Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

NSA Patents a Way To Spot Network Snoops

Posted by CmdrTaco on Mon Dec 22, 2008 12:15 PM
from the welcome-to-the-holidays dept.
Security
narramissic writes "The National Security Agency has patented a technique for figuring out whether someone is messing with your network by measuring the amount of time it takes to send different types of data and sounding an alert if something takes too long. 'The neat thing about this particular patent is that they look at the differences between the network layers,' said Tadayoshi Kohno, an assistant professor of computer science at the University of Washington. But IOActive security researcher Dan Kaminsky wasn't so impressed: 'Think of it as — if your network gets a little slower, maybe a bad guy has physically inserted a device that is intercepting and retransmitting packets. Sure, that's possible. Or perhaps you're routing through a slower path for one of a billion reasons.'"
+ -
story

Related Stories

Submission: NSA Patents a Way To Spot Network Snoops by narramissic (997261)
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

NSA Patents a Way To Spot Network Snoops 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Uh... (Score:3, Funny)

    by Anonymous Coward on Monday December 22 2008, @12:18PM (#26202397)

    Or perhaps you're routing through a slower path for one of a billion reasons.

    I knew taking that left turn at Albuquerque was a bad idea...

  • NSA patenting it because... (Score:4, Insightful)

    by ATestR (1060586) on Monday December 22 2008, @12:18PM (#26202403) Homepage

    They don't want any of US to have access to such technology when THEY slap the monitoring devices on our network.

    • Re:NSA patenting it because... (Score:4, Interesting)

      by networkBoy (774728) on Monday December 22 2008, @12:21PM (#26202453) Homepage Journal

      how does that work anyway?
      If the patent is filed by a US Government Agency is it not funded by the taxpayer and thus public domain in the US?
      -nB

      • I was thinking the same thing...But in this world, it's more likely that they patented it so that some stupid patent troll won't get the opportunity to sue the gov't.

      • Re:NSA patenting it because... (Score:5, Interesting)

        by GSPride (763993) on Monday December 22 2008, @12:52PM (#26202911) Homepage

        The NSA can not only file for patents, they can do so secretly.

        From wikipedia:

        The NSA has the ability to file for a patent from the U.S. Patent and Trademark Office under gag order. Unlike normal patents, these are not revealed to the public and do not expire. However, if the Patent Office receives an application for an identical patent from a third party, they will reveal the NSA's patent and officially grant it to the NSA for the full term on that date.

        • I'm guessing this is what Steve Ballmer fantasizes about while he makes love to his wife

          • Re: (Score:3, Funny)

            by R2.0 (532027)

            I'm guessing this is what Steve Ballmer fantasizes about while he makes love to his money

            Fixed that for ya'.

        • ummm... if someone else creates an identical patent, doesn't that mean that it is obvious to someone who works in the field? A person having ordinary skill in the art is able to find the same way of solving the problem.

          Lame.

          • Re:NSA patenting it because... (Score:4, Insightful)

            by gnick (1211984) on Monday December 22 2008, @02:23PM (#26204005) Homepage

            Two people/companies eventually coming to a solution that is sufficiently similar to violate patents is a long way from "obvious to someone who works in the field". And, assuming that the two people who identified the solution are the leaders in their field (because they reached the idea before the other 6.7 billion of us), they could be described as having "extraordinary skill in the art".

            There are a number of patents for designs that multiple developers reached independently and were awarded to the person who managed to file first (Edison seemed to have extraordinary luck in beating his competitors to the patent office). That doesn't necessarily make the solution obvious, just non-unique.

        • How does this "promote the useful arts and sciences"?

          I'd love to see this go to court. At no point does the government have a right to have its own intellectual property, and protection. (This does not include "classified information" which does not fall under "intellectual property" laws.)

      • Re:NSA patenting it because... (Score:5, Interesting)

        by teridon (139550) on Monday December 22 2008, @01:04PM (#26203073) Homepage

        From what I gather, you can apply for licenses to federally-owned patents. This is typically done through a "Technology Transfer" office. It seems that you have to be a business capable of bringing the invention to market. I suppose in this case you would have to be capable of implementing the software.

        Some information about Technology Transfer here:
        http://www.federallabs.org/home/faqs/ [federallabs.org]
        Which includes a link to a listing of all federal research organizations and how to initiate Tech Transfer, which I'll repeat here:
        http://www.federallabs.org/labs/results/?Agency=-1& [federallabs.org]

        The relevant U.S. Codes appear to be collected here:
        http://www.law.cornell.edu/uscode/html/uscode35/usc_sup_01_35_10_II_20_18.html [cornell.edu]

        In particular, it seems "TITLE 35 > PART II > CHAPTER 18 > Section 209" applies.

        But hey, IANAL. :)

    • Re:NSA patenting it because... (Score:4, Interesting)

      by Lumpy (12016) on Monday December 22 2008, @12:30PM (#26202575) Homepage

      And it wont work for most snooping technology.

      a simple linux box with a listen only cable plugged into a small hub in a key location is undetectable by their system as it adds in ZERO delays.

      WEll not zero but too small to be measured their way as it will be consistent across all traffic.

      I call their system an epic fail for detection for everything but a remote redirect which is incredibly sloppy way of doing it.

      • Re:NSA patenting it because... (Score:4, Informative)

        by Anonymous Coward on Monday December 22 2008, @01:00PM (#26203033)

        a simple linux box with a listen only cable plugged in

        Would not alter the packet delay, but inserting

        a small hub in a key location

        to a network that didn't have one before would. And yes, the delay is noticeable, which is why proper network design limits the number of hubs as well as the length of the longest run in a single network segment.

      • As long as it's not supposed to be a straight link from one end to the other? Also I assumed they would had wanted to use it for detection changes in data, because if someone snaps it up and then sends out some changed data it will indeed be noticed, right?

  • Averages (Score:5, Informative)

    by Yvan256 (722131) on Monday December 22 2008, @12:20PM (#26202439) Homepage Journal

    Of course there can be a billion reasons as to why some packets will take longer than others to reach their destinations.

    However, if you do enough sampling over a period of time, you can make averages and see if some types/destinations of packets are possibly being messed with.

    It's not perfect, but neither are averages in general, etc.

    What makes it newsworthy is that such a simple idea was granted a patent.

    • Re: (Score:2, Insightful)

      by Dusty00 (1106595)
      Also newsworthy as the NSA is an organization with theoretically no commercial interest. So they're filing for a patent for what reason?

    • Re:Averages (Score:5, Funny)

      by GMFTatsujin (239569) on Monday December 22 2008, @12:28PM (#26202539) Homepage

      Nah. What makes it newsworthy is that the snoops are patenting tools which can detect their own snoopage.

      Counter-snooping this way is now a patent infringement as well as anything else, and the laws seem much tougher for that crime. Pursue 'em for one thing, nail 'em to the wall with another.

    • Re: (Score:3, Insightful)

      by SatanicPuppy (611928) *

      So, if you slip your monitoring gear in on day 1, the only way it would be detectable is if you took it off, and the packets started going faster.

    • Re: (Score:3, Interesting)

      by TheGratefulNet (143330)

      as a network engineer, myself, I can only LAUGH at this.

      there is SO much randomness in a network (ethernet is BUILT on the whole notion of 'randomness adds to efficiency' (csma/cd uses randomness to 'increase order' in a network) that this can't possibly do much.

      it WOULD be a nice random number generator. take your 'output' and send it to something that generates heat, measure the heat and then do math on that.

      that might work.

      but this 'scheme' to detect active listeners? what a laugh. networks are simply

  • Gov't patents (Score:4, Insightful)

    by Rinisari (521266) * on Monday December 22 2008, @12:22PM (#26202467) Homepage Journal

    This is another example of the broken patent system. No government should be able to patent something--that technology was funded by the taxpayer and should thus be owned by the taxpayer, meaning that it is public and thus not patentable.

    • Re:Gov't patents (Score:4, Insightful)

      by JCSoRocks (1142053) on Monday December 22 2008, @12:45PM (#26202791)
      I was actually confused by that when I first saw the headline. I didn't even know that the government could patent something. It's just so completely broken and silly that I never even considered it.

      • I was actually confused by that when I first saw the headline. I didn't even know that the government could patent something. It's just so completely broken and silly that I never even considered it.

        There are many reasons why this is possible. First of all, the Government agencies all can patent processes/things and they have to follow the same rules as anyone else. One reason you want to provide this capability is to prevent Company A from developing said technology only to turn around and sell it to Country B.

    • Re:Gov't patents (Score:5, Interesting)

      by AviLazar (741826) on Monday December 22 2008, @12:47PM (#26202849) Journal
      This is another example of the broken patent system. No government should be able to patent something--that technology was funded by the taxpayer and should thus be owned by the taxpayer, meaning that it is public and thus not patentable.

      I killed my spent mod points to respond to this. I have no problems with the gov't patenting something, just as long as they don't use it to prevent people from using it in a positive manner. It's possible the gov't patented this so they could share the information with other people and not worry about some private company patenting the idea and then sueing everyone else for us it. Basically - patent to allow people to use it. In this case we don't have to look at the gov't for being evil, but maybe the gov't is protecting us from companies who like to create submarine patents?

      Instead of looking at everything the gov't does and say "but it's evil because big brother did it", let's give them the benefit of the doubt.

      • It's possible the gov't patented this so they could share the information with other people and not worry about some private company patenting the idea and then sueing everyone else for us it. Basically - patent to allow people to use it.

        If that's the intent, and the patent system is working as intended, then the patenting is superfluous. Publication of all the details (without restriction) is sufficient to prevent anyone else from patenting the idea, because the publication acts as demonstrable prior art with which to challenge any subsequent patent application. (This is also why anyone who wants to patent something usually has to hold off on publication until the patent process is already underway--a publication can be used to show that t

      • Instead of looking at everything the gov't does and say "but it's evil because big brother did it", let's give them the benefit of the doubt.

        Giving them the benefit of the doubt is how we got the Iraq War, Banking Deregulation, Trickle Down Economics, "Good Job Brownie", and etc, etc. The Government should always have to demonstrate that what they're doing is beneficial and not just "trust us."

    • This is another example of the broken patent system. No government should be able to patent something--that technology was funded by the taxpayer and should thus be owned by the taxpayer, meaning that it is public and thus not patentable.

      I fully agree, but at the same time, it also prevents some company to claim that it has the copyright of something that belongs to the "people".

    • I was under the impression that anything produced by the government was in the public domain. Any lawyers here that can rebut or verify?

    • Patents are different than Copyrights.

      But I agree with you, on the principle that the government has to waste resources to search and file a patent. Unless there is some standing order from higher up for government organizations to patent everything to block private patents of it. There appears to be no justification in the authorization of any funds to be used for paying patent lawyers or filing with the patent office.

    • What if it was funded by loans from China?

    • Re: (Score:2, Insightful)

      by astrodoom (1396409)
      Once you pay the government, it stops becoming your money. You don't in any way own the road I drive on just because you pay your taxes. You may get some privileges to use it, but really, not even that. I mean, when they close the road I've never successfully gotten out of my car, showed them a 1099 tax form and forced them to let me drive on MY road...
    • You only own it, you don't control it in anything other than a limited sense, such as an individual shareholder can control the company it owns.

  • Tape Dispenser Plans Missing on NSA Website (Score:5, Funny)

    by saintsfan (1171797) on Monday December 22 2008, @12:23PM (#26202473)
    Uh oh, someone stole the plans for the NSA Tape Dispenser, it is missing from their Domestic Technology Transfer Program website! http://www.nsa.gov/techtrans/techt00075.cfm [nsa.gov]

    • To be fair, it was a very effective tape dispenser that dispensed tape very well.

      Not to fear! It will soon be replaced by the NSA Red Stapler--as soon as they figure out their tape dispenser went missing that is.

  • A Billion here a Billion there, pretty soon... (Score:5, Funny)

    by alcmaeon (684971) on Monday December 22 2008, @12:24PM (#26202497)
    these false positives really begin to add up. Couple this will all the lame-brained terrorist detection schemes that create millions of false positives and we can see the plan to get America out of recession is to have every single citizen working for the government hunting snipe.

  • How was the mountain of prior art missed? (Score:3, Informative)

    by Andy_R (114137) on Monday December 22 2008, @12:40PM (#26202725) Homepage Journal

    The patent was filed May 24, 2005. Googling for 'computer slow spyware 2004' gives 127,000 hits.

  • Comparing types (Score:2, Insightful)

    by Anonymous Coward

    It is not just measuring speed of network it is apparently measure differences in speeds of different network layers, or types of network traffic. Network congestion affects generally all types of packets the same. Snooping presumably may take longer to identify certain types of packets.
    Oh and a passive tap will only work with certain protocols, it can't work (or not easily) with Gigabit ethernet for example.

  • NSA: We are going to send more troops and guns!
    Terrorist: Sure, bring 'em on... We'll be waiting and we'll fight to the death

    NSA: No wait... We will PATENT things! Then we will send LAWYERS to you and get your for INFRINGEMENT!
    Terrorist: Oh nooo! Not the LAWYERS! Have mercy, please! We surrender...

    Sure, that will work..

  • So... what? (Score:3, Funny)

    by Geminii (954348) on Monday December 22 2008, @12:57PM (#26202981)
    The best this will be able to do is detect changes in latency patterns, possibly being able to narrow it down to certain network segments depending on how many devices are having their details analysed in real time.

    "NSAapp: Latency change detected in segment AA23. No idea what it might mean. Send the intern."

  • Prior art: L0pht antisniff from 1999? (Score:5, Insightful)

    by Hobart (32767) on Monday December 22 2008, @01:09PM (#26203143) Homepage Journal

    Looking at the article, (and having skimmed but not read all of the patent [uspto.gov]), isn't AntiSniff [packetstormsecurity.org] (released by DilDog [wikipedia.org] of L0pht in 1999) using this technique? (Slashdot article, Aug '99 [slashdot.org])

    Original tech paper was on l0pht.com (now defunct) - looks like archive.org doesn't have a mirror, here's the best copy I could find in Google: http://servv89pn0aj.sn.sourcedns.com/~gbpprorg/l0pht/antisniff/tech-paper.html [sourcedns.com]

  • NSA secrets unveiled! (Score:3, Insightful)

    by PolygamousRanchKid (1290638) on Monday December 22 2008, @01:10PM (#26203157)

    How come I have the sneaky feeling, that if the NSA discovered anything really spectacular ... I wouldn't be reading about it on Slashdot?

    "Cracking WPA2? No problem but it is patented by the NSA and documented by the USPTO" ... so you can read about it, but you have to license it from the NSA, if you want to use it.

    That business model ought to work.

  • How can a governmental agency hold patents anyway? Otherwise they wouldn't have any incentive to invent things that will eventually be useful to the public, or what?
  • It's not like this would be the first time the US government came up with false positives...

  • I'm going to patent a snooping device... (Score:3, Insightful)

    by Geraden (15689) on Monday December 22 2008, @03:15PM (#26204541) Homepage
    that randomly adds delay to each packet before rebroadcasting it...making it impossible to get a good bearing on the latency in the network once it's installed.

    • Re: (Score:3, Insightful)

      by internerdj (1319281)
      Because they are going to drop all their other methods of intrusion detection for this? It seems like a reasonable cue for a warning for something that is difficult to pinpoint. Especially if that warning were to kick off an automated task that kicked off a more intensive search/monitoring process.

      • Re:Huh? (Score:5, Interesting)

        by Amouth (879122) on Monday December 22 2008, @01:48PM (#26203611)

        i remember a while back a firend of mine that workd for a college was tasked with trying to find a person who was sniffing peoples logins on the campus wifi.. what he ended up doing was sending out garbled truncated packets - turns out that windows boxes running things like etheral would get the truncated packet and then request the rest of the packet even though it wasn't addressed to them.. very clever way of finding the stupid ones.. luckly the person they where after was stupid

    • siphoning off date...

      What? They could hack a government agency but they couldn't figure out NTP? I call shenanigans.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.