Bottom line: scooping up packets is easy; encrypt your shit.
[0] https://www.cnet.com/au/news/tool-gauges-web-apps/
[1] https://en.wikipedia.org/wiki/PointCast_(dotcom)
[2] http://blog.jgc.org/2011/01/network-protocol-analysis-prior-...
Or, another way, is the maximum throughput of these monitoring setups limiting ISP maximum offered speeds in the countries that use them?
US, UK, Aus, Canada, the eyes, all have unusually low maximum consumer speeds vs. non implicated countries such as Japan, korea, even China, given the technology available today.
As luck would have it, I'm pretty familiar with Endace --- or was, back in 2003-2005. I was at Arbor Networks then. Arbor does large-scale network instrumentation for anti-DDoS and performance monitoring. By the time I left, every major ISP in the world had their network instrumented with Arbor gear.
We'd had lots of conversations with Endace. We were as a firm extremely interested in any technology we could buy off the rack to get performant access to raw packets and telemetry data --- Arbor had no hardware engineers, and everything they shipped at the time shipped on COTS X86 rackmounts running OpenBSD. My point here is not just that there are multiple uses for the kind of stuff Endace makes, but also that I vividly remember Endace because very few companies made products in this space at all.
Obviously, any company that can facilitate efficient access to, storage of, and analysis of raw traffic data is going to have multiple markets to sell to. And we should not make apologies for companies that take the extra money --- sell their souls, so to speak --- by offering their products to facilitate dragnet surveillance. We would all do well to keep in mind that the problem with selling to this market is far worse than NSA's abuses, which are trivial compared to the abuses perpetrated by countries in the Middle East and Asia. Point being: packaging and selling for the global surveillance market is ethically hazardous in the extreme.
No, the problem here is that this kind of story is unintentionally deceptive about who the real enablers of large-scale surveillance are. They're not the dinky little company in New Zealand selling packet capture technology. They're the networking and database giants, the companies our parents automatically have their retirement accounts invested in because they're huge components of the stock market, who have entire teams of people, euphemistically named (maybe something like "public sector" or "APAC public sector" or "GSA" or "defense"), packaging and selling 8-9 figure "solutions" to government around the world. Compared the giants, Endace is a gnat. They're not the enablers. We know who the real enablers are.
You can tell, because of the article's lurid descriptions of Endace's major transactions with GCHQ --- the focus of the article. They've got smoking gun proof: invoices for $300,000 and $160,000. Or: less than SourceFire would have charged Chick-Fil-A† to install commercial Snort boxes.
† I have no idea if Chick-Fil-A was a SourceFire customer.
I mean, small player or not, naming and shaming Endace is a small step towards taking down the big giants, or at least one little point of damage to their plans.
Besides, we the people are reduced to guerilla warfare, here. We can't just attack the giants directly. But you need to start with something, no?
But nothing could be further from the truth. The amount of money Endace made on enabling GCHQ surveillance is literally a rounding error compared to the invoices that the tech giants generated on the same projects. We are letting the giants off the hook, and hammering these doofuses from New Zealand who just want to find a way to make money building packet capture cards. I almost have a hard time blaming them: packet capture cards are fun to work on but difficult to make a viable business out of. At least I understand a sort of relatable motivation for what Endace did. No such motivation exists for the GSA/FGA sales teams of the tech giants. If their firms sold murder-robots, those teams would happily sell them to North Korea if they could.
Endace deserves the attention, but the giants deserve it more, and they're getting let off the hook.
Endace’s sales lists include finance industry giants such as Morgan Stanley, Reuters, and Bank of America. [..]"
What for do finance companies need systems that intercept data?
These companies (Reuters included) basically run their own facsimiles of the Internet, but to carry money instead of cat pictures. Their network monitoring needs are intense.
Are they basically cracking encryption ? I thought the kind of encryption provided by VPN services (256-bit AES/CBC) was strong enough? If that's what they do, aren't they violating privacy laws ? Aren't they breaching companies such as Google, Facebook etc... T&C ? Are they installing some kinds of trojans, keyloggers and stuff on 3rd parties computers ? Isn't what they are selling black hat hacking solutions ? Or are they only capturing clear traffic ? which is not necessarily very meaningful.
It says : "extract information about people’s usage of services such as Gmail, Hotmail, WhatsApp, and Facebook"
The latest terms and conditions you had to acknowledge recently to continue using watsapp (yes, I read them!) mentionned that they don't keep a record of the content being exchanged via watsapp. So, is watsapp lying ? Or what does this Endace system records ? Watsapp T&C also say that they use a strong encryption. so, FTW?
Five years ago, they had a box capable of handling 1 Tbps and assured us that bigger, beefier ones were coming. US DoD was a customer then and, I'm sure, still is.
