AT&T technician Mark Klein learned of a secret room installed
in the company's San Francisco internet switching center ... what he saw and
learnt prompted him to call at the Electronic Frontier Foundation unannounced
in late January 2005 with documents in hand. The EFF was already preparing a
class-action lawsuit against AT&T for allegedly turning over customer phone-record
data to the NSA -- relying on reporting from the Los Angeles Times about AT&T
giving the NSA access to a phone-record database with 1.88 trillion entries.More
here at Wired.
Now a heavily redacted 40 page document document by internet expert J. Scott
been supplied and is available here. PDF Alert !! 40 pages.
Briefly Marcus says, based on the Klein documents, his experience, knowledge
of AT&T and understanding of what equipment is available that ..
The AT&T documents that Klein supplied are genuine.
There could be 35 - 40 such rooms throughout the US.
The internet surveillance program covers domestic traffic not only
just international traffic.Most International traffic enters the US
through only 3 points Florida New York and San Francisco. Marcus notes that
the AT&T spy rooms are "in far more locations than would be required
to catch the majority of international traffic"
The system is capable of looking at content, not just addresses.
The configuration described in the Klein documents -- presumably the Narus software
in particular -- "exists primarily to conduct sophisticated rule-based
analysis of content", Marcus concludes.
The system looks at all traffic not just AT&T but those transiting
Want to check to see of your Internet packets are being "sniffed"
First. A little history.
Way back when Bill Gates was designing a BASIC instruction set he (along with
everybody else until Microsoft introduced Compiled or CBasic) which was interpretive.
That means it took each line of code and processed it.
Troubleshooting was non -existent and de-bugging tools primitive. A utility
resulted called TRON / TROFF was used , slow, cumbersome, but it worked and
is best explained by the Commodore Basic handbook;
The TRON statement activates trace mode. When active, as each statement is
executed, the line number of that statement is printed.
The TROFF statement turns off trace mode.
Of course most people will remember TRON as the 1982 (!) Disney movie, with
Jeff Bridges and Bruce Boxleitner who played the young programmwer TRON - this
was the very first movie to use computer generated graphics - which appear today
to be unbeleivably primitive.
As systems, grew in complexity and multi-user tasking came along, and TCP/IP
emerged, it became necessary to test what was happening as a packet was sent.A
guy called Van Jacobson in 1987 from a suggestion by Steve Deering came up with
a Unix utility called TRACE ROUTE or tracert.This is how Microsoft
explain its function and method.
How the TRACERT Command Works (Microsoft
on line help)
The TRACERT diagnostic utility determines the route taken to a destination
by sending Internet Control Message Protocol (ICMP) echo packets with varying
IP Time-To-Live (TTL) values to the destination. Each router along the path
is required to decrement the TTL on a packet by at least 1 before forwarding
it, so the TTL is effectively a hop count. When the TTL on a packet reaches
0, the router should send an ICMP Time Exceeded message back to the source computer.
TRACERT determines the route by sending the first echo packet with a TTL of
1 and incrementing the TTL by 1 on each subsequent transmission until the target
responds or the maximum TTL is reached. The route is determined by examining
the ICMP Time Exceeded messages sent back by intermediate routers. Note that
some routers silently drop packets with expired TTLs and are invisible to TRACERT.
TRACERT prints out an ordered list of the routers in the path that returned
the ICMP Time Exceeded message. If the -d switch is used (telling TRACERT not
to perform a DNS lookup on each IP address), the IP address of the near- side
interface of the routers is reported.
In a sense it works in a set wise mode just the way TRON/TROFF did decades
Now you are ready to test if your packets are finding their way through AT&T
, there's the easy way ;
Go to www.dnsstuff.com
you will find a range of tests you can perform, quickly and easily, on the right
of the second row you will find a red box labeled Traceroute.
Let us enter then , say the text ... nsa.gov ... or even their IP address...
18.104.22.168 and press the button.
A list will be returned showing the times and route of the packet - you will
in the column labelled HOSTNAME that the signal will travel through a switch
labelled like this
tbr1-p013901.wswdc.ip.att.net. or maybe
Now the att identifies the switch as AT&T ,you can identify the town (the
system uses geolocation which is not very precise) by using the box in the centre
of the fourth row "Find the city" by entering the IP address in the
IP column immediately left of the HOSTNAME column
City: Morristown, New Jersey
City: Morristown, New Jersey
City: Fargo, North Dakota
City: Fargo, North Dakota
City: Adrian, Michigan
Interestingly if you do a "Whois" query using the IP address you
will find all these IP addresses were Registered on the 26th November 2003,at
AT&T Worldnet Services,200 South Laurel Ave.Middletown NJ Zip 07748 there
are also other curious similarities for you to ponder.
You can try the hard way and get the same results by calling up the MSDOS prompt
and entering at the C:\Windows\ pompt
This will return the same list as the DNS utility but without the helpful notes
Now try this out with other IP addresses other than nsa.gov - as Marcus calculates
10% of all calls are passing through these rooms, don't expect every IP adress
to be picked up every time.
It would be neat if someone could co-ordinate the location of all the locations
- which would give a precise number and location of the rooms. The list above
is a start.
Read from Looking Glass News
Team Engages "Bloggers"
Trolls Blogosphere for "Actionable" Data
sets its sights on social networking websites
Department Wants Internet Companies to Save Personal Web Surfing Data
may consider mandatory ISP snooping
news from Looking Glass News