Hacker News new | past | comments | ask | show | jobs | submit login

My assumption would be that most of the intercept capabilities are in Africa, Middle East, and Southeast Asia. A lot of Africa uses (or used to use) satellite links for internet which you'd expect to be tapped and there's undersea cables around there that had a rash of weird breakage over the past few years.

Incidentally, those are areas where China has a strong economic development interest so you have another well funded government as a adversary that's known to target routers and such.

So far as admin SSH, once you reach a certain size you generally stop letting admins ssh in from random places and require VPNs (often with crypto tokens), if only because it gives you a easy chokepoint to disable access when you fire people. From what I've seen those most likely to use direct SSH or telnet are small companies (including regional/emerging telcos) that have a handful of people actually running things.




Google "Boundless Informant" and "Room 641A." Most of abilites are in the U.S. and more is collected there than in most of the countries. Why? "Becase we can."


Room 641A (and associated points around the US) are a very minor part of the publicly known infrastructure operated by the NSA.

This is a organization that has nuclear submarines (see also SSN-23) outfitted to tap cables and runs intercept stations (Pine Gap, Menwith Hill, etc) around the world positioned for satcom coverage. If you can get most of what you want from a handful of colo rooms in allied countries then why bother with submarines, satcom stations, and satellites that spy on other satellites?

Clearly they feel that the value and scope of information gathered from intercepting communications that take place outside of (and not crossing) allied countries justifies the expense.


Clearly that doesn't mean that they would therefore be inclined to let the data that they can collect in the U.S. slip through.


> So far as admin SSH, once you reach a certain size you generally stop letting admins ssh in from random places and require VPNs (often with crypto tokens), if only because it gives you a easy chokepoint to disable access when you fire people. From what I've seen those most likely to use direct SSH or telnet are small companies (including regional/emerging telcos) that have a handful of people actually running things.

And, as we know, the NSA is actively collecting IPSec handshakes and has (at least in some cases, I'd love to see more info on this) the capability to crack session keys: https://firstlook.org/theintercept/document/2014/03/12/vpn-v...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: