ARC's 1st Law: As a "progressive" online discussion grows longer, the probability of a nefarious reference to Karl Rove approaches one

Saturday, December 31, 2005

Obstructing the N.S.A. for fun and profit

In a googling of Richard M. Smith, the security researcher from the two previous AP stories I've commented on (here and here) and came across this article from what appears to be his web site on ways to detect if the NSA is snooping on your email.

His method:

The steps are:

  1. Set up a Hotmail account.
  2. Set up a second email account with a non-U.S. provider. (eg. Rediffmail.com)
  3. Send messages between the two accounts which might be interesting to the NSA.
  4. In each message, include a unique URL to a Web server that you have access to its server logs. This URL should only be known by you and not linked to from any other Web page. The text of the message should encourage an NSA monitor to visit the URL.
  5. If the server log file ever shows this URL being accessed, then you know that you are being snooped on. The IP address of the access can also provide clues about who is doing the snooping.
Basically he's talking about setting up what's known in the internet security field as a honeypot. A honeypot is used to attract malicious users or software agents in order to study them further. I think he underestimates his method and the NSA, however.

Plenty of other users other than the NSA would have access to his email and could follow his link. So a hit on the link would not demonstrate proof that the NSA was inolved in reading his email message, only that someone was. Email services such as Hotmail, etc. are owned and controlled by external entities (companies) all of which have employees, partners, etc., who may have had access to the original message, on either side (the sender or the recipient). There should be no expectation of privacy with email messages sent in the clear.

Even if the NSA were to hit his URL it would hardly come from www.nsa.gov (IP address 12.110.110.204) or any nsa.gov or .gov IP for that matter. Think about it, you are the NSA, you have some of the top minds in cryptology, more raw computer power than most universities and corporations. You have a vital mission of national security. You have strict guidelines that you have to operate under. And most important of all, your operational methods are secret. Vitally secret. You don't want to tip off your adversary that you are listening in. You want to remain passive. So you certainly aren't going to be hitting URL's that appear in an email just willy nilly. And you certainly wouldn't be doing it from an address that could be traced back to you or the government.

So ol' Richard set's up his little experiment and he gets a hit. Proof that the NSA is out to get him? Proof that they are reading every hotmail account? Nope. It means nothing. All it means is that somebody read the email. And the list of suspects is real real long. Big deal.

How does Richard expect to get the NSA to actually hit his URL? Why by making it "enticing" of course, sort of "sexing up" the email.

  • Include a variety of terrorist related trigger words
  • Include other links in a message to known AQ message boards
  • Include a fake CC: to Mohamed Atta's old email address (el-amir@tu-harburg.de)
  • Send the message from an SMTP server in Iraq, Afghanistan, etc.
  • Use a fake return address from a known terrorist organization
  • Use a ziplip or hushmail account.

So now he is essentially making his email about terrorism. And trying to make it look like it comes from a real terrorist. With all the foreign additions (Afghani email server, links to known terrorists, etc), at this point the email would probably qualify as a communication of a foreign agent, and therefore not require a warrant anyway. So even if you could trace it to the NSA, big whoop.

These "trigger" word email schemes were real popular in the 90's too, although the trigger words were different then. Clinton, Bomb, Echelon, etc. People would add them to their signature lines when posting to USENET as a way to trick the NSA into overloading their systems. It was foolish then, its even more foolish now.

The NSA has an unlimited budget, they aren't going to be fooled by a few hundred thousand hotmail emails with weird cryptic URL's.

Update:
Now, I don't doubt that Mr. Smith is a legitimate security and privacy expert, and he's certainly apolitical from what I can tell, but the method outlined above will not achieve anything at all and has the potential to impact the NSA in its ability to do its job.

Let me sum it up. I want the NSA to read every email with "known terrorist organizations" in it. It's not a sacrifice of our liberties. It's a tool in the terror war.

Your Co-Conspirator,
ARC: Brian

Comments (5)
Monterey John said...

What an idiot that guy is. Might as well board a plane at LaGuardia with a copy of the Kuran under your arm murmuring Alla akbar to see if the security folks are paying attention. Jeeze, what a surprise that the NSA might take an interest. I sure as hell hope they take an interest if someone does something like that.

Brian said...

Exactly my point MJ.

It won't achieve anything. Except maybe slowing down the NSA. And if thats the desire, well, then that seems counterproductive.

And anybody that assumes he has any privacy with his hotmail account is silly.

TrueLiberal said...

Mr. Smith is a scumbag.

Gateway Pundit said...

Great analysis. You guys are real life eggheads. I'm impressed.

Brian said...

Wow thanks Gateway Pundit. Coming from you thats a real compliment.

Without going too much into my background and current job, let's just say that I too know of what I speak when it comes to Network Security issues. Especially when it involves organizations with large budgets.

I do not however, work in any capacity for the NSA so all you leftoid conspiracy freaks don't come commenting here about how I'm evil and snooping on your email.