E-spionage with our man in Albany

By MICHAEL FOREMAN

David Gottschalk, owner of Auckland internet service provider (ISP) Web Internet, does not make a habit of spying on his customers.

"This is not something I normally do," he said as he fired up Sniffit, a program to monitor internet communications.

He had invited the Herald to see first hand just how easily your e-mail might be read by Government interception devices, and how your online behaviour could be observed - all without your knowledge.

Based near Albany, Web Internet is a small fish compared with Xtra or ihug, but even so a "black box" installed there could snoop on a lot of people.

The company connects around 2000 homes and businesses to the net directly, and also provides access behind the scenes to a few thousand customers of several other small ISPs. All traffic passes through a locked server room crammed from floor to head height with rows of computers and modems.

Mr Gottschalk does not have to operate or attach any device to these computers to monitor their traffic. Thanks to the power of the Unix operating system, he can listen in on the lot from his desk.

Before he showed me how, he laid down some rules - we were not going to see anything his clients wouldn't want us to see, and no names could be mentioned. Then he started with the simple stuff.

Mr Gottschalk opened Web Internet's mail spool file, a standard feature of virtually every ISP's system, which contains all e-mails sent recently to or from all customers. With a few keystrokes, he had plucked a long list of login names from the file, but he deliberately clicked on one belonging to a mutual acquaintance we shall call Malcolm.

A list of Malcolm's messages immediately appeared in a similar format to an e-mail program, with details of the sender, recipient and subject. One message with the subject "contract" looked interesting, but Mr Gottschalk selected an innocuous message Malcolm had sent him earlier.

"Now that I've opened it I can do what I like with it, including altering the message and passing it on as if I was the sender," he said.

The significance of this barely had time to sink in before we moved on to explore the possibilities of Sniffit, mentioned earlier. This freely available packet-sniffing package has a legitimate purpose, and Mr Gottschalk had last used it several months before to investigate a network problem. It had taken about three minutes to download the latest version for this demonstration.

Sniffit works by intercepting the "packets" or small chunks of information that files such as e-mail messages are broken down into before they are sent over the net. Each packet includes the internet addresses of its destination and its origin, a characteristic that Sniffit uses to narrow down its scan.

Mr Gottschalk illustrated this by sending an e-mail to my Hotmail account. By typing my Hotmail address into Sniffit, he retrieved it as plain text a few moments later.

He then typed in the internet address of a web server belonging to an organisation in the area that had given him permission to access its network. The screen quickly filled up with details of the packets being sent to and from the server's users.

Most of this was gobbledegook to the untrained eye, but I could make out the occasional web address like www.yahoo.com.au, which told me that someone was surfing Yahoo's Australian portal.

Mr Gottschalk said individual users could be traced from this information, and a profile could be built up of their online behaviour, including which sites they visited, copies of the content they might have seen and any files downloaded.

According to Mr Gottschalk, a Government interception system covering the whole country using similar technology to Sniffit would be feasible. Instead of typed instructions, the black boxes would receive the addresses to be scanned electronically, and would relay the data back to be combined on a central computer.

Links


Hotmail.com

Yahoo.com.au