Feeds

back to article New questions raised over Kim Dotcom snooping

The slow-motion train wreck of the Megaupload investigation rumbles on, with a new report alleging Kim Dotcom’s Internet connection showed signs of interference earlier than New Zealand’s Government Communications Security Bureau had admitted. According to the New Zealand Herald, Dotcom’s ping times were under investigation by …

COMMENTS

This topic is closed for new posts.
Big Brother

I'm confused...

Can traceroutes be done after the fact? Or was Kim Dotcom tracerouting his connection as a matter of course?

That strikes me as overly paranoid for someone who is doing nothing wrong.

Whatever the case, Spy agency or not, the UK should listen up. Snooping and man-in-the-middle attacks are ILLEGAL. Legislating to make it legal so they can read all our emails. Just wrong.

2
5
Silver badge
Black Helicopters

Re: I'm confused...

Yeah, here in the US, it's really odd when a traceroute from Smyrna, GA to Atlanta, GA (hint, they are adjacent) goes through Reston, VA... But that's ok, I have configured my NIC to use obscene words for frame padding, instead of random data from the stack.

black helecopters....you can avoid them by living on final approach...

5
0
Coat

Re: I'm confused...

Eh? If I saw a sudden increase in latency I'd run traceroute. Anyone who has a modest knowledge of network architectures would do the same. He's not just a kid who plays xbox, he's someone who's made millions on exploiting the advantages to be found in the brave (relatively new) world of the Internet.

23
0
Holmes

Re: I'm confused...

Mmmm.

I've been playing online before: WoW, Team Fortress 2, CS:Source etc. I've had ping spikes.

I know enough about architectures that I put it down to ISP throttling, Server congestion, a hundred different things.

I didn't immediately think "Jeez, the feds, must traceroute". Particularly sitting at home playing on an Xbox? I'd assume lag would be part and parcel of playing on the closed XBox network.

I do concede your point that he is not-your-average-bear XBox living room tard. But still. For a spike - it's not a "anyone would do the same response"

0
12

Re: I'm confused...

By my reading, we're not talking about a "ping spike", we're talking about a sudden and unexplained persistent increase in ping times.

You don't get to be #1 ranked in any popular sport or game without taking it seriously. Serious gamers, just like serious athletes, do everything in their power to optimise their game.

If an F1 car suddenly starting taking six times as long to respond to steering or throttle - even if for only a few minutes - they're damn well going to find out what just happened, why it happened, and how they can fix it.

23
0
Black Helicopters

Re: I'm confused...

Going through Reston, no cause for concern. Going Linthicom Heights or Patapsco MD, worry.

1
0
Anonymous Coward

Re: Going through Reston, no cause for concern.

Unless you're a monkey...

1
0
Silver badge

Re: I'm confused...

I don't think that's weird. I play FPS on the same few servers, and know - approximately - the route from me to them. If one day I'm playing on that server, and my ping is 50 ms higher than it usually is, I would fire off a traceroute to see wtf is going on, and would notice 3 extra hops that weren't there before.

12
0

Re: I'm confused...

"That strikes me as overly paranoid for someone who is doing nothing wrong."

Given that he was illegally tapped, is it paranoia or a reasonable assumption.

10
0
Silver badge
Black Helicopters

Re: I'm confused...

"Going through Reston, no cause for concern. Going Linthicom Heights or Patapsco MD, worry."

Acually, they're all in the 'laws-don't-apply-here-because-we-say-so' zone.

1
0
Anonymous Coward

Re: I'm confused...

When a usually fast site suddenly feels slower, I do start pinging and then tracerouting. I don't know about you, but that is SOP. Nothing to do with paranoia.

0
0
Silver badge

Log files. Not unreasonable for someone with a web biz to keep them. Got some myself.

5
0
Anonymous Coward

Um...

You have logfiles showing traceroutes? Bet you don't.

1
6
Anonymous Coward

Re: Um...

If you've paid for expensive fibre to be installed directly to your house and inexplicably your ping increases by a factor of 6, then no doubt you'd probably be in contact with your ISP, who more than likely would request some tracert details.

Granted you may delete the logs after you've emailed them to your ISP, but you can easily fish the attachment out of your sent items.

8
0

Re: Um...

You would log them if taking them for evidence of the poor route that you want your ISP to correct, which is what he was doing at the time.

There is nothing unusual about that. I use traceroute often myself, and have specifically used it many times to see why I had lag to... our Call of Duty servers. In fact sometimes I would have to ssh in to the servers and traceroute to myself to see the problem. The routes often aren't the same in both directions, depending on the datacenter.

2
0
Silver badge

Re: Um...

"The routes often aren't the same in both directions, depending on the datacenter."

Especially with small, non-expert ISPs.

2
0
Silver badge

Re: Um...

> You have logfiles showing traceroutes? Bet you don't.

You would win that bet. I do however have log files (and graphs) of pinging client's servers every 30 seconds or so if performance issues have come up. If unusually high ping times are observed, traceroute is the obvious next step. Being a mere mortal, I have to do the traceroute manually (and I also don't want to be mistaken for a lackadaisical DDoS attack) hence no logfiles; but it wouldn't surprise me in the slightest if Dotcom had an automatic and more sophisticated method of doing and logging the same process.

1
0
Anonymous Coward

Re: Um...

smokeping ftw

0
0
Pint

If they spy this well...

...then that would come as a great relief!

There is a fair bit of agreement that Key's memory lapses need to get seen to, by medical or "other" means.

Minor note: Labour is spelt with a "u" - because we're not USA. The hint of our British heritage is in the flag.

Beer because it's Friday in this neck of the woods.

3
0
Silver badge

Uh ... kiddies.

"traceroute" does not, contrary to popular belief, give you access to the addresses of all the machines between you and destination.

It only gives you the addresses of the TCP/IP machines between you and destination.

Most telco gear encapsulates TCP/IP over a completely different protocol, and TCP/IP isn't capable of even interacting with the protocol that encapsulates it.

On the other hand, most of that telco gear allows "sampling" of the bitstream, without the enduser actually having any way of noticing that the sampling is occurring. Hint: ones & zeros can be duplicated without loss. That's how fiber optic repeaters revolutionized long-distance telephony. The included "monitor" ports on the repeaters (ostensibly used only for test purposes) also allow anyone with access to listen in ...

In other words, if you have access to digital $TELCO_SWITCH_GEAR, you can listen in to any internet traffic, without anyone only connected to the TCP/IP internet being the any the wiser.

My point? If the New Zealand Governmental Spy Agency doesn't grok this basic concept, and actually allowed ping times to increase due to their snooping, they need to be fired en-mass, regardless of what the Dotcom twat is guilty of.

14
3

This post has been deleted by its author

Silver badge
Stop

Re: Uh ... kiddies.

Assuming for a second that the sudden ping drop was the work of a shadowy government agency, NZ, US or otherwise, it's still a jump too far to assume the objective was snooping on his traffic. It might have been a cack-handed attempt at harassing him by hobbling his game or distracting him with fixing his connection while they had other operations ongoing.

0
3
Silver badge

@auburnman (was: Re: Uh ... kiddies.)

You don't get it.

The entire "ping" thing isn't $TELCO related. ping's a tool that's only useful to figure out if any given box allowing TCP/IP traffic is accessible ... it has no bearing on $TELCO's internal routing. $TELCO carries the traffic, but $TELCO doesn't tell you how that traffic is carried.

If .gov entities re-route traffic outside $TELCO, using TCP/IP, with the purpose of "paying attention", well ... my gut feeling is that said .gov entities have absolutely zero clue.

Which is really, really, scary.

1
4

Re: @auburnman (was: Uh ... kiddies.)

ping is actually ICMP, so is traceroute. TCP has not bearing aside it works over IP.

3
0

Re: Uh ... kiddies.

Er, yeah, thanks for info.

But have you heard of man-in-the-middle attacks, why they're of use and why you can't just use 'sampling' of the bitstream?

Technically you can listen to all of the "ones & zeros" at the telco. Whether you can decrypt them, well that's the trick, isnt it? If you can't, well good luck with your ones and zeros. Its the difference between data and information.

3
0
Anonymous Coward

Re: Uh ... kiddies.

Conversely, if you can, you've got all the information you need ...

Sorry, not sure what point you're making? You think all of his internet traffic was encrypted in transit as a matter of course?

0
0
Boffin

Re: Uh ... kiddies. @Jake - Nearly but not quite

you said ""traceroute" does not, contrary to popular belief, give you access to the addresses of all the machines between you and destination.

It only gives you the addresses of the TCP/IP machines between you and destination."

Not quite - It will give you the IP addresses of those machines set up to respond - for example for a certain configuration on Cisco ASA devices you could have 10 of these in the path that has a router at your end and the destination but they wouldn't show up, you'd just see 2 hops.

1
0
Silver badge
WTF?

Re: @auburnman (was: Uh ... kiddies.)

Try reading my post. My point was that we don't know that the re-routing shenanigans were done 'with the purpose of "paying attention"'. Again assuming this was the work of a shadowy government organisation, the objective could simply have been to piss off/distract Dotcom because his ping is important to him. Or a certain non NZ shadowy government organisation fancied testing if they could tap a foreign comms network without the knowledge or consent of Johnny foreigner. Or a rival gamer could have a friend at $TELCO who thought he could turn Dotcom's ping to crap without getting caught. Or maybe the NZ spooks really don't know the first thing about intercepting communications. But it's too early to jump to any of these conclusions.

0
0
Silver badge

Re: @auburnman (was: Uh ... kiddies.)

Not anymore, it seems the Fedora folks think that tcp is the right protocol for a ping when it isn't..not on my firewalls.

0
0
Silver badge
Unhappy

New Zealand needs to check cell systems software

The US NSA claims to be able to tap into any cell system.

The Greek system was compromised a few years back and tracked down to be 'patched' OS software.

There were also three suspicious antennae in the grounds of the US embassy in Athens which could be monitored from a nearby hillside at the time.

At least you can sill whisper to each other, most effective spread-eagled on the ground outside, in the open, directly facing the other party, which renders all forms of monitoring near impossible. Or use Phil Zimmerman's products.

0
0
Bronze badge
FAIL

New Zealand spooks don't get to play very often

So, basically, the NZ spies don't get to play on the international field very often, so wanted to make full use of as much of their stuff as possible - I'm sure that it also helps justify their funding.

And all its done is highlight that they're kinda amateurs.

0
0
Black Helicopters

Wasn't there multiple severing of the connections of under ocean fibre to NZ ?

That'd easily explain the random increases in ping and changes in traceroute. And those are far more likely than "zomg someone spying"

1
1
Silver badge

> Wasn't there multiple severing of the connections of under ocean fibre to NZ ?

Yes there were, but none of those would account for unexplained extra hops _within_ NZ, between him and his ISP.

The fact that his ISP was investigating points to involvement by Telecom New Zealand. (Most DSL ISPs are reselling Telecom lines as the copper's only recently been unbundled).

1
0
Black Helicopters

I believe that GCSB can say they weren't snooping on Dotcom before December

They can blame it on NSA . Through ANZUKUS, there is no difference between the agencies. So, one can do something and claim no responsibility because NSA or GCSB or GCHQ ... are the same thing.

In fact the same thing goes for Intelligence in general. When Bush blamed the yellow cake on British intelligence, it was US intell sent to UK.

0
0
Silver badge
Facepalm

Re: I believe that GCSB can say they weren't snooping on Dotcom before December

"there is no difference between the agencies" ... "NSA or GCSB or GCHQ ... are the same thing"

HAHAHAHAHAHAHA. You seriously think they share everything with each other? Also, I have a bridge for sale.

0
0
Bronze badge
Black Helicopters

the article says he was talking to his ISP

So he would have sent emails with traceroutes to them, thats the first tick box on any helpdesk "to do list"

So yes he would have the information, no its not strange and yes the helpdesk guy was probably found face down in the harbour after asking his boss what the extra hops were

4
0
Anonymous Coward

Proof of Hacking

No one in Australia/NZ has that god a ping, it's physically impossible over that distance!

PS, no I don't believe he hacked, he just had lots of money and lots of spare time to practice.

0
0
Anonymous Coward

Err...

If three extra hops suddenly appeared in the route to the game servers, surely that means that the routing tables have to have been altered, I find it hard to believe that:

a) The ISP wouldn't be able to see that something odd had happened to the routing tables.

b) If I were "THE MAN" and knew enough about monitoring connections to cause the advertisement of a false route to a specific IP address, I wouldn't also know that anyone with even basic knowledge of IP would be able to see those and additional routes and I'd better hide them somehow.

It all seems a bit far fetched to me, probably cock-up at an ISP rather than conspiracy by the man...

0
1
This topic is closed for new posts.