Tecno Android Phones, Samsung Imei Repair, Huawei Mediapad, Official Firmware/ Flash File, WiFi, Alcatel One, Flash Tool Windows, Android Jelly Bean

Did CSEC really track Canadian airport travellers?

Did CSEC really track Canadian airport travellers? - we say welcome to the blog Tecno Android Phones we provide a lot of latest gadget information that must be very dear for you to miss, now we will discuss first about Did CSEC really track Canadian airport travellers? we have collected a lot of information to make this article to complete for you, Please read:

Articles : Did CSEC really track Canadian airport travellers?
full Link : Did CSEC really track Canadian airport travellers?
Article CSEC,

You can also see our article on:


Did CSEC really track Canadian airport travellers?

(Updated: February 9, 2014)

On January 30, the Canadian television channel CBC broke a story written by Greg Weston, Glenn Greenwald and Ryan Gallagher, saying that the Communications Security Establishment Canada (CSEC), which is Canada's equivalent of NSA, used airport WiFi to track Canadian travellers - something which was claimed to be almost certainly illegal. This story was apperently based upon an internal CSEC presentation (pdf) from May 2012 which is titled "IP Profiling Analytics & Mission Impacts":



The CSEC presentation about "IP Profiling Analytics & Mission Impacts"
(click for the full presentation in PDF)


However, as is often the case with many of the stories based on the Snowden-documents, it seems that the original CSEC presentation was incorrectly interpreted and presented by Canadian television.

The presentation was analysed by a reader of this weblog, who wants to stay anonymous, but kindly allowed me to publish his interpretation, which follows here. Only some minor editorial changes were made.

-----
The CSEC project was not surveillance of Canadian citizens per se but just a small research project closely allied with the previous Co-Traveller Analytics document. The report was written by a 'tradecraft developer' at the Network Analysis Centre. The method was not 'in production' at the time of the report though the developer concludes it is capable of scaling to production (real surveillance).

The Five Eyes countries are trying out various analytics that work on cloud-scale databases with trillions of files. Some analytics work well, others don't or are redundant and are discarded. This one worked well at scale on their Hadoop/MapReduce database setup, giving a 2 second response. However, we don't know which this or any other cloud analytics ever came into actual use.

In this case, CSEC was just running a pilot experiment here - they needed a real-world data set to play with. This document does not demonstrate any CSEC interest in the actual identities of Canadians going through this airport, nor in tracking particular individuals in the larger test town of 300,000 people. While they could probably de-anonymize user IDs captured from airport WiFi (the Five Eyes agencies ingest all airline and hotel reservation with personal ID tagging etc. into other databases) that was not within the scope of this experiment.

Technically however, CSEC does not have a legal mandate to do even faux-surveillance of Canadian citizens in Canada. So they could be in some trouble - it could morph into real surveillance at any time - because the document shows Canadian laws don't hold them back. They should have used UK airport data from GHCQ instead. But there they lacked the 'Canadian Special Source' access to Canadian telecommunication providers.

The pilot study monitored Canadian airports and hotels but the goal was foreign: slide 19 says "Targets/Enemies still target air travel and hotels airlines: shoe/underwear/printer bombs ... hotels: Mumbai, Kabul, Jakarta, Amman, Islamabad, Egyptian Sinai". However, this seems far-fetched: the printer bombs were UPS cargo, not passenger-carried. Would someone shipping cargo even go near the airport, much less check their gMail there? More convenient just to stop by the UPS office in town.




The role of the five companies mentioned in the presentation is not always clear:

The first company mentioned, Quova, does bulk IP geo-location lookup. CSEC passes that outcome on to their own ATLAS tool as we saw in the slides about the OLYMPIA program. Given an IP, Quova seems to return only five fields: latitude, longitude, city, country, network operator. The Quova latitude/longitude data shown is not very precise: only degrees and minutes. For comparison, iPhone 4S photo exif metadata provides seconds of GPS lat/long out to six decimal points even with poor tower coverage.

Bell Canada and its ISP portal division Sympatico are mentioned in regards to the unnecessarily redacted IP (a minor settlement west of Hudson Bay, probably just the Baker Lake mine in Nunavit).

Boingo is a post-start-up in the US which is the main WiFi provider to airports and hotels worldwide. Boingo is in some trouble financially, so NSA might have an entry point there, yet the CSEC document makes it sound like they are not especially cooperative.

Akamai is a very US large company that spreads corporate web site servers around the globe for faster response and DDoS resistance. So when you point your browser at ford.com the packet doesn't go or come back from Detroit, but rather Akamai intercepts the URL and sends you packets from a local mirror (i.e. Amsterdam) without disclosing that in the URL. CSEC seems to have found that frustrating and of little value.


It goes without saying that Bell Canada is the top suspect if a telecom ISP is providing backbone intercepts. Rogers Communications is the only (implausible) alternative. However all the document says is: "Data had limited aperture – Canadian Special Source ... major CDN ISPs team with US email majors, losing travel coverage" ... "Have two weeks worth of ID-IP data from Canadian Special Source"

At NSA, a Special Source Operation (SSO) refers to a corporate partner, so this is very likely the CSEC counterpart, by context a major Canadian ISP. Here 'aperture' means the corporate partner could only do so much - as soon as the Canadian ISP hands off to Google or Yahoo, CSEC cannot follow the trail any longer. So it is not a big US firm.

I found it odd that the name of the corporate partner was redacted in slide 8. The explanation: news media don't like to mention corporate names in a bad light. Not fear of lawsuits (it's not defamation, slander or libel to merely post a government document) but probably fear of advertising revenue loss.




How is CSEC getting their data? I think we can rule out direct radio frequency signal interception here - they have the capability to do this, but it does not scale, not even to a large airport. So it's most likely done through a corporate partner but which one, where along the internet does the intercept occur, and what data fields are recorded?

Let's think about scenarios for data travelling: Boingo receives the initial URL request, passes it off to their ISP Sympatico, who pass it along to the Bell Canada network, where it is routed to Akamai or the usual internet, until it is received by the requested website and all its associated ad and image servers, and the usual TCP/IP response occurs, loading the requested web page along with all the auxillary cookies, beacons, trackers, and widgets.

From "two weeks worth of ID-IP data" it sounds like they are not collecting establishment-of-connection events to the airport WiFi but only collecting when someone actually visits a web site. That's in contrast to cell phone metadata which also includes attempted and unanswered call events.




But what exactly does the presenter mean by ID-IP? Some people suggest it might be MAC address and IP address in combination. Or user agent device string (device, OS, browser version etc). Others say advertising cookies and cookie chaining or CSEC might be hacking WiFi to install FinFisher spyware for persistent access. NSA likely owns or partners with several advertising companies and/or buy tracking data wholesale from corporate data aggregators.

I think the analyst muddles terminology here in calling this contact-chaining across air gaps, trying to be trendy. The first has meant going out from an initial individual selector to circles of secondary and tertiary selectors thus finding different individuals or IPs linked to the first selector, as seen both in NSA use and in OLYMPIA DNI and DNR chaining. Here, nobody contacts anybody else; the person is fixed, CSEC is just assigning a few travel points to each individual.

The term 'air gap' originally meant an offline computer that could not be exfiltrated, here it just means intermitent online presence at a free WiFi spot, not even sequential because the traveller may not have always used free WiFi spots. Most US travellers would connect via a cell phone accessory to their laptop, i.e. use their cell data provider the minute they got free of the airport. They would be far easier to track with by passive cell phone tower than by sporadic WiFi internet usage.


The SIGINT collection downside: now everyone is alerted about geo-tracking of movements from global free WiFi site use. So collection now provides a gigantic haystack with no needles. Although these guys with the 4th grade madrassa educations, maybe they remain clueless about snooping techniques.

-----

Security expert Bruce Schneier also concluded that the CSEC presentation is not about tracking Canadian travellers, but actually shows "a proof-of-concept project to identify different IP networks, using a database of user IDs found on those networks over time, and then potentially using that data to identify individual users".

Update:
On his weblog, one of the journalists working on the story of the Canadian broadcaster CBC has now responded to the critical remarks expressed here.


Links and Sources
- Vice.com: How does CSEC work with the world's most connected telecom company?
- Schneier.com: CSEC Surveillance Analysis of IP and User Data
- ArsTechnica.com: New Snowden docs show Canadian spies tracked thousands of travelers
- Lux ex Umbra: More on the wi-fi spy guys
- TorontoSun.com: 'Too early' to tell if spy agency broke any laws, privacy commissioner says
- CBC.ca: CSEC used airport Wi-Fi to track Canadian travellers: Edward Snowden documents



Articles about Did CSEC really track Canadian airport travellers? finished discussed

We think it is enough information about Did CSEC really track Canadian airport travellers?, hopefully the information we give can give benefit for you,

If you feel the information Did CSEC really track Canadian airport travellers? that we provide can provide benefits for others please share with link https://southernmatron.blogspot.com/2014/02/did-csec-really-track-canadian-airport.html thank you for visiting our blog page and do not forget to visit other pages.

Tag : ,
Share on Facebook
Share on Twitter
Share on Google+
Tags :

Related : Did CSEC really track Canadian airport travellers?

19 komentar:

  1. https://finalcracked.com/fl-studio-latest-version-new-cracked-with-torrent-here/
    Fl Studio Crack is a useful place where you can easily find Activators, Patch, Full version software Free Download, Fl Studio License key, serial key, keygen, Activation Key and Torrents. Get all of these by easily just on a single click.

    ReplyDelete
  2. Avast Premier License Key is one of the most popular, top notch and reliable antivirus software. Basically, Avast Premier 20.1.5069 Crack is designed and developed to shield your data and work from viruses, threat, and hackers. It offers automatic update system and improves your home network scanning. Also, It makes your computer to be fully protective all the time. It scans and identifies and removes the potentially unwanted harmful programs and worms. Avast Premier License File takes all the action very perfectly. It works in a real-time environment. Avast becomes faster and powerful by working from its cloud. It is one of the most ultimate protecting software from viruses and threats from the most trusted security providers.
    https://shehrozpc.com/avast-premier-licence-key/

    ReplyDelete
  3. AVS Video Editor Activation Code is that it not stops here; you can also save all these above stuff. It allows you to convert your content in many different video files formats. AVS Video Editor saves your videos, and with the help of this software, you can upload your videos on various sites. You can publish them on Facebook, YouTube or twitter etc. Besides, it gives the flexibility you to make a Media Library by cutting short videos parts classes. You can also adjust the image shading of videos. This is an entire program with other video editors.
    https://cracksmad.com/avs-video-editor-cracked/

    ReplyDelete
  4. Format Factory Serial Key is a software that is used to convert audio, video, image, and ebook files. It can also rip media from DVDs, CDs, and Blu Ray discs. It can convert between various images, video, and audio format as well as it can also convert mobile format and CD/DVD conversions. Its broad functionality makes it very interesting, especially when you need only one software to do the most media conversions. It is a software that was designed to be comfortable with the mind. It is the best app for the conversions that can be done without knowing anything about formats, frames, and bitrates. If you want to convert your videos into MP4 format, you can do it by simply selecting your disc quality and size of the video.
    https://chserialkey.com/format-factory-crack/

    ReplyDelete
  5. Smadav 2020 Crack provides complete protection of your computer from any malicious attacks. It is 100% compatible with other popular antivirus software. Having Smadav Pro means that you have made an extra layer of defence against any virus or malicious attacks. Furthermore, it offers multiple advantages like minimal size installer and usage a low usage of the internet while working with your PC. Also, It is one of the most advanced primary anti-software that use a small fraction of your computer resources. So it is a wise decision to have a Smadav Antivirus Pro along with the leading antivirus software.
    https://chproductkey.com/smadav-pro-crack-keygen/

    ReplyDelete
  6. Connectify Hotspot Pro Serial Key is designed in 10 different languages; choose the one that suits you. It also allows you to use emojis and other Unicode characters in your hotspot name. It is a fast and secure software that works with super-fast speed while protecting your privacy. Another advanced feature includes bypass device restrictions. This feature makes the internet traffic seem like it is coming from our own device. However, it may be coming from other devices that are connected through the hotspot. This feature helps to get over the internet access restrictions without any worries.
    https://zsactivationkey.com/connectify-hotspot-pro-crack/

    ReplyDelete
  7. This is also a very good post which un jobs I really enjoyed reading. evden eve nakliyat adana It is not everyday that I have the possibility to see something like this jobs in usa
    ad full form

    ReplyDelete
  8. thanks for your post i have found the information that i want on your blog its such a nice theme .
    thanks for your infomative post .
    Free Download Oceanofgames for Windows & Mac software PC Games

    Ocean of Games

    ReplyDelete
  9. https://softwarebig.com/imazing-crack-serial-key/
    https://softwarebig.com/roguekiller-keygen-crack-download/
    https://softwarebig.com/ntlite-crack-license-key/

    ReplyDelete
  10. https://cracksway.com/vyprvpn-crack/

    VyprVPN is the best VPN. It possesses every server in its network and provides us excellent security and speed. This software allows us to continue with the professional connection logs, which we can eradicate after one month.

    ReplyDelete
  11. https://lpcrack.com/anno-1800-crack/

    Anno 1800 can make your own city and population and create your own empire. Anno 1800 game helps you teach these topics in a practically different way an helps you to know the practicality do the revolution

    ReplyDelete
  12. https://cskeygen.com/windows-movie-maker-crack/

    Windows Movie Maker interface is developed & redesigned in Windows live. It comes with many features such as ‘Auto Movie’ and the ability to export many videos directly to YouTube and DVD.

    ReplyDelete
  13. sketch crack
    Sketch 2021 free crack download allows you to send large documents to the cloud. The reason is that it is more reliable than a slow network connection. As a result, you do not need support to participate in this activity. If you are looking for a design tool that can make you a professional designer, this app is perfect for you. An easy way to use this application is interesting for users.

    ReplyDelete
  14. BearSmith Serial Key
    BearSmith Serial Key is a powerful software that uses a complete set of tools (both offline and online). And various preparatory decisions. No accidents or errors were found in the review. Further, These include labor suppliers with great help from common places everywhere. In addition, all app operators can easily find recipes to create different witnesses at home. Introductory tutorials, tutorials, and videos as well as suggested material

    ReplyDelete
  15. I think these must be useful to you.
    ยี่กี เข้าทุกงวด
    Thank you for your interest.

    ReplyDelete