MITM at the provider level: the European option

We are talking about a new bill in Germany and earlier initiatives with a similar bias.





/ Unsplash / Fábio Lucas

How it might look

At the beginning of the month, the German authorities introduced a bill that would allow law enforcement agencies to use the infrastructure of Internet providers to install surveillance systems on citizens' devices. According to the publication Privacy News Online, which belongs to the VPN-provider Private Internet Access and specializes in information security news, the MITM is supposedly using FinFly ISP software from FinFisher. More details about him have already been discussed on Habré in the framework of similar news.

What else do we write on Habré:

• Provider work: a selection of materials about protocols, IT- and network infrastructure
• American providers are being asked to remove the thresholds for downloading data - which in the end
• Unusual and quite obvious factors affecting the traffic of corporate networks and the operation of providers

The brochure provided by WikiLeaks says the FinFly ISP software is designed to work on ISP networks, is compatible with all standard protocols, and can be installed on the target computer along with a software update. One of the residents of Hacker News in the topic thread suggested that the system could be used to implement the QUANTUMINSERT attack. As Wired notes, it was used by the NSA back in 2005. It allows you to read DNS request IDs and redirect the user to a fake resource.

Very old practice

Back in 2011, experts from the Chaos Computer Club ( CCC ) - the German society of hackers - talked about the software used by law enforcement in Germany. It is a Trojan that can install backdoors and run programs remotely. He also knew how to take screenshots, turn on the camera and computer microphone. Even then, the system was severely criticized.



In 2015, this topic was again brought up for discussion. The question of the constitutionality of this form of observation arose. As the German international broadcaster DW wrote , representatives of the political organization "Green Party" opposed this system. They noted that "the goals of law enforcement do not justify the means."





/ Unsplash /Thomas Bjornstad



The ISP-level MITM story began to be widely discussed in a thread on Hacker News. Several residents raised the issue of theprivacysituation ofpersonal datain general.



They also talked about the obligations to store data on the side of Internet providers, and someone even remembered theCrypto_AGcase. It is a global manufacturer of cryptographic equipment secretly owned by the US Central Intelligence Agency. The organization contributed to the development of algorithms and provided guidance on how to embed backdoors. This story was alsocovered in some detail on Habré.

What's next

The final decision on the new bill has not yet been made and is yet to be seen. But it is already clear that the problem of site spoofing can become even more acute. But who will definitely be able to benefit from the situation are VPN providers. They are already mentioned in almost every thread or habrapost with a similar theme.

What to read in our corporate blog:

• How to provide free Wi-Fi according to the law
• Shot in the leg, or critical mistakes in the construction of telecom operators' networks
• IPv6 Implementation - FAQ for ISPs