US Nuke Agency Buys Internet Backbone Data

A U.S. government agency tasked with supporting the nation's nuclear deterrence capability has bought access to a data tool that claims to cover more than 90 percent of the world's internet traffic, and can in some cases let users trace activity through virtual private networks, according to documents obtained by 404 Media. From the report: The documents provide more insight into the use cases and customers of so-called netflow data, which can show which server communicated with another, information that is ordinarily only available to the server's owner, or the internet service provider (ISP) handling the traffic. Other agencies that have purchased the data include the U.S. Army, NCIS, FBI, IRS, with some government clients saying it would take too long to get data from the NSA, so they bought this tool instead. In this case, the Defense Threat Reduction Agency (DTRA) says it is using the data to perform vulnerability assessments of U.S. and allied systems.

A document written by the DTRA and obtained by 404 Media says the agency "has a requirement to support ongoing assessments of the vulnerability of critical U.S. and allied national/theater mission systems, networks, architectures, infrastructures, and assets." The tool "is capable of following communications between servers, even private servers," which allows the agency to identify infrastructure used by malicious actors, the document continues. That contract was for $490,000 in 2023, according to the document. 404 Media obtained the document and others under a Freedom of Information Act (FOIA) request.

Joshua what are you doing?

[Joe_Dragon]

Joshua what are you doing?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[EvilSS]

Why are ISPs in the business of collecting Netflow data in the first place?

Really need to ask?

Re: Netflow Data

[saloomy]

I have a VPS. It is my VPS. I route all my home internet through it, on my private WiFi and VLAN. Local crap like my PlayStation dont route over it, but my Mac and my iPhone do. Fuck them, they can watch my IPSEC tunnel all fucking day.

Re:

[GoTeam]

If you've got nothing to hide, then you don't need that level of protection, mwahaha!!!! Just kidding, business and government will use all your info for their own profit. Often they work together to do it.

Re:

[EvilSS]

Yea but you said it yourself: It's your VPS, so you are the only one using it. If they have netflow from your ISP, and netflow from your VPS provider (or their immediate upstream), it wouldn't be hard to put 2 and 2 together tie the traffic from your VPS back to you.

Re:

[ole_timer]

to sell to make money, doh

Re:

[Burdell]

First, Netflow data is sampled (so it isn't "every single connection"), as most common router hardware can't actually report on every flow. But collecting/storing that data is not all that expensive, there are companies that specialize in handling it and making it available for all kinds of queries.

ISPs collect it for network management. If I get a DDoS report, I can quickly spot the target (or sources). I can see how much traffic is going to which networks, so I can plan where to look at peering connection

Re: Netflow Data

[drinkypoo]

You forgot QWest.

Never forget QWest.

Re:

[Canberra1]

It's the Law. In repressive countries like UK, NZ and Australia peoples undefined 'metadata' is retained for 2=5-10 years who knows? And a court order/FISA to a no logging ISP/VPN could say 'direct this user to this unique server' to single out one user to connect the dots, which is better than nothing. Traffic analysis without any warrant. Adding to suspicion is banning Huawei telco gear, because the Chinese may not agree to installing a back door, and if they were, not trusted enough to keep it secret.

Re:

[kwelch007]

It's the Law. In repressive countries like UK, NZ and Australia peoples undefined 'metadata' is retained for 2=5-10 years who knows? And a court order/FISA to a no logging ISP/VPN could say 'direct this user to this unique server' to single out one user to connect the dots, which is better than nothing. Traffic analysis without any warrant. Adding to suspicion is banning Huawei telco gear, because the Chinese may not agree to installing a back door, and if they were, not trusted enough to keep it secret. Things are about to get trickier, when 'borrowed' starlink packets transmit key rotation information via sneaky methods. Suddenly per country tracing laws are potentially invalidated. And because Signal is open source, one can modify anything, including bespoke hidden data.

huh?

Re:

[newbie_fantod]

We need a fucking privacy law in the US. Sigh.

Oh, but that would be an overreach of the nanny-state, can't have that in a free country. We ain't like those serfs in the EU. /s

They already know

[Big Bipper]

The government already knows the locations of their nukes and who talks to them. They're probably more interested in the locations and spying on the data going to and from nukes located in other parts of the world.

Flow-level is very coarse

[gweihir]

Tracing traffic through a VPN is not going to work, unless the network-side is only connecting to one site or a very small number of sites. Typical VPN endpoint for public VPNs carry tons of traffic. Same for Tor nodes. Tracing that on flow-level is likely infeasible. Now, if you have packet-sizes and precise packet-timings at enough points in the network, then that is something else. But flow-level does not give you that. And with packet-traces you run into the problem that they are exceptionally large and you basically need a second network to transport them. What you can do on flow-level is identify whether a machine that got hacked is being used as jump-point for other attacks and then trace that back. That is not even hard. I have done it for a simple attack (one intermediate hacked server) in an afternoon and without special tools besides standard flow tools.

Hence, while this may sound nefarious, it probably is not.

Paywalled: Better link

[Anonymous Coward]

https://archive.is/kYCWl [archive.is]

Repeat after me

[TomGreenhaw]

The Internet is a public place.

You may have an expectation of privacy with SSL, but there really are in reality no guarantees. Does anybody honestly think that the Internet, originally funded by Darpa to support resilient communications in the event of nuclear war, is immune to US military access?

Good

[WindBourne]

Until this data is not allowed to be sold/sent to China, Russia, Iran, N. Korea, etc, I am good with western Intelligence having access to it. This idea of restricting us, while giving cart blanche access to nations that are in cold/warm wars with the west makes absolutely NO SENSE what so-ever.