Prism continued

I suppose this system was part of the 20MM as well?

Anyone else notice that the Boundless Informant GUI looks suspiciously like
the Splunk GUI?

And according to the article, it sounds like it does exactly what Splunk is
capable of, albeit on a grander scale than I thought possible.


Let's see:

Requires "always-on" internet connection

Only available with Kinect
Includes infrared sensor
Manufactured by Microsoft, the first company to sign up for Prism

When can I get my Xbox One??

There is no way they could of paid for all the Splunk licencing costs
which the budget quoted before....

Speaking of Splunk; is that really the tool of choice?

It would make sense. It's a friggin' sick syslog analyzer. Expensive
as hell, but awesome.

Compare it to most any other SIEM (ArcSight?) and it's a bargain.

But still, yeah.


On 2013-06-12, Phil Fagan <> sent:

Speaking of Splunk; is that really the tool of choice?

I've been hearing a lot of good things about logstash these days
too, if you prefer the open source route.

That's assuming they paid full list price.

Ask the ex-CEO of Qwest what happens if you try to turn down an
offer the NSA makes you. :slight_smile:


- ferg

Logstash and Splunk are both wonderful, in my experience.

What sets them apart from just a plain grep(1) is that they build an
index that points keywords to to logging events (lines).

What if you're looking for events related to a specific interface or LSP?
Not a problem with a modest log volume, as grep can tear through text
nearly as quickly as your disk can pass it up.
However, once you have a ton of historical logs, or just a large
volume, grep becomes way to slow as you have to retrieve tons of
unrelated log messages to check if they're what you're looking for.

Having an index gives you a way to search for that interface or LSP
name, and get a listing of all the locations that contain log events
matching what you're looking for.

In the PRISM context, I highly doubt their using Splunk for any kind
of analysis beyond systems and network management. It's not good at
indexing non-texty-things.
What if you need to search for events that were geographically
proximate to one another? That takes a special kind of index.

Also checkout for a rather splunk like experience.

cellphones with cameras are probably better for the purposes of covert mass surveillance, especially ones with front facing cameras. far more of them out there, and wireless to boot.

suprised everyone gets their panties in a bunch over presumed games console monitoring, what about all your iphones already out there?


PostgreSQL has PostGIS, but I doubt it's high-performance.

I was under the impression stuff like Palantir was used a bit, in this
context (but I don't even have nth-hand evidence for that.)

Ah, yes. This:


My iPhone lives in a holster that covers both cameras when not in use or charging. Do you throw a sheet over your gaming console when you're not using it?

Would hacking (or abusing) Xbox One and using Kinect for remote surveillance create "house RATs"? :slight_smile:

And Bernie Ebbers was framed, too?

The linked email above erroneously describes Nacchio's defense as DOJ's theory, which is even more ridiculous (defense to insider trading charge is trading on insider information-- ok...).

As nice as it would have to have a martyr, Nacchio isn't it.

You'd be amazed at how many hours of footage
the government has of the inside of my pants



Only victim in all of this is the poor NSA contractor who had to sift thru my browser history