him (this cancels out my original multiplication, since multiplication is associative). He multiplies by his inverse & has the message.

edit: to clarify: [my inverse][my code][message][his code][his inverse] = [message]

The amount of computing time to crack that would (I think) be huge. And that's IF you know how I encrypted the message. If not, then you're just seeing a big long string of huuuuuuge numbers. Now, instead of encoding the message that way, agree on a text beforehand. "In the beginning" I is the 9th letter of the alphabet, so only the 9th character is a part of the secret message. N is the 14th letter, so 14 letters later is the next character. All the rest of the characters are completely randomized.

Without knowledge of the algorithm - that we added this last step in - it's now, for all practical purposes, impossible to crack. And, we could make this last step even more obtuse. Add in the step I pointed out above - send and receive messages on one computer, but decrypt on a computer that's isolated from the Internet to prevent someone from hacking into your algorithm... Good luck.
Click to expand...

This is what gets me about the arguments about whether the government can compel some one to reveal their password or not to get at their encrypted information. Everyone is always talking about key and door analogies and safe combinations and then saying that those could be physically worked around and how computers are different and have changed the game. Why are they even arguing with these convoluted analogies? We've been sending coded messages well before a computer was even conceived. Could you compel some one to translate their secret language if they plead the 5th? That's the only question you need to ask in my mind.
 
DrPizza said:
Great point - though, there are more and more tools being developed to detect steganography. Nonetheless, I was pointing out that even if you KNOW that something is encrypted, it doesn't mean you or any bank of super computers is going to be able to break that encryption. If you know the encryption algorithm, then perhaps you might get lucky.

Your point shows that not only can you have unbreakable encryption, but you might be able to hide it so that no one even knows it's there. Though, with the NSA stuff, I suspect that photos on craigslist & elsewhere, as well as a myriad of other files are routinely checked for steganography. I'm going to guess that if they DO detect that you are using such encryption, while they may not see the messages, they might pay a little more attention to you.
Click to expand...

There's probably an infinite number of ways to do steganography, I can't imagine a tool that would be able to check an image for them with any meaningful success rate. Especially if some message is encrypted before hand, there would be no way to tell the noise from the encrypted message.
 
PingSpike said:
This is what gets me about the arguments about whether the government can compel some one to reveal their password or not to get at their encrypted information. Everyone is always talking about key and door analogies and safe combinations and then saying that those could be physically worked around and how computers are different and have changed the game. Why are they even arguing with these convoluted analogies? We've been sending coded messages well before a computer was even conceived. Could you compel some one to translate their secret language if they plead the 5th? That's the only question you need to ask in my mind.
Click to expand...

IIRC, Ars Technica was following a case regarding this exact issue. Govt suspected some guy had child porn on his HD, but the HD was encrypted. He refused to give password. Gov claimed passwords were like keys/combo to a safe, and refusal would be akin to destruction/hiding of evidence (there was prior case law about safes)

Though on one hand the guy could just say "I forgot the password" and maybe get plausible deniability. I dunno, IANAL, plus I forgot the details of the article.
 
If a email addon or application were developed that inserted a page of randomized text using letters and numbers. Pulled as randomly as possible from different search results and sites. And put that into every email. The reciever would know to ignore it. But, would it look like encrypted data?

If you can't avoid, confuse.🙂

.
 
Terrorists can still easily communicate over the internet, without using faxes or pigeon mail. Here is what they do:

1. buy an old cheap laptop on Craigslist for cash
2. wipe and install pirated Windows, fake the MAC address
3. install truecrypt or some privately developed encryption
4. connect to a public wifi, or use neighbor's
5. create gmail/etc account
6. email encrypted messages to each other as attachments
7. after mission accomplished, destroy laptops

Nothing can identify terrorists communicating this way. Meanwhile the law-abiding population is under 1984 monitoring.
 
Scotteq said:
ISP is only a small part of their business. Deutsche Telekom is one of the largest multinational telecommunications companies in the world. 🙂
Click to expand...

I know that, the article is not about DT but about German ISP in general taking steps.
DT is the largest ISP in Germany
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top