MITM at the provider level: European option

We are talking about a new bill in Germany and earlier initiatives with a similar bias.

/Unsplash/ Fabio Lucas

How it might look

At the beginning of the month, the German authorities introduced a bill that would allow law enforcement agencies to use the infrastructure of Internet providers to install surveillance systems on citizens' devices. How informs edition Privacy News Online, owned by VPN provider Private Internet Access and specializing in information security news, is supposedly using FinFly ISP software from FinFisher to implement MITM. Read more about it already spoke on Habré within the same news.

What else do we write about on Habré:

• Provider Work: A Collection of Materials on Protocols, IT and Network Infrastructure
• American providers are asked to remove the thresholds for downloading data - which is the result
• Unusual and quite obvious factors affecting the traffic of corporate networks and the work of providers

The brochure provided by WikiLeaks states that the FinFly ISP software is designed to work on ISP networks, is compatible with all standard protocols, and can be installed on the target computer along with a software update. One of the residents of Hacker News in the topic thread suggestedthat the system can be used to implement the QUANTUMINSERT attack. As noted in Wired, her used with the NSA back in 2005. It allows you to read DNS request identifiers and redirect the user to a fake resource.

Very old practice

Back in 2011, experts from the Chaos Computer Club (CCC) - the German Society of Hackers - told about the software used by law enforcement officers in Germany. This is a Trojan capable of installing backdoors and remotely launching programs. He also knew how to take screenshots, turn on the camera and microphone of the computer. Even then, the system was subjected to harsh criticism.

In 2015 this topic again brought up for discussion. The question arose of the constitutionality of such a form of observation. How Wrote German international broadcaster DW, representatives of the political organization "Green Party" opposed this system. They noted that "the ends of law enforcement do not justify the means."

/Unsplash/ Thomas Bjornstad

The history of MITM at the ISP level began to be widely discussed in a thread on Hacker News. Several residents raised the issue of the situation with privacy of personal data as a whole.

We also talked about obligations to store data on the side of Internet providers, and someone even remembered the case Crypto_AG. It is a global manufacturer of cryptographic equipment secretly owned by the US Central Intelligence Agency. The organization participated in the development of algorithms and gave instructions for embedding backdoors. Pretty detailed this story also covered on Habré.

What's next

The final decision on the new bill has not yet been made and it remains to be seen. But it is already clear that the problem of site substitution can become even more acute. But who will definitely be able to benefit from the situation are VPN providers. They are already mentioned in almost every thread or habrapost with similar topics.

What to read in our corporate blog:

• How to provide free Wi-Fi according to the law
• Shot in the leg, or critical mistakes in the construction of networks of telecom operators
• Implementing IPv6 - FAQ for ISPs

Source: habr.com