This article is more than 1 year old
How do spooks build surveillance rigs? In Oz they TENDER for it
Federal Police seek kit capable of swallowing Euro-standard intercepts
Australia's Federal Police force (AFP) has issued a tender for deep packet inspection (DPI) kit capable of processing data encapsulated by the European Telecommunications Standards Institute's ETSI 102 232 format for lawfully-intercepted communications.
Why does the AFP need to listen to telecoms intercepts? Aside from the fact its a policing outfit, the Force's “About” page says “The nature of the AFP and what is required of it, has changed significantly in recent years. The AFP has responded to a rapidly changing environment and this has required a greater focus on national and international operations.”
Some of those international operations are peace-keeping missions in Pacific nations where rule of law has broken down. Others concern terrorism and cyber-crime, matters that would make listening to telecom interceptions from abroad quite useful.
After reading the tender Vulture South is leaning towards the force needing kit capable of listening in on its own networks and processing data from outside sources, based on the following list of requirements the successful tenderer will be required to demonstrate:
- The appliance must analyse flows at 10 Gbps
- The appliance must be able to accept TCP/IP as an input
- The appliance must be able to receive IPv4
- The appliance must be able to receive IPv6
- The appliance must be able to identify services
- The appliance must be able to identify applications (Layer 7)
- It is recommended that the appliance can be expanded to higher speeds
- The appliance should be able to accept a network flow encapsulate as ETSI 102 232 as an input
- The appliance should be able to accept PCAP captures as an input
- The appliance should be able to separate flows based on multiple inputs of MPLS
- The appliance should be able to separate flows based on multiple inputs of VLAN
- The appliance should identify Anti-Virus
- The appliance should identify Malware
- The appliance should identify Communication Applications
- The appliance should identify Mobile Applications
- The appliance should extract and store metadata
- The appliance should de-capsulate tunnelling protocols
- The appliance should detect different types of encryption
- The appliance should filter based on keywords
- The appliance should filter based on protocols
- The appliance should filter based on applications
- The appliance should filter based on IP lists
- The appliance should filter traffic based on port lists
The tender also calls for the chosen appliance to possess the ability to create logs and to log filtered data, plus a requirement “not drop packets, both malformed or corrupt”.
Over to you, readers. Is the AFP rolling its own PRISM or just taking care of business? The tender is here if you want to read more for yourself. ®
Biting the hand that feeds IT
