Tag Archives: comcast

Phone-Record Tracking

06 Thursday Jun 2013

Posted by in cyber war

Leave a comment

Tags

, , , , ,

iStock data privacyData Privacy is the biggest oxymoron in Computer Security.  Well, maybe second biggest after the name of the industry itself.  If it exists at all, it’s ephemeral.  My point is the expectation should not exist.  At most, even with encryption, it exists at a point in time only.  That the NSA program to track American citizen phone records became public today via a leak to the Guardian only proves the point even more.

What should your expectation be towards data privacy?  Basically what I just said.  Limited.  But that’s the practical position.  Americans further have an expectation of certain rights to privacy from the government.  This isn’t one of them.  Let me explain why what the government is telling us in terms of our need for protection easily trumps our right to privacy in this case.

To summarize what the NSA has been doing; they track what they accurately refer to as ‘meta data’ from phone calls.  By the way, if you’re familiar with the term Web 2.0 as it applies to social networking or current programming techniques, the next trend is Web 3.0 and is all about meta data and the semantic web.  In this case, the NSA is not listening to our phone conversations.  They are tracking calls made from or to specific phone numbers.  Data mining these connections provides patterns that suggest terrorism, and if warranted the NSA seeks court approval to then gather more personal information on the call.

Is the number called from your number private information?  I should add, the NSA doesn’t yet know the number is yours’.  They are simply tracking the numbers anonymously.  Of course, with a couple of clicks, any lay person can perform a reverse phone lookup.  Apparently this isn’t illegal when your neighbor does it.  I equate our phone calls with driving a car from point A to point B.  We can’t do that privately.  Roads are a fairly public space.  The Police however cannot stop you and search your vehicle without following reasonable search and seizure guidelines as part of our personal rights to freedom.  Authorities need probable cause.  Our telephony infrastructure, especially since most analog voice has migrated to data lines if not the actual Internet, is a public utility.  This is debatable, but I believe access to the traffic, or meta data of the phone traffic, should not be considered private.  Anyone who remembers party lines or operator switchboards should agree.

Why is this useful?  Why is the government right?  Consider a commercial application.  First, let me reiterate as I have throughout my blog and on my About page that I do not speak for or in any way represent the views of my employer IBM.  I’ll make note though that I have been in computer security for a very long time.  A popular computer security service is to monitor network traffic for signatures that suggest hacking efforts.  It’s called intrusion detection and prevention.  One particular problem with this technique is that smart hacking is encrypted so it’s difficult to monitor.  The next step then is to do exactly what the NSA is doing with phone records.  Track the end points.  The source and destination IP addresses.  Then correlate (data mine) the IP addresses with published lists of known bad guys – generally botnet command-and-control web sites.  The data is still encrypted but now some inference can be applied to determine if this is bad traffic and steps can be taken to block it.

My ISP Comcast does this for its customers.  They send customers an email stating they have noticed computers from their home talking to known botnets.  They then suggest to their customer that they should take action to eradicate any infection of malware from their computers.  In the case of Comcast, this email is actually quite useless as it doesn’t provide you with the IP address of the botnet command-and-control nor does it provide you with the IP address of the computer in your house.  The average person using Comcast for their ISP likely has a half dozen computers and mobile devices accessing the Internet.  I’ve called them only to learn that this email is really just a marketing ploy to sign you up to their Xfinity Signature Support.

Back to point, this is a good technique to root out illegal activity based on meta data.  Only after positive identification of possible wrong-doing are more personally identifiable records obtained.  I’m not a lawyer but suspect this meets probable cause.  This is my perspective and admit I could be wrong legally.  But I support this action by the NSA.

Web Security

12 Saturday Feb 2011

Posted by in cyber war, Geek Horror

5 Comments

Tags

, , , , , ,

This was annoying.  I received an abuse letter (email) from Comcast, my ISP, last night.  For copyright infringement related to the illegal file sharing of some inane Kanye West song.  I’ve appended their email to the end of this blog.  The first thought that ran through my mind was, “Really, I have a Kanye West song?”  So my first action was to query my iTunes library of over 5000 songs and sure enough, I have exactly one Kanye West song – Gold Digger featuring Jamie Foxx.

I immediately suspected my tenants since they’re fairly young.  Although I knew it could also have been from Brittany – she always brings her MacBook whenever she comes home from college.  I doubt I could prove the source of the Gnutella file sharing.  I turned off my web filtering half a year ago when I was trying to install Lo-Jack on Brittany’s new laptop.  It required some call home function that my firewall was blocking.  Unless I’m specifically blocking something, my firewall won’t log the traffic.  It can, but I didn’t have it configured to do that either.  So the Kanye West download could have been from any computer in my house – or carriage house which I rent out.  The Comcast abuse letter only lists the IP address of my cable modem and it doesn’t provide the DHCP address from my home network(s).

My second action, after reviewing my iTunes, was to turn web filtering back on.  I have an old IBM Proventia FW that I have setup between my cable modem and my home LANs.  One network is for my tenants, and they have their own WiFi server.  I allow that LAN access to the Internet but not to my home office LAN (network 2) or my home LAN (network 3).  My home office network has access to all three networks in order to manage the WiFi servers.  With the web filtering running, I setup two FW rules to block traffic to the Gnutella service.  One rule for TCP ports 6346 to 6347 and another for UDP ports 6346-6347 – both at 202.0.0.0 with a 28 bit mask.  Then I asked my tenant if he was using Gnutella and informed him about the abuse letter and my new web filters.  He was pretty humble about it and apologized.

I’m relating this in my blog, and probably FaceBook, because it occurs to me many of my friends could use some advice on computer security.  I’ve been in this industry for a long time, and I just got in trouble from my ISP.  Maybe I should be embarrassed – I’m not.  I do appreciate the irony.  But I know that many of my friends have kids – with their own computers – whom run these illicit and dangerous file sharing applications.  The last link above shows you how to block some of the more nefarious sites.  Understand that I’m not judging.  I support some copyleft arguments as they juxtapose certain tenets of innovation against the precepts of copyright protection.  But these applications put your computer and home network at extreme risk of being compromised.  These apps are favorites of hackers and are as likely as visiting free porn sites to result in your machine becoming pwned into a botnet.  Forget fears of Comcast cutting off your access – be afraid of being pwned.

I’m serious.  I’d rather blog on my running themes, but you need to know this stuff.  My YouTube instructions on protecting your texting privacy was originally intended in jest when Tiger Woods got clubbed by his wife after she saw his text history.  I was just having fun, but it’s turned into one of my most watched YouTube episodes.  Likewise, my commentary on the Google vs China cyber story last year continues to receive 4 or 5 views a day based on people searching on the terms cyberwar and cyber warfare.  So I figure this is good information.  I hope so.  Or if not, I hope you get a chuckle from knowing that Comcast is on to me.

————————————————————————

Notice of Action under the Digital Millennium Copyright Act

Abuse Incident Number:      Not Applicable
Report Date/Time:           Thu, 10 Feb 2011 11:31:02 -0600

ED MAHONEY
1805 S COFFMAN ST
LONGMONT, CO  805047568

Dear Comcast High-Speed Internet Subscriber:

Comcast has received a notification by a copyright owner, or its authorized agent, reporting an alleged infringement of one or more copyrighted works made on or over Comcast’s High-Speed Internet service (the ‘Service’).  The copyright owner has identified the Internet Protocol (‘IP’) address associated with your Service account at the time as the source of the infringing works.  The works identified by the copyright owner in its notification are listed below.  Comcast reminds you that use of the Service (or any part of the Service) in any manner that constitutes an infringement of any copyrighted work is a violation of Comcast’s Acceptable Use Policy and may result in the suspension or termination of your Service account.

If you have any questions regarding this notice, you may direct them to Comcast in writing by sending a letter or e-mail to:

Comcast Customer Security Assurance
Comcast Cable Communications, LLC
1800 Bishops Gate Blvd., 3rd Floor East Wing
Mount Laurel, NJ 08054 U.S.A.
Phone: (888) 565-4329
Fax: (856) 324-2940

For more information regarding Comcast’s copyright infringement policy, procedures, and contact information, please read our Acceptable Use Policy by clicking on the Terms of Service link at http://www.comcast.net.

Sincerely,
Comcast Customer Security Assurance

Copyright work(s) identified in the notification of claimed infringement:

Infringing Work : Graduation
Filename : Kanye West – Graduation – Stronger.mp3=20
Filename : Kanye West – Graduation – Stronger.mp3=20
First found (UTC): 2011-02-10T12:21:17.61Z
Last found (UTC): 2011-02-10T12:21:17.61Z
Filesize  : 7583872 bytes=20
IP Address: 76.25.159.42
IP Port: 17677
Network: Gnutella
Protocol: Gnutella    =20