this post was submitted on 29 Aug 2024
401 points (97.9% liked)

Technology

59589 readers
3300 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] Emotet@slrpnk.net 6 points 2 months ago (6 children)

Sounds interesting, got any links for further reading on that?

I can't quite connect the dots between wifi/internet traffic spikes when IRC is so light on traffic that it's basically background noise and war driving.

[–] barsoap@lemm.ee 7 points 2 months ago (5 children)

When you send a message, that usually fits into an IP packet. That gets completely encrypted by the wifi, but you know that a data packet approximately that size has been sent at exactly that time. Simultaneously, you watch the IRC channel and see when messages are arriving from your suspect, or someone else types a message and that should correlate with another encrypted wifi package.

The mistake was a) using wifi, exposing the data in the first place and b) not torrenting while you're chatting. That would've obscured the time correlations.

[–] Emotet@slrpnk.net 3 points 2 months ago (2 children)

I have an understanding of the underlying concepts. I'm mostly interested in the war driving. War driving, at least in my understanding, implies that someone, a state agency in this case, physically went to the very specific location of the suspect, penetrated their (wireless) network and therefore executed a successful traffic correlation attack.

I'm interested in how they got their suspects narrowed down that drastically in the first place. Traffic correlation attacks, at least in my experience, usually happen in a WAN context, not LAN, for example with the help of ISPs.

[–] barsoap@lemm.ee 4 points 2 months ago (1 children)

I’m interested in how they got their suspects narrowed down that drastically in the first place.

They listened in on the chat he was in and could glean from chatter that he lived in a particular municipality or something, rough area. Stuff like, dunno, complain that the supermarket is closed because they had a water leak or something and pin-pointing that. The rest was driving around and see if anything correlates roughly, then park there long enough to make that correlation court-proof.

[–] Emotet@slrpnk.net 2 points 2 months ago

Damn, that's wild. Cheers for sharing!

load more comments (2 replies)
load more comments (2 replies)