- <title>E-tjenesten ber om innsyn i eposten til partiene på Stortinget</title>
- <link>http://people.skolelinux.org/pere/blog/E_tjenesten_ber_om_innsyn_i_eposten_til_partiene_p__Stortinget.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/E_tjenesten_ber_om_innsyn_i_eposten_til_partiene_p__Stortinget.html</guid>
- <pubDate>Tue, 6 Sep 2016 23:00:00 +0200</pubDate>
- <description><p>I helga kom det et hårreisende forslag fra Lysne II-utvalget satt
-ned av Forsvarsdepartementet. Lysne II-utvalget var bedt om å vurdere
-ønskelista til Forsvarets etterretningstjeneste (e-tjenesten), og har
-kommet med
-<a href="http://www.aftenposten.no/norge/Utvalg-sier-ja-til-at-E-tjenesten-far-overvake-innholdet-i-all-internett--og-telefontrafikk-som-krysser-riksgrensen-603232b.html">forslag
-om at e-tjenesten skal få lov til a avlytte all Internett-trafikk</a>
-som passerer Norges grenser. Få er klar over at dette innebærer at
-e-tjenesten får tilgang til epost sendt til de fleste politiske
-partiene på Stortinget. Regjeringspartiet Høyre (@hoyre.no),
-støttepartiene Venstre (@venstre.no) og Kristelig Folkeparti (@krf.no)
-samt Sosialistisk Ventreparti (@sv.no) og Miljøpartiet de grønne
-(@mdg.no) har nemlig alle valgt å ta imot eposten sin via utenlandske
-tjenester. Det betyr at hvis noen sender epost til noen med en slik
-adresse vil innholdet i eposten, om dette forslaget blir vedtatt, gjøres
-tilgjengelig for e-tjenesten. Venstre, Sosialistisk Ventreparti og
-Miljøpartiet De Grønne har valgt å motta sin epost hos Google,
-Kristelig Folkeparti har valgt å motta sin epost hos Microsoft, og
-Høyre har valgt å motta sin epost hos Comendo med mottak i Danmark og
-Irland. Kun Arbeiderpartiet og Fremskrittspartiet har valgt å motta
-eposten sin i Norge, hos henholdsvis Intility AS og Telecomputing
-AS.</p>
-
-<p>Konsekvensen er at epost inn og ut av de politiske organisasjonene,
-til og fra partimedlemmer og partiets tillitsvalgte vil gjøres
-tilgjengelig for e-tjenesten for analyse og sortering. Jeg mistenker
-at kunnskapen som slik blir tilgjengelig vil være nyttig hvis en
-ønsker å vite hvilke argumenter som treffer publikum når en ønsker å
-påvirke Stortingets representanter.</p
-
-<p>Ved hjelp av MX-oppslag i DNS for epost-domene, tilhørende
-whois-oppslag av IP-adressene og traceroute for å se hvorvidt
-trafikken går via utlandet kan enhver få bekreftet at epost sendt til
-de omtalte partiene vil gjøres tilgjengelig for forsvarets
-etterretningstjeneste hvis forslaget blir vedtatt. En kan også bruke
-den kjekke nett-tjenesten <a href="http://ipinfo.io/">ipinfo.io</a>
-for å få en ide om hvor i verden en IP-adresse hører til.</p>
-
-<p>På den positive siden vil forslaget gjøre at enda flere blir
-motivert til å ta grep for å bruke
-<a href="https://www.torproject.org/">Tor</a> og krypterte
-kommunikasjonsløsninger for å kommunisere med sine kjære, for å sikre
-at privatsfæren vernes. Selv bruker jeg blant annet
-<a href="https://www.freedomboxfoundation.org/">FreedomBox</a> og
-<a href="https://whispersystems.org/">Signal</a> til slikt. Ingen av
-dem er optimale, men de fungerer ganske bra allerede og øker kostnaden
-for dem som ønsker å invadere mitt privatliv.</p>
-
-<p>For øvrig burde varsleren Edward Snowden få politisk asyl i
-Norge.</p>
-
-<!--
-
-venstre.no
- venstre.no mail is handled by 10 aspmx.l.google.com.
- venstre.no mail is handled by 20 alt1.aspmx.l.google.com.
- venstre.no mail is handled by 20 alt2.aspmx.l.google.com.
- venstre.no mail is handled by 30 aspmx2.googlemail.com.
- venstre.no mail is handled by 30 aspmx3.googlemail.com.
-
-traceroute to aspmx.l.google.com (173.194.222.27), 30 hops max, 60 byte packets
- 1 uio-gw10.uio.no (129.240.6.1) 0.411 ms 0.438 ms 0.536 ms
- 2 uio-gw8.uio.no (129.240.24.229) 0.375 ms 0.452 ms 0.548 ms
- 3 oslo-gw1.uninett.no (128.39.65.17) 1.940 ms 1.950 ms 1.942 ms
- 4 se-tug.nordu.net (109.105.102.108) 6.910 ms 6.949 ms 7.283 ms
- 5 google-gw.nordu.net (109.105.98.6) 6.975 ms 6.967 ms 6.958 ms
- 6 209.85.250.192 (209.85.250.192) 7.337 ms 7.286 ms 10.890 ms
- 7 209.85.254.13 (209.85.254.13) 7.394 ms 209.85.254.31 (209.85.254.31) 7.586 ms 209.85.254.33 (209.85.254.33) 7.570 ms
- 8 209.85.251.255 (209.85.251.255) 15.686 ms 209.85.249.229 (209.85.249.229) 16.118 ms 209.85.251.255 (209.85.251.255) 16.073 ms
- 9 74.125.37.255 (74.125.37.255) 16.794 ms 216.239.40.248 (216.239.40.248) 16.113 ms 74.125.37.44 (74.125.37.44) 16.764 ms
-10 * * *
-
-mdg.no
- mdg.no mail is handled by 1 aspmx.l.google.com.
- mdg.no mail is handled by 5 alt2.aspmx.l.google.com.
- mdg.no mail is handled by 5 alt1.aspmx.l.google.com.
- mdg.no mail is handled by 10 aspmx2.googlemail.com.
- mdg.no mail is handled by 10 aspmx3.googlemail.com.
-sv.no
- sv.no mail is handled by 1 aspmx.l.google.com.
- sv.no mail is handled by 5 alt1.aspmx.l.google.com.
- sv.no mail is handled by 5 alt2.aspmx.l.google.com.
- sv.no mail is handled by 10 aspmx3.googlemail.com.
- sv.no mail is handled by 10 aspmx2.googlemail.com.
-hoyre.no
- hoyre.no mail is handled by 10 hoyre-no.mx1.comendosystems.com.
- hoyre.no mail is handled by 20 hoyre-no.mx2.comendosystems.net.
-
-traceroute to hoyre-no.mx1.comendosystems.com (89.104.206.4), 30 hops max, 60 byte packets
- 1 uio-gw10.uio.no (129.240.6.1) 0.450 ms 0.510 ms 0.591 ms
- 2 uio-gw8.uio.no (129.240.24.229) 0.383 ms 0.508 ms 0.596 ms
- 3 oslo-gw1.uninett.no (128.39.65.17) 0.311 ms 0.315 ms 0.300 ms
- 4 se-tug.nordu.net (109.105.102.108) 6.837 ms 6.842 ms 6.834 ms
- 5 dk-uni.nordu.net (109.105.97.10) 26.073 ms 26.085 ms 26.076 ms
- 6 dix.1000m.soeborg.ip.comendo.dk (192.38.7.22) 15.372 ms 15.046 ms 15.123 ms
- 7 89.104.192.65 (89.104.192.65) 15.875 ms 15.990 ms 16.239 ms
- 8 89.104.192.179 (89.104.192.179) 15.676 ms 15.674 ms 15.664 ms
- 9 03dm-com.mx1.staysecuregroup.com (89.104.206.4) 15.637 ms * *
-
-krf.no
- krf.no mail is handled by 10 krf-no.mail.protection.outlook.com.
-
-traceroute to krf-no.mail.protection.outlook.com (213.199.154.42), 30 hops max, 60 byte packets
- 1 uio-gw10.uio.no (129.240.6.1) 0.401 ms 0.438 ms 0.536 ms
- 2 uio-gw8.uio.no (129.240.24.229) 11.076 ms 11.120 ms 11.204 ms
- 3 oslo-gw1.uninett.no (128.39.65.17) 0.232 ms 0.234 ms 0.271 ms
- 4 se-tug.nordu.net (109.105.102.108) 6.811 ms 6.820 ms 6.815 ms
- 5 netnod-ix-ge-a-sth-4470.microsoft.com (195.245.240.181) 7.074 ms 7.013 ms 7.061 ms
- 6 ae1-0.sto-96cbe-1b.ntwk.msn.net (104.44.225.161) 7.227 ms 7.362 ms 7.293 ms
- 7 be-8-0.ibr01.ams.ntwk.msn.net (104.44.5.7) 41.993 ms 43.334 ms 41.939 ms
- 8 be-1-0.ibr02.ams.ntwk.msn.net (104.44.4.214) 43.153 ms 43.507 ms 43.404 ms
- 9 ae3-0.fra-96cbe-1b.ntwk.msn.net (104.44.5.17) 29.897 ms 29.831 ms 29.794 ms
-10 ae10-0.vie-96cbe-1a.ntwk.msn.net (198.206.164.1) 42.309 ms 42.130 ms 41.808 ms
-11 * ae8-0.vie-96cbe-1b.ntwk.msn.net (104.44.227.29) 41.425 ms *
-12 * * *
-
-arbeiderpartiet.no
- arbeiderpartiet.no mail is handled by 10 mail.intility.com.
- arbeiderpartiet.no mail is handled by 20 mail2.intility.com.
-
-traceroute to mail.intility.com (188.95.245.87), 30 hops max, 60 byte packets
- 1 uio-gw10.uio.no (129.240.6.1) 0.486 ms 0.508 ms 0.649 ms
- 2 uio-gw8.uio.no (129.240.24.229) 0.416 ms 0.508 ms 0.620 ms
- 3 oslo-gw1.uninett.no (128.39.65.17) 0.276 ms 0.278 ms 0.275 ms
- 4 te3-1-2.br1.fn3.as2116.net (193.156.90.3) 0.374 ms 0.371 ms 0.416 ms
- 5 he16-1-1.cr1.san110.as2116.net (195.0.244.234) 3.132 ms he16-1-1.cr2.oslosda310.as2116.net (195.0.244.48) 10.079 ms he16-1-1.cr1.san110.as2116.net (195.0.244.234) 3.353 ms
- 6 te1-2-0.ar2.ulv89.as2116.net (195.0.243.194) 0.569 ms te5-0-0.ar2.ulv89.as2116.net (195.0.243.192) 0.661 ms 0.653 ms
- 7 cD2EC45C1.static.as2116.net (193.69.236.210) 0.654 ms 0.615 ms 0.590 ms
- 8 185.7.132.38 (185.7.132.38) 1.661 ms 1.808 ms 1.695 ms
- 9 185.7.132.100 (185.7.132.100) 1.793 ms 1.943 ms 1.546 ms
-10 * * *
-
-frp.no
- frp.no mail is handled by 10 mx03.telecomputing.no.
- frp.no mail is handled by 20 mx01.telecomputing.no.
-
-traceroute to mx03.telecomputing.no (95.128.105.102), 30 hops max, 60 byte packets
- 1 uio-gw10.uio.no (129.240.6.1) 0.378 ms 0.402 ms 0.479 ms
- 2 uio-gw8.uio.no (129.240.24.229) 0.361 ms 0.458 ms 0.548 ms
- 3 oslo-gw1.uninett.no (128.39.65.17) 0.361 ms 0.352 ms 0.336 ms
- 4 xe-2-2-0-0.san-peer2.osl.no.ip.tdc.net (193.156.90.16) 0.375 ms 0.366 ms 0.346 ms
- 5 xe-2-0-2-0.ost-pe1.osl.no.ip.tdc.net (85.19.121.97) 0.780 ms xe-2-0-0-0.ost-pe1.osl.no.ip.tdc.net (85.19.121.101) 0.713 ms xe-2-0-2-0.ost-pe1.osl.no.ip.tdc.net (85.19.121.97) 0.759 ms
- 6 cpe.xe-0-2-0-100.ost-pe1.osl.no.customer.tdc.net (85.19.26.46) 0.837 ms 0.755 ms 0.759 ms
- 7 95.128.105.3 (95.128.105.3) 1.050 ms 1.288 ms 1.182 ms
- 8 mx03.telecomputing.no (95.128.105.102) 0.717 ms 0.703 ms 0.692 ms
-
--->
+ <title>Easier recipe to observe the cell phones around you</title>
+ <link>http://people.skolelinux.org/pere/blog/Easier_recipe_to_observe_the_cell_phones_around_you.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Easier_recipe_to_observe_the_cell_phones_around_you.html</guid>
+ <pubDate>Sun, 24 Sep 2017 08:30:00 +0200</pubDate>
+ <description><p>A little more than a month ago I wrote
+<a href="http://people.skolelinux.org/pere/blog/Simpler_recipe_on_how_to_make_a_simple__7_IMSI_Catcher_using_Debian.html">how
+to observe the SIM card ID (aka IMSI number) of mobile phones talking
+to nearby mobile phone base stations using Debian GNU/Linux and a
+cheap USB software defined radio</a>, and thus being able to pinpoint
+the location of people and equipment (like cars and trains) with an
+accuracy of a few kilometer. Since then we have worked to make the
+procedure even simpler, and it is now possible to do this without any
+manual frequency tuning and without building your own packages.</p>
+
+<p>The <a href="https://tracker.debian.org/pkg/gr-gsm">gr-gsm</a>
+package is now included in Debian testing and unstable, and the
+IMSI-catcher code no longer require root access to fetch and decode
+the GSM data collected using gr-gsm.</p>
+
+<p>Here is an updated recipe, using packages built by Debian and a git
+clone of two python scripts:</p>
+
+<ol>
+
+<li>Start with a Debian machine running the Buster version (aka
+ testing).</li>
+
+<li>Run '<tt>apt install gr-gsm python-numpy python-scipy
+ python-scapy</tt>' as root to install required packages.</li>
+
+<li>Fetch the code decoding GSM packages using '<tt>git clone
+ github.com/Oros42/IMSI-catcher.git</tt>'.</li>
+
+<li>Insert USB software defined radio supported by GNU Radio.</li>
+
+<li>Enter the IMSI-catcher directory and run '<tt>python
+ scan-and-livemon</tt>' to locate the frequency of nearby base
+ stations and start listening for GSM packages on one of them.</li>
+
+<li>Enter the IMSI-catcher directory and run '<tt>python
+ simple_IMSI-catcher.py</tt>' to display the collected information.</li>
+
+</ol>
+
+<p>Note, due to a bug somewhere the scan-and-livemon program (actually
+<a href="https://github.com/ptrkrysik/gr-gsm/issues/336">its underlying
+program grgsm_scanner</a>) do not work with the HackRF radio. It does
+work with RTL 8232 and other similar USB radio receivers you can get
+very cheaply
+(<a href="https://www.ebay.com/sch/items/?_nkw=rtl+2832">for example
+from ebay</a>), so for now the solution is to scan using the RTL radio
+and only use HackRF for fetching GSM data.</p>
+
+<p>As far as I can tell, a cell phone only show up on one of the
+frequencies at the time, so if you are going to track and count every
+cell phone around you, you need to listen to all the frequencies used.
+To listen to several frequencies, use the --numrecv argument to
+scan-and-livemon to use several receivers. Further, I am not sure if
+phones using 3G or 4G will show as talking GSM to base stations, so
+this approach might not see all phones around you. I typically see
+0-400 IMSI numbers an hour when looking around where I live.</p>
+
+<p>I've tried to run the scanner on a
+<a href="https://wiki.debian.org/RaspberryPi">Raspberry Pi 2 and 3
+running Debian Buster</a>, but the grgsm_livemon_headless process seem
+to be too CPU intensive to keep up. When GNU Radio print 'O' to
+stdout, I am told there it is caused by a buffer overflow between the
+radio and GNU Radio, caused by the program being unable to read the
+GSM data fast enough. If you see a stream of 'O's from the terminal
+where you started scan-and-livemon, you need a give the process more
+CPU power. Perhaps someone are able to optimize the code to a point
+where it become possible to set up RPi3 based GSM sniffers? I tried
+using Raspbian instead of Debian, but there seem to be something wrong
+with GNU Radio on raspbian, causing glibc to abort().</p>
projects / homepage.git / blobdiff