Headlines News

Internet Surveillance Using Deep Packet Inspection

15 May, 2013
ICT Africa Writer
May 15, 2013

Our recent articles on cyber security and cyberpunks received overwhelming feedback, and some needed a little more detail on how online surveillance is implemented. In this article we look at one technique mostly used for cyber surveillance – deep packet inspection.

Internet communications, whether sending an email, surfing the web or making a phone call using Voice over Internet Protocol (VoIP) uses Internet Protocol (IP). In IP, the information you transmit is arranged in packets, each packet consisting of some header information and the main information being transmitted, known as the payload. The header consists of the origin information, including the IP address of the source, and the destination information which includes the destination IP address.

In shallow packet inspection, processors examine the header information of the packet to determine where the packet came from and where it is going to, in order to determine how it should be routed. This is analogous to the postal system where the origin and destination addresses of a letter are required to determine how the letter should be sent and for the receiver to know where the letter came from even before they open the letter. The source information can also be used to return the letter in case it cannot be delivered, just in the same way that undeliverable email is sent back to you.

In deep packet inspection, processors go beyond the header information and deep down into the information being transmitted. Imagine your postmaster opening your letter to find out information in it and make whatever decisions based on that information. There are many reasons why your service provider may be interested in implementing deep packet inspection on data transmitted through their network. This includes gathering information for targeted advertising and preventing spam and viruses. In some cases, they are required by law enforcement to inspect data for surveillance purposes.

Some law enforcement agencies may require the use of deep packet monitoring of information from certain sources where criminal activity is suspected. In some cases the technology is used to examine information, in real time, to detect certain phrases that can reveal criminal activity. For example, the word “jihad” can be monitored in all communications by the USA law enforcement agents and many occurrences of the word from a single source can result in the monitoring of that source.

After the recent Boston marathon bombing, we understand that the Russian Intelligence had been monitoring one of the bombing suspects, Tamerlan Tsarnaev. Temerlan was reportedly notorious for posting jihadist messages on Facebook so it is conceivable that deep packet technology was used to monitor his behaviour on the Internet. The Russians also indicated that the word “jihad” had been picked up when the suspect was having a conservation with his mother.

If you are law abiding like most of us, you wouldn’t worry about the use of a technology like deep packet monitoring to apprehend criminals and terrorists. Some of us travel frequently and the last thing we look forward to is for a terrorist attack to blow us out of the sky.

Unfortunately, the same deep packet inspection technology used to monitor criminals and terrorists can be used to rob you of your privacy. Service providers and their clients can access confidential information you transmit online for advertising and other purposes. More seriously, when “law enforcement” agents from repressive regimes use the technology to find, terrorise or kill human rights and anti-corruption activists, we are forced to examine how the innocent can avoid being victimised.

It is for this same reason that we offered some guidance on how law abiding citizens of oppressive regimes can cover up their Internet activities by using anonymous and elite proxies. One other technic that could help law abiding citizens who feel that they are in danger of persecution by those who should be protecting them is draft emails. This was reportedly used by the former USA Central Intelligence Agency (CIA) boss, David Petraeus for covering up his affair. I have to point out that we do not condone David Petraeus’s extra marital behaviour hear, but his method of covering up his email communications could be used successfully by those in danger of persecution by unlawful “law enforcement” agents from repressive regimes.

In this technique, you create a common email address with the person you want to communicate with on a public email platform such as Gmail, Yahoo, Hotmail, MSN, etc. You login into the email, type your message and save it as a draft without sending it. The other person will frequently login to the same email, check for drafts, read them, reply and save the replies as drafts. In this way, your messages will never leave the email server and will not be detected by anybody out to get you using deep packet inspection or other techniques.

All said and done, unless security measures are taken not to expose user identity, cyberspace can prove to be difficult for those in repressive regimes who want to use the resource to express their god given right to free expression. But perhaps we can take some solace in the fact that the most oppressive “Intelligence Agents” in Africa are the least intelligent – at least from my humble opinion. Even when equipped with the most sophisticated technologies, one force we know about has mounted a massive “manhunt” for an online whistle blower, Baba Jukwa, for several months with no success.


Make a Comment | Email this to a friend

Tell A Friend

Name :
Your Email :
Friend Email :
Message :