8

Today I was pointed at this document which claims, among other things, that the secret agencies perform man-in-the-middle attacks by using a second network connection established by the home router. BT routers in particular.

Now I know:

  • there were backdoors found in routers
  • a man-in-the-middle attack on Google's SSL connections was discovered

The big question that is asked in the document (and that they claim to answer) is how did they get in-between? I don't buy what they say, so here my question(s):

  • Is there really such a VLAN 301 as described in the document, and what is it for? (and who owns it)
  • How did the NSA (or whoever faked googles certificates) get "in the middle"?
  • Is there really a "DoD NIC" and what is it? Some DNS server?
  • What does it mean that the ping command stops eventually when executed at boot time of the router? Is there really a window where an attacker could bypass the firewall settings?
Improve this question
3
  • Who is BT? Might this be a better question for the IT Security site?
    – Paul
    Commented Dec 17, 2013 at 20:57
  • I think British Telecom, and i'm not 100% sure what site would be best, i decided Skeptics.SE should be the one. Maybe parts of the questions would really be better at IT Sec SE (second and fourth question), but the first and third question seems suited to me(?) Maybe i have a misconception what questions are to be asked here?
    – kutschkem
    Commented Dec 17, 2013 at 21:07
  • @kutschkem This site for "is there [good] evidence for or against this claim": and therefore your question ("is this claim true?") is on topic here. The [only] argument for preferring Security.SE would be that the users there should tend to be specialists/more knowledgeable in security-related matters, and someone there may therefore have more (prior) knowledge about this topic, and/or sources of information about this topic, than users here.
    – ChrisW
    Commented Dec 18, 2013 at 14:25

1 Answer 1

Reset to default
9

No, BT routers do not secretly connect to a NSA/GCHQ network.

The core argument supporting this claim in the document is that the BT routers make DHCP requests to netblocks assigned to the US DoD (specifically, 30.0.0.0/8, which belongs to the Defense Information Systems Agency).

What the author didn't consider is that people running large private networks have been "borrowing" IP addresses that belong to other people. IPv4 address space is very limited, and the small sections set aside for private use often encounter conflicts when connecting private networks (particularly big ones such as large company or university) to semi-private networks (such as ISPs internal networks). Some examples of this:

  1. Canadian ISP Rogers using 7.0.0.0/8 for internal network
  2. US mobile network Sprint using 30.0.0.0/8 for internal network
  3. VPN software provider LogMeIn using 5.0.0.0/8 and 25.0.0.0/8 for networks created by Hamachi software

The US DoD is a prime target for people to "borrow" IP addresses from, since they have a stupidly large number of IP addresses for historical reasons, and almost none of these have ever been advertised on the internet.

Improve this answer
3
  • 1
    In the process of finding sources for this article, I found someone else has debunked the same paper even more thoroughly: blog.erratasec.com/2013/12/…
    – Colin Pickard
    Commented Dec 18, 2013 at 13:47
  • 1
    One other problem with this as a conspiracy theory is that it requires a substantial amount of effort by BT in creating and distributing hardware to all their customers. Why would they not take the much simpler, cheaper and more secure way of diverting the traffic at their own servers?
    – Colin Pickard
    Commented Dec 18, 2013 at 13:59
  • This doesn't prove that routers don't make secret connections... secret connections, by definition, wouldn't be known anyway. :) But it does a good job of debunking the core claim, so +1 anyway.
    – Flimzy
    Commented Dec 19, 2013 at 9:34

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .