FBI,content monitoring,backdoors & Going Dark…shake well before use

Social Networks represent a rich mine of information of great interest for researchers, cybercriminals and government agencies. Analyzing the networks is possible to track detailed profile of any users, his relationships and his habits, the possibility to exercise the control of social networks is an actual form of power, the power of knowledge.

We have read different news regarding the effort spent by law enforcement and government agencies on the development of new tools and applications for the monitoring of the networks. FBI was one of the most active agency in this sense, in the last months it has publicly requested the design of a real time monitor for social network that have to be able to identify suspect behaviors that could be interpreted as indicator of presence for an ongoing crime.

According to CNET FBI is working to obtain a sort of backdoor in main social networks like Facebook and also in most used communication platforms such as Skype and Instant Messaging. The Federal Bureau of Investigation is interested to a backdoor for government surveillance, for this reason it is collaborating  with companies like Microsoft, Google and Yahoo.

The FBI has been lobbying top internet companies like Yahoo and Google to support a proposal that would force them to provide backdoors for government surveillance, according to CNET. The purpose of the collaboration between FBI and major IT companies and Internet services providers is tied to the will of the agency to arrive at the definition of legislation that allows law enforcement to have the controversial backdoor.

FBI desires the collaboration of the major player of the IT sector to implement specific backdoor stubs inside their products with intent to make them wiretap-friendly, the request is related to all those communication platforms, social network, email providers, chats and instant messaging.

In more than one occasion government agencies have highlighted the difficulties related to the monitoring new communication channels based on internet. Let’s remind that CALEA (Communications Assistance for Law Enforcement Act) passed in 1994every communication providers must make their system  wiretap-friendly, in 2004 the concept has been extended also to ISP by the Federal Communications Commission despite a non-application de facto of the major web companies.

Starting on the CALEA Act the FBI is interested to extend the regulation to any kind of communication made using internet has channel, this means that there will be a direct impact on VoIP communication used by famous platforms Skype and Xbox Live. Regarding the Xbox let me remind you that US Government has already committed a project to spy on the communication made through gaming platforms confirming the great interest of the administration to monitor any kind of networks and any kind of information circulating on it.

In February 2011, CNET reported that then-FBI general counsel Valerie Caproni was planning to warn Congress of what the bureau calls its “Going Dark” problem, illustrating how the wiretapping capabilities were being reduced with the progress of technology.

Caproni singled out “Web-based e-mail, social-networking sites, and peer-to-peer communications” as problems that have left the FBI “increasingly unable” to conduct the same kind of wiretapping it could in the past.

“Going Dark” is the FBI’s codename for its project to extend its ability to real time wiretap communications, it is born inside the bureau, employing 107 full-time expert starting from 2009.

Which are law enforcement today’s capabilities?

According the declaration of Electronic Frontier Foundation attorney Kevin Bankston FBI already can intercept messages on social-networking sites and Web-based e-mail services, the system used is known as Carnivore, later renamed DCS1000. The interception is possible because Facebook messages and Gmail messages travel in plain text over those same broadband wires for which the FBI demanded wiretapping capability.

The main problem is related to rapid technological evolution that make obsolescent surveillance systems in short time, due this reason the request of FBI to include a backdoor in any product that could be involved in communication, like social networking and also online games consoles.

Security and compromises

Of course the presence of a backdoor in the main product available on the market used for communication purpose could give a great advantage to law enforcement in the fight to cybercrime bet we cannot forget two fundamental aspects:

  • Who and how will manage the acquired data. The line between monitoring and censorship is thin and we have observed in several countries questionable behavior approaching this kind of information.
  • The presence of a backdoor proposes a great question under the security perspective. What would happen if a hostile government or group of cyber criminals could exploit the? It would be an unprecedented disaster. The problem therefore lies in the ability to manage such a critical feature, this issue is extremely complex.

Are we ready to address these issues? I’m afraid not, unfortunately

Pierluigi Paganini

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

16 mins ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

7 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

18 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

23 hours ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

1 day ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

This website uses cookies.