On a whim the Examiner decided to visit the Cryptome website Saturday, October 5, 2013 where the post on packet staining was found. The posting was time stamped the same date (October 5, 2013) even though some pre-production on the information was performed as far back as 2011. The current work was described/posted by Tyson MacCaulay (Bell Canada) in October 2012 and previously in February 2012. And the NSA's use of Tor to seed cookies into web ads is tied together in Stephen Rosenblatt's CNET article of Oct. 4, 2013.
Yes, this looks to be an arcane and byzantine - and possibly brilliant - scheme of tracking overseas internet communications by the NSA. Certain web ads contain identifying "cookies" that are used to identify Tor-anonymized (?) clients. But, not all of the client/users can be identified - only some - or so it is claimed. Cookie server information on the web browser can be tracked - where it is legal to do so. There are laws against cookie tracking in Europe. But how would an organization like the NSA perform this kind of tracking? Because of the apparent cost (which is relatively low, even so) of the equipment and the operation.
Packet staining is not the same as "packet sniffing" as it does not appear to operate with the same tools and techniques as the latter. The (NSA) agency does not appear to view the technique as an attack or a "hack". They "simply" have found a way to almost invisibly intercept suspect communications. The setup is explained (somewhat) by the MacCaulay infographic. This is not a rigorous mathematical description but the packet stained network appears to be composed of at least n = 4 peers. At least n = 1 peers is compromised and stained by a packet manipulation device.
Apparently the compromised peer/device packets are intercepted by an intelligence source which is in contact with a botmaster/peer device. The botmaster's source (a puppet master?) then directs the intelligence to an enterprise WAN "outside of contact' with the original P2P network. But in the MacCaulay map the packet signal information is distributed to a relatively benign network of kinetic/smart systems. The "mystery" of the potential NSA use of packet staining might just be them "piggybacking" almost invisibly on existing benign technology.
