The Register reports on an uproar following the discovery of an Internet traffic spying device on campus at the University of California Berkeley:
Academics at the University of California Berkeley have protested after it emerged that management had put a secret data slurping device into the campus that was mapping and storing all network traffic. "The intrusive device is capable of capturing and analyzing all network traffic to and from the Berkeley campus and has enough local storage to save over 30 days of all this data," Ethan Ligon, a member of the Senate-Administration Joint Committee on Campus Information Technology, wrote in an e-mail to fellow faculty members, the SF Chronicle reports.
Benjamin Hermalin, chairman of the UC Berkeley Academic Senate, also expressed serious concerns about the monitoring, and about the storage of the data off-campus. As a third party company is running the device, rather than the university's IT staff, there were also privacy issues to consider.
The device was installed after UCLA Health was hacked in June. Who ordered the installation of the device? No other than Former Governor of Arizona and United States Secretary of Homeland Security Janet Napolitano, who is now the President of the University of California.
A statement from the chair of the University Committee on Academic Computing and Communications has this to say about the monitoring:
We have been informed that the monitoring of communications looked only for "malware signatures" and Internet traffic patterns. As neither message content nor browsing activity were monitored, we believe this level of monitoring can be appropriate.
We have been informed that monitoring of transmissions occurs only at campus edge, and does not capture internal campus traffic. Monitoring of traffic patterns for a pre-defined purpose can be appropriate given that results are maintained for a limited time and limited use.
(Score: 2) by NotSanguine on Sunday February 07 2016, @05:59AM
The problem here is the secrecy. No one really knows what this device does. No one knows how secure it is -- its primary function may be as an IDS, but perhaps it also has other functions.
No. You don't know what it does. It may well have lots of functions. But that doesn't mean it was installed for nefarious purposes. What's more nothing in TFS (or TFA for that matter) provides a lick of evidence that anything nefarious is going on.
I know, I know. Capturing network data bad!. What you likely don't realize is just how much data we're talking about. If UCB was actually capturing all the network traffic traversing its internet-facing links, even with lots of automation, it would require dozens, if not hundreds of people to parse and analyze it. And to what purpose? From a technical and resource utilization perspective, it just doesn't make sense.
Just for fun, go ahead and capture all the network traffic coming in and out of your *home* network for just 24 hours. Disk space is cheap these days, so you may well have enough to hold all the captured packets. Then go and see how long it takes to analyze the traffic. And that's just for you and anyone else in your household. UCB has 40,000 students. That doesn't include faculty, staff, visitors and others who may use the campus network.
I've found that most people don't understand how networks are secured and managed -- in many cases, even the folks tasked with securing and managing networks. Which is likely why folks are up in arms -- because they have no idea what's going on and someone wanted to raise their profile by making something sound scary.
A wide variety of completely normal equipment has the capability to be (and often has an actual, valid requirement which has nothing to do with spying on anyone) for "capturing and analyzing all network traffic to and from the Berkeley campus."
Routers, firewalls, IDS/IPS devices and application proxies come immediately to mind.
TFS and TFA are so sorely lacking in detail, they're essentially semantically null.
For all we know, the IT group did one or more of the following:
started sending firewall logs to a syslog server;
enabled Netflow on edge routers;
added IDS/IPS functionality with or without SIEM integration;
installed traffic mirroring devices and started shipping every single packet to UCB's secret Ukiah data center [wikipedia.org].
Given what little information was actually provided in TFS and TFA, I applied Ockham's Razor and theorized that it was likely the third option (and hopefully all of the first three) -- and almost certainly wasn't the fourth.
What's more, given that in the letter [universityofcalifornia.edu] sent to the UC Academic Senate, the chair of the UC Committee on Academic Computing and Communications said:
in addition to the portion quoted in TFS.
The website referred to in the letter includes all manner of policy and other information, including this gem [berkeley.edu].
The letter also mentions that it handled communications about this project poorly:
You may see evil spies lurking under every classroom desk. I see what is probably reasonable InfoSec policy implementation which was poorly communicated to relevant stakeholders.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 2) by HiThere on Sunday February 07 2016, @07:56PM
Threat analysis: You look at what the potential threat can do, not what it claims it's going to do, or what you hope it will do.
So this is a secretly installed device with unknown capabilities, but which is claimed to be capable of monitoriing (whatever it means by that) all of your electronic communications and storing the results for analysis.
That's a fairly reasonably high threat level. About as high as any virus would have....perhaps higher than all viruses put together.
It *MIGHT* be justifiable if you are expecting intrusion from a source with lots of expertise and funding, say something sponsored by a major corporation of a fairly large and modern country. But in such a case I would expect it to be inadequate.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.