Comment by bayindirh
4 days ago
I remember the face of one guy after we chatted about lawful interception over a couple of drinks. He was visibly shaken like he has seen the hell through the door just opened before him.
These kinds of infrastructure is present everywhere, for a very long time. Just because not everyone is talking about the matter doesn't make it non-existent.
For example, in 2003, I saw how Japan monitored their network traffic in real time. It was eye opening for me, too. Technologies like DPI which required beefy servers are now trivial to implement with the right hardware.
This is all I can say.
can confirm this is true - a single rack of servers can now handle terabits of traffic.. in real time with near zero added latency, anti-ddos companies do this as a service.
Is it the powerful servers making the difference here? Or the coveted back haul connections which have access to the data passing by?
I suppose it's both but the latter is a more scarce resource
It used to be that they needed to dedicate entire rooms for interception hardware, and tighter maintenance schedules. Nowadays, the devices they use are tiny in comparison, way easier to hide. I've encountered infrastructure companies discovering hardware that doesn't belong to them, in their local infrastructure, and when detected and reported, law enforcement came to pick it up, and refused to talk about it. That case still hasn't had a resolution, and it's about 4 years ago now.
10 replies →
It's the servers specifically the parallelization with more cores and better math functions like AVX512.
Let's say I have a public website with https. I allow anyone to post a message to an api endpoint. Could a server like this read the message? How?
They may not be able to decrypt it now, but it is well known that most of encrypted Internet traffic is permanently stored in NSA data centers [1] with hopes of decrypting it soon once quantum computing can do it.
[1] https://en.wikipedia.org/wiki/Utah_Data_Center
1 reply →
They have a relationship with your cert provider and get a copy of your cert or the root so they can decrypt the traffic.
4 replies →
they would just compromise wherever your tls is terminated (if not E2E which most of the time it is not), but also just taking a memory dump of your vm / hardware to grab the tls keys and being able to decrypt most future traffic and past is also an option.
7 replies →
yes, unless you pinned the public key