GCHQ implanting knowhow; policy


image

2013-1353.pdf

Obviously my access to the above is NOT a particular national security issue (otherwise why has is not been pulled down)? While the “secret sensitivity” may have been compromised (by merely publication), it still has sensitivity in the sense that it has (by access by the likes of me, doing commenting) reputation damage possibilities; knowhow spreading potential. if the UK does not deal with its dissemination (after the fact), it has abrogated its right to claim national security damage. That is, whatever damage has been done, has been done (and cannot be redone). Yes I understand that censoring it would just fan the flames (and make the damage even worse). But there is a point of law here, not just security assessment. Don’t act in timely fashion, you have conceded; even if your strutting is pointless in the pure military risk analysis sense.

I guessed at some redacted elements. What is interesting is:

from passive SIGINT (of the fiber taps), packet-pathways are found to the PC.

Folks are focused on http web sessions.

browser based exploits are central.

passive SIGNT also allows packet-pathways to the webserver, used to deliver the CNE implanting implant.

The implant can stain packets bearing http message such that deep packet inspection can rebuild the tcp fragments, and thence the web session (classical).

This suggests that the core of staining relates to sequence numbers and their relationship with core TCP dynamics (as it was 20 years ago!). I can believe that implants can so alter the relationship of the http client with the tcp socket that sequence numbering can be bearer for signals; mostly since I know that to be a (just) FBI-class classical vector when attacking DES-CBC (in an ipsec/tls scenario).

Advertisements

About home_pw@msn.com

Computer Programmer who often does network administration with focus on security servers. Very strong in Microsoft Azure cloud!
This entry was posted in spying. Bookmark the permalink.