Comment by dathinab

3 years ago

> We tend to assume this is lawful interception Hetzner and Linode were forced to setup based on German police request.

This seems to be somewhat jumping the gun I think.

Given the certs and the target assuming it's an lawful interception seems reasonable.

But there is nothing there which requires Hetzner or Lindoe complying or knowing about this.

Given the nature of the attacks you can do the interception on the carrier level, and carriers being forced to comply with lawful wiretapping is pretty much anywhere in the world pretty much standard and many laws are based around that approach. Much less so around approaches involving data centers.

according to the article, the added hop visible in traceroute to Linode machine is after two 10/8 hops, so it's likely an internal machine. more importantly, the affected VM has a strange gateway MAC address, which can only be controlled by the local network administrator, not an intermediate carrier.