A powerful system for secretly monitoring web and DNS traffic, called MORECOWBELL, allows the US National Security Agency to conduct intensive monitoring of sites of operative interest and to even create a complete picture of what is happening on the Internet. That is revealed in top-secret documents, published by the Associated Whistleblowing Press.
The German technical edition heise.de published an analysis of the system by Christian Grothoff, Matthias Wachs, Monica Ermert, Jacob Appelbaum and Laura Poitras – the team that participates in the publication of NSA’s secret files, leaked by Edward Snowden.
NSA has deployed monitoring servers in several countries across the public Internet – Malaysia, Germany, Denmark and 13 others. It uses camouflaged dedicated infrastructure which is legal and cannot be directly linked with the Agency. These are probably servers of friendly companies and / or directly hacked servers and client computers. Bulgaria is not mentioned as a country where there is use of such resources of the Agency.
DNS is a basic protocol on the Internet, which allows the connection of names of websites with their IP addresses. Its monitoring provides key information about what is happening in the global network. The MORECOWBELL system is passive. It sets rules for surveillance – e.g. of a website, and it starts to monitor it every 10-15 minutes, but not later than 30 minutes, generating fake user traffic from accidental hosts that looks like coming from a browser. It checks whether the DNS queries point to the same IP address and if anything changes in the DNS and / or the HTTP protocol, or both, an alarm is generated.
Map of the “battlefield” or a global view of the internet
Tracking DNS with great intensity enables the system to understand what is happening with friendly and unfriendly sites; who are they trying to hack or who is trying to hide by changing their location. It detects changes which are used to uncover attacks on DNS (such as DNS flood, DNS poisoning, DNS smurf).
This way, the US Agency creates an almost complete picture of the “Internet battlefield” as DNS is one of the main attacked services.
The published information does not make clear whether the NSA is keeping records, but in the presence of such, it can create a tree of changes (as in Internet Archive), showing who, when and what has changed in any site.
According to experts, whom Bivol consulted, with an appropriate scaling such a system can give a global overview of the status of the Internet, or “write the history of the Internet around the world.” The system sees who is doing what, where, with what dynamics, who is attacked and who is hacked, how fast the business is growing and where.
***
If you find this article useful, support our work with a small donation.
Pay a Bivol Tax!
We will highly appreciate if you decide to support us with monthly donations keeping the option Monthly
Извършвайки плащане Вие се съгласявате с Общите условия, които предварително сте прочели тук.
Please, read our Terms and conditions here.
Биволъ не записва и не съхранява номера на Вашата банкова карта. Плащанията се обработват през системата Stripe. Даренията за Биволъ с банкови карти се управляват от френската неправителствена организация Data for Reporters Journalists and Investigations - DRJI.
Bivol is not recording the number of your bank card. The card payments go through Stripe. Card donations for Bivol are managed by the French NGO Data for Reporters Journalists and Investigations - DRJI.
Извършвайки плащане Вие се съгласявате с Общите условия, които предварително сте прочели тук.
Please, read our Terms and conditions here.
Биволъ не записва и не съхранява номера на Вашата банкова карта. Плащанията се обработват през системата Stripe. Даренията за Биволъ с банкови карти се управляват от френската неправителствена организация Data for Reporters Journalists and Investigations - DRJI.
Bivol is not recording the number of your bank card. The card payments go through Stripe. Card donations for Bivol are managed by the French NGO Data for Reporters Journalists and Investigations - DRJI.
IBAN: BG27 ESPY 4004 0065 0626 02
BIC: ESPYBGS1
Титуляр/Account Holder: Bivol EOOD
Извършвайки плащане Вие се съгласявате с Общите условия, които предварително сте прочели тук.
Биволъ не записва и не съхранява номера на Вашата банкова карта. Плащанията се обработват през системата Stripe. Даренията за Биволъ с банкови карти се управляват от френската неправителствена организация Data for Reporters Journalists and Investigations - DRJI.
SMS код BIVOL
За да подкрепите с малка сума нашите разследвания и автори, можете да изпратите SMS на кратък номер. Ще получите с обратен SMS линк към нашия архив.
- Изпрати 1,2 лв. на номер 1851 с код BIVOL и получи достъп до Архивите на Биволъ
- Изпрати 2,4 лв. на номер 1092 с код BIVOL и получи достъп до Архивите на Биволъ
- Изпрати 4,8 лв. на номер 1094 с код BIVOL и получи достъп до Архивите на Биволъ
- Изпрати 12 лв. с два смс-а на номер 1096 с код BIVOL и получи достъп до Архивите на Биволъ
Сумите са с включен ДДС. Моля, имайте предвид, че това е най-неефективният начин да подпомогнете Биволъ, тъй като комисионната на мобилните оператори достига 60%. Ако имате възможност, използвайте някой от другите методи на плащане.
Криптовалути
За да ни изпратите биткойни сканирайте QR кода или използвайте един от двата адреса: Standard: 1EY3iwkPXiby6XFsyCcVPGZPYCGPbPeVcb
Segwit: bc1ql28g7qnvdmenrzhhc7rtk0zk67gg4wd9x9jmmc
- Powerful US Lobbyist Aids Businesses Linked to Sanctioned Bulgarian Lawmaker, Has Joint Company with Notorious Attorney - 8 January 2022
- Interview for FAKTI.bg
Assen Yordanov: If a lustration law had been passed, Bulgaria would not be in this state
- 19 November 2021 - After Peevski, the Magnitsky Act must target his puppeteers. #LUSTRATION is crucial! - 8 June 2021
This post is also available in: Bulgarian