security implications from ODEX IP harvesting
-
before the mods delete this thread.. please allow me to say... i am not interested in this ongoing squabble... with the exception on the possible security implications that such release of IP might present to singapore's security.
with thoudsands of IP link to owner and the address of the owner now in the hand of ODEX... and presumably.. they can get more by constanting applying to the court for more...
it shouldnt be too difficult to surmise that among the thoudsands of identities that is now in their hands ...
there would probably consist some high profile address and owners... like maybe ministers and senior govt officials...
i am not saying the ministers or senior officials are pirating anime... but am concern of the potential such information might be available to foreign intel agencies...
if ODEX can determine who is downloading anime... wont foreign intel be just a step away from determining which website each of our ministers and officials are surfing and thus build a profile of our ministers character?
would foreign intel agents.. now armed with the IP address of our ministers computer be able to hack into the computer and download sensitive files... or simply monitor our ministers email and surfing?
for example.... a minister or senior official IP found googleing porn sites... , frequent visit to swiss bank internet site... saucy letters between him and his lovers.... all the dark and dirty secrets of his/her dealings...
such information if leaked...could have very serious implications for singapore national security.... foreign countries could blackmail our ministers/officials into submission or into providing sensitive information. -
other then officials and ministers... buissnessman and middle level managements of large corporations could possibly be targeted in today's economic competition...
is there anyway to determine if ODEX is really merely seeking to prevent pirating??
because..i read from some forum.... that the owner of ODEX is actually from CHINA... and was reported to have been cited by some forumners for "creative accounting" while the lone singapore shareholder who got his face appear on newspaper merely owns a single share only!!
i have nothing against PRC... but they are well known for their intelligience gathering capabilities... including smuggling sensitive military technologies from US using front companies...
i am just concern... if such a precedent could open the doors for potential enemy spies to setup shop in singapore and start their own IP harvesting on the pretext of protecting intellectual properties....
any computer expert own there nice enough to shed some light? -
I would think it's too far-fetched.
Reason being, IP addresses in SG are dynamic, with the exception of those leased to web masters. Those will be static.
Unless these ministers are dumb to the extent of having their own website, the scenario isn't so possible.
However, given that ODEX have information on at least 3000 users, the security implication is there. Thousands of users info are at stake, and that is worrying.
Edit: This reply was for the first post. -
I would love a linky.Originally posted by tripwire:other then officials and ministers... buissnessman and middle level managements of large corporations could possibly be targeted in today's economic competition...
is there anyway to determine if ODEX is really merely seeking to prevent pirating??
because..i read from some forum.... that the owner of ODEX is actually from CHINA... and was reported to have been cited by some forumners for "creative accounting" while the lone singapore shareholder who got his face appear on newspaper merely owns a single share only!!
i have nothing against PRC... but they are well known for their intelligience gathering capabilities... including smuggling sensitive military technologies from US using front companies...
i am just concern... if such a precedent could open the doors for potential enemy spies to setup shop in singapore and start their own IP harvesting on the pretext of protecting intellectual properties....
any computer expert own there nice enough to shed some light?
And again, assuming that the media is right, only users have been charged. That means only users IP addresses are known.
Users who used P2P while they are at work is another issue. That hasn't been brought up yet, so I couldn't see any risk, as they usually utilize another network block.
As for whether ODEX is using BayTSP just for tracking illegal downloads purpose... that we have to question BayTSP and ODEX. According to P2P experts, BayTSP doesn't collect info the way users think it to be. -
i do not wish to turn this thread into a bash thread... but i will provide the link..
i just feel that singapore as a small country... should be more concious whenever it comes to matters pertainning to security.
http://sgcafe.com/showthread.php?p=2316108 -
They should just BK that Sing fella
-
I doubt those IP addresses could provide any assistance for surveillance. All that can be told is that User XXX, was once using this IP address, at this YYY Date/Time. At least thats what I'm thinking.
By now, their DHCP servers would have assigned them different IPs.
The only security implication I see is that, XXX minister, or someone in his family uses P2P to download anime. So maybe, with some social engineering, I'd be able to sell whoever in his house a DVD full of anime, as well as perhaps a trojan horse for me to input further surveillance programs.
To break in with any other methods... would be difficult. -
Nowhere I see hints that it's from China? Or am I missing out on a very huge clue that stares right at my face?Originally posted by tripwire:i do not wish to turn this thread into a bash thread... but i will provide the link..
i just feel that singapore as a small country... should be more concious whenever it comes to matters pertainning to security.
http://sgcafe.com/showthread.php?p=2316108 -
If one were to assume personal IP addresses (that means those signed up with ISPs), that would be logical.Originally posted by Shotgun:I doubt those IP addresses could provide any assistance for surveillance. All that can be told is that User XXX, was once using this IP address, at this YYY Date/Time. At least thats what I'm thinking.
By now, their DHCP servers would have assigned them different IPs.
The only security implication I see is that, XXX minister, or someone in his family uses P2P to download anime. So maybe, with some social engineering, I'd be able to sell whoever in his house a DVD full of anime, as well as perhaps a trojan horse for me to input further surveillance programs.
To break in with any other methods... would be difficult.
However, we don't know if any of the ministers are dumb enough to have their own websites. That would immediately mean a static IP address assigned. An attacker could use various techniques to poison the minister's personal website and download backdoors to the minister's PC.
That would be interesting... -
yeah... his father Go Twan HengOriginally posted by ndmmxiaomayi:Nowhere I see hints that it's from China? Or am I missing out on a very huge clue that stares right at my face? the managing director of new lakeside.
and if you check ACRA's data... Mr GO and his mother's IC number both starts with a S2...... meaning they were not born in singapore...
here is abit of info on his father... available publicly..
http://www.newlakeside.net/bod.htm#gthGo Twan Heng
having cleared the above... i must stress.. mr go's nationality and origin should never be the excuse for a witch hunt on his family... remember... all of our forefathers are migrants from a foreign land.
Managing Director
Mr Go was appointed as Director on 18 October 2002 and as Managing Director of the Group on 8 August 2005. He is responsible for setting the strategic directions and the overall management of our Group. Mr Go has extensive experience in trading and international trade related business. Mr Go was also previously involved in the production of animal feed using fish meal in Peru, and the import and export of animal feed in Asia. Mr Go completed his high school education in Fujian Province, PeopleÂ’s Republic of China. He is an honorary member of the board of Jimei University and Huaqiao University , Fujian Province, PeopleÂ’s Republic of China.
and being born in singapore is no guarantee of loyalty... like some would say about MR SING... with an IC number of S72....... most now believe that SING is just convenient front.. a fall guy.
here is the ACRA info provided by someone...
http://files.lesterchan.net/viewing/documents/Odex+Pte+Ltd+ACRA+Information.pdf/
having said all the above... i cannot stress enough... please do not target mr go family because of his origin... since he choose to be singaporean... we must accept him as one of us...
but having said so... we must still be constantly alert for possible fifith column infiltrationist and sleepers... among us.
in short.. i feel the correct authority for this current mess should be the singapore police... not ODEX... if IP address must be handed over.. it should be in the hand of our police...not a private entity. -
10 bucks you can take down mindef at depot road with a virus in a thumbdrive.
-
The police can't be involved... anyway, that is not the issue being discussed here.Originally posted by tripwire:having cleared the above... i must stress.. mr go's nationality and origin should never be the excuse for a witch hunt on his family... remember... all of our forefathers are migrants from a foreign land.
and being born in singapore is no guarantee of loyalty... like some would say about MR SING... with an IC number of S72....... most now believe that SING is just convenient front.. a fall guy.
here is the ACRA info provided by someone...
http://files.lesterchan.net/viewing/documents/Odex+Pte+Ltd+ACRA+Information.pdf/
having said all the above... i cannot stress enough... please do not target mr go family because of his origin... since he choose to be singaporean... we must accept him as one of us...
but having said so... we must still be constantly alert for possible fifith column infiltrationist and sleepers... among us.
in short.. i feel the correct authority for this current mess should be the singapore police... not ODEX... if IP address must be handed over.. it should be in the hand of our police...not a private entity.
All Singaporeans are basically foreigners due to our roots... so no doubt people will question that...
What is being written here no doubt makes sense, but whether the government is concerned is another issue. If they aren't going to take security issues seriously, I see no reason to talk about it.
$5 can dig so much data out, it goes to show how lax laws are. A court order can get 2 ISPs to reveal nearly 2000 residents information, it's even worse.
I'll rest my case. Security and privacy rarely go hand-in-hand. To have security, it must be transparent. To have privacy, it must be hidden. Both are contradictory to each other. -
Which is pretty much the case in this Post- September 11th world today.Originally posted by ndmmxiaomayi:The police can't be involved... anyway, that is not the issue being discussed here.
All Singaporeans are basically foreigners due to our roots... so no doubt people will question that...
What is being written here no doubt makes sense, but whether the government is concerned is another issue. If they aren't going to take security issues seriously, I see no reason to talk about it.
$5 can dig so much data out, it goes to show how lax laws are. A court order can get 2 ISPs to reveal nearly 2000 residents information, it's even worse.
I'll rest my case. Security and privacy rarely go hand-in-hand. To have security, it must be transparent. To have privacy, it must be hidden. Both are contradictory to each other.
Governments around the world, even in the land of the free and the brave, are convincing their citizens that their security is worth handing over their civil liberties.
For those who have studied network securities, this may be familiar.
Privacy and security not contradictory. Privacy and Transparency are opposites. Security is an outcome to be achieved.
Security can be achieved when u have and extreme of one but not the other.
You can max out privacy, make sure nobody knows nobody, and nobody can hurt anybody, hence no one can breach security due to obscurity.
Or, you can have extreme transparency, that everybody knows everybody and cannot breach security cos your measures are able to stop them because of the extent of knowledge given by extreme transparency.
Unfortunately, we don't live in a black and white world. Everybody wants to have privacy, but wants others to be fully transparent. People feel safe when they are obscured, and when others are transparent. Its natural.
In this Odex case, they are pretty much obscuring themselves by not being transparent about their so called "Extensive evidence gathered", and intends for others to be transparent by manipulating the law. Is that fair? They ought to be transparent about ALL the evidence they gathered, before they expect to make some outrageous claims. -
Clone IP programs s
Original IP receives and sends
Clone IP programs receives and sends...some sort of invisible filter but collects the data back to a server
Some sort of advanced monitoring trojan technology
Put it this way your IP is like a mailbox number 888
the clone IP mailbox is also 888
Data coming to mailbox 888 will go to these 2 mailbox both the original and clone
This is a serious bug that the whole internet is having which everyone know data usually will send in multiple transmissions rather than just 1 transmission
So just collect the extra transmissions you can have all the secrets
Blackmail -
Interesting how the ODEX saga can be turned into a discussion on national security.
-
Not really. You clone the IP, you must use his Mac address also. At the end of the day, IP is just logical addressing. Packets still must reach the mac address.Originally posted by maggot:Clone IP programs s
Original IP receives and sends
Clone IP programs receives and sends...some sort of invisible filter but collects the data back to a server
Some sort of advanced monitoring trojan technology
Put it this way your IP is like a mailbox number 888
the clone IP mailbox is also 888
Data coming to mailbox 888 will go to these 2 mailbox both the original and clone
This is a serious bug that the whole internet is having which everyone know data usually will send in multiple transmissions rather than just 1 transmission
So just collect the extra transmissions you can have all the secrets
Blackmail -
I will say MAC addressing cloning has some risks if you meet a technically advanced user. Unless you can cover your tracks properly... not a great idea.
-
Well I think this might be a potential threat we must look into. ODEX may be a "front coy" utilised by the PRC to obtain information in SG. SG lies at the tip of their strategic oil/energy lines, thus PRC elements definitely would want to plant some agents in SG. Eg. COSCO, it is well known that it is not just an innocence shipping coy, but a large front coy for the PLA. COSCO have been used by PRC to ship advance weapons and systems to rogue elements in the middle east. Recently, I read somewhere that some later era PRC made MANPADS were seized in Afghanistan, eventhough PRC has committed openly towards fighting terrorism. No doubt SG govt have been kind to their citizens, BUT in their eyes we are nothing more than an USA outpost and a stumbling block determined to check them.................Originally posted by LazerLordz:Interesting how the ODEX saga can be turned into a discussion on national security. -
i just read today's paper on the ODEX saga... i must say... irreguardless if ODEX is simply out to make a quick buck... (damn.. they only have license on one anime only... but they are collecting thoudsands of dollars from school kids!)
SINGNET's pathetic attempt to ensure individual privacy is horrific... i wonder if singnet would hand over our PM's or MINDEF's communication line to our enemies for the price of a song!!
i believe that the ODEX saga has clearly exposed Singapore telecom as a very big potential security weak link.
come full mob... and oops.. singtel communication lines went dead!
and we will happily hand over our F-15SG, Leopard 2A4 and formidable to our enemy.... KNNBCCB....
probably the LEE family as well...
imagine LKY and his wife eating the black bean rice behind bars!! -
In this case, you only require it for passive attacks. But true enough, its basic stuff that most IDS can capture.Originally posted by ndmmxiaomayi:I will say MAC addressing cloning has some risks if you meet a technically advanced user. Unless you can cover your tracks properly... not a great idea.
tripwire, heh, im shocked too. I seriously believed that SingNet was forced to disclose with a court order. It seems that much of this was done outside legal purview. -
I seriously believed that SingNet was forced to disclose with a court order
Say force is wrong, say it isn't is also wrong. Frankly speaking, it seems as if both ODEX and Singnet has reached some sort of agreement to me... even though Singnet has rights not to release it... -
but looking from a different point of view.... ODEX size vs SINGNET size.... both in manpower and resources... ODEX is like a mustard seed... SINGTEL is like a giant watermelon...Originally posted by ndmmxiaomayi:Say force is wrong, say it isn't is also wrong. Frankly speaking, it seems as if both ODEX and Singnet has reached some sort of agreement to me... even though Singnet has rights not to release it...
for such a small seed to bring down such a big fruit... clearly its a stroke of genius for ODEX and a brain stroke on SINTEL board of directors and the thoudsands of managers under their payroll..
considering the amount of money that is used to fed those fruit brain sintel leader and the result we have on hand... clearly... its a GREAT SIN!!
our govt should consider PETER GOH as the next CEO of SINTEL.... that guy may not have a first class honors from NUS... but that man got BRAIN!!!!! REAL ONE... not FRUIT BRAIN.
combine his BRAIN POWER with the resources of SINTEL.... i am sure sintel will grow much faster...
we need foreign talent for this... its a fact!! LKY is correct.... the truth is staring at us right in the face.... our local first class honor talent with all the resources fell down flat against a foreign chinese talent with a mere handful of staff!
SUNTZU says.... it matter not how much troop you have... but how you use it...
today... the regional goliath of telecomunication has been made stripped naked and paraded across the global news network.... arent we proud of our SINFULLTEL... -
You might be interested in this
I will give the Germans the benefit of doubt that they didn't download rubbish, considering that some of the best hackers and technologies are there. More so for a government.
One thing for sure, the threat on security is there. -
then the question is, can ODEX be stopped?
-
Their trojans are almost undetectable from all scanners "except" when they send their collected data back to their assigned serversOriginally posted by ndmmxiaomayi:You might be interested in this
I will give the Germans the benefit of doubt that they didn't download rubbish, considering that some of the best hackers and technologies are there. More so for a government.
One thing for sure, the threat on security is there.