Check if NSA warrantless surveillance is looking at your IP traffic
Published on 2006-08-06 00:00:00
Source: Looking Glass News
AT&T technician Mark Klein learned of a secret room installed in the company's San Francisco internet switching center ... what he saw and learned prompted him to call at the Electronic Frontier Foundation unannounced in late January 2005 with documents in hand. The EFF was already preparing a class-action lawsuit against AT&T for allegedly turning over customer phone-record data to the NSA -- relying on reporting from the Los Angeles Times about AT&T giving the NSA access to a phone-record database with 1.88 trillion entries.
Now a heavily redacted 40 page document document by internet expert J. Scott Marcus has been supplied and is available here. PDF Alert !! 40 pages.
Briefly Marcus says, based on the Klein documents, his experience, knowledge of AT&T and understanding of what equipment is available that ..
The AT&T documents that Klein supplied are genuine.
There could be 35 - 40 such rooms throughout the US.
The internet surveillance program covers domestic traffic not only just international traffic. Most International traffic enters the US through only 3 points Florida New York and San Francisco. Marcus notes that the AT&T spy rooms are "in far more locations than would be required to catch the majority of international traffic"
The system is capable of looking at content, not just addresses. The configuration described in the Klein documents -- presumably the Narus software in particular -- "exists primarily to conduct sophisticated rule-based analysis of content", Marcus concludes.
The system looks at all traffic not just AT&T but those transiting AT&T networks.
Want to check to see of your Internet packets are being "sniffed" by AT&T.
First. A little history.
Way back when Bill Gates was designing a BASIC instruction set he (along with everybody else until Microsoft introduced Compiled or CBasic) which was interpretive. That means it took each line of code and processed it.
Troubleshooting was non -existent and de-bugging tools primitive. A utility resulted called TRON / TROFF was used , slow, cumbersome, but it worked and is best explained by the Commodore Basic handbook;
The TRON statement activates trace mode. When active, as each statement is executed, the line number of that statement is printed.
The TROFF statement turns off trace mode.
Of course most people will remember TRON as the 1982 (!) Disney movie, with Jeff Bridges and Bruce Boxleitner who played the young programmwer TRON - this was the very first movie to use computer generated graphics - which appear today to be unbeleivably primitive.
As systems, grew in complexity and multi-user tasking came along, and TCP/IP emerged, it became necessary to test what was happening as a packet was sent.A guy called Van Jacobson in 1987 from a suggestion by Steve Deering came up with a Unix utility called TRACE ROUTE or tracert.This is how Microsoft explain its function and method.
How the TRACERT Command Works (Microsoft on line help)
The TRACERT diagnostic utility determines the route taken to a destination by sending Internet Control Message Protocol (ICMP) echo packets with varying IP Time-To-Live (TTL) values to the destination. Each router along the path is required to decrement the TTL on a packet by at least 1 before forwarding it, so the TTL is effectively a hop count. When the TTL on a packet reaches 0, the router should send an ICMP Time Exceeded message back to the source computer.
TRACERT determines the route by sending the first echo packet with a TTL of 1 and incrementing the TTL by 1 on each subsequent transmission until the target responds or the maximum TTL is reached. The route is determined by examining the ICMP Time Exceeded messages sent back by intermediate routers. Note that some routers silently drop packets with expired TTLs and are invisible to TRACERT.
TRACERT prints out an ordered list of the routers in the path that returned the ICMP Time Exceeded message. If the -d switch is used (telling TRACERT not to perform a DNS lookup on each IP address), the IP address of the near- side interface of the routers is reported.
In a sense it works in a set wise mode just the way TRON/TROFF did decades ago.
Now you are ready to test if your packets are finding their way through AT&T , there's the easy way ;
Go to www.dnsstuff.com you will find a range of tests you can perform, quickly and easily, on the right of the second row you will find a red box labeled Traceroute. Let us enter then , say the text ... nsa.gov ... or even their IP address... 12.110.110.204 and press the button.
A list will be returned showing the times and route of the packet - you will in the column labelled HOSTNAME that the signal will travel through a switch labelled like this
tbr1-p013901.wswdc.ip.att.net. or maybe
ar2-a3120s6.wswdc.ip.att.net.
or even
unknown.att.net
Now the att identifies the switch as AT&T ,you can identify the town (the system uses geolocation which is not very precise) by using the box in the centre of the fourth row "Find the city" by entering the IP address in the IP column immediately left of the HOSTNAME column
tbr2012701.phmaz.ip.att.net [12.123.206.30]
City: Morristown, New Jerseytbr2-cl1592.dlstx.ip.att.net [12.122.10.81]
City: Morristown, New Jerseytbr1-cl6.sl9mo.ip.att.net [12.122.10.89]
City: Fargo, North Dakotatbr1-cl4.wswdc.ip.att.net [12.122.10.29]
City: Fargo, North Dakotaar2-a3120s6.wswdc.ip.att.net [12.123.8.65]
City: Adrian, Michigan
Interestingly if you do a "Whois" query using the IP address you will find all these IP addresses were Registered on the 26th November 2003,at AT&T Worldnet Services,200 South Laurel Ave.Middletown NJ Zip 07748 there are also other curious similarities for you to ponder.
You can try the hard way and get the same results by calling up the MSDOS prompt and entering at the C:\Windows\ pompt
tracert nsa.gov
This will return the same list as the DNS utility but without the helpful notes etc.,
Now try this out with other IP addresses other than nsa.gov - as Marcus calculates 10% of all calls are passing through these rooms, don't expect every IP adress to be picked up every time.
It would be neat if someone could co-ordinate the location of all the locations - which would give a precise number and location of the rooms. The list above is a start.
