GCHQ taps fibre-optic cables for secret access to world's communications

[bobber6 8]

we are not talking about legal jurisdictions anymore , and "sniffing"servers , what is taking place here is funneling ALL internet traffic trough a spy agency !

We know now there is a close coordination between NSA and GCHQ and must presume most if not all western agencies are sharing this data.

 

What would be possible dangers for a vpn user,could unencrypted data and/or originating ip be gathered by GCHQ?

VPN traffic must be decrypted at some point at a server, so the plain text request can be sent and received?, right ?

If an agency has full access to the internet infrastructure they could go and tap data at any point they wish ?

" GCHQ appears to have intercepts placed on most of the fibre-optic communications cables in and out of the country. This seems to involve some degree of co-operation – voluntary or otherwise – from companies operating either the cables or the stations at which they come into the country.

These agreements, and the exact identities of the companies that have signed up, are regarded as extremely sensitive, and classified as top secret. Staff are instructed to be very careful about sharing information that could reveal which companies are "special source" providers, for fear of "high-level political fallout". In one document, the companies are described as "intercept partners".

 

We get this news trough a whistleblower, otherwise we wouldn't have known the scale this has taken, so we might presume server data centers are likewise compromised

They might also be "intercept partners".

" The GCHQ mass tapping operation has been built up over five years by attaching intercept probes to transatlantic fibre-optic cables where they land on British shores carrying data to western Europe from telephone exchanges and internet servers in north America"

 

http://www.guardian.co.uk/uk/2013/jun/21/gchq-cables-secret-world-communications-nsa

"How does it operate?

The system seems to operate by allowing GCHQ to survey internet traffic flowing through different cables at regular intervals, and then automatically detecting which are most interesting, and harvesting the information from those."

 

http://www.guardian.co.uk/uk/2013/jun/21/how-does-gchq-internet-surveillance-work

[Staff 9972]

Hello,

 

according to the currently available data, a VPN would be more than enough to protect your privacy against PRISM etc. However chances are that important information are still missing. Besides, some information should be technically clarified.

 

Please read this article, written more than a year ago, to identify which adversaries can be defeated and how:

https://airvpn.org/topic/54-using-airvpn-over-tor/?do=findComment&comment=1745

 

Note that the service is able to defeat adversaries with the currently known NSA abilities and adversaries with higher power as well.

 

About the linked articles on GCHQ, according to the currently available information, end-to-end encryption alone (for example gpg for e-mails, encrypted end-to-end VoIP (with keys owned only by the ends, never by the VoIP servers) for voice/video communications) is sufficient to defeat the system on the content side. As a precautionary measure, however, it should be assumed that the effective abilities are higher than those publicly leaked, therefore additional protections should be taken: once the content is protected, a combination of VPN+TOR can be used to prevent the disclosure of the origin of the encrypted content.

 

Kind regards

[bobber6 8]

The thrust of my original question is :should one now assume that, as a matter of course, vpn connections are being read by the "spies".

And i dont mean as a theoretical question, but as a daily practice by the agencies.

 

 

according to the currently available data, a VPN would be more than enough to protect your privacy against PRISM etc.

 

the currently available data points out that the complete infrastructure could be compromised, and therefore a plain ,single vpn would possibly/probably be "open" to spies.

 

 

'

 

Please read this article, written more than a year ago, to identify which adversaries can be defeated and how:

https://airvpn.org/topic/54-using-airvpn-over-tor/?do=findComment&comment=1745

 

 

so the suggestions in your article are sound advice,using Tor and/or proxies

 

 

, according to the currently available information, end-to-end encryption alone (for example gpg for e-mails, encrypted end-to-end VoIP (with keys owned only by the ends, never by the VoIP servers) for voice/video communications) is sufficient to defeat the system on the content side.

Sure,but this is not the subject, vpn is

 

As a precautionary measure, however, it should be assumed that the effective abilities are higher than those publicly leaked, therefore additional protections should be taken: once the content is protected, a combination of VPN+TOR can be used to prevent the disclosure of the origin of the encrypted content.

 

 

So your first quote:is somewhat unclear, as you say: "additional protections should be taken"

according to the currently available data, a VPN would be more than enough to protect your privacy against PRISM etc.

 

Sorry, still getting used to this quoting system

[Staff 9972]

Hello!

 

 

the currently available data points out that the complete infrastructure could be compromised, and therefore a plain ,single vpn would possibly/probably be "open" to spies.

 

Not really, furthermore there are crucial missing data, among which, relevant to this argument: correlations. Are correlations performed? If so, how? Assuming that a certain degree of correlations is actually performed, for example (just an example) timing attacks against a datacenter, some precautions are necessary to transmit sensitive data or anyway to keep the anonymity layer: connect to a VPN server which is located outside your country and outside the countries of the adversaries and use end-to-end encryption (to enhance content protection).

 

Additional protection: connect over OpenVPN over TOR https://airvpn.org/tor - then launch a VM and connect the VM over TOR. Finally use only the VM to receive/transmit data, so that: VPN server will receive data from a fixed TOR circuit ; when the data get out of the VPN server, they

will enter ANOTHER TOR circuit. As before, end-to-end encryption is applied.

 

In this way you have astronomically high chances to defeat an adversary which is monitoring and correlating connections both from your node AND the destination node; or you can defeat two adversaries that co-operate with each other, one monitoring your node and one monitoring the destination node (which is a worse scenario than that currently one described by the leaks). Content is absolutely protected just by end-to-end encryption; correlations are made extremely difficult, the adversaries should have an incredible stroke of luck in being able to correlate with a high degree of confidence data from two different TOR circuits + VPN server staying in a different jurisdiction.

 

Kind regards

[bobber6 8]

 

 

I am not saying it is certain regular vpn is compromised, all i'm saying is : ( seeing the latest revelations, and the staggering scale )  ; it might be prudent to assume. it would be wise to employ the suggestions you make, adding another layer of security usingTor or/and multiple vpn's.

 

 

 

 

 

[Staff 9972]

Hello,

 

yes, understood, all the previous message by a staff member was built assuming your hypothesis was true AND assuming that the final node was monitored as well AND assuming that a powerful correlation system is in place. Sorry if it wasn't clear.

 

Kind regards

[pj 72]

Heh... we built our service in view of this scenario 3 years ago... should we rename AirVPN into CassandraVPN?

 

 

(Cassandra) was able to hear the future ... When Cassandra refused Apollo's attempted seduction, he placed a curse on her so that her predictions and those of all her descendants would not be believed.

 

http://en.wikipedia.org/wiki/Cassandra

 

Kind regards

[bobber6 8]

Hello,

 

yes, understood, all the previous message by a staff member was built assuming your hypothesis was true AND assuming that the final node was monitored as well AND assuming that a powerful correlation system is in place. Sorry if it wasn't clear.

 

Kind regards

 

No need to apologize.

Reason for posting this is to get responses from airvpn, since you are much more knowledgable in this field , actually operating this service.

I do think these revelations have huge implications,Government intrusion is more advanced then we thought.

[itsrumsey 0]

I think its important to make clear as a general rule that VPNs can be useful for some of the following things:

 

Encrypting traffic that can be monitored by your ISP

Encrypting traffic that can be monitory by your nation (bypassing China firewall for instance)

Encrypting the origin address of your traffic (only when combined with other obfuscation resources)

 

VPN will not help with encrypting your final data payload or anyones ability to monitor that, if the connection was not secured to beign with.  However, if the connection was then it would have been masked from your ISP regardless (the payload, not the point of origin) of whether you were using VPN or not.

 

So, to answer your exact question:

What would be possible dangers for a vpn user,could unencrypted data and/or originating ip be gathered by GCHQ?

 

Any unencrypted data has the potential to be gathered by any adversary, especially at a national level.

Originating IPs can be masked and obfuscated with a combination of multiple techniques widely available both on the web and this web site.

[Staff 9972]

A good re-collection of the leaks so far. It partially answers to our initial questions.

 

http://www.forbes.com/sites/andygreenberg/2013/06/25/take-a-break-from-the-snowden-drama-for-a-reminder-of-what-hes-revealed-so-far/

 

Kind regards