InsightaaS: Ars Technica is one of the web’s best-respected sources for technical insight. Founded in 1998 as a publication for “alpha geeks”, the site is a source of technology news, analysis of scientific advancements, gadget reviews, and related features. “Ars tests Internet surveillance–by spying on an NPR reporter” illustrates the unique role that Ars occupies in the IT industry landscape. The article, written by IT editor Sean Gallagher, is a narrative built around an intriguing experiment, in which Ars worked with NPR technology correspondent Steve Henn to explore the extent to which the NSA’s cybersurveillance penetrates our lives. Using professional penetration testing technology, Gallagher monitored data flowing in and out of Henn’s home computer and smartphone.
The results of the experiment have created a great deal of buzz on the Internet, and understandably so. The project found that “the encryption used by most popular Internet services doesn’t completely protect users from eavesdropping.” For example, “Google encrypts searches by default now, but data leaks from Google’s search engine can easily give up a person’s searches once they’ve been de-anonymized–in part by using Google’s own “cookies” against a target.” And while there is at least some protection embedded in major online portals, “Once you’ve left the (relative) safety of the major search, mail, and social media providers, the vast majority of what you do online is an open book.” A second stage of the project found that “your phone also leaks a substantial amount of data,” including (at least in some cases) geolocation data and web history. The concluding header – “we’re all insecure” – provides an apt summation of the project’s results. The final section of the article finds that “the amount of information that can be obtained with simple network tools is staggering,” adding that “Surveillance technology has become a commodity these days. While the NSA has invested untold billions to build its Internet collection capability, most users face more imminent threats of being surveilled while eating lunch in a mall food court by someone with a few hundred dollars’ worth of mobile hardware and some open-source tools.” In the end, Gallagher concludes, “for the vast majority of people online, a little paranoia remains a very healthy thing.”
On a bright April morning in Menlo Park, California, I became an Internet spy.
This was easier than it sounds because I had a willing target. I had partnered with National Public Radio (NPR) tech correspondent Steve Henn for an experiment in Internet surveillance. For one week, while Henn researched a story, he allowed himself to be watched–acting as a stand-in, in effect, for everyone who uses Internet-connected devices. How much of our lives do we really reveal simply by going online?
Henn let me into his Silicon Valley home and ushered me into his office with a cup of coffee. Waiting for me there was the key tool of my new trade: a metal-and-plastic box that resembled nothing more threatening than an unlabeled Wi-Fi router. This was the PwnPlug R2, a piece of professional penetration testing gear designed by Pwnie Express CTO Dave Porcello and his team and on loan to us for this project.
The box would soon sink its teeth into the Internet traffic from Henn’s home computer and smartphone, silently gobbling up every morsel of data and spitting it surreptitiously out of Henn’s home network for our later analysis. With its help, we would create a pint-sized version of the Internet surveillance infrastructure used by the National Security Agency. Henn would serve as a proxy for Internet users…