Internet tracking system can recreate your emails, VOIP calls, and more.

[Krynn72]

www.huffingtonpost.com/timothy-karr/one-us-corporations-role-_b_815281.html

The open Internet's role in popular uprising is now undisputed. Look no further than Egypt, where the Mubarak regime today reportedly shut down Internet and cell phone communications -- a troubling predictor of the fierce crackdown that has followed.

What's even more troubling is news that one American company is aiding Egypt's harsh response through sales of technology that makes this repression possible.

Narus provides Egypt Telecom with Deep Packet Inspection equipment (DPI), a content-filtering technology that allows network managers to inspect, track and target content from users of the Internet and mobile phones, as it passes through routers on the information superhighway.

Other Narus global customers include the national telecommunications authorities in Pakistan and Saudi Arabia -- two countries that regularly register alongside Egypt near the bottom of Human Rights Watch's world report.

"Anything that comes through (an Internet protocol network), we can record," Steve Bannerman, Narus' marketing vice president, once boasted to Wired about the service. "We can reconstruct all of their e-mails along with attachments, see what web pages they clicked on; we can reconstruct their (Voice Over Internet Protocol) calls."

I didnt even know such things existed. I mean, damn. They can reconstruct you calls made on skype, AFTER you've made them? Jesus.

 

[No Limit]

Absolutely, this is nothing new. You can do this at home on your network using any computer using a very simple packet sniffing program called cain and able. It fools all the comptuers on your network in to thinking that your computer is the router and as a result all the traffic is directed to your computer. Then all the packets are saved and you can reconstruct and store them however you wish.

Since these governments have access to all the routers in the country they can install this on all of them and track the activity of all its users.

However, people can protect themselves. If you open up a SSL connection to any website as long as the certificate comes from a trusted authority not belonging to a government your traffic is encrypted and perfectly safe. This is why many governments in the middle east had issues with blackberry. The traffic was encrypted and RIM was refusing to give the governments decryption keys.

With cain and able for example if you try to sniff SSL traffic you will see that you will first have to fetch the person a fake SSL certificate. When you do that their browser automatically throws up a big red warning that the certificate is not valid. That's why I find it so amazing how most people totally ignore these warnings as if they don't mean anything.

 

[Krynn72]

If its an ssl connection for a company's site does that mean even the "trusted authority" cant decrypt it? Because this company sells this stuff to corporations as well. Also, how can you encrypt you skype calls and such?

 

[No Limit]

I'm not sure about skype, I'm probably one of the last few people on earth that hasn't ever used it.

Corporate networks are usually set up in a domain enviroment where all computers are controlled by a central server or set of servers. Those servers automatically force those computers to trust any certificates coming from the server. So yes, a company would be able to decrypt any SSL traffic you send out over their network as long as your computer is part of the domain. If you go to a company or a internet cafe or something like that and simply connect to the network without connecting to a domain then you are safe as the place has no way to force your computer to trust their certificates. Trusted certificates are installed locally on your computer and any time you want to add a new one you have to do so manually (except in the domain case or other cases where you gave someone full control over your computer). Your ISP for example has no way to force you to trust certificates they issue so they can decrypt your traffic, you would need to approve it.

I did just look up skype security on wikipedia and looks like their communication is encrypted:

http://en.wikipedia.org/wiki/Skype_security

However, here is the catch:

The privacy of Skype traffic may have limits. Although Skype encrypts communication between users, a Skype spokesman did not deny the company's ability to intercept the communication. On the question of whether Skype could listen in on their users' communication, Kurt Sauer, head of the security division of Skype, replied evasively: "We provide a secure means of communication. I will not say if we are listening in or not."[12] In China filters text according to government requirements. This suggests that Skype has the capacity to eavesdrop on connections.[13] One of Skype's minority owners, eBay, has divulged user information to the U.S. government.

Since they own the decryption key they can decrypt your communications if they want. And chances are that in many of these governments if the decryption key is not made available to the government then skype would simply be blocked. How you could get around this I really don't know, since they use their own proprietary protocols.