Data Interception

We all hear about the FBI Carnivore program, about ISP tech staff (motivated by private investigators or competitors) spying on customers, about some companies “monitor all internet activities to cut expenses on IT“ policies. In many cases user’s Internet traffic can be intercepted from the computers sharing same LAN (local area network) or wireless network with the computer being monitored. Data interception is the danger you should count with. How can we protect ourselves from data interception? To find the proper solution we should understand first how the data interception could be performed.

Internet is build as a hierarchy system. Below is a very simplified picture of the Internet: end users are connected to the ISP network through the DSL/cable connections or dialup, ISPs networks are connected to a few bigger, national wide ISPs, and big ISPs are connected between themselves. There are special computers to find the proper path for data packets traveling to the destination – ISP gateways or routers – that examine each packet passing through them and transferring it to the next gateway until the packet reaches its destination. The path between the source network and the destination network is called “route”. Routes (paths between networks) are being chosen depending on the network load, link availability, etc. and change frequently, sometimes a few times a day. Usually data packets are traveling to the destination server through dozen of different networks and gateways.

Let us examine how the data packets travel from your PC to the destination server through the Internet.


Data Interception

After data packets are leaving your PC they are passed to the ISP gateway. ISP gateway, which has multiple connections to the bigger ISP networks, will examine destination IP address, choose proper “next hop” gateway and then forward packet to this gateway. New gateway will perform the same procedure, and so on.

So where is a weak point in this chain? There is a single point where all your data is passed: your ISP gateway. After the packet leaves your ISP network it is almost impossible to predict its route, since it will depend on the destination. Even if the destination is same, the routes change, today it is one route, and tomorrow it will be some other. To monitor somebody’s Internet activities the interested party should monitor the ISP traffic, the single point where all this traffic is passed through. Actually it is how government Internet monitoring systems like “Carnivore” and analogue European system “Echelon” was implemented. Some smaller countries and Arabic countries have a few or even one external Internet connection, which makes it technically possible to block sites or perform monitoring on nationwide ISP level.

To protect your data from the interception you should use traffic encryption. The main idea is that the data should be passed through the ISP network and further – outside of your home country, encrypted. This will guarantee that neither ISP staff nor government authorities can intercept your data. The only technical problem is that both participating parties in data communication should support encryption, and this cannot be achieved in many cases. Most websites, email providers are not supporting encryption. Many Internet services cannot support encryption by design. For example, ICQ, IRC, FTP, newsgroups protocols do not support encryption. This means that data to these servers cannot be encrypted from your PC to the destination.

When the end-to-end encryption cannot be achieved for various reasons, third party services can be used to encrypt the traffic. This will allow safely passing the data through the monitored ISP gateways and country borders links.

Here is the simplified picture of how such services works.

Data Interception

All the traffic will be encrypted on the way from your computer to the special tunneling server, then – unencrypted, and passed to the destination server (mail server, web server, IRC) in unencrypted form. Please note, if the destination server supports encryption itself, https secure web sites for example, traffic will be encrypted twice, e.g. passed through the tunneling server in encrypted form and unencrypted only by destination server. In other words, you may safely send PGP encrypted emails or visit secure sites through such tunneling servers.
Main advantage of these kinds of services is that they provide not only data protection, but IP address anonymity as well. All the remote servers you are communicating through the encrypted tunnel, will see only tunneling server IP address, not yours.

Once you are familiar with data interception techniques and “IP anonymity” problem you may pass to our next page “Internet Security Solutions” where we will review most of the technologies used for data interception protection and anonymizing Internet activities.