How does the NSA tell the difference between a person, and a bot?

Discussion in 'Think Tank' started by Anonymous, Aug 5, 2013.

  1. Anonymous Member

    the above links are for "dox" about web bots. I am not very knowledgeable about how they operate at all. I do understand that they are programs that do "stuff" online. Most of this stuff that i am familiar with is pron bots bothering me while i "surf".

    Does/can the NSA track bots? if yes, then how do they determine that they are not human? This strikes me as one of those flaws in a system that the government never thought about. A flaw in a multimillion/billion dollar tax payer funded system.

    Can anyone provide an answer to this question? Because if they can tell if something is a bot, then they probably don't monitor bots, and this MIGHT be a secure/overlooked means of communication.

    If they DO monitor bots, then this would also be a dangerous flaw, because whats stopping AL-Queda/Foreign military from making a bunch of distracting bots to keep the NSA busy?
  2. Anonymous Member

    I would presume it's easy to tell what a bot is. If the IP continues to do the same thing.. aka send similar packets out everywhere at random, it's probably a bot.

    Disguising covert information as a bot's random work? Certainly sounds interesting. What will they think of next?
  3. Anonymous Member

    Non-human bot
  4. Anonymous Member

    The tools and the queries the NSA can perform on intercepted data work just as well whether it was sent by a bot or a human, and filtering out the ‘interesting’ stuff is done regardless of who/what sent the content. Let’s suppose you have a genuine person sending an attack plan – how could you set up a series of bots to help lose that plan in the noise? I don’t think you could achieve that for the following reasons:

    - Sheer numbers won’t help. Presumably the recipient has a means of telling which plan is genuine, and at some point that recipient has to access the details of the plan. The NSA can track the traffic from source to receipt point, so filtering out the noise would be achieved with a single query.

    - There is a substantial limitation in what can be done due to internet bandwidth. ISPs are fairly secure places, and any suspicious activity at an ISP site would be clamped down. This, in effect, limits an would-be operative to a limited internet connection. In order to generate the traffic needed for creating noise the bot would have to be run off a server, and this is something that is easily detectable to the NSA. There simply isn’t the traffic to run the needed bot activity from the operative’s IP.

    - Even if you assumed (and it’s a dangerous assumption) that sufficient bots could be activated in multiple jurisdictions and, collectively, could generate a significant amount of noise then run into the simple practice problems. How do you activate these bots? How do you alter their message? How do you tell them to cease activity after the key event has passed? The traffic that controls these bots is susceptible to NSA interception.

    - The point above isn’t trivial. Even for a thousand bots all from different and, seemingly, non-connected IPs the traffic generate could likely be filtered out with a handful of queries. Remember, the NSA has access to most parts of the communication chain so they would be able to analyse receipt points – making any bot collection a waste of time for this.

    - The effort, resources and footprint required in attempting to set up any potential bot net is going to bring you to the attention of the NSA far far faster than trying to send a few secret communiques. Either you leave a money trail acquiring the bot net or an infection trail, just a question of choosing your poison.

    But let’s take the underlying idea and run with it in a different context. This should help to illustrate some of the difficulty you’re facing. Suppose you developed a new way to encode information within an image (not a new idea, but suppose your method of doing it was new and unknown). Now suppose you started sharing secret information on 4chan, and you are hoping that your traffic would get lost in the mass.

    Suppose further, to make things even more difficult for the NSA, that you keep reposting the same information (albeit in a different image each time) until you receive a reply, and that your contact repeats their image posting (with a different image each time) until you response – and you continue the cycle. For the purposes of this, let’s suppose that you can automate the detection of messages with images (this would be an entire technical challenge on its own, but let’s assume it has been solved). What would the likelihood be of this method of communication going undetected? I pose this question because, ultimately, its answer lies in whether a pattern in the source/receivers traffic exist, or whether their activity constitutes a detectable pattern. This method may be sufficient to bypass the NSA (again, this is all predicated upon being able to develop an algorithm for hiding data in images and being able to easily detect which images are using this algorithm), and would certainly have a much higher chance of success than the bot idea. Consider the two scenarios and you should be able to see some of the difficulties for the bot idea.

    Sounds interesting but, when you consider the information available about how the NSA does tracking (XKeyscore being the main one) and that the NSA tracks both source and receipt points, it can be seen to be very unlikely to cause the NSA any headaches.
    • Like Like x 1
  5. Anonymous Member

    Thank you for this very interesting thought exercise.
    • Like Like x 1
  6. Anonymous Member

    See I find it very difficult that any attachment of the government could do something on such a large scale competently. the shear size of the task, monitoring the whole worlds(or just parts of it) online movements. Throw in the automation, and it becomes a very big task indeed. What about online game conversations? can they monitor those?

    Sure, they may have hired the worlds smartest mathematician to write an algorithm to do this, but is the algorithm fool proof? Can it keep up with the increasing traffic and usage of the masses.

    Then there is the money question. can we afford to do this? Add in that people have probably lessened their porn habit for fear of big brother, and you will have that industry buying congressmen to undo this.throw in the rest of the world pulling money out of the American based internet companies, and investing into their own domestic versions for fear of security., and the loss starts to add up.

    its all fun and games until the rich start to lose money. Then it becomes a serious problem. Mark my words, When some rich guy out there looses a lot of money because of this, someone in the agencies will be crucified to satisfy the fat cat.
  7. It think it all depends on what receives the most attention. Look how well "al-Qaeda" and 9/11 worked out.
  8. Anonymous Member

    It's all insider trading my friend. You read it here first.
  9. Anonymous Member

    • Like Like x 2
  10. What do u think we can do to help this country and world understand what it is to be true
  11. Disambiguation Global Moderator

    Hi. If you make an account here people will listen and talk to you. Without an account your just a random by passer.
    • Like Like x 1
  12. Ogsonofgroo Member

    which country? Though many folks need help, some countries? Meh, not so much...
  13. TRQ Member

    The FBI and CIA certainly have links to swarm intelligence software that's prime objective is to find "the odd one out". Swarming agents are used for distributed pattern detection and classification. These active surveillance systems have been in place for a while. Certainly, one of the biggest firms has ex-CIA and ex-FBI on their Board. They provide software for the military already so I think it'd be naive to think that they haven't been tasked to list bots especially as it's a matter of swapping out a search-template. Can they list them all? Doubtful. It's an ever changing landscape but I'd suggest they can identify certain bot behaviors with high accuracy. Of course, swarm nodes share information but who's to say the various intelligence agencies do the same :p

    Just my view on the matter.
    • Like Like x 1
  14. chachacha Member

    A paradox or so I'm told. I'm the village idiot though.

    Hey, if we all do our duty and do a retarded facebook thumbs up - liking our witty friend's posts can we band together in anon? Whoa!!!!!!!!!!!!!! Maybe we make reality happen that way? Or maybe we already have.

    • Like Like x 1

  15. You could always encode information in patterns of random packets that were indirectly measured on their route to other locations, or send them to inconspicuous fake servers (like fronts for a gang, they look like a low performing business, but really something big's happening behind the scenes) where they're modified so they don't look like the same packets but the vital information is the same, then send them through different VPNs (so they're hidden in the traffic of everyone's packets, as opposed to tracking packets that are coming from an ip) to a single location (possibly an .onion address?) to be assembled into information.

Share This Page

Customize Theme Colors


Choose a color via Color picker or click the predefined style names!

Primary Color :

Secondary Color :
Predefined Skins