![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
thewayneBasically, the NSA doesn't want to watch communications on a computer-by-computer basis. They tap backbones, the connections where huge amounts of information flows between internet servers. They tap major ISPs. Your computer? Chump change. If they know what you're saying to other people, they don't really need to tap your computer. And the thing that makes this possible?
Weak routers.
A router takes the packets generated from all of the computers on your network, wired or wireless, aggregates them, and sends them upstream across your connection to another router at your ISP that has a faster connection, which sends them upstream to another router with a faster connection, etc. Eventually your traffic gets to your destination and information comes back, and the routers (also known as hops) between your PC and the server/site that you wanted to access, can deconstruct the information and get it back to its origin. The problem is that routers are not easy to configure, it takes some specialized information, and that if you need to patch it, you risk breaking the configuration. And a broken configuration means down-time, a bad thing.
So most of the time, once a router is working well and the configuration is backed up, it's pretty rare that they're upgraded. The upgrades are risky because a vast majority of businesses don't have a duplicate network set up so that router patches can be tested.
And a router that is not upgraded, just like your computer, is vulnerable to being compromised and exploited.
So the NSA's money is best spent compromising and monitoring the routers upstream of your connection, because there is a lot more information present at that point, so it's more efficient.
Which is not to say that they can't compromise your computer and get in and look at things directly.
There is an old maxim about what defines a secure computer: it's not connected to any communication device, it's turned off, buried in 10' of concrete, and in a locked room with an armed guard. It's highly unlikely that a computer thus secure can be compromised.
http://www.wired.com/threatlevel/2013/09/nsa-router-hacking/
Weak routers.
A router takes the packets generated from all of the computers on your network, wired or wireless, aggregates them, and sends them upstream across your connection to another router at your ISP that has a faster connection, which sends them upstream to another router with a faster connection, etc. Eventually your traffic gets to your destination and information comes back, and the routers (also known as hops) between your PC and the server/site that you wanted to access, can deconstruct the information and get it back to its origin. The problem is that routers are not easy to configure, it takes some specialized information, and that if you need to patch it, you risk breaking the configuration. And a broken configuration means down-time, a bad thing.
So most of the time, once a router is working well and the configuration is backed up, it's pretty rare that they're upgraded. The upgrades are risky because a vast majority of businesses don't have a duplicate network set up so that router patches can be tested.
And a router that is not upgraded, just like your computer, is vulnerable to being compromised and exploited.
So the NSA's money is best spent compromising and monitoring the routers upstream of your connection, because there is a lot more information present at that point, so it's more efficient.
Which is not to say that they can't compromise your computer and get in and look at things directly.
There is an old maxim about what defines a secure computer: it's not connected to any communication device, it's turned off, buried in 10' of concrete, and in a locked room with an armed guard. It's highly unlikely that a computer thus secure can be compromised.
http://www.wired.com/threatlevel/2013/09/nsa-router-hacking/
no subject
Date: 2013-09-21 06:17 pm (UTC)no subject
Date: 2013-09-21 08:50 pm (UTC)no subject
Date: 2013-09-21 09:14 pm (UTC)no subject
Date: 2013-09-23 07:30 am (UTC)no subject
Date: 2013-09-23 01:50 pm (UTC)