russia vs telegram technical notes on the battle
play

Russia vs. Telegram technical notes on the battle Leonid Evdokimov - PowerPoint PPT Presentation

Apr 01, 2023 •339 likes •822 views

Russia vs. Telegram technical notes on the battle Leonid Evdokimov 35c3, Leipzig, 29 Dec 2018 darkk.net.ru/35c3 $ whoami Internet measurement fanatic NOT a Telegram team member One of the millions of Telegram users 2007 May 23: court order

  1. Russia vs. Telegram technical notes on the battle Leonid Evdokimov 35c3, Leipzig, 29 Dec 2018 darkk.net.ru/35c3

  2. $ whoami Internet measurement fanatic NOT a Telegram team member One of the millions of Telegram users

  4. 2007 May 23: court order for 4 (four) ISP to block access to “extremist” websites 2007 Jul 14: the 1st issue of the “Federal List of Extremist Materials” by Ministry of Justice

  5. 2011 Feb: www.zhurnal.lib.ru is banned Maksim Moshkow “transfers” domain to the Ministry of Justice (via DNS “A” RR) Some ISPs block minjust.ru ¯\_( ツ )_/¯

  6. 2012 Jul 10: Wikipedia strikes, Yandex & VK protest 2012 Jul 11: the internet restriction bill accepted by Duma (Parliament) 2012 Jul 28: the bill signed

  7. XML file, signed by CN=Roskomnadzor with GOST, fetched by ISPs via SOAP, updated at least hourly. ISPs control filtering equipment. Roskomnadzor monitors it.

  8. 8 Nov: Absurdopedia (Uncyclopedia) 11 Nov: Lurkmore memepedia, lib.rus.ec 17 Nov: Github repo with blocklist leak 18 Nov: Google’s https://….gstatic.com

  9. Web Archive, GitHub, Google, LinkedIn, Pornhub, Reddit, VK, Wikipedia… Comodo CA CRL & OCSP responders 127.0.0.1 (sic!)

  10. The law does not matter. The fine does. 2016 Jan: OpenWRT-based TP-Link MR3020, that was talking with C&C via https API without ca-certificates and via ssh without known_hosts

  11. ValdikSS

  12. No codified monitoring rules, just FAQ Some ISPs reverse-engineer it Some ISPs comply at best-effort Some ISPs place it into a “sandbox”

  13. Logo of Revisor-devoted Telegram chat @i_love_auditor

  14. ISPs are forced to comply with the black-box monitoring system Stale IPs in dump.xml , “Revisor” using DNS… ⇒ ISPs feed A & AAAA from DNS directly to filters

  15. 2017 May 15: block IP from DNS? Bo-om! Adding /32 from DNS to routing table? 2017 Jun 7: drop IX peers! 2018 Mar 14: routers go on strike!

  17. 2017 Apr 7: St.Petersburg bombing 2017 Jun 26, FSB: “terrorists used TG” RKN promises to block, counts days. 2017 Jun 28: Telegram added to the “Information Distributors Registry”

  18. 2017 Dec: Roskomsvoboda starts legal campaign Telegram vs. FSB 2018 Mar 20: court orders Telegram to pass encryption keys to FSB 2018 Apr 16: RKN attempts to block

  19. Mar 23: Mikhael Klimarev publishes leak RKN plans ban of 15M IPs: 36 subnets of Amazon, SoftLayer, … to block Zello. Keywords: Null0, BGP, redistribute.

  20. RKN-tan tries to block 14 million IP addresses of Amazon hosting half of Internet – @aquam1ne

  21. 11:39 RKN bans TG’s ~/19, no effect 17:58 bans Amazon’s ~/13, TG works 18:33 adds missing TG’s /24 ¯\_( ツ )_/¯ 20:21 Google’s /12, Amazon’s /15… 1.8 M IPs banned, Telegram is ~fine

  22. Apr 16: ~ 1.8 M banned IPs Apr 17: ~ 16 M Apr 22: ~ 19 M, local peak

  23. Overlapping subnets in blocklist: 52.0/11 ∩ 52.28/15 34.192/10 ∩ 34.240/13 52.192/11 ∩ 52.208/13 …

  24. Malformed URL in blocklist: <![CDATA[http:// 46.101.189.65]]> ^ whitespace Guess, what filter do?

  25. RKN: significant ones are not affected Affected: ~34 k .ru, .рф, .su services Affected: vk.com (87.240.129.133) Affected: Yandex.Metrica (213.180.193.119) Affected: Yandex ads (77.88.21.90)

  26. RKN: “Google Play, Google Drive and google.ru IPs were not banned” Data: dozens IPs of load balancers discovered via EDNS Client Subnet are actually blocklisted

  27. G.DNS

  29. Delayed compliance example, RIPE Atlas data

  30. Sniffers used to hunt proxies? 28 Apr: public “tip”, 30 Apr: private tip Unsecured SORMs, pumping 20 Gbit/s, leaking rpm repo, clickstream and PII?!

  33. D I G I T A L R E S I S T A N C E

  34. Countdown (cheap drama)

  35. “Truly, Popov!” – Radio Day greeting

  36. Nice amplitude fade-out (thanks, RKN!) “&.” TLD flash-blocking 15 M → 11 M banned IPs Expired domains blocklist cleanup

  37. 28 Apr: 19 M → 15 M (protest) 8 May: 15 M → 11 M (prank?) 8 Jun: 11 M → 3.7 M (?) 7 Jul: Open Letter on collateral damage had no effect, still ~3.7 M

  39. TG speaks Socks5, MTProto, MTproto-dd ~7500 kbps: Socks5, HTTP xor RC4 ~22 kbps: MTProto, obfs4, `nc urandom` Camouflage matters!

  40. pkt.len -based hunting was noticed Rostelecom was part of the experiment Any IP:Port may be killed by “knocking” Reuters: “alike experiment happened”

  41. 1. One uses Socks5 in subway 2. Nmap scans IP:Port 3. Socks5-scanner tries connect(TG) 4. IP unreachable via some ISPs 5. IP officially blocklisted

  43. > 4. IP unreachable via some ISPs Some other blacklists exist… regional?… … at least List of Extremist Materials Block-race is still observed

  45. RKN deploys “anti-threat” equipment That also acts as filter RKN directly controls IP routing & DNS Registry of “good” Internet Exchanges

  47. Philipp Kulin, ValdikSS, Simone Basso, Maria Mikhael Klimarev, Xynou, Moritz Bartl, Dmitry Nazarov, zapret-info, SPb CTF, Alex Rudenko, Roskomsvoboda, Digital Dmitry Belyavskiy, Resistance Measurement Wartan Hachaturow, Squadron, “the one who is Dmitry Moskin, to blame”, “Revisor” fans, Dmitry Morozovsky, NAG, RIPE Atlas, …

  48. Thanks RKN & Durov for fun! Questions? Leonid Evdokimov, 2018, CC-BY 4.0 usher2.club darkk.net.ru/35c3

Recommend

Experience the Business behind the Sport 1 Battle on Broadway, USA V.s Russia - May 2011 Agenda

Experience the Business behind the Sport 1 Battle on Broadway, USA V.s Russia - May 2011 Agenda

Experience the Business behind the Sport 1 Battle on Broadway, USA V.s Russia - May 2011 Agenda - Market Status, USA Wrestling impact, Market Value... - Why Us? - Involvement &amp; Activation Opportunities Appendix - Best Practices -

448 views • 26 slides
A N G L O - S A X O N WA R S A N D C O N F L I C T S M A J O R C O N F L I C T S Battle of

A N G L O - S A X O N WA R S A N D C O N F L I C T S M A J O R C O N F L I C T S Battle of

B Y: T Y R O N E , D WA Y N E , E R I C , A N D S E T H A N G L O - S A X O N WA R S A N D C O N F L I C T S M A J O R C O N F L I C T S Battle of Badon Battle of Alfred Battle of Aylesford Battle of Wippedesfleot

409 views • 11 slides
The Interception of the Zimmermann Telegram Secret Communications Between Germany and Mexico

The Interception of the Zimmermann Telegram Secret Communications Between Germany and Mexico

The Interception of the Zimmermann Telegram Secret Communications Between Germany and Mexico Prompt America to Declare War The Zimmermann Telegram Intelligence, Diplomacy, and Americas Entry into World War I By the winter of 1916 to 1917,

439 views • 33 slides
A Telegram bot for Amartyo Banerjee and SK Venkatesan printing LaTeX files TNQ Books and

A Telegram bot for Amartyo Banerjee and SK Venkatesan printing LaTeX files TNQ Books and

TUG 2016. A Telegram bot for Amartyo Banerjee and SK Venkatesan printing LaTeX files TNQ Books and Journals, India July 25. Toronto. Introduction I present a proof of concept of a Telegram bot, meant to run on the Raspberry Pi.

516 views • 17 slides
The Battle of Britain Year 6 Home Learning The Battle of Britain The Battle of Britain was

The Battle of Britain Year 6 Home Learning The Battle of Britain The Battle of Britain was

The Battle of Britain Year 6 Home Learning The Battle of Britain The Battle of Britain was fought between the RAF (Royal Air Force) and the German Luftwaffe (air force). Talk to a family member: Do you know what the Battle of Britain was?

323 views • 21 slides
BATTLE OF THE BOOKS C 2016-17 What is Battle of the Books? . Purpose: The purpose of

BATTLE OF THE BOOKS C 2016-17 What is Battle of the Books? . Purpose: The purpose of

BATTLE OF THE BOOKS C 2016-17 What is Battle of the Books? . Purpose: The purpose of the Middle School Battle of the Books is to encourage reading and expose students of all ability levels to quality literature representing a variety

325 views • 9 slides
troll batul How might you model a battle between two trolls? How might you model a battle between

troll batul How might you model a battle between two trolls? How might you model a battle between

CSCI261 Lecture 23: Passing by Reference, Objects and Memory troll batul How might you model a battle between two trolls? How might you model a battle between two trolls? Define and describe trolls (attributes, behavior) Describe the battle

529 views • 15 slides
What is Russia? Project What is Europe? We live in Russia. Russia is a huge country. It

What is Russia? Project What is Europe? We live in Russia. Russia is a huge country. It

What is Russia? Project What is Europe? We live in Russia. Russia is a huge country. It takes more than a week to cross the country from West to East in a train The National Banner and Anthem of Russia in our kindergarten The Kremlin and

904 views • 25 slides
What is Battle of the Books? Battle of the Books encourages reading and exposes students to

What is Battle of the Books? Battle of the Books encourages reading and exposes students to

What is Battle of the Books? Battle of the Books encourages reading and exposes students to quality literature. Battle of the Books is a competition among teams first at the school level and then at the district level. There are 10

423 views • 20 slides
NOTES ON TECHNICAL PRESENTATIONS Informal Presentations Purpose - idea interchange,

NOTES ON TECHNICAL PRESENTATIONS Informal Presentations Purpose - idea interchange,

NOTES ON TECHNICAL PRESENTATIONS Informal Presentations Purpose - idea interchange, brainstorming, status, report, training, education. Audience - friendly, peers, small to medium size, technical Visual Aids - blackboard,

174 views • 13 slides
THE BATTLE TO BELIEVE John 20 THE BATTLE TO BELIEVE John 20 John 20:3031 Jesus did many

THE BATTLE TO BELIEVE John 20 THE BATTLE TO BELIEVE John 20 John 20:3031 Jesus did many

THE BATTLE TO BELIEVE John 20 THE BATTLE TO BELIEVE John 20 John 20:3031 Jesus did many other miraculous signs in the presence of his disciples, which are not recorded in this book. But these are written that you may believe that Jesus is

490 views • 29 slides
Simo Sorce Red Hat, Inc. Red Hat Enterprise IPA, Technical Notes What is IPA ? IPA stands for:

Simo Sorce Red Hat, Inc. Red Hat Enterprise IPA, Technical Notes What is IPA ? IPA stands for:

Simo Sorce Red Hat, Inc. Red Hat Enterprise IPA, Technical Notes What is IPA ? IPA stands for: Identity, Policy, Audit IPA is about managing user/machine identities and related security policies IPA v1 is focused around solving the problem of

487 views • 23 slides
Joint Battle Management Language (JBML) Joint Battle Management Language (JBML) US

Joint Battle Management Language (JBML) Joint Battle Management Language (JBML) US

2007 Euro Simulation C 4 I Center Interoperability Workshop Joint Battle Management Language (JBML) Joint Battle Management Language (JBML) US Contribution to the C-BML PDG and NATO MSG-048 TA Dr. Andreas Tolk VMASC Dr. J. Mark

311 views • 19 slides
The production and technical company NORMATIV was founded in 1988 in Saint-Petersburg, Russia and

The production and technical company NORMATIV was founded in 1988 in Saint-Petersburg, Russia and

The production and technical company NORMATIV was founded in 1988 in Saint-Petersburg, Russia and supplies solutions and services for more than 25 years . The main focus of the activity of the company: automation of production process on the basis

457 views • 20 slides
Noburu Okabe Why Japan Ignored the Innce THE TRUTH OF THE DISAPPEARED YALTA CONFIDENTIAL

Noburu Okabe Why Japan Ignored the Innce THE TRUTH OF THE DISAPPEARED YALTA CONFIDENTIAL

1 Noburu Okabe Why Japan Ignored the Innce THE TRUTH OF THE DISAPPEARED YALTA CONFIDENTIAL TELEGRAM ONFIDENTIAL TELEGRAM ORIGINAL COPY OF YALTA SECRET AGREEMENT DRAFT HANDED BY MOLOTOV TO SECRETARY OF STATE 2 3 ANTI-RUSSIAN INTELLIGENCE

535 views • 32 slides
CURRENT ACTIVITY IN RUSSIA ON ATOMIC, MOLECULAR AND PMI DATA P.R. Goncharov 1 , A.B. Kukushkin 2,3

CURRENT ACTIVITY IN RUSSIA ON ATOMIC, MOLECULAR AND PMI DATA P.R. Goncharov 1 , A.B. Kukushkin 2,3

IAEA Technical Meeting on Technical Aspects of Atomic and Molecular Data Processing and Exchange 23rd Meeting of the Atomic and Molecular Data Centres Network IAEA Headquarters, Vienna, Austria 2-4 November 2015 CURRENT ACTIVITY IN RUSSIA ON

673 views • 46 slides
Battle Command Collapse and M&amp;S April 8 2011 Ted Troccola PD Common Software, PM BC

Battle Command Collapse and M&amp;S April 8 2011 Ted Troccola PD Common Software, PM BC

Battle Command Collapse and M&amp;S April 8 2011 Ted Troccola PD Common Software, PM BC Contractor (Viecore FSD Inc.) 1 Topics for Discussion Background BC Collapse Strategy Operational Technical Programmatic

752 views • 25 slides
RUSSIA TOURISM Russia is the largest country on the planet and has many wonderful and diverse

RUSSIA TOURISM Russia is the largest country on the planet and has many wonderful and diverse

RUSSIA TOURISM Russia is the largest country on the planet and has many wonderful and diverse areas worth visiting. Russia spreads in two continents, Europe and Asia. Moscow, the capital city of Russia falls entirely in Europe. This is the

776 views • 22 slides
Historical cryptography 2 CSCI 470: Web Science Keith Vertanen Overview Historical

Historical cryptography 2 CSCI 470: Web Science Keith Vertanen Overview Historical

Historical cryptography 2 CSCI 470: Web Science Keith Vertanen Overview Historical cryptography WWI Zimmerman telegram WWII Rise of the cipher machines Engima Allied encryption 2 WWI: Zimmermann Telegram 1915,

557 views • 23 slides
Battle of the Waveforms for 5G GUNES KARABULUT KUR GUNES KARABULUT KURT, SELAHA , SELAHATTIN

Battle of the Waveforms for 5G GUNES KARABULUT KUR GUNES KARABULUT KURT, SELAHA , SELAHATTIN

Battle of the Waveforms for 5G GUNES KARABULUT KUR GUNES KARABULUT KURT, SELAHA , SELAHATTIN GOKCELI TTIN GOKCELI gkurt@itu.edu.tr, gokcelis@itu.edu.tr Wireless Communications and Research Laboratory (WCRL) ISTANBUL TECHNICAL UNIVERSITY ITU

364 views • 17 slides
RCIA 12: The Battle of Prayer and Traditions of Prayer 12: The Battle of Prayer and Traditions

RCIA 12: The Battle of Prayer and Traditions of Prayer 12: The Battle of Prayer and Traditions

9/2/2019 RCIA 12: The Battle of Prayer and Traditions of Prayer 12: The Battle of Prayer and Traditions of Prayer The Sign of the Cross A distinctly Catholic (and Orthodox) sign The world knows we are Catholic and witnesses to our

359 views • 11 slides
Battle of the Books 2015-2016 What is Battle of the Books? Participants get into teams of

Battle of the Books 2015-2016 What is Battle of the Books? Participants get into teams of

Battle of the Books 2015-2016 What is Battle of the Books? Participants get into teams of three and read the list of 25 books, so they can answer trivia questions about the books. Everyone is welcome. Top three teams win books and

425 views • 31 slides
Collaborative Filtering Radek Pel anek Notes on Lecture the most technical lecture of the

Collaborative Filtering Radek Pel anek Notes on Lecture the most technical lecture of the

Collaborative Filtering Radek Pel anek Notes on Lecture the most technical lecture of the course includes some scary looking math, but typically with intuitive interpretation use of standard machine learning techniques, which are

971 views • 68 slides
TRUCKS, KNIVES, BOMBS, WHATEVER EXPLORING PRO-ISLAMIC STATE INSTRUCTIONAL MATERIAL ON TELEGRAM

TRUCKS, KNIVES, BOMBS, WHATEVER EXPLORING PRO-ISLAMIC STATE INSTRUCTIONAL MATERIAL ON TELEGRAM

TRUCKS, KNIVES, BOMBS, WHATEVER EXPLORING PRO-ISLAMIC STATE INSTRUCTIONAL MATERIAL ON TELEGRAM Bennett Clifford 10/19/2018 Key Questions How do English-speaking online supporters of the Islamic State share instructional material on

111 views • 10 slides

More recommend