The Defense Threat Reduction Agency (DTRA) has bought access to netflow data. The tool covers more than 90 percent of the world's internet data and can trace activity through virtual private networks.
A U.S. government agency tasked with supporting the nation’s nuclear deterrence capability has bought access to a data tool that claims to cover more than 90 percent of the world’s internet traffic, and can in some cases let users trace activity through virtual private networks, according to documents obtained by 404 Media.
The documents provide more insight into the use cases and customers of so-called netflow data, which can show which server communicated with another, information that is ordinarily only available to the server’s owner, or the internet service provider (ISP) handling the traffic. Other agencies that have purchased the data include the U.S. Army, NCIS, FBI, IRS, with some government clients saying it would take too long to get data from the NSA, so they bought this tool instead. In this case, the Defense Threat Reduction Agency (DTRA) says it is using the data to perform vulnerability assessments of U.S. and allied systems.
A document written by the DTRA and obtained by 404 Media says the agency “has a requirement to support ongoing assessments of the vulnerability of critical U.S. and allied national/theater mission systems, networks, architectures, infrastructures, and assets.”
The tool “is capable of following communications between servers, even private servers,” which allows the agency to identify infrastructure used by malicious actors, the document continues. That contract was for $490,000 in 2023, according to the document. 404 Media obtained the document and others under a Freedom of Information Act (FOIA) request.
My selfish question: is my VPN still secure? This wouldn’t impact the fact that the traffic itself is encrypted, right? They’d just be able to see that my connection is behind a VPN which is communicating with other servers? Previously it was just my ISP that could know that, now the DTRA can too?
This still seems like a big security risk, though I’m not entirely sure how.
I've worked with netflow data before. All it says is time, source IP, destination IP, protocol, source and destination ports, amount of data transferred, and a guess at what type of traffic it is (http, torrent, video stream, etc). https://www.cisco.com/en/US/technologies/tk648/tk362/technologies_white_paper09186a00800a3db9.html (table 6, though most of the fields in that table aren't actually used). It doesn't include any of the data within the connection.
It wasn't previously just your ISP, it was every provider between you and the endpoint. That is, your ISP, their ISP, and the multiple backbone providers with the big pipes between ISPs (these are the ones selling the data in the article). And of course the NSA because they have a direct tap on the backbones, but they don't share that access or data with anyone.
Useful metadata to build patterns for people that are already suspected or to find patterns of bad actors.
They'll likely have to send portions of it to other agencies to get confirmation and investigations started. The amount of forensic metadata this is, just wow. Like tracking a person through a crowd by the gait of their walk, over years.
Lol your vpn is the toy squirtgun a 12 year old flashes before being gunned down in Walmart by the local PD when it comes to the federal government.
You do realize the government requires all software to allow backdoor access into your pc by the NSA, right? They don't give a fuck where you think your ip says you are as long as they can load it up with kiddie porn to send you away forever if you step on the wrong toes lol
Good. Too many critical systems have glaring vulnerabilities. Hopefully they can use this data to identify attackers and threat patterns to increase national cybersecurity.