Google Bobbles NSA wiretap searches - Page 3

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: Google Bobbles NSA wiretap searches

M. Trimble wrote:

Quoted text here. Click to load it

I looked at you pages, and I wish you success in your commercial
enterprise.  I don't think what you have written rises to any overriding
need that has not already been expressed.  This is more important than any
individual commercial consideration.  And, while I am glad to count you as
a friend, I think that you need to do more to flesh out details of your
commercial hopes, before you can expect much widespread support for them.

You can look for encrypted irc on google.  There are probably other
options, but irc looks like a reasonable alternate mode.  You can set up a
mailing list, but I don't think you should expect someone else to do that
for your own commercial purposes.  

I think you are "risk-averse" when it comes to talking to people outside
of the US.  I do it all the time.  That makes me a target for NSA, but
don't worry about that.  All people are targets, even if they are not
acknowledged as such now.  And if you have a business or cash flow, they
will get to you first when their funds are low.

Think I can understand your perspective.  But you are ignorant and
tunnel-visioned if you are viewing this all from a purely commercial
perspective.  It is way more than that.  Think you would do well to keep
your commercial ambitions off this ng.

Perhaps I am all wrong.

Best wishes.

eliminate the spam-

Re: Google Bobbles NSA wiretap searches

Quoted text here. Click to load it
<chuckling at the irony...>
</chuckling at the irony...>

Sorry. Got a bit carried away. Actually, commercialism never entered the
picture; trying to drive business my direction was not even on the radar
when I wrote that. I was just thinking, 'how do I come up with an
out-of-bandwidth, low-cost means of communicating in a big hurry?' and the
idea of pointing to the web site just popped up.

And on the point of commercialism, I am going for a very niche market. Omaha
is saturated with IT people of all flavors, and they all sell to the upper
end of the economic spectrum. I'm going for the bottom end. The concept is
still in development, probably will be for a long time to come. No patch on
you, in fact, please consider it a compliment when I say that if you came
to me as a potential client, I'd say something along the lines of, 'you
need way more than I can offer; I want you to be happy with your experience
so why don't you go see [blank]' for any non-random 'blank' = business or
individual capable of serving your needs with more skill than I possess or
profess and whom I know from personal experience to have similar integrity
to mine. Short version: I'll turn down money before I'll try to bs you and
I won't send you to someone who will.

'Nuff said about crass materialism. We were talking about out-of-bandwidth
communication. International perspective is a good thing; I've just never
gone out of my way to make the effort, figuring that my chance would come
soon enough - not parochial, but not chasing people down, either. I'll look
into irc, whether secure or not over the next day or three and post back
here when/as....

That said:

Quick poll of the audience worldwide: show of hands, who's willing able to
hook up at a given time and date to hit Google news servers using the same
search terms then visit later over IRC or other non-ng pipeline?

Re: Google Bobbles NSA wiretap searches

M. Trimble wrote:

Quoted text here. Click to load it

I might be willing and able, with some qualifications.

I think there are some logistical issues with trying to coordinate a group
with varying experience in various places.  Some who might be willing may
not be available when others are.  Some could have individual technical
issues.  Some might misunderstand what was intended or planned.  

I think there are some possible ethical or legal issues that should be
vetted.  I think I correctly understand as non-hostile your expression
"hit Google news servers".  And I don't believe we could actually harm
Google by doing this.  Still, you are proposing a coordinated action that
could be misconstrued.

There are possible security issues, especially with people trying to do
something new.  For example IRC is a very useful tool, has been around
"forever" and I use it myself, sometimes.  However, and especially if it
is configured wrong, it *can be* essentially an *open door* to the users'
computers by anyone else in the channel.  Even though it was my
suggestion, it's only a possibility.  Anyone trying to use IRC should
really have some knowledgeable personal help getting started.  Various IM
packages available generally have lesser amounts of security risk than
IRC, but essentially all carry some security vulnerabilities that should
be knowledgeably managed.  It's the "nature of the beast" that we cannot
have completely unfettered communications with each others' computers in
all ways and also have security at the same time.  There are often some
interoperability issues unless everyone is using the same methods and
servers.  Many IRC servers also require user registration, and many will
scan your computer (for legitimate purposes).  It's a possibility, but
usually people who communicate with IRC or IM are already experienced
users when they try to communicate with each other.

I think there are technical issues, especially with refining expectations
and plans on what we would expect to see and what the meaning of different
things we might find might be.  Without good planning, much effort could
be expended with little in the way of conclusive results.

There is also a possibility that a malicious participant could be included
in such a group, and intentionally confuse any possible results.

One thoughtful person sent me some thoughts on these things via e-mail.
Written to me:

Before you do so I just wanted to ensure that you know that google uses
several clusters of computers around the world to manage the high load caused
by several millions of users.

When you enter "" in your webbrowser, you are automatically directed
to the cluster that is closest to you. So when you enter "" you are
directed to a different server than I am. As far as I know the google engine
also looks at your IP address. If your IP address is an American one, results
from American sites are presented first; if it is [a different country],
{that country's] results are shown first. So users from America will
always get different results than German or Canadian (or Russian, ...)

I don't know whether it's the same with google news but I think it is. So in
my eyes, it wouldn't make much sense if you let people around the globe
search for the same keywords. Maybe it would help if you would let them
exclusively search for English results, I dunno.

And my reply:

... your points about
the google servers are well taken and I agree with what you wrote, for
the most part and as far as I know.

I do have some doubts about them checking location of the client by
using IP addresses.  I think that there are some real technical issues
with the feasibility of doing that.  There have been some threads in
the ng about this.  One fundamental problem is that the actual location
of a node can be entirely different than its registry address.  Another
is that any such attempt to do this on any large scale generates lots
of traffic to DNS servers.  I think there is some discussion related to
that at  I don't remember all the details, but
believe they had trouble trying to do something similar, though much
more limited.  So my guess is that google would not be trying to do
exactly that.  I do know that some people have tried this and had
difficulties, even on a very limited scale.

Everything else you wrote, I think is very good and helpful advice.  I
really appreciate it.

To which I would add some speculation:
Yes, users in different locations
do go to different servers.  I am guessing that this is handled by clever
DNS management (and load balancing).  That's to say that entering the URL
in the browser, first calls a DNS lookup, and that provides the IP address
of the server you connect to.  I will be using DNS service that is near to
me, and they will point me to the local Google server.  That same lookup
will go to DNS server(s) nearest your location, which may point to a
different IP address.  It is the IP address that (mostly) determines the
actual server accessed.  It may actually go to different servers (using
the same IP address) because of load balancing.  So there is probably no
real way to know that we would be accessing the identical machines.  It
seems unlikely but probably possible that if I go to from
inside the US, that the actual call would be handled by a server in
another country.  So I have questions about how practical this would be.

Please see my reply to Google's latest e-mail response (Re: Update #2 -
Re: Google Bobbles NSA wiretap searches).  I think that Google will not
reveal anything much about how the pages at, so questions
about the presentation and content can only be answered by combined (not
necessarily *coordinated*) user experience and reports.  

The questions about the "mangled" links can be more directly addressed.
That is what was confirmed on April 30.  The pages received in Canada had
working links while the links on pages received in US were "mangled".
This was over a period of hours.  This was from a Canadian server.  There
is room to re-verify these facts.  However, if they are real as they
appear, then I believe the only correct conclusion is to believe that the
pages were modified in transit.  Any computer that can do that can easily
break through SSL, HTTPS and the similar encryption.  It is a MITM, man in
the middle.

No, I'm not sure what utility intentionally mangled links would have (or
if it is intentional). The articles are still available by direct
searches. Probably many fewer clients would be willing to do direct
searches than would view the default page. Many might not be aware of any
issue to search for, or the best search terms to use.  

The content is important to me as well, but is transient and difficult to
pin down. However, the "mangled" links apprear to be a persistent
feature, and apparently seen only in the US. The *reason for the
mangled links*, and whether they are in fact *mangled in transit* are key
to the conclusion that a MITM is at work, and that it is at work on the
communications traffic of people that are not in the narrow target groups
that are identified and claimed by GWB and the administration ("US
citizens and others who communicate with al Queda"). They are key to
putting the lie to the words of GWB. If anyone can tell how the research,
(within the limitations stated) or how the conclusions are faulty, I would
be very interested in hearing that. As of now I believe these conclusions
are correct.

Thanks for the writing and the interesting suggestion!

Re: Google Bobbles NSA wiretap searches

responder wrote:
So I have questions about how practical this would be.
Quoted text here. Click to load it

Yah, you've got a point there. The classic MITM approach calls for the
supposed attacker to convince the two ends that he/she doesn't exist. Hard
to spot. Legal issues, logistical issues, etc. Not a good idea after all.

So, let's assume human malice, ie someone wants to cause information that is
sensitive for whatever reason to disappear, or at least seem to. That
someone would have to be in possession of sufficient authority to be able
to cause Google to make what they deem appropriate changes. Our mythical
order-giver can have that authority because they're far enough up in the
google organization; they can have that authority because they have a court
order; or they can have that authority because they are part of any
organization inside or outside the government which has the authority to
issue such orders on their own behalf.

That person goes to Google, and presents their credentials, and says, in
effect, 'remove this information, and don't post it again.' Lo' and behold,
it disappears.

There is another way to do that. Assume a person who has access to the
google servers. It doesn't make a whiff of difference whether they can
access  google servers legitimately or not, ie, whether they work for
google or not, for all intents and purposes. It only matters that they have
or can gain that access.

That person gains access, and makes whatever changes are needed, and again,
lo and behold, the information disappears.

Great. Sensitive information about [] disappears from the google servers.
But wait. Did they remove it from the other sources. Google vacuums
material from other sources and repackages it. What's to stop J. Random
Surfer from going to other sources, maybe even the very ones google used?

Now let's take a glance at our friend, J. Random Surfer. J.R. goes to google
news, and puts in search terms foo, bar, baz. The next day, J.R. goes back
to google for the same information, and uses the same search terms, entered
in the same order. But this time the information is not there. J.R. gets
curious, so [s]he goes to yahoo and does a search on the same terms. Finds
all kinds of stuff that google doesn't turn up. Now J.R. is really curious,
so [s]he contacts a friend in another country, maybe even on a different
continent, and reports h[is | er] findings. That friend goes and finds all
kinds of information on google servers.

Now, we have a mystery on our hands. Why is it that J. Random Surfer gets
information from yahoo but not from google, while h[is | er] friend on
another continent does get info from google [ignoring for the minute
whether that same friend gets information from yahoo]?

After examining for user error, and finding none, it would be reasonable to
guess that something is going on at google. The causes for that fall into
about 3 categories: conscious design choices by the programmers; the
unintended consequences of what programmers did when setting up something
else; or a specific intent to remove information, your classic man in the
middle. Let's even rule out programming and other such bugs, and assume
there's someone there trying to hide the information.

Our hypothetical (and now hypocritical) man in the middle [remember him?],
by removing information from one service, has just drawn attention to h[is
| er] presence. And that's not a particularly desirable outcome in this
little game of 'hide the information.'

So now, our score stands at 10 out of a possible 10 to Man-In-The-Middle for
style, because hacking or otherwise subverting google is supremely stylish,
but minus several millions out of a possible 10 for effectiveness, because
he drew attention to hismelf, which in this case is not a desirable

We've proven the existence of a hypothetical man in the middle. Now. Who is

That said, let me noodle out how to further verify your results, and at the
same time ferrout out the exact cause without running into
legal/ethical/moral/other stumbling blocks.

I'll poat back later when/as...

Re: Google Bobbles NSA wiretap searches

M. Trimble wrote:

Quoted text here. Click to load it

If you will pardon, and I know you didn't say that,  (call it a semantic
reaction if you will) but there is nothing classic or classy about MITM.
MITM is _criminal_, felonious, way beyond wiretapping.  MITM is way beyond
monitoring, and and is intended and used only for illicit purposes: theft
of encrypted data, alteration of information in transit... the "sky is the
limit".  For the benefit of any other readers who might not already
recognize the the seriousness of this threat, I respectfully submit to you
that we should make a conscious effort to try to avoid any language that
"soft pedals" or tends to mitigate the extreme severity and threat
presented by MITM.

Quoted text here. Click to load it

There is no convincing involved.  It is hijacking a connection, with no
notice, unlimited capability to steal or alter data transmissions.  The
uninitiated user should ask the question, "_If_ this is real, why would
anyone go to these lengths to alter _news_ _Coverage_?"

And, really not hard to spot if you know what you are looking for...

Quoted text here. Click to load it

No, M. Trimble.  Back up for a minute.  Lets not make that assumption, at
least yet.  Lets instead for a moment assume for the moment that the
person or person who did this are every bit as well intentioned as you
are.  But wait, we haven't yet agreed that "this" has happened.  By
Golley, M. It seems that you have somehow spun a logic trap.  OK.  Not to
worry too much right now.  Lets go forward and hope for the best.

 ie someone wants to cause information that is
Quoted text here. Click to load it

Here's this about that.  You know, this is _news_ _coverage_ for the love
of (insert favorite name or expletive, here.)  _News_ _coverage!  It is
not "sensitive" in any meaning of the word that I could believe. Everyone
else in the world (no, I haven't heard from them all, yet) seems to be
able to read it except for us here in the United States.  No, I don't
think "sensitive" is the right word.  "Politically sensitive to the US
administration", might be somewhat more plausible, if entirely unpalatable.

Quoted text here. Click to load it

No again, I am afraid.  You are saying that it was Google that did it
wrong, but that has not been established.  The facts do not point to that
conclusion.  So until they do, I'll bypass discussion about any "mythical
order-giver, if you don't mind.  Thanks.

Quoted text here. Click to load it

Oh, just to tack on, it has never in my knowledge been established that
anyone has authority to set up a MITM server.  That is sure to be
contended by the administration if any of this is ever allowed to reach
open court.  Raw power and authority are not necessarily the same things.
(And this administration has been pretty Raw, if you will pardon my
saying so.)

Quoted text here. Click to load it

I don't think that you or anyone else has given any reason to expect or
require an assumption that Google has been complicit.  They may well be,
but the examination of the facts as they are known, or as anyone has
previously presented, do not require that assumption.  What did you call
it up by before?  Occam's Razor?  I looked it up in wikipedia.  Pretty

Quoted text here. Click to load it

Again, I believe this is an unnecessary assumption.  It could be true.
But there is nothing to show that anything on Google's servers has been
changed or tampered with.  The google news pages served in Canada are
reportedly received in Canada correctly and unmolested.  The google news
pages served in Germany are reportedly received in Germany correctly and
unmolested.  The common factor is not necessarily google or google in any
other country.  The common factor is that the pages received in the
US have been modified, regardless of their origin.

Saying otherwise does not make it so.
Quoted text here. Click to load it

So, when you say "they", to whom are you referring?

Quoted text here. Click to load it

There is no credible basis to say that google is doing any "vacuuming".

Quoted text here. Click to load it

M., you are going on in what would call a "fallacious syllogism".

Quoted text here. Click to load it

Your assumption that it is google at fault continues to be baseless,
contrary to anything and everything that has been written here.  But I'm a
real patient guy and I can go a few more lines.

Quoted text here. Click to load it

No one has asserted that news stories that are absent from google are
available on Yahoo, or anything similar.  I think you made that up so you
could fill up a very long message.  

Quoted text here. Click to load it

Wrong.  Maybe that would be the conclusion in your multiply and massively
wrong line of "logic".  I do not agree to this conclusion.  Since it was
my research and my logic that got you to read this far, I do claim the
"high ground" here.  Your presentation of facts or findings is false.
Your presentation of logic is so backwards and wrong, building one wrong
assumption upon another as to be completely incredible.  It is difficult
for me to believe that a man of your intelligence would write anything
like this all with any other intention than to obscure the realities that
we have been talking about here for the last dozen days, now.

We do know that something is wrong.  We do not positively know that google
is complicit.  In fact the findings seem to show that google itself in
functioning well and correctly, however, data transmitted or received
within the United States shows signs of modification.  That is only
possible by a MITM.  MITM is criminal by any measure or legal standard.
MITM is not simply monitoring.  MITM is theft and deception.  The findings
support this belief, but do not support any contention that google is

Quoted text here. Click to load it

Pardon?  Assume there's someone _where_?
Quoted text here. Click to load it

Nice long story M.  What is this "score" thing all about?  Are you all
right?  Get a hold of yourself, man (?).
Quoted text here. Click to load it

Why do you say "hypothetical?  If data is being altered in transit, MITM
is the only way to do it.  There is nothing "hypothetical" about it.  This
is criminal activity by any standards.

We've?  Is there someone else in the room with me that I cannot see?  I'm
just having a time trying to follow this tome, M.  Are you all right?

Quoted text here. Click to load it

See, M., this is disjointed.  First it was "We've proven".  Now it's "your
results.  I told you what to verify and now I'll take the time to say
again what you ignored before.  The (previously discussed) mangled links
are a persistent feature of the (dynamically  generated) pages received
here.  I just reloaded a google news page.  Those mangled links are still

Fly to Canada and get a default page from  My
report from a presumably unbiased source was that those links were normal
and functioning (ie. _not_ mangled) on the pages received there.  

Fly to Germany and get a default page from  My
report from a presumably unbiased source was that those links were normal
and functioning (ie. _not_ mangled) on the pages received there.

Fly all over and check it in as many countries as you like.  Sorry, I
can't help with funding.

When you get back to the US, get pages from those servers again and see if
those links served from those same "foreign" servers are not still showing
up *mangled*

Go back out across the world and try it all again.  And then come back to
the US and see what you get here.  No I didn't fly all over myself; I did
it the fast and sensible way by asking people who were already there for
help.  You could:
1.    Believe what I found, but please don't feel any misplaced loyalty to
trust what I found.  Instead, do one or more of the other things following.
2.    Do what I did and check it all yourself with correspondents of your own
choosing in other countries.
3.    Fly all over the world yourself and check it out for yourself.

When you finally get back and decide that the data is being modified in
transit within the US, please let us know that you do agree and verify the
findings.  We will then agree that criminal MITM is taking place.  

I cannot personally vouch for you, but I have not "been talking with al
Quaida", and so I am not in the group GWb described in his "limited
program".  By my links are mangled.

Oh yes, I would definitely describe again all about the mangled links.
But I have already written all that several times.  And you didn't seem to
pick up on the significance the last time, when I tried to write carefully
in direct response to your previous message.  I'm really not that good a
typist.  And I'm getting a little tired.

If the mangled links suddenly start coming through unmangled while you are
flying around the world making up you mind, I'll e-mail you to tell you
that you can come back home.  Oh, right - you didn't leave an address.
Well, enjoy the ride.

When you convince yourself that the findings were correct we could message
again and talk about what you can personally do about it, since I know you
are concerned.  Don't fly around too long or you might miss the excitement
of watching the returns coming in across the internet on election night.

Do write again soon.

Quoted text here. Click to load it

(ps. pls excuse typos.  i didn't proofread this.  sorry.)

Re: Google Bobbles NSA wiretap searches

responder wrote:

LOTS of words...

Quoted text here. Click to load it

Thanks for catching my typos. I've had fat-finger syndrome since time =

I'm fine, just not concise or self-consistent when thinking on my feet and
an extremely irreverent !@#$.

Believe or not, I'm  actually trying to strengthen your case, trying to make
you think and rule out other causes. If someone is interfering with
legitimate inquiry I want it stopped. Now. And I will take whatever steps I
can; this just happens to be one of them.

My concern is, you seem to be drawing extremely tenuous conclusions from a
very small amount of data. You haven't reproduced the results, either by
someone else querying google and seeing the same behavior, or by you
querying other sources and not receiving the information you asked for.
And, you don't seem to have ruled out human error or hardware error, or
software error at either end of the chain.


Re: Google Bobbles NSA wiretap searches

M. Trimble wrote:
Quoted text here. Click to load it

That's all fine with me.  I just needed to know how to proceed with your
Quoted text here. Click to load it

Good.  I appreciate that (all) and am counting on it.
Quoted text here. Click to load it

Until now it has mostly been others asking and me answering.  You have
some well taken points.  I think that I have already given ample, multiple
opportunities for any interested reader to verify.  I have been reading
this ng for a long time, and believe I know that there are some very
skilled and knowledgeable regular readers here.  Most questions, such as
yours have been answered.  But you do raise some issues that you can help
answer that I cannot.

Notably, you want verification. Good. I have already checked my own work
and consider it valid. I want you to check it all yourself, understand the
rationale and see what conclusions you can reach.  Every important aspect
of my research has already been reported here. However, I will help you
get started, and I will also review your work, and critique it and any
conclusions.  I have already said there is room for additional
verification.  That verification must be independently done by one or more
other people.  That is called "peer review".  You are the one.  Here is
what I want you to do, please.

First please verify your location inside the US.  I believe you said Omaha?

Go to at least 3 google news servers.  (You can use any sources you want
if you can find any other sources that are as predictable and reliable.  I
chose google, but have also noticed "anomolies" in other communications.)

... are 3 that I used.  There are others that will probably work as well,
and you can use any that you want.

I chose google because they are (IMO) highly consistent, competent and
reliable.  That makes any anomalies much more significant than from other,
less reliable sources.

Get the pages and look for links that are equivalent to the ones
("related") that I described in my message reply to google, and posted
here under this title:

Re: Update #2 - Re: Google Bobbles NSA wiretap searches

Please verify that all these "related" links are broken or not broken, in
the context described.  

You may then either proceed as I did and reported, or you can check back
for assistance in interpretation and additional suggestions to proceed

I don't mean to sound curt, but I have other urgent agendas that have been
months in the making, and cannot take more time for this discussion at the
moment.  I plan to return soon.

Please proceed as suggested and let us all know here what you found.

Thank you.

ps. Anyone else can do this concurrently and be equally and individually
convinced or unconvinced at the findings.  Anyone so inclined, please do
so.  Thank you.

Re: Google Bobbles NSA wiretap searches

Quoted text here. Click to load it

What about other search engines?  Anything similar going on there?

PLEASE post a SUMMARY of the answer(s) to your question(s)!
Show Windows & Gates to the exit door.
Unless otherwise noted, the statements herein reflect my personal
opinions and not those of any organization with which I may be affiliated.

Re: Google Bobbles NSA wiretap searches

Kevin the Drummer wrote:

Quoted text here. Click to load it

I really haven't used them enough to be able to detect differences, but
would be interested in reading others' answers to this.  At the moment I
am still getting what appear good current links by doing direct searches
at  Think I recently read that google has >50% of the
search market, at least right now, or then.

I did post earlier a list of some other engines.  From past experience, my
impression was that dogpile was quite good.  

Update #2 - Re: Google Bobbles NSA wiretap searches

Quoted text here. Click to load it

Received Tuesday, May 9:


Thank you for your note. Your email was passed on to our User Support team
so we can assist you with your question about Google News. We are sorry
that Google News did not cover this story to your satisfaction. Google
News is highly unusual in that it offers a news service compiled solely by
computer algorithms without human intervention. Please know that there are
no human editors at Google selecting or grouping the headlines, and no
individual decides which stories get top placement.  We are working to
improve this service and will use your feedback in this ongoing process.

We strive to include as many news sources as possible in Google News and
appreciate suggestions from our users. If there is a news site you would
like to see included in Google News, please send us the URL so that we can
review it. While we can't guarantee that we will add all source
suggestions, we will review all the recommendations we receive.

Additionally, please note that articles are archived in Google News for
only 30 days. If you're looking for older news coverage or want to find
additional information about a topic, we encourage you to try a Google Web
Search at

We appreciate your taking the time to provide feedback on Google News and
hope you will contact us in the future with additional observations and

The Google Team

Re: Update #2 - Re: Google Bobbles NSA wiretap searches

Reply to e-mail from Google.

Hi Google Team,

Thank you for your note.  I have high regards for you and for your
products.  I think your products are very valuable tools, and I would
not want to be without them working well.

I know is automatically generated, so selection of
"story groups" if I may use that descriptive term should not be a human
editor's choice.  I found it very curious that the particular story
group (EFF - AT&T Lawsuit and NSA wiretaps) would disappear from the
pages at that particular time (4/29/2006).

A second issue that appeared approximately concurrently involves a
"family" of links, appearing at the bottom of all the story links.  
These all look something like this:  "all 1,505 related "

The HTTP source for this particular link appears this way:

<a class=p
href=" "><nobr><b>all
1,505 related&nbsp;&raquo;</b></nobr></a>

Please note that this hyper link does not point "all 1505 related", but
rather to a story on, which happens to be the story first
shown and linked in this story group.

I find similar apparent errors in every link in this "all xxx related"
family of links.  Can you focus on and explain these apparent linking
errors, please.

The page used in this example came from, but I have seen
the same apparent errors on pages from, and possibly
some others as well.  In case it might make any difference to your
appropriate or correct response, I am located in the United States.

Thank you

Re: Update #2 - Re: Google Bobbles NSA wiretap searches

Received from The Google Team:

Hi Xxxx,

Thank you for your reply and for bringing this to our attention. Please be
assured that we'll look into it. We appreciate your patience and support
as we work to improve Google News.

The Google Team

Re: Update #2 - Re: Google Bobbles NSA wiretap searches

On Sat, 13 May 2006 17:58:10 -0400, responder wrote:

Quoted text here. Click to load it

Good job, responder.  I can't wait to see what they have to say.

Re: Update #2 - Re: Google Bobbles NSA wiretap searches

John wrote:

Quoted text here. Click to load it

Hello Group.  I will post some links that seem related, along with a line
or two about the nature, source or significance of each source.  I'll
summarize briefly the elements already written that lead me to believe
this is or may be helpful and appropriate.

In general, I have come to believe there are forces actively working to
interfere with the access of US Americans to news coverage and commentary.
This relates specifically to the "NSA wiretap" issues, but extends to
coverage of all issues.  Particularly _because_ many issues are
contentious and controversial, the possibility of news censorship strikes
at the very core of how a free and democratic society functions.

Also and in the face of expressed objections, I believe there is a very
credible possibility that there is an intention and a fact already
accomplished to actually change content of data transmitted or received
via IP in the United States.  I am advised that an encryption method known
as the Vernam Cipher is secure when properly done.  However the Vernam
Cipher is very unhandy to use and is not practical for most methods and
purposes in common practice today.  The methods required to change content
are known as MITM (man-in-the-middle), and involve complete control over
an IP connection by an attacker.  Encryption by SSL and HTTPS is not
secure against MITM.

For any who would claim that we should just trust the US Administration to
"do the right thing" with some secret agenda of interference, it is not
_possible_ to trust anyone with that capability without "trusting"
everyone in the world with that same capability.  Consider that it is
often possibility of interference by MITM, and that is then detected; the
rational response is to locate and remove the MITM.  If additional vectors
are then detected the correct response is to subsequently each new vector
detected.  To ignore one MITM is identical to ignoring every subsequent
MITM which may come online.  To do that is patently unacceptable.  I
unfortunately do not believe this US Administration has shown themselves
to be trustworthy.  But even if one decides to trust, it is inpossible to
trust one without "trusting" all, and that is ridiculous.

To say this another way:  This US Administration has consistently
responded to every objection with respect to invasions of privacy, spying,
wiretapping, illegal acts, unconstitutional acts, etc., with dark
reminders of the 9/11/2001 attacks, with references to al Qeda, and with
threats that if they are in any way limited then new terrible things might
happen. I believe it would be mistaken for anyone to not believe that,
should this administration be limited in their powers, that a new terrible
event would in fact occur, and would be used their constant drumbeat of
fear, and to renew their unending litany of new demands for new sweeping
powers. However, for them to claim that they are improving our security by
demanding that we ignore or accept introduction of egregiously insecure
elements, like MITM, is absolutely absurd.

This *possibility* is far too serious to ignore or to trust.  We need
facts and knowledge.  And we need to all be "on the same page" in
understanding that MITM cannot be a part of any effort to "improve
security".  Every detection or suspicion of MITM needs to be
promptly and effectively investigated; the *only* rational response to an
actual MITM is to immediately locate and disable that (MITM) machine or

Since the original issue involved "disappearance" of news content and
disabling of links to news content (about NSA wiretap), and since these
things (at least one demonstrably) are still ongoing, my capability to
monitor news is seriously impaired.  For the benefit of free and useful
discussion, we need to be informed and knowledgeable.  That is my
motivation for posting these following links to various news articles and
web pages.  Please be alert for any line wrapping issues when using the
longer links.  Naturally, I will post anything that Google writes in
answer to my inquiries.

This article reports on a legal action undertaken by a small number of
individuals under the jurisdiction of a State Public Utilities Commission.
It may be useful in demonstrating an inexpensive and local action to
require legally mandated investigations.  It is from the Boston Globe. /

I did not find a Docket No. for this case.  However a calendar page for
the Commission is served from official State site here:

I was not able to get the link to the original story (news links were
mangled).  The original article may be internally linked.  This article
tells about ABC News' investigative reporters being told to get new cell
phones, by a knowledgeable anonymous source. Their calls were reportedly
being tracked to uncover "whistleblowers".  It is from the Chicago
Tribune, and has an interesting collection of readers' comments.

This article is served by Yahoo, and is The USA Today story that broke the
call tracking issue into the mainstream press, Thursday, May 11, 2006.
The story was widely reported in various places on the web for weeks
prior. It shouldn't really have surprised anyone, but apparently this is
what it takes. ;_ylt=ApIPMcU7erCE1VEyPuHasxB34T0D;_ylu=X3oDMTBjMHVqMTQ4BHNlYwN5bnN1YmNhdA--

Thanks for reading.  I'll try to post some other links soon.

Re: Update #2 - Re: Google Bobbles NSA wiretap searches

responder wrote:


Quoted text here. Click to load it, the Electronic Frontier Foundation filed a lawsuit vs. AT&T in
January, for illegally handing over its customers' telephone and Internet
records and communications to the National Security Agency. Current links
re: the legal process, from EFF, are here:

Some excerpts:

May 15, 2006
Government Files Secret Motion to Dismiss AT&T Surveillance Case


"The government is trying to lock out any judicial inquiry into AT&T and
the NSA's illegal spying operation," said EFF Staff Attorney Kurt Opsahl.
"It is illegal for major telecommunications companies to simply hand over
private customer information to the government. They should not be allowed
to hide their illegal activity behind government assertions of 'state
secrets' to prevent the judiciary from stepping in to expose and punish
the illegal behavior. If the government's motion is granted, it will have
undermined the freedoms our country has fought so hard to protect."


"The press has already widely reported on the illegal domestic
surveillance that is the basis for our case. Allowing a court to determine
whether AT&T broke the law would in no way harm national security. Indeed,
our case is meant to protect Americans -- by requiring that the AT&T
follow the law and protect its customers from unchecked spying into their
personal communications," said EFF Staff Attorney Kevin Bankston.

On Wednesday, May 17, at 10 a.m., a U.S. District Court judge in San
Francisco will hear oral arguments about the unsealing of critical
documents in the lawsuit. The sealed evidence at issue includes a
declaration by Mark Klein, a retired AT&T telecommunications technician,
and several internal AT&T documents that support EFF's allegations. AT&T
wants the documents returned and argues that they should not be used as
evidence in the case. For more information about attending the hearing,
please email

Re: Update #2 - Re: Google Bobbles NSA wiretap searches

responder wrote:

Quoted text here. Click to load it

From Reuters, via Yahoo: Bush agrees to review of spy program

(Please note that none of this mainstream coverage deals at all with
*modification* of IP traffic content, or MITM.  Nor would most of the
general public be aware of the nature or implications of MITM; that
awareness must come from the technology and security communities.  But the
article does show that some progress toward openness is possible, at
least.  Also note that these are still apparently "briefings", rather than
hearings during which questions might be asked.)


The White House, under political pressure, did agree to conduct a set of
briefings for the two full committees earlier this year, but those
sessions did not disclose operational details about the eavesdropping.


Democrats, who have long pushed for full hearings, said the change would
bring the White House into compliance with the National Security Act of
1947, which requires the executive branch to keep Congress informed on
intelligence matters.

"The White House, for the first time, is showing signs that they are
serious about oversight," said Democrat Sen. John Rockefeller (news, bio,
voting record) of West Virginia, the Senate panel's vice chairman.

Re: Update #2 - Re: Google Bobbles NSA wiretap searches

responder wrote:

Quoted text here. Click to load it

From wikipedia, The Free Encyclopedia, article on MITM:

Lead text and TOC:

Man-in-the-middle attack
From Wikipedia, the free encyclopedia (Redirected from MITM)
Jump to: navigation, search

In cryptography, a man-in-the-middle attack (MITM) is an attack in which
an attacker is able to read, insert and modify at will, messages between
two parties without either party knowing that the link between them has
been compromised. The attacker must be able to observe and intercept
messages going between the two victims. The MITM attack is particularly
applicable to the original Diffie-Hellman key exchange protocol, when used
without authentication.


    * 1 The need for an additional transfer over a secure channel

    * 2 Possible subattacks

    * 3 Public-key cryptography example using public-key encryption

    * 4 Defenses against the attack

    * 5 Beyond cryptography

    * 6 See also

    * 7 External link

Re: Update #2 - Re: Google Bobbles NSA wiretap searches

responder wrote:

Quoted text here. Click to load it


From wikipedia, The Free Encyclopedia, article on interlock protocol:


The Interlock Protocol, as described by Ron Rivest and Adi Shamir, was
designed to frustrate eavesdropper attack against two parties that use an
anonymous key exchange protocol to secure their conversation. A further
paper proposed using it as an authentication protocol, which was
subsequently broken.


The Interlock Protocol was described (1) as a method to expose a
middle-man who might try to compromise two parties that use anonymous key
agreement to secure their conversation.



I am quoting below from other recent messages on this ng (cols), but
omitting attribution.  Please note that these quotations may be out of
context with one another, but are all related to MITM, and may be useful
all in one place.  I believe they are factually correct.  Apologies to the
various authors and tothose who may have already read and understand this


From thread: https confusion

However, current asymmetric methods are all subject to an attack called
the MITM (man in the middle) attack.  There is another very long thread,
where we have addressed that issue in another context.  It might be very
interesting to you.  Seek for the thread with the topic "Any reasons to
filter ARP packets?" in this group.

Quoted text here. Click to load it

No.  See above.  They need to be that MITM guy to do that.  And by using
constant key pairs (key-based authentication), you can effectively prevent
even that.


Quoted text here. Click to load it

So the information is confidental and needs to be transmitted
authentically.  In other words, you need both encryption and

From thread: Any reasons to filter ARP packets?

The latter method allows an attack, which is called the 'man in the
middle' (MITM) attack.  With this one, you can not only intercept network
traffic, but even manipulate it.  As a funny attack, you could intercept a
chat session and also write forged messages for your victim, without him
noticing this.  Now, there is a much more serious MITM attack.  If not set
up properly (i.e. in the default configuration), you can decrypt almost
_any_ encrypted connection.  Yes, this includes SSH/SSL connections, so
you can very well get access to remote machines (via SSH) or steal credit
card information (via SSL, e.g. via HTTPS).


Quoted text here. Click to load it

Exactly.  But if your ISP did this more often, then sooner or later, you
were going to detect it, at least when comparing key fingerprints by hand.

You can overcome that problem by using key-based authentication, where no
MITM attack is possible.


Now, as [redacted] has pointed out, the big problem is the secure delivery
of the keys/certificates to and from the particular servers.
Unfortunately, many people (including server administrators) just don't


I would just leave all ARP replies enabled.  You still can add static ARP
entries for your friends, but there is really no need to disable ARP
replies for other machines, unless you would like to completely suppress
communication between you and those hosts.  But even then, there are much
better means of filtering, because ARP filtering cannot prevent
communication.  It is easy for someone to get to your MAC address.

The very big problem about Windows users is that they effectively cannot
use static ARP entries.  On Windows, a 'static' entry is static in terms
of surviving a reboot.  You can still override it with forged ARP replies
to that machine.  This is something, I have already tested in a
medium-scale office network.  The attack works against every NT version of
Windows (NT, 2000, XP, 2003).  I didn't have the opportunity to test it
against 95-based Windows versions (95, 98, ME).

So I have to repeat:  Forget ARP filtering; secure your connections
otherwise, using cryptographic techniques.  To prevent sniffing, you need
encryption.  To prevent MITM attacks (which include sniffing), you need
proper authentication (i.e. key/certificate-based).  In other words:  You
need both.  Personally I don't use certificates, because they are
effectively the same as keys, but unlike keys they include identity
information.  There is nothing bad about that, but using keys is simpler,
and more widely supported (example: SSH cannot handle certificates).


Quoted text here. Click to load it

As long as they are directly connected by some kind of network.  This is a
very old issue.  Virtually anyone sitting in front of the administration
panel of an internet router can sniff all traffic going through it.
Again, this is old.

The very big problem about switched ethernet networks is the way hosts
distribute their MAC addresses.  This makes one further and much more
dangerous attack possible:  the MITM attack.  That goes beyond sniffing
and allows to even break and intercept encrypted connections, and/or
inject forged packets into them.

The only way to defend against the MITM is key- or cert-based
authentication.  Just to encrypt everything is not enough.  And you need
some secure channel to distribute your key.  It's best to meet your
friends personally and give them a floppy disk.  Do not distribute your
key via internet, because the MITM is waiting there.  ;)


By the current state of things, Mallory cannot be defeated, unless there
is some secure channel (e.g. handing out keys personally).  Anyway,
methods are known to detect MITM attacks reliably.  One of the methods is
to use the so-called interlock protocol.  But now we are getting beyond
the scope.

Quoted text here. Click to load it

Exactly.  Encryption not enough, unless you make sure that traffic
interception is the best network-oriented attack.

Re: Update #2 - Re: Google Bobbles NSA wiretap searches

On Tue, 16 May 2006 00:42:40 -0400, responder wrote:

Quoted text here. Click to load it

Hello responder,

Here is a link to some further information on the capabilities of the
Narus machinery being used in this screening operation:

Re: Update #2 - Re: Google Bobbles NSA wiretap searches

John wrote:

Quoted text here. Click to load it

Hello John,

... and thank you.  To this informative link and the many comments
included there, I add the internally linked article from Wired News,
posted this morning, about the technology being used,

The Ultimate Net Monitoring Tool,70914-0.html?tw=rss.index

and this, the home page of the Narus site:

Narus secures the health and  profitability of Services over IP /

I hope to post some discussion of how to detect MITM, asap.

Thanks again.

Site Timeline