Technology and Jamming of XKEYSCORE

Presented at HOPE X (2014), July 20, 2014, 2 p.m. (60 minutes).

XKEYSCORE is possibly the most "big-brother" tool in the NSA arsenal, eavesdropping on network traffic around the world producing around 100 billion records per month. Recently, code snippets were leaked, allowing us deeper insights into how the system works. This talk will be in three parts. The first part will be an overview from what weknow from public disclosures, how the packet-sniffer reads network traffic and indexes it for automated systems and human analysts. The second part will walk through the disclosed source code, comparing it to public deep-packet-inspection tools, in order to get a detailed understanding of the internals. The third part will look at jamming the system, both the specific fingerprints in the disclosed source code, but also other fingerprints that might exist. The unexpected ways that the source may indirectly run afoul of FISA regulations will also be investigated. Questions from the audience are encouraged.


Presenters:

  • Robert Graham
    Robert Graham is a foremost expert in deep packet inspection (DPI), having created the first intrusion prevention system (IPS) known as BlackICE Guard. These days, he's busy scanning the entire Internet with his tool "masscan."

Links:

Similar Presentations: