russia vs telegram technical notes on the battle
play

Russia vs. Telegram technical notes on the battle Leonid Evdokimov - PowerPoint PPT Presentation

Apr 01, 2023 •339 likes •822 views

Russia vs. Telegram technical notes on the battle Leonid Evdokimov 35c3, Leipzig, 29 Dec 2018 darkk.net.ru/35c3 $ whoami Internet measurement fanatic NOT a Telegram team member One of the millions of Telegram users 2007 May 23: court order

  1. Russia vs. Telegram technical notes on the battle Leonid Evdokimov 35c3, Leipzig, 29 Dec 2018 darkk.net.ru/35c3

  2. $ whoami Internet measurement fanatic NOT a Telegram team member One of the millions of Telegram users

  4. 2007 May 23: court order for 4 (four) ISP to block access to “extremist” websites 2007 Jul 14: the 1st issue of the “Federal List of Extremist Materials” by Ministry of Justice

  5. 2011 Feb: www.zhurnal.lib.ru is banned Maksim Moshkow “transfers” domain to the Ministry of Justice (via DNS “A” RR) Some ISPs block minjust.ru ¯\_( ツ )_/¯

  6. 2012 Jul 10: Wikipedia strikes, Yandex & VK protest 2012 Jul 11: the internet restriction bill accepted by Duma (Parliament) 2012 Jul 28: the bill signed

  7. XML file, signed by CN=Roskomnadzor with GOST, fetched by ISPs via SOAP, updated at least hourly. ISPs control filtering equipment. Roskomnadzor monitors it.

  8. 8 Nov: Absurdopedia (Uncyclopedia) 11 Nov: Lurkmore memepedia, lib.rus.ec 17 Nov: Github repo with blocklist leak 18 Nov: Google’s https://….gstatic.com

  9. Web Archive, GitHub, Google, LinkedIn, Pornhub, Reddit, VK, Wikipedia… Comodo CA CRL & OCSP responders 127.0.0.1 (sic!)

  10. The law does not matter. The fine does. 2016 Jan: OpenWRT-based TP-Link MR3020, that was talking with C&C via https API without ca-certificates and via ssh without known_hosts

  11. ValdikSS

  12. No codified monitoring rules, just FAQ Some ISPs reverse-engineer it Some ISPs comply at best-effort Some ISPs place it into a “sandbox”

  13. Logo of Revisor-devoted Telegram chat @i_love_auditor

  14. ISPs are forced to comply with the black-box monitoring system Stale IPs in dump.xml , “Revisor” using DNS… ⇒ ISPs feed A & AAAA from DNS directly to filters

  15. 2017 May 15: block IP from DNS? Bo-om! Adding /32 from DNS to routing table? 2017 Jun 7: drop IX peers! 2018 Mar 14: routers go on strike!

  17. 2017 Apr 7: St.Petersburg bombing 2017 Jun 26, FSB: “terrorists used TG” RKN promises to block, counts days. 2017 Jun 28: Telegram added to the “Information Distributors Registry”

  18. 2017 Dec: Roskomsvoboda starts legal campaign Telegram vs. FSB 2018 Mar 20: court orders Telegram to pass encryption keys to FSB 2018 Apr 16: RKN attempts to block

  19. Mar 23: Mikhael Klimarev publishes leak RKN plans ban of 15M IPs: 36 subnets of Amazon, SoftLayer, … to block Zello. Keywords: Null0, BGP, redistribute.

  20. RKN-tan tries to block 14 million IP addresses of Amazon hosting half of Internet – @aquam1ne

  21. 11:39 RKN bans TG’s ~/19, no effect 17:58 bans Amazon’s ~/13, TG works 18:33 adds missing TG’s /24 ¯\_( ツ )_/¯ 20:21 Google’s /12, Amazon’s /15… 1.8 M IPs banned, Telegram is ~fine

  22. Apr 16: ~ 1.8 M banned IPs Apr 17: ~ 16 M Apr 22: ~ 19 M, local peak

  23. Overlapping subnets in blocklist: 52.0/11 ∩ 52.28/15 34.192/10 ∩ 34.240/13 52.192/11 ∩ 52.208/13 …

  24. Malformed URL in blocklist: <![CDATA[http:// 46.101.189.65]]> ^ whitespace Guess, what filter do?

  25. RKN: significant ones are not affected Affected: ~34 k .ru, .рф, .su services Affected: vk.com (87.240.129.133) Affected: Yandex.Metrica (213.180.193.119) Affected: Yandex ads (77.88.21.90)

  26. RKN: “Google Play, Google Drive and google.ru IPs were not banned” Data: dozens IPs of load balancers discovered via EDNS Client Subnet are actually blocklisted

  27. G.DNS

  29. Delayed compliance example, RIPE Atlas data

  30. Sniffers used to hunt proxies? 28 Apr: public “tip”, 30 Apr: private tip Unsecured SORMs, pumping 20 Gbit/s, leaking rpm repo, clickstream and PII?!

  33. D I G I T A L R E S I S T A N C E

  34. Countdown (cheap drama)

  35. “Truly, Popov!” – Radio Day greeting

  36. Nice amplitude fade-out (thanks, RKN!) “&.” TLD flash-blocking 15 M → 11 M banned IPs Expired domains blocklist cleanup

  37. 28 Apr: 19 M → 15 M (protest) 8 May: 15 M → 11 M (prank?) 8 Jun: 11 M → 3.7 M (?) 7 Jul: Open Letter on collateral damage had no effect, still ~3.7 M

  39. TG speaks Socks5, MTProto, MTproto-dd ~7500 kbps: Socks5, HTTP xor RC4 ~22 kbps: MTProto, obfs4, `nc urandom` Camouflage matters!

  40. pkt.len -based hunting was noticed Rostelecom was part of the experiment Any IP:Port may be killed by “knocking” Reuters: “alike experiment happened”

  41. 1. One uses Socks5 in subway 2. Nmap scans IP:Port 3. Socks5-scanner tries connect(TG) 4. IP unreachable via some ISPs 5. IP officially blocklisted

  43. > 4. IP unreachable via some ISPs Some other blacklists exist… regional?… … at least List of Extremist Materials Block-race is still observed

  45. RKN deploys “anti-threat” equipment That also acts as filter RKN directly controls IP routing & DNS Registry of “good” Internet Exchanges

  47. Philipp Kulin, ValdikSS, Simone Basso, Maria Mikhael Klimarev, Xynou, Moritz Bartl, Dmitry Nazarov, zapret-info, SPb CTF, Alex Rudenko, Roskomsvoboda, Digital Dmitry Belyavskiy, Resistance Measurement Wartan Hachaturow, Squadron, “the one who is Dmitry Moskin, to blame”, “Revisor” fans, Dmitry Morozovsky, NAG, RIPE Atlas, …

  48. Thanks RKN & Durov for fun! Questions? Leonid Evdokimov, 2018, CC-BY 4.0 usher2.club darkk.net.ru/35c3

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Experience the Business behind the Sport 1 Battle on Broadway, USA V.s Russia - May 2011 Agenda

Experience the Business behind the Sport 1 Battle on Broadway, USA V.s Russia - May 2011 Agenda

Experience the Business behind the Sport 1 Battle on Broadway, USA V.s Russia - May 2011 Agenda - Market Status, USA Wrestling impact, Market Value... - Why Us? - Involvement &amp; Activation Opportunities Appendix - Best Practices -

448 views • 26 slides
A N G L O - S A X O N WA R S A N D C O N F L I C T S M A J O R C O N F L I C T S Battle of

A N G L O - S A X O N WA R S A N D C O N F L I C T S M A J O R C O N F L I C T S Battle of

B Y: T Y R O N E , D WA Y N E , E R I C , A N D S E T H A N G L O - S A X O N WA R S A N D C O N F L I C T S M A J O R C O N F L I C T S Battle of Badon Battle of Alfred Battle of Aylesford Battle of Wippedesfleot

409 views • 11 slides
The Interception of the Zimmermann Telegram Secret Communications Between Germany and Mexico

The Interception of the Zimmermann Telegram Secret Communications Between Germany and Mexico

The Interception of the Zimmermann Telegram Secret Communications Between Germany and Mexico Prompt America to Declare War The Zimmermann Telegram Intelligence, Diplomacy, and Americas Entry into World War I By the winter of 1916 to 1917,

439 views • 33 slides
A Telegram bot for Amartyo Banerjee and SK Venkatesan printing LaTeX files TNQ Books and

A Telegram bot for Amartyo Banerjee and SK Venkatesan printing LaTeX files TNQ Books and

TUG 2016. A Telegram bot for Amartyo Banerjee and SK Venkatesan printing LaTeX files TNQ Books and Journals, India July 25. Toronto. Introduction I present a proof of concept of a Telegram bot, meant to run on the Raspberry Pi.

516 views • 17 slides
The Battle of Britain Year 6 Home Learning The Battle of Britain The Battle of Britain was

The Battle of Britain Year 6 Home Learning The Battle of Britain The Battle of Britain was

The Battle of Britain Year 6 Home Learning The Battle of Britain The Battle of Britain was fought between the RAF (Royal Air Force) and the German Luftwaffe (air force). Talk to a family member: Do you know what the Battle of Britain was?

323 views • 21 slides
BATTLE OF THE BOOKS C 2016-17 What is Battle of the Books? . Purpose: The purpose of

BATTLE OF THE BOOKS C 2016-17 What is Battle of the Books? . Purpose: The purpose of

BATTLE OF THE BOOKS C 2016-17 What is Battle of the Books? . Purpose: The purpose of the Middle School Battle of the Books is to encourage reading and expose students of all ability levels to quality literature representing a variety

325 views • 9 slides
troll batul How might you model a battle between two trolls? How might you model a battle between

troll batul How might you model a battle between two trolls? How might you model a battle between

CSCI261 Lecture 23: Passing by Reference, Objects and Memory troll batul How might you model a battle between two trolls? How might you model a battle between two trolls? Define and describe trolls (attributes, behavior) Describe the battle

529 views • 15 slides
What is Russia? Project What is Europe? We live in Russia. Russia is a huge country. It

What is Russia? Project What is Europe? We live in Russia. Russia is a huge country. It

What is Russia? Project What is Europe? We live in Russia. Russia is a huge country. It takes more than a week to cross the country from West to East in a train The National Banner and Anthem of Russia in our kindergarten The Kremlin and

904 views • 25 slides
What is Battle of the Books? Battle of the Books encourages reading and exposes students to

What is Battle of the Books? Battle of the Books encourages reading and exposes students to

What is Battle of the Books? Battle of the Books encourages reading and exposes students to quality literature. Battle of the Books is a competition among teams first at the school level and then at the district level. There are 10

423 views • 20 slides
NOTES ON TECHNICAL PRESENTATIONS Informal Presentations Purpose - idea interchange,

NOTES ON TECHNICAL PRESENTATIONS Informal Presentations Purpose - idea interchange,

NOTES ON TECHNICAL PRESENTATIONS Informal Presentations Purpose - idea interchange, brainstorming, status, report, training, education. Audience - friendly, peers, small to medium size, technical Visual Aids - blackboard,

174 views • 13 slides
THE BATTLE TO BELIEVE John 20 THE BATTLE TO BELIEVE John 20 John 20:3031 Jesus did many

THE BATTLE TO BELIEVE John 20 THE BATTLE TO BELIEVE John 20 John 20:3031 Jesus did many

THE BATTLE TO BELIEVE John 20 THE BATTLE TO BELIEVE John 20 John 20:3031 Jesus did many other miraculous signs in the presence of his disciples, which are not recorded in this book. But these are written that you may believe that Jesus is

490 views • 29 slides
Simo Sorce Red Hat, Inc. Red Hat Enterprise IPA, Technical Notes What is IPA ? IPA stands for:

Simo Sorce Red Hat, Inc. Red Hat Enterprise IPA, Technical Notes What is IPA ? IPA stands for:

Simo Sorce Red Hat, Inc. Red Hat Enterprise IPA, Technical Notes What is IPA ? IPA stands for: Identity, Policy, Audit IPA is about managing user/machine identities and related security policies IPA v1 is focused around solving the problem of

487 views • 23 slides
Joint Battle Management Language (JBML) Joint Battle Management Language (JBML) US

Joint Battle Management Language (JBML) Joint Battle Management Language (JBML) US

2007 Euro Simulation C 4 I Center Interoperability Workshop Joint Battle Management Language (JBML) Joint Battle Management Language (JBML) US Contribution to the C-BML PDG and NATO MSG-048 TA Dr. Andreas Tolk VMASC Dr. J. Mark

311 views • 19 slides
The production and technical company NORMATIV was founded in 1988 in Saint-Petersburg, Russia and

The production and technical company NORMATIV was founded in 1988 in Saint-Petersburg, Russia and

The production and technical company NORMATIV was founded in 1988 in Saint-Petersburg, Russia and supplies solutions and services for more than 25 years . The main focus of the activity of the company: automation of production process on the basis

457 views • 20 slides
Noburu Okabe Why Japan Ignored the Innce THE TRUTH OF THE DISAPPEARED YALTA CONFIDENTIAL

Noburu Okabe Why Japan Ignored the Innce THE TRUTH OF THE DISAPPEARED YALTA CONFIDENTIAL

1 Noburu Okabe Why Japan Ignored the Innce THE TRUTH OF THE DISAPPEARED YALTA CONFIDENTIAL TELEGRAM ONFIDENTIAL TELEGRAM ORIGINAL COPY OF YALTA SECRET AGREEMENT DRAFT HANDED BY MOLOTOV TO SECRETARY OF STATE 2 3 ANTI-RUSSIAN INTELLIGENCE

535 views • 32 slides
CURRENT ACTIVITY IN RUSSIA ON ATOMIC, MOLECULAR AND PMI DATA P.R. Goncharov 1 , A.B. Kukushkin 2,3

CURRENT ACTIVITY IN RUSSIA ON ATOMIC, MOLECULAR AND PMI DATA P.R. Goncharov 1 , A.B. Kukushkin 2,3

IAEA Technical Meeting on Technical Aspects of Atomic and Molecular Data Processing and Exchange 23rd Meeting of the Atomic and Molecular Data Centres Network IAEA Headquarters, Vienna, Austria 2-4 November 2015 CURRENT ACTIVITY IN RUSSIA ON

673 views • 46 slides
Introduction to Machine Learning: Classification and The Noisy Channel Model CMSC 473/673 UMBC

Introduction to Machine Learning: Classification and The Noisy Channel Model CMSC 473/673 UMBC

Introduction to Machine Learning: Classification and The Noisy Channel Model CMSC 473/673 UMBC Some slides adapted from 3SLP Outline Classification Why incorporate uncertainty Classification with Bayes Rule Example: Email Classifier

1.68k views • 89 slides
CSE 258 Lecture 9 Web Mining and Recommender Systems T ext Mining Administrivia Midterms

CSE 258 Lecture 9 Web Mining and Recommender Systems T ext Mining Administrivia Midterms

CSE 258 Lecture 9 Web Mining and Recommender Systems T ext Mining Administrivia Midterms will be in class next Wednesday Well do prep on Monday Prediction tasks involving text What kind of quantities can we model, and what

908 views • 51 slides
Mahdi Roozbahani Lecturer, Computational Science &amp; Engineering, Georgia Tech Founder of

Mahdi Roozbahani Lecturer, Computational Science &amp; Engineering, Georgia Tech Founder of

http://poloclub.gatech.edu/cse6242 CSE6242: Data &amp; Visual Analytics Text Analytics (Text Mining) Duen Horng (Polo) Chau Associate Professor, College of Computing Associate Director, MS Analytics Georgia Tech Mahdi Roozbahani Lecturer,

818 views • 52 slides
The Modern Cybersecurity Stack Data-Driven Network Monitoring with Bro Robin Sommer Corelight,

The Modern Cybersecurity Stack Data-Driven Network Monitoring with Bro Robin Sommer Corelight,

The Modern Cybersecurity Stack Data-Driven Network Monitoring with Bro Robin Sommer Corelight, Inc. / International Computer Science Institute / Lawrence Berkeley National Lab robin@icsi.berkeley.edu https://www.icir.org/robin Network

565 views • 40 slides
#FluxFlow: Visual Analysis of Anomalous Jian Zhao, Nan Cao, Zhen Wen, Yale Song, Yu-Ru Lin,

#FluxFlow: Visual Analysis of Anomalous Jian Zhao, Nan Cao, Zhen Wen, Yale Song, Yu-Ru Lin,

#FluxFlow: Visual Analysis of Anomalous Jian Zhao, Nan Cao, Zhen Wen, Yale Song, Yu-Ru Lin, Christopher Collins. Presenter: Keqian Li What: SOCIAL MEDIA Why: Abnormal conversational threads How: FluxFlow Abnormal Retweet Threads Detection: A

431 views • 20 slides
How AI is enhancing JOURNALISM @carolstran @carolstran bit.ly/ai-journo-resources @carolstran

How AI is enhancing JOURNALISM @carolstran @carolstran bit.ly/ai-journo-resources @carolstran

How AI is enhancing JOURNALISM @carolstran @carolstran bit.ly/ai-journo-resources @carolstran @carolstran @carolstran @carolstran @carolstran Data can be used to provide deeper insights into what is happening around us and how it

935 views • 70 slides
What is journalism? Principles of Journalism January 30, 2018 What can I say about

What is journalism? Principles of Journalism January 30, 2018 What can I say about

What is journalism? Principles of Journalism January 30, 2018 What can I say about journalism? It has the greatest virtue and the greatest evil. It is the first thing the dictator controls. It is the mother of literature and the perpetrator

210 views • 19 slides
Introduction: History and Digital Technologies Max Kemman University of Luxembourg September 20,

Introduction: History and Digital Technologies Max Kemman University of Luxembourg September 20,

Introduction: History and Digital Technologies Max Kemman University of Luxembourg September 20, 2016 Doing Digital History: Introduction to Tools and Technology Today Introduction: History and Digital Technology Challenges

676 views • 29 slides

More recommend