Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
The Internet Technology

How Data Brokers Sell Access To the Backbone of the Internet (vice.com) 64

An anonymous reader writes: ISPs are quietly distributing "netflow" data that can, among other things, trace traffic through VPNs. There's something of an open secret in the cybersecurity world: internet service providers quietly give away detailed information about which computer is communicating with another to private businesses, which then sells access to that data to a range of third parties, according to multiple sources in the threat intelligence industry. The information, known as netflow data, is a useful tool for digital investigators. They can use it to identify servers being used by hackers, or to follow data as it is stolen. But the sale of this information still makes some people nervous because they are concerned about whose hands it may fall into. "I'm concerned that netflow data being offered for commercial purposes is a path to a dark fucking place," one source familiar with the data told Motherboard. Motherboard granted multiple sources anonymity to speak more candidly about industry issues.
This discussion has been archived. No new comments can be posted.

How Data Brokers Sell Access To the Backbone of the Internet

Comments Filter:
  • by Ostracus ( 1354233 ) on Wednesday August 25, 2021 @01:51PM (#61729519) Journal

    The information, known as netflow data, is a useful tool for digital investigators. They can use it to identify servers being used by hackers, or to follow data as it is stolen.

    Yes, well till someone fixes society people have to work with what they have.

  • ... the internet is one big spy machine, precisely because software is copyrighted not owned by the customer. That allowed companies to turn the network of pc's into a virtual mainframe that they own and control by backending the shit out of everything. That was the whole goal since the rise of "MMO's" (aka rpg's with stolen networking code) that began in 1997 with the likes of Ultima online in 97 and Everquest in 99, we got steam in 2003, then Uplay/Origin/battle.net/rockstar social club post 2010's.

    Stea

    • Re: (Score:2, Insightful)

      by novov51410 ( 8447221 )
      Um, no. Networks were NEVER PRIVATE. I am shocked people are so ignorant about networks. Network monitoring has been going on from day one.
      • But we got a beautiful "copyright sux" rant out of it. Why spoil it with...facts.

        • Yeah he was conflating copyright with closed source with networking. Very confusing.
          • Yeah he was conflating copyright with closed source with networking. Very confusing.

            No dumbass, the reason we have DRM like steam and mmo's is precisely because they can steal the files/networking code legally out of the game and trap it on another PC.

            Two PC's connected in a network form and behave as a single computer, so they are literally selling you broken programs with missing files and holding those files hostage. AKA fraud, not giving you a complete fucking program, that is only possible because software is licensed to you not owned.

      • by Aighearach ( 97333 ) on Wednesday August 25, 2021 @02:24PM (#61729661)

        Um, no. Networks were NEVER PRIVATE. I am shocked people are so ignorant about networks. Network monitoring has been going on from day one.

        People were confused because they had "privacy by obscurity."

        It's like if you go to a clearing deep in the woods. There is nobody else around; so far as you may know. You might even feel comfortable engaging in private activities. But it is not actually private; another person may pop out of the woods at any time. A hunter may be on a tree blind watching you from halfway up a tree. You may be being recorded on a trail cam. The people managing the forest may, as here, later build a trail that comes right past "your" clearing. You may find that hiking has become so popular, it is difficult to find a "private" moment on the trail. But it was never actually "private," merely remote.

      • Um, no. Networks were NEVER PRIVATE. I am shocked people are so ignorant about networks. Network monitoring has been going on from day one.

        Dude you're missing the fact that STEAM/MMO's were only possible because software files are licensed, not owned as property. AKA pre internet every game developer/os maker were forced to give us the entire program on floppy/cdrom, when living an internetworked world with PC's and cell phones connected wirelessly, the files for any application can be split into two sets, and they can control your application remotely by not giving you a complete application to begin with.

        That is why quake 1-3 had modding an

        • by jythie ( 914043 )
          and yet here you are, using a web browser to interact with a site that lives on a server you do not control.
          • and yet here you are, using a web browser to interact with a site that lives on a server you do not control./quote)

            That doesn't invalidate what was said though.

            I also suspect that had we had high speed networks in the 80s and 90s into the home, we would of had a similar scenario as we have now.

            Very sad times, but at least for now they still sell computer hardware to build your own machine and run your favorite flavor of OSS.

          • and yet here you are, using a web browser to interact with a site that lives on a server you do not control.

            You're missing the fucking point, valve and everyone has been stealing our games and OS for the last 20 years buddy, there's no reason for client-server PC games or client-server OS where part of the program is sitting on some remote server so the application can be shut down remotely. With trusted computing hardware they can finally lock memory areas on your PC and file system away from you. Microsoft has been engineering NTFS/Active directory to remotely control file and byte access we're seeing their e

    • Apple is the only one trying to offer privacy.
      • Apple is the only one trying to offer privacy.

        Apple isn't doing any of the sort, any client-server app on your phone or computer == you have no privacy because they can see you are broadcasting out over the network and can glean all sorts of info from that.

  • by Opportunist ( 166417 ) on Wednesday August 25, 2021 @02:03PM (#61729583)

    In two countries that hate each other and would never willingly exchange data with each other.

    • by ceoyoyo ( 59147 )

      You need a McDonald's parking lot.

      • You need a McDonald's parking lot.

        Interestingly enough, if you're running some shovelware like Windows, that probably isn't going to help you as much as you might think. So you sit in the parking lot behind the public IP address that supposedly isn't associated with you. You fire up Tor. Then all of a sudden Microcrap sends some "telemetry" or some piece of software phones home for an update. Now your identity is associated with that IP address and anyone looking at the local network can associate the MAC address to that data. Argurably thi

        • by ceoyoyo ( 59147 )

          Sure if you're just going to announce yourself to the world then trying to be sneaky isn't going to do you much good.

          Minimal install of Linux with restrictive iptables on some device with a MAC address that's not trackable to you. And if you're going to show up in anything other than a black hoodie you can ditch in the nearest camera blindspot, at least also bring a cantenna so you can use the wifi from the Starbucks a block away.

          • Ditching the hoodie is a good idea, but not where it is likely to be found. It's highly unlikely you won't leave some kind of physical evidence on the hoodie itself, so best not to ditch it near the scene of the crime.

    • Toy mean like the secure core functionality in Proton VPN?

    • That sounds like a painfully slow network to me.

  • Especially no middlemen that can not be trusted. Our privacy is being violated by every single party in the middle. ISPs, eCommerce vendors, search vendors, social networks. They are all euqal culprits. Avoid a link to a real ID, irrelevant of the addresss. Address is a dummy in most IDs.

  • by Random361 ( 6742804 ) on Wednesday August 25, 2021 @02:33PM (#61729717)
    We must remember that there are different threat models out there for different folks. Obviously, nobody should be tracked and eavesdropped on, but users should think about what they're doing. For example, I lived for a few years travelling around for business and spending a lot of time in hotels. The hotel networks obviously aren't using a RADIUS server or something, so they're wide open. Anybody in range can therefore see where you're going, possibly perform MITM attacks, spoof DNS, and do all sorts of shenanigans. So in that situation it makes sense to use a VPN. Either use a commercial VPN and then you have to trust that company, or bounce it off your home network.

    .

    Then you have to worry about your home ISP. They can look at everything too. So, again, you're trading one threat for another. But at least unless you have some crazy setup nothing unencrypted is ever being transmitted through the air.

    Then you have your VPN provider. Do you really think they aren't tracking stuff too and probably selling the network metadata? Sure they are. So maybe you got past your ISP's surveillance and you avoided the guy sitting in the hotel room next to you, but the VPN being the endpoint is thrust into that position.

    Now, if you do all that then use Tor, you're probably better off. But then again, you could just use Tor in the hotel room and accomplish much of the same thing. None of this is perfect, and anybody who goes out and sends terror threats or child porn thinking they're safe because they paid ExpressVPN or are using Norton Lifelock VPN (for examples) is an idiot.

    • by schweini ( 607711 ) on Wednesday August 25, 2021 @04:35PM (#61730155)
      My favourite conspiracy theory is that the big VPN companies are actually run by intelligence services.
      Their ad budget seems to be unlimited, and their selling point is "you ISP can't see what you do online!", conventiently leaving out the fact that you now have to trust the VPN company with all your traffic.
      It does seem quite shady.
  • I am not an encryption expert, but I have worked with networks and VPN(s) for a long time. The payload (containing the remote target IP) to/from the VPN point should be encrypted. Therefore: while ISP(s) etc. can see traffic to/from a customer to/from a VPN point, those ISP(s) etc. should not be able determine which target IP was related to the customer. Sorry, if my verbiage is imperfect.

    • I am not an encryption expert, but I have worked with networks and VPN(s) for a long time. The payload (containing the remote target IP) to/from the VPN point should be encrypted. Therefore: while ISP(s) etc. can see traffic to/from a customer to/from a VPN point, those ISP(s) etc. should not be able determine which target IP was related to the customer. Sorry, if my verbiage is imperfect.

      Basically this. My ISP can see I have an encrypted tunnel to a VPN server. That does not really concern me much, unless it results in traffic shaping that affects performance.

      You do have to trust the VPN service does not keep logs. If you are really paranoid you can run a second VPN tunnel inside the first. Or use Tor over your VPN (or VPN over Tor).

      https://www.privateinternetacc... [privateint...access.com]

      For downloading stuff off TPB I find a single VPN works just fine.

  • by TheNameOfNick ( 7286618 ) on Wednesday August 25, 2021 @02:51PM (#61729803)

    Former Director of the NSA and CIA, General Michael Hayden, ladies and gentlemen.

  • by Stonefish ( 210962 ) on Wednesday August 25, 2021 @04:27PM (#61730119)

    It is reasonable easy to break their model and use all that excess data on your plans to obscure your traffic.
    1 Have a client which simple simulates sending traffic to and endpoint. TCP and UDP can be asymetric so a full connection doesn't need to exist
    2 Create a bogus VPN client which creates dummy endpoints allowing you to dial in a percentage of your ISPs traffic to create spurious traffic.
    3 Use the above to create orders of magnitude more metadata and overflow their collection capabilties.
    4 Get FSF or similar organisation to host the project with instances across both desktops and phones and Bob's your uncle.

    Business model buried

  • Remember that netflow are just flows and their metadata and not contents. So it is either mix up or incorrect usage of the term.

"Someone's been mean to you! Tell me who it is, so I can punch him tastefully." -- Ralph Bakshi's Mighty Mouse

Working...