back to article New questions raised over Kim Dotcom snooping

The slow-motion train wreck of the Megaupload investigation rumbles on, with a new report alleging Kim Dotcom’s Internet connection showed signs of interference earlier than New Zealand’s Government Communications Security Bureau had admitted. According to the New Zealand Herald, Dotcom’s ping times were under investigation by …

COMMENTS

This topic is closed for new posts.
  1. geejayoh
    Big Brother

    I'm confused...

    Can traceroutes be done after the fact? Or was Kim Dotcom tracerouting his connection as a matter of course?

    That strikes me as overly paranoid for someone who is doing nothing wrong.

    Whatever the case, Spy agency or not, the UK should listen up. Snooping and man-in-the-middle attacks are ILLEGAL. Legislating to make it legal so they can read all our emails. Just wrong.

    1. Anonymous Coward
      Black Helicopters

      Re: I'm confused...

      Yeah, here in the US, it's really odd when a traceroute from Smyrna, GA to Atlanta, GA (hint, they are adjacent) goes through Reston, VA... But that's ok, I have configured my NIC to use obscene words for frame padding, instead of random data from the stack.

      black helecopters....you can avoid them by living on final approach...

      1. ralph058
        Black Helicopters

        Re: I'm confused...

        Going through Reston, no cause for concern. Going Linthicom Heights or Patapsco MD, worry.

        1. Anonymous Coward
          Anonymous Coward

          Re: Going through Reston, no cause for concern.

          Unless you're a monkey...

        2. Anonymous Coward
          Black Helicopters

          Re: I'm confused...

          "Going through Reston, no cause for concern. Going Linthicom Heights or Patapsco MD, worry."

          Acually, they're all in the 'laws-don't-apply-here-because-we-say-so' zone.

    2. Stephen 27
      Coat

      Re: I'm confused...

      Eh? If I saw a sudden increase in latency I'd run traceroute. Anyone who has a modest knowledge of network architectures would do the same. He's not just a kid who plays xbox, he's someone who's made millions on exploiting the advantages to be found in the brave (relatively new) world of the Internet.

      1. geejayoh
        Holmes

        Re: I'm confused...

        Mmmm.

        I've been playing online before: WoW, Team Fortress 2, CS:Source etc. I've had ping spikes.

        I know enough about architectures that I put it down to ISP throttling, Server congestion, a hundred different things.

        I didn't immediately think "Jeez, the feds, must traceroute". Particularly sitting at home playing on an Xbox? I'd assume lag would be part and parcel of playing on the closed XBox network.

        I do concede your point that he is not-your-average-bear XBox living room tard. But still. For a spike - it's not a "anyone would do the same response"

        1. Raumkraut

          Re: I'm confused...

          By my reading, we're not talking about a "ping spike", we're talking about a sudden and unexplained persistent increase in ping times.

          You don't get to be #1 ranked in any popular sport or game without taking it seriously. Serious gamers, just like serious athletes, do everything in their power to optimise their game.

          If an F1 car suddenly starting taking six times as long to respond to steering or throttle - even if for only a few minutes - they're damn well going to find out what just happened, why it happened, and how they can fix it.

    3. Tom 38

      Re: I'm confused...

      I don't think that's weird. I play FPS on the same few servers, and know - approximately - the route from me to them. If one day I'm playing on that server, and my ping is 50 ms higher than it usually is, I would fire off a traceroute to see wtf is going on, and would notice 3 extra hops that weren't there before.

    4. MonkeyBot

      Re: I'm confused...

      "That strikes me as overly paranoid for someone who is doing nothing wrong."

      Given that he was illegally tapped, is it paranoia or a reasonable assumption.

    5. Anonymous Coward
      Anonymous Coward

      Re: I'm confused...

      When a usually fast site suddenly feels slower, I do start pinging and then tracerouting. I don't know about you, but that is SOP. Nothing to do with paranoia.

  2. Anonymous Coward
    Anonymous Coward

    Log files. Not unreasonable for someone with a web biz to keep them. Got some myself.

    1. Anonymous Coward
      Anonymous Coward

      Um...

      You have logfiles showing traceroutes? Bet you don't.

      1. Anonymous Coward
        Anonymous Coward

        Re: Um...

        If you've paid for expensive fibre to be installed directly to your house and inexplicably your ping increases by a factor of 6, then no doubt you'd probably be in contact with your ISP, who more than likely would request some tracert details.

        Granted you may delete the logs after you've emailed them to your ISP, but you can easily fish the attachment out of your sent items.

      2. Grogan Silver badge

        Re: Um...

        You would log them if taking them for evidence of the poor route that you want your ISP to correct, which is what he was doing at the time.

        There is nothing unusual about that. I use traceroute often myself, and have specifically used it many times to see why I had lag to... our Call of Duty servers. In fact sometimes I would have to ssh in to the servers and traceroute to myself to see the problem. The routes often aren't the same in both directions, depending on the datacenter.

        1. Anonymous Coward
          Anonymous Coward

          Re: Um...

          "The routes often aren't the same in both directions, depending on the datacenter."

          Especially with small, non-expert ISPs.

        2. Anonymous Coward
          Anonymous Coward

          Re: Um...

          > You have logfiles showing traceroutes? Bet you don't.

          You would win that bet. I do however have log files (and graphs) of pinging client's servers every 30 seconds or so if performance issues have come up. If unusually high ping times are observed, traceroute is the obvious next step. Being a mere mortal, I have to do the traceroute manually (and I also don't want to be mistaken for a lackadaisical DDoS attack) hence no logfiles; but it wouldn't surprise me in the slightest if Dotcom had an automatic and more sophisticated method of doing and logging the same process.

      3. Anonymous Coward
        Anonymous Coward

        Re: Um...

        smokeping ftw

  3. enerider
    Pint

    If they spy this well...

    ...then that would come as a great relief!

    There is a fair bit of agreement that Key's memory lapses need to get seen to, by medical or "other" means.

    Minor note: Labour is spelt with a "u" - because we're not USA. The hint of our British heritage is in the flag.

    Beer because it's Friday in this neck of the woods.

  4. jake Silver badge

    Uh ... kiddies.

    "traceroute" does not, contrary to popular belief, give you access to the addresses of all the machines between you and destination.

    It only gives you the addresses of the TCP/IP machines between you and destination.

    Most telco gear encapsulates TCP/IP over a completely different protocol, and TCP/IP isn't capable of even interacting with the protocol that encapsulates it.

    On the other hand, most of that telco gear allows "sampling" of the bitstream, without the enduser actually having any way of noticing that the sampling is occurring. Hint: ones & zeros can be duplicated without loss. That's how fiber optic repeaters revolutionized long-distance telephony. The included "monitor" ports on the repeaters (ostensibly used only for test purposes) also allow anyone with access to listen in ...

    In other words, if you have access to digital $TELCO_SWITCH_GEAR, you can listen in to any internet traffic, without anyone only connected to the TCP/IP internet being the any the wiser.

    My point? If the New Zealand Governmental Spy Agency doesn't grok this basic concept, and actually allowed ping times to increase due to their snooping, they need to be fired en-mass, regardless of what the Dotcom twat is guilty of.

    1. This post has been deleted by its author

    2. auburnman
      Stop

      Re: Uh ... kiddies.

      Assuming for a second that the sudden ping drop was the work of a shadowy government agency, NZ, US or otherwise, it's still a jump too far to assume the objective was snooping on his traffic. It might have been a cack-handed attempt at harassing him by hobbling his game or distracting him with fixing his connection while they had other operations ongoing.

      1. jake Silver badge

        @auburnman (was: Re: Uh ... kiddies.)

        You don't get it.

        The entire "ping" thing isn't $TELCO related. ping's a tool that's only useful to figure out if any given box allowing TCP/IP traffic is accessible ... it has no bearing on $TELCO's internal routing. $TELCO carries the traffic, but $TELCO doesn't tell you how that traffic is carried.

        If .gov entities re-route traffic outside $TELCO, using TCP/IP, with the purpose of "paying attention", well ... my gut feeling is that said .gov entities have absolutely zero clue.

        Which is really, really, scary.

        1. stanimir

          Re: @auburnman (was: Uh ... kiddies.)

          ping is actually ICMP, so is traceroute. TCP has not bearing aside it works over IP.

          1. Anonymous Coward
            Anonymous Coward

            Re: @auburnman (was: Uh ... kiddies.)

            Not anymore, it seems the Fedora folks think that tcp is the right protocol for a ping when it isn't..not on my firewalls.

        2. auburnman
          WTF?

          Re: @auburnman (was: Uh ... kiddies.)

          Try reading my post. My point was that we don't know that the re-routing shenanigans were done 'with the purpose of "paying attention"'. Again assuming this was the work of a shadowy government organisation, the objective could simply have been to piss off/distract Dotcom because his ping is important to him. Or a certain non NZ shadowy government organisation fancied testing if they could tap a foreign comms network without the knowledge or consent of Johnny foreigner. Or a rival gamer could have a friend at $TELCO who thought he could turn Dotcom's ping to crap without getting caught. Or maybe the NZ spooks really don't know the first thing about intercepting communications. But it's too early to jump to any of these conclusions.

    3. Harry Kiri

      Re: Uh ... kiddies.

      Er, yeah, thanks for info.

      But have you heard of man-in-the-middle attacks, why they're of use and why you can't just use 'sampling' of the bitstream?

      Technically you can listen to all of the "ones & zeros" at the telco. Whether you can decrypt them, well that's the trick, isnt it? If you can't, well good luck with your ones and zeros. Its the difference between data and information.

      1. Anonymous Coward
        Anonymous Coward

        Re: Uh ... kiddies.

        Conversely, if you can, you've got all the information you need ...

        Sorry, not sure what point you're making? You think all of his internet traffic was encrypted in transit as a matter of course?

    4. Chris007
      Boffin

      Re: Uh ... kiddies. @Jake - Nearly but not quite

      you said ""traceroute" does not, contrary to popular belief, give you access to the addresses of all the machines between you and destination.

      It only gives you the addresses of the TCP/IP machines between you and destination."

      Not quite - It will give you the IP addresses of those machines set up to respond - for example for a certain configuration on Cisco ASA devices you could have 10 of these in the path that has a router at your end and the destination but they wouldn't show up, you'd just see 2 hops.

  5. JaitcH
    Unhappy

    New Zealand needs to check cell systems software

    The US NSA claims to be able to tap into any cell system.

    The Greek system was compromised a few years back and tracked down to be 'patched' OS software.

    There were also three suspicious antennae in the grounds of the US embassy in Athens which could be monitored from a nearby hillside at the time.

    At least you can sill whisper to each other, most effective spread-eagled on the ground outside, in the open, directly facing the other party, which renders all forms of monitoring near impossible. Or use Phil Zimmerman's products.

  6. localzuk Silver badge
    FAIL

    New Zealand spooks don't get to play very often

    So, basically, the NZ spies don't get to play on the international field very often, so wanted to make full use of as much of their stuff as possible - I'm sure that it also helps justify their funding.

    And all its done is highlight that they're kinda amateurs.

  7. DJ Smiley
    Black Helicopters

    Wasn't there multiple severing of the connections of under ocean fibre to NZ ?

    That'd easily explain the random increases in ping and changes in traceroute. And those are far more likely than "zomg someone spying"

    1. Alan Brown Silver badge

      > Wasn't there multiple severing of the connections of under ocean fibre to NZ ?

      Yes there were, but none of those would account for unexplained extra hops _within_ NZ, between him and his ISP.

      The fact that his ISP was investigating points to involvement by Telecom New Zealand. (Most DSL ISPs are reselling Telecom lines as the copper's only recently been unbundled).

  8. ralph058
    Black Helicopters

    I believe that GCSB can say they weren't snooping on Dotcom before December

    They can blame it on NSA . Through ANZUKUS, there is no difference between the agencies. So, one can do something and claim no responsibility because NSA or GCSB or GCHQ ... are the same thing.

    In fact the same thing goes for Intelligence in general. When Bush blamed the yellow cake on British intelligence, it was US intell sent to UK.

    1. FartingHippo
      Facepalm

      Re: I believe that GCSB can say they weren't snooping on Dotcom before December

      "there is no difference between the agencies" ... "NSA or GCSB or GCHQ ... are the same thing"

      HAHAHAHAHAHAHA. You seriously think they share everything with each other? Also, I have a bridge for sale.

  9. Gordon Pryra
    Black Helicopters

    the article says he was talking to his ISP

    So he would have sent emails with traceroutes to them, thats the first tick box on any helpdesk "to do list"

    So yes he would have the information, no its not strange and yes the helpdesk guy was probably found face down in the harbour after asking his boss what the extra hops were

  10. Anonymous Coward
    Anonymous Coward

    Proof of Hacking

    No one in Australia/NZ has that god a ping, it's physically impossible over that distance!

    PS, no I don't believe he hacked, he just had lots of money and lots of spare time to practice.

  11. Anonymous Coward
    Anonymous Coward

    Err...

    If three extra hops suddenly appeared in the route to the game servers, surely that means that the routing tables have to have been altered, I find it hard to believe that:

    a) The ISP wouldn't be able to see that something odd had happened to the routing tables.

    b) If I were "THE MAN" and knew enough about monitoring connections to cause the advertisement of a false route to a specific IP address, I wouldn't also know that anyone with even basic knowledge of IP would be able to see those and additional routes and I'd better hide them somehow.

    It all seems a bit far fetched to me, probably cock-up at an ISP rather than conspiracy by the man...

This topic is closed for new posts.

Other stories you might like