Image: Douglas Rissing
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.
Advertisement
Netflow data creates a picture of traffic volume and flow across a network. This can include which server communicated with another, information that is ordinarily only available to the owner of the server or to the internet service provider (ISP) carrying the traffic. Team Cymru, the company ultimately selling this data to the FBI, obtains it from deals with ISPs by offering them threat intelligence in return. These deals are likely conducted without the informed consent of ISPs’ users.Team Cymru explicitly markets its product’s capability of being able to track traffic through virtual private networks, and show which server traffic is originating from. Multiple sources previously told Motherboard that netflow data can be used to identify infrastructure used by hackers.Team Cymru’s products can also include data such as URLs visited, cookies, and PCAP data, but the FBI document does not specify access to any of these data types. In parallel to Motherboard’s earlier coverage of netflow sales of U.S. agencies, a whistleblower approached the officer of Senator Ron Wyden and reported to them the alleged warrantless use of this data by NCIS, a civilian law enforcement agency that’s part of the Navy. The whistleblower approached Wyden’s office after filing a complaint through the official reporting process with the Department of Defense. NCIS previously told Motherboard it uses netflow data “for various counterintelligence purposes.”Do you work at a company that handles netflow data? Do you work at an ISP distributing that data? Or do you know anything else about the trade or use of netflow data? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, or email joseph.cox@vice.com.
Advertisement