How law enforcement agencies monitor the channel with the ISP?

0 like 0 dislike
76 views
Actually such questions, to which I have already long time can't get a clear answer:


1. A law enforcement officer may be put on control e-mail Inbox. I have personally seen, when he came to the regular police Department in St. Petersburg and asked for rassledovanie one threat received by e-mail. This private police officer I calmly replied, "Okay, put your e-mail control". I was a bit surprised, because neither the password or the location of the office from which he is doostep to the Myl'nikov officer asked. As soap is put on the control? Does this mean that the provider (e.g. mail.ru) contract with the Ministry of interior/FSB/it.d. and they are simply asking the provider to give them access to such a box? Does this mean that the use of foreign servers are safer because they have Russian services no access? Or exactly how the box is placed on the control and how the officers see the information box?


2. There is a clear confirmation that the Ministry of interior controls the online channel of the enterprise. But I can't figure out what exactly they see. Surely comrades just took the channel between the client and the ISP, but what exactly they see? Websites which otkryvaet client? If they can see the passwords if they are transmitted by http, not https?
by | 76 views

6 Answers

0 like 0 dislike
The interaction of service providers with law enforcement agencies in Russia is not hiding and obey the laws.
I work as a sysadmin provider. To obtain a license for implementation of activities necessary to organize passage to the FSB, as well as to install their hardware (the SORM). Interestingly, the rules of interaction with the FSB envisage that the provider did not know what information to monitor the FSB. In practice, this means that all Internet traffic, all the calls get put on their iron, and then they decide what to do good.
However, it is only the FSB. Ministry of interior (including the Department), the Prosecutor's office, investigation Department and other structures do not have access to traffic without the approval of this court. Moreover, having the sanction of the court, these structures typically interact with the provider and not with the FSB.
\r
1. In the framework of ORM (operational-investigative measures) may be put on control. Most likely mail.ru will cooperate even at the written request of the interior Ministry, if there is evidence of a crime.
2. MIA probably has no access to traffic. One thing requests any information about subscribers, IP addresses, traffic, etc. that a provider may give, and without the sanction of the court, upon request, and another thing — monitoring all traffic. This provider is unlikely to be allowed without a good reason.
by
0 like 0 dislike
Once asked a similar question. Nothing wrong with that, the work of people such ).
\r
>>1. Operators are required to provide the authorized state bodies engaged in investigative activities or provision of security of the Russian Federation, information about the users of communication services and its communication services, as well as other information required to carry out the bodies of the targets in the cases established by Federal laws.
\r
\rru.wikipedia.org/wiki/СОРМ
\r
\rhabrahabr.ru/blogs/telecom/65924/
by
0 like 0 dislike
Quite simply, neither the FSB nor the interior Ministry does not monitor all traffic, they would have died snift it all. We have for example in the form SORM brought not the latest freshness of the server, and the system are different legal entities and physical persons. When you receive a letter stating that it would be necessary to assist in the ORM them of the port is the mirror port of the client and they sit him snimaut. They get all as you know — tcpdump taxis.
As the FSB have access to billing and IT systems of the major providers, then they already have their usernames and passwords. But access just ordinary employees, find the IP at login, or to view the history of visits, with what equipment, passport details, etc.
So the technical ability snift the traffic is, but you can imagine it is the size of a large operator, we have several hundred gigabits for each backbone node, so there can imagine a piece of metal for snipa :))) But nobody does it in practice, even on foreign channels, not sitting no bugs, technically expensive and difficult :)
by
0 like 0 dislike
somehow I have a sneaking idea that after all the most important things it is better not to discuss in writing and face to face...
by
0 like 0 dislike
About SORM've written here. See they can do everything, but what specifically analyzes the SORM — information closed. The possibility is there to log any unencrypted information. And despite the cut of dough that is wasted on this SORM, for the years that it sort of finished up and running.
They tried to hide the fact monitoring, but it is difficult to do technically.
by
0 like 0 dislike
Thank you very much for the replies.
Informative and accessible. It was especially interesting to learn about the box, which puts the FSB.
\r
\r"Quite simply, neither the FSB nor the interior Ministry does not monitor all traffic, they would have died snift it all..."
The question is not if you can snift, can mean. And here is you can't count on that "and hardly at the moment snimaut — it's a hemorrhoid". The same applies to sanctions. I don't think in some cases friends will bother getting sanctions, and if sanctions can do what you need.
\r
And no one has seen the form in which information is displayed, so to say, is the end user's SORM? :) What you see comrades on the monitors of their computers?
\r
I understand if the traffic goes over https or ssl, then the url is visible, but not visible soderjanie form, which transmits the encoded traffic, but if http and you can see the url and content?
\r
In fact, after studying this whole topic, not to say, but TOR seemed to me the most appropriate way. Tried to pick it up — without any problems even from under Windows, though under Linux. Of course the speed dropped 10 times, but if it so requires, and to hell with her.
\r
It's nice that tor and DNS queries is sent through their servers, and that regularly changing the encryption and peers. In General, while clear disadvantages are not noticed.
\r
Wrote that the feast may be the car of the attacker, but the machine (if it is first in the chain) does not see what site the client is requesting, and if the machine of the attacker is the latter, then she sees who is requesting the website. Also a chain of three peers regularly changing encryption keys too.
by
110,608 questions
257,186 answers
0 comments
32,718 users