Tuesday, October 15, 2013

Baconizing: how the NSA collects buddy-lists

Over the weekend it was revealed that the NSA is slurping up everyone's email "address book" and chat "buddy lists". How does this work?

You can look at my open-source "ferret" utility for the answer. It parses a bunch of different email (SMTP, POP, IMAP) and chat protocols (MSN, Yahoo, and AOL). I wrote this code back in 2007. It's unlikely that any NSA engineer writing similar code since wouldn't have seen my ferret program. Also, my code is very fast, it can reasonable be run on multi-gigabit links -- the sort you'd find in underwater taps of fiber-optic links.

Likewise, there's a good chance they saw my presentations on ferret and "data seepage", such as this one from Black Hat DC in 2007 where I explain on how to grab a person's address book:

In my presentation, I called this "baconizing", refering to the "6 degrees of Kevin Bacon" theory. I was hoping it would catch on. It didn't.

Anyway, if you want to understand this issue more, I highly recommend either the above presentation or the ferret source code itself.

No comments: