-1

I was reading about The Hacking Team on Wikipedia. It produces "offensive intrusion and surveillance capabilities" and sells it to "to governments, law enforcement agencies". Its spyware allows governments "to monitor the communications of internet users, decipher their encrypted files and emails, record Skype and other Voice over IP communications, and remotely activate microphones and camera on target computers".

I hypothesize that the government would install such spyware on the PC of users suspected to be involved in illegal activities. This would allow the government to trace the illegal activity, collect evidence and finds co-conspirators.

But I was also reading this answer. If a government wants to track an user's traffic, and intercept the traffic from and to the internet, it looks like it simply has to announce on BGP a new routing path to that user IP address. That new path would be more specific than the existing path, shorter than the existing path, and it so happens that it goes through the government's servers.

So why governments engage in installing spywares when they could simply re-direct the user's traffic to their own servers?

robertspierre
  • 495
  • 2
  • 11
  • 1
    Redirecting traffic routing does not break encryption. – user10216038 Dec 07 '20 at 04:08
  • What do you mean by "encryption"? The symmetric key in a TLS connection is negotiated at the handshake – robertspierre Dec 07 '20 at 04:14
  • 1
    You seem to be suggesting a bogus encryption certificate, otherwise I don't get your point. – user10216038 Dec 07 '20 at 04:18
  • 1
    this would be wayyy to loud and if they try to break https by using certs everyone in the world would know,thats bad press – yeah_well Dec 07 '20 at 05:58
  • Installing something to gain control over a device is a vastly different thing from redirecting encrypted traffic through a server. You have set up a false equivalence. And from your comment, you appear to not understand how TLS works and how it prevents MitM attacks. – schroeder Dec 07 '20 at 11:46

1 Answers1

1

First, announcing new routing path using BGP would affect many users and not only that particular user. This means this option has too many unwanted side effects if the goal is to observe only a single user. Also, if the goal would just be passively monitoring the users traffic then it is often possible for governments to do this by sniffing the traffic at ISP or central internet exchanges. These are usually required by law to give their own government the necessary access.

But passively monitoring the traffic is not sufficient in a time where increasingly end-to-end encryption is used. In this case the government would need to be able to break the encryption if all they could do is passive monitoring. But today's encryption is fortunately not easy to break.

The preferred option thus is to get access to the communication before encryption or after decryption. This means compromising the endpoints of the communication, i.e. either client or server. If the goal is to observe the communication of a specific user, it is thus the best to compromise the users device(s). If the goal is instead to observe the traffic from many users to a specific server, it would be the best to compromise this server.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424