MITM at the provider level: the European option
/ Unsplash / Fábio Lucas
How it might look
Earlier this month, the German authorities introduced a bill that would allow law enforcement agencies to use the infrastructure of Internet providers to install surveillance systems on citizens’ devices. how reports the publication Privacy News Online, owned by Private Internet Access VPN provider and specializing in information security news, is supposedly using FinFly ISP software from FinFisher to implement MITM. More details about him have already been discussed on Habré in the framework of similar news.
What else do we write on Habré:
- Provider’s work: a selection of materials on protocols, IT and network infrastructure
- American providers are being asked to remove thresholds for downloading data – which in the end
- Unusual and quite obvious factors affecting the traffic of corporate networks and the operation of providers
The brochure provided by WikiLeaks says the FinFly ISP software is designed to work on ISP networks, is compatible with all standard protocols, and can be installed on the target computer along with a software update. One of the Hacker News residents in the thematic thread suggestedthat the system can be used to implement the QUANTUMINSERT attack. As Wired notes, her used with the NSA back in 2005. It allows you to read DNS request IDs and redirect the user to a fake resource.
Very old practice
Back in 2011, experts from the Chaos Computer Club (CCC) – German Society of Hackers – told about software used by law enforcement officers in Germany. It is a Trojan that can install backdoors and run programs remotely. He also knew how to take screenshots, turn on the camera and computer microphone. Even then, the system was severely criticized.
In 2015 this topic again brought up for discussion. The question of the constitutionality of this form of observation arose. how wrote German international TV and radio company DW, representatives of the political organization “Green Party” opposed this system. They noted that “the goals of law enforcement do not justify the means.”
/ Unsplash / Thomas Bjornstad
The ISP-level MITM story began to be discussed extensively in a thread on Hacker News. Several residents raised a question about the situation with privacy of personal data generally.
They also talked about the obligations to store data on the side of Internet providers, and someone even remembered the case Crypto_AG… It is a global cryptographic hardware manufacturer secretly owned by the US Central Intelligence Agency. The organization participated in the development of algorithms and provided guidelines for embedding backdoors. This story was also covered in some detail on Habré.
The final decision on the new bill has not yet been made and is yet to be seen. But it is already clear that the problem of site spoofing can become even more acute. But who will certainly be able to benefit from the situation are VPN providers. They are already mentioned in almost every thread or habrapost with a similar theme.
What to read in our corporate blog: