• BBS and the NSA

    From Astraeus@VERT/ECBBS to All on Thursday, May 21, 2015 14:40:52
    So what are the chances that information posted in BBS are monitored and recorded by the NSA?

    Are signals between the server and client protected in any way or are they sent plain text?

    Sorry if these are noobish questions, I'm new and curious.

    ---
    þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
  • From Nightfox@VERT/DIGDIST to Astraeus on Thursday, May 21, 2015 13:03:47
    So what are the chances that information posted in BBS are monitored and recorded by the NSA?

    I don't know for sure, but I'm willing to bet that anything sent over the internet could be monitored by the NSA. I doubt they would limit themselves to only certain types of internet traffic.

    Are signals between the server and client protected in any way or are
    they
    sent plain text?

    If you're using telnet or RLogin, the information is sent in plain text. Some BBS packages (such as Synchronet) support SSH, so that's a way to encrypt your connection. I suppose I'm not sure if that provides 100% protection though.. Something tells me the NSA might have a way to decrypt and monitor SSH connections.

    Nightfox

    ---
    þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
  • From Underminer@VERT/UNDRMINE to Nightfox on Thursday, May 21, 2015 16:36:12
    Re: BBS and the NSA
    By: Nightfox to Astraeus on Thu May 21 2015 13:03:47

    encrypt your connection. I suppose I'm not sure if that provides 100% protection though.. Something tells me the NSA might have a way to decrypt and monitor SSH connections.
    Nightfox
    NSA have actually come out and said they cannot monitor SSH in one of their reports. Though truthfully if you want to be free from prying eyes one should go back to a modem, as that's treated the same way as a phone conversation and requires a warrant to tap.
    ---
    Kostie Muirhead
    AKA Underminer
    The Undermine - undermine.ddns.net
    Fido: 1:342/17
    ---
    þ Synchronet þ The Undermine - undermine.ddns.net
  • From Gats@VERT/EDGOFTOM to Underminer on Friday, May 22, 2015 01:32:05
    On 2015-05-21 22:36:12 +0000, Underminer said:

    Re: BBS and the NSA
    By: Nightfox to Astraeus on Thu May 21 2015 13:03:47

    encrypt your connection. I suppose I'm not sure if that provides 100% protection though.. Something tells me the NSA might have a way to decrypt
    and monitor SSH connections.
    Nightfox
    NSA have actually come out and said they cannot monitor SSH in one of their reports. Though truthfully if you want to be free from prying eyes one should go back to a modem, as that's treated the same way as a phone conversation and
    requires a warrant to tap.
    ---
    Kostie Muirhead
    AKA Underminer
    The Undermine - undermine.ddns.net
    Fido: 1:342/17
    ---
    â–  Synchronet â–  The Undermine - undermine.ddns.net

    It's safe to assume they're illegally tapping those as well. With the capabilities the NSA has it's trivial to monitor bbs traffic.

    ---
    þ Synchronet þ Edge of Tomorrow telnet://edgeoftomorrow.eu
  • From High Spirit@VERT/DCBBS to Nightfox on Thursday, May 21, 2015 20:26:09
    Re: BBS and the NSA
    By: Nightfox to Astraeus on Thu May 21 2015 01:03 pm

    If you're using telnet or RLogin, the information is sent in plain text. Some BBS packages (such as Synchronet) support SSH, so that's a way to encrypt your connection. I suppose I'm not sure if that provides 100% protection though.. Something tells me the NSA might have a way to decrypt and monitor SSH connections.

    They probably have rooms full of computers brute forcing encrypted data... with
    enough computing power, anything is possible. ;)


    -- High Spirit

    ---
    þ Synchronet þ Digital Creation BBS -- bbs.digitalcreationbbs.com
  • From Dribble@VERT/LUNATIC to Gats on Thursday, May 21, 2015 17:52:00
    It's safe to assume they're illegally tapping those as well. With the capabilities the NSA has it's trivial to monitor bbs traffic.

    Why would they bother? they won't even go after Lizard Squad, which with
    their abilities should all be in jail by now

    |08{|15Dribble|08} [|15ACiDiC/nRk|08]|07

    --- Mystic BBS v1.10 (Windows)
    * Origin: Lunatic Fringe - lunatic.zapto.org
  • From Nightfox@VERT/DIGDIST to Underminer on Thursday, May 21, 2015 22:24:21
    Re: BBS and the NSA
    By: Underminer to Nightfox on Thu May 21 2015 16:36:12

    NSA have actually come out and said they cannot monitor SSH in one of their reports.

    I wouldn't believe everything the NSA or other government agencies say.

    Nightfox

    ---
    þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
  • From Underminer@VERT/UNDRMINE to Nightfox on Friday, May 22, 2015 01:36:00
    Re: BBS and the NSA
    By: Nightfox to Underminer on Thu May 21 2015 22:24:21

    I wouldn't believe everything the NSA or other government agencies say.
    Generally a safe bet. My reading on it is that they probably CAN get through SSH given enough time and resources, but it's likely far too costly in terms of time and monetary expense to be worth it to them unless they're specifically looking for something.

    .
    ---
    Kostie Muirhead
    AKA Underminer
    The Undermine - undermine.ddns.net
    Fido: 1:342/17
    ---
    þ Synchronet þ The Undermine - undermine.ddns.net
  • From Underminer@VERT/UNDRMINE to Nightfox on Friday, May 22, 2015 01:42:43
    Re: BBS and the NSA
    By: Nightfox to Underminer on Thu May 21 2015 22:24:21

    I wouldn't believe everything the NSA or other government agencies say.
    Also, this is probably more along the lines of what they do if they really need to see what's there ;)

    https://xkcd.com/538/
    ---
    Kostie Muirhead
    AKA Underminer
    The Undermine - undermine.ddns.net
    Fido: 1:342/17
    ---
    þ Synchronet þ The Undermine - undermine.ddns.net
  • From Nightfox@VERT/DIGDIST to Underminer on Friday, May 22, 2015 07:35:39
    Re: BBS and the NSA
    By: Underminer to Nightfox on Fri May 22 2015 01:42:43

    Also, this is probably more along the lines of what they do if they really need to see what's there ;)

    https://xkcd.com/538/

    haha :)

    Nightfox

    ---
    þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
  • From KU2S@VERT/TLCBBS to Astraeus on Friday, May 22, 2015 10:43:18
    So what are the chances that information posted in BBS are monitored and recorded by the NSA?

    Are signals between the server and client protected in any way or are they sent plain text?

    Sorry if these are noobish questions, I'm new and curious.

    ---


    Why? Are you intending to use a BBS for clandestine purposes?

    73 de KU2S

    ---
    þ Synchronet þ The Lost Chord BBS, Cheyenne, WY - tlcbbs.synchro.net:6080
  • From Mro@VERT/BBSESINF to Astraeus on Friday, May 22, 2015 21:41:35
    Re: BBS and the NSA
    By: Astraeus to All on Thu May 21 2015 02:40 pm

    So what are the chances that information posted in BBS are monitored and recorded by the NSA?

    Are signals between the server and client protected in any way or are they sent plain text?

    Sorry if these are noobish questions, I'm new and curious.


    cocaine diamonds isis assassinate president
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::
  • From Mro@VERT/BBSESINF to Nightfox on Friday, May 22, 2015 21:42:13
    Re: BBS and the NSA
    By: Nightfox to Astraeus on Thu May 21 2015 01:03 pm

    So what are the chances that information posted in BBS are monitored and recorded by the NSA?

    I don't know for sure, but I'm willing to bet that anything sent over the internet could be monitored by the NSA. I doubt they would limit


    thanks to the synchronet web interface, many bbses are cached by google
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::
  • From Mro@VERT/BBSESINF to Underminer on Friday, May 22, 2015 21:44:15
    Re: BBS and the NSA
    By: Underminer to Nightfox on Thu May 21 2015 04:36 pm

    encrypt your connection. I suppose I'm not sure if that provides 100% protection though.. Something tells me the NSA might have a way to decrypt and monitor SSH connections.
    Nightfox

    NSA have actually come out and said they cannot monitor SSH in one of their reports.

    yeah well, didnt they jack into the internet via att and monitor all traffic passing throught them?

    Though truthfully if you want to be free from prying eyes one
    should go back to a modem, as that's treated the same way as a phone conversation and requires a warrant to tap.

    i'm sure they do that shit without warrants too. and are you sure digital communications legalities are handled the same was as phone conversations?
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::
  • From Underminer@VERT/UNDRMINE to Mro on Saturday, May 23, 2015 03:03:57
    Re: BBS and the NSA
    By: Mro to Underminer on Fri May 22 2015 21:44:15

    yeah well, didnt they jack into the internet via att and monitor all traffic passing throught them?
    Not sure about that one, wouldn't doubt it though. But that's not the same as monitoring ssh.

    i'm sure they do that shit without warrants too. and are you sure digital communications legalities are handled the same was as phone conversations?
    Once again, wouldn't doubt it in the least, but that would make it inadmissable. There were some court cases in that regard back in the 90s. Don't recall the details, but that was the net result. There were questions and such on that end regarding voip and moip as well.
    ---
    Kostie Muirhead
    AKA Underminer
    The Undermine - undermine.ddns.net
    Fido: 1:342/17
    ---
    þ Synchronet þ The Undermine - undermine.ddns.net
  • From Nightfox@VERT/DIGDIST to Underminer on Saturday, May 23, 2015 07:07:12
    Re: BBS and the NSA
    By: Underminer to Mro on Sat May 23 2015 03:03:57

    yeah well, didnt they jack into the internet via att and monitor all
    traffic passing throught them?

    Not sure about that one, wouldn't doubt it though. But that's not the same as monitoring ssh.

    Monitoring is monitoring. Watching for potentially sketchy activity - it doesn't matter what kind of activity it is.

    Nightfox

    ---
    þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
  • From Mro@VERT/BBSESINF to Underminer on Saturday, May 23, 2015 23:22:05
    Re: BBS and the NSA
    By: Underminer to Mro on Sat May 23 2015 03:03 am

    yeah well, didnt they jack into the internet via att and monitor all traffic passing throught them?
    Not sure about that one, wouldn't doubt it though. But that's not the same as monitoring ssh.


    not much info here, but it's been talked about a lot

    http://time.com/103925/nsa-att/
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::
  • From Poindexter Fortran@VERT/REALITY to Astraeus on Saturday, May 23, 2015 13:51:00
    Re: BBS and the NSA
    By: Astraeus to All on Thu May 21 2015 02:40 pm

    Are signals between the server and client protected in any way or are they sent plain text?

    Plain text. Telnet is the protocol used, and everything sent (including usernames and passwords!) are sent in clear text.

    Synchronet supports SSH, which does encrypt the traffic.

    ---
    þ Synchronet þ realitycheckBBS -- http://realitycheckBBS.org
  • From NuSkooler@VERT/PHARCYDE to Nightfox on Monday, May 25, 2015 20:31:09
    I wouldn't believe everything the NSA or other government agencies say.

    Dig through the various NSA leaks/exposed documents, read the interviews of top position employees that quit over frustration, etc... The NSA is very capable. What they can't decrypt now they simply archive until they can.

    < 128 bit SSL is very likely to be "live" decryptable. 128 bit according to some sources is likely to be being decrypted by them as well (thoguh perhaps not live).

    Then, worse, you have to consider that the NSA does have the private key's to various (most major?) Certificate Authority (CA)'s that your encryption chain trusts. This again, comes from leaks, interviews, and by putting the pieces together.

    Telnet traffic is very likely archived at the least. If you become "interesting" then it will be looked at closer. All easily accessible traffic is certainly run though various systems for flagging / profiling content.

    I'm hoping more boards (and software) make it easiler to support proper SSH connections with large key sizes. ...of course then you still have the very likey (almost certainly for some cipher suites) issue of the NSA having planted moles in some of the major encryption authorities to get some "backdoor" implementations in place. I put "backdoor" in quotes as it's not that there are actually simple backdoors in most of this stuff... it's that the algorithms themselves are comprimised.

    And with that said, FUCK YOU NSA, I KNOW YOU'RE READING! :)

    ---
    þ Synchronet þ thePharcyde_ telnet://bbs.pharcyde.org (Wisconsin)