Check if NSA warrantless surveillance is looking at your IP traffic

IndyMedia

AT&T technician Mark Klein learned of a secret room installed in the company's San Francisco internet switching center ... what he saw and learnt prompted him to call at the Electronic Frontier Foundation unannounced in late January 2005 with documents in hand. The EFF was already preparing a class-action lawsuit against AT&T for allegedly turning over customer phone-record data to the NSA -- relying on reporting from the Los Angeles Times about AT&T giving the NSA access to a phone-record database with 1.88 trillion entries.

Now a heavily redacted 40 page document document by internet expert J. ScottMarcus has been supplied and is available here.

Briefly Marcus says, based on the Klein documents, his experience, knowledge of AT&T and understanding of what equipment is available that ..

The AT&T documents that Klein supplied are genuine.

The Newbie's Guide to Detecting the NSA

If you're a Windows user, fire up an MS-DOS command prompt. Now type tracert followed by the domain name of the website, e-mail host, VoIP switch, or whatever destination you're interested in. Watch as the program spits out your route, line by line:

C:\> tracert nsa.gov

1 2 ms 2 ms 2 ms 12.110.110.204
[...]
7 11 ms 14 ms 10 ms as-0-0.bbr2.SanJose1.Level3.net [64.159.0.218]
8 13 12 19 ms ae-23-56.car3.SanJose1.Level3.net [4.68.123.173]
9 18 ms 16 ms 16 ms 192.205.33.17
10 88 ms 92 ms 91 ms tbr2-p012201.sffca.ip.att.net [12.123.13.186]
11 88 ms 90 ms 88 ms tbr1-cl2.sl9mo.ip.att.net [12.122.10.41]
12 89 ms 97 ms 89 ms tbr1-cl4.wswdc.ip.att.net [12.122.10.29]
13 89 ms 88 ms 88 ms ar2-a3120s6.wswdc.ip.att.net [12.123.8.65]
14 102 ms 93 ms 112 ms 12.127.209.214
15 94 ms 94 ms 93 ms 12.110.110.13
16 * * *
17 * * *
18 * *

In the above example, my traffic is jumping from Level 3 Communications to AT&T's network in San Francisco, presumably over the OC-48 circuit that AT&T tapped on February 20th, 2003, according to the Klein docs.

The magic string you're looking for is sffca.ip.att.net. If it's present immediately above or below a non-att.net entry, then -- by Klein's allegations -- your packets are being copied into room 641A, and from there, illegally, to the NSA.

I suggest users of ATS do this little test and check out if NSA is listening to their IP.

This is a nice way to find out if you are being watched or not.

Is there a way to check this out on Linux/Unix/Mac systems?

Originally posted by SeekTruth
Is there a way to check this out on Linux/Unix/Mac systems?

In OS X on the Mac go into utilities in your applications folder and choose "Network Utility", then click on the Trace Route tab at the top.

Using NetBarrier firewall, you can enter the above IP addresses to your stop list.

I'm not all too comfortable with all the Level 3.net connections I'm seeing.


www.intego.com...

[edit on 1-7-2006 by FallenFromTheTree]

While this honestly doesn't bother me all that much (not to sidetrack the thread, just thought I'd mention it), here's what I get...

16 gbr1-p70.dtrmi.ip.att.net (12.123.208.26) 37.589 ms 30.062 ms 28.503 ms
17 tbr1-p012501.dtrmi.ip.att.net (12.122.12.169) 30.999 ms 33.962 ms 35.797 ms
18 tbr2-cl19.phlpa.ip.att.net (12.122.10.38) 31.665 ms 29.544 ms 28.345 ms
19 tbr1-cl9.wswdc.ip.att.net (12.122.2.85) 33.342 ms 33.511 ms 36.899 ms
20 ar2-a3120s6.wswdc.ip.att.net (12.123.8.65) 29.884 ms 28.035 ms 29.992 ms

Who is Level 3?

www.level3.com...

Level 3 (Nasdaq: LVLT) is an international communications and information services company and is headquartered in Broomfield, Colorado. The company operates one of the largest communications and Internet backbones in the world.

Level 3 is one of the largest providers of wholesale dial-up service to ISPs in North America and is the primary provider of Internet connectivity for millions of broadband subscribers through its cable and DSL partners.

The world’s largest telecom carriers all continue to use Level 3 services, as do the 10 largest U.S. Internet Service Providers, and the 10 largest European telecom carriers.

The company offers a wide range of communications services over its approximately 23,000 mile broadband fiber optic network including Internet Protocol (IP) services, broadband transport, colocation services, and patented Softswitch-based managed modem and voice services. Services offered under the “Level 3 Communications” brand include:

• Internet access services
• Managed modem dial-up services
• Broadband transport
• IP-centric voice services
• Private packet-switched services
• DSL Aggregation
• Colocation
• Metropolitan and intercity dark fiber

Based on the amount of Internet traffic on Level 3’s IP backbone, Level 3 is among the largest Internet carriers in the world. Through Level 3’s dial-up ISP customers, the company’s dial-up infrastructure is accessible to approximately 90% of the U.S. population. When a typical Internet user at home dials the Internet using a modem in the U.S., there is better than a one-in-three chance that their call is being completed within a Level 3 data center.

[edit on 1-7-2006 by FallenFromTheTree]

Originally posted by SeekTruth
Is there a way to check this out on Linux/Unix/Mac systems?

Use the traceroute command:

# traceroute nsa.gov

I struggle to see how easy it is to see if they're tracking you, seems way too simple.

Still had a go though, but i'm in Blighty, so I'm safe.

Hi
I can get the ms dos screen up but it won't let me type anything in .
Any advice?

Originally posted by FallenFromTheTree
Using NetBarrier firewall, you can enter the above IP addresses to your stop list.

That will only stop those addresses from access into your computer. It is doing nothing in regards to those IP's with your outbound connections after they leave your computer, which is where this surveillance action takes place
NN

I'm aware that using the Stop List will only prevent access FROM those IP#'s, but

there's always applications like NetShade and other proxy connection applications
which you can use to mask your IP# to some degree if desired.

www.raynersoftware.com...



[edit on 1-7-2006 by FallenFromTheTree]

Hmmm, good find. I'm in the Bay area and a tracert to yahoo routes me through their site:

Tracing route to yahoo.com [216.109.112.135]
(text ommited)

7 20 ms 12 ms 28 ms 12.116.188.5
8 82 ms 73 ms 86 ms tbr2033201.sffca.ip.att.net [12.123.12.126]
9 74 ms 75 ms 73 ms tbr1-cl2.sl9mo.ip.att.net [12.122.10.41]
10 75 ms 74 ms 74 ms tbr1-cl4.wswdc.ip.att.net [12.122.10.29]
11 72 ms 74 ms 73 ms gar1-p310.ascva.ip.att.net [12.123.8.57]
12 * * * Request timed out.
13 75 ms 74 ms 76 ms ge-0-0-0-p110.msr2.dcn.yahoo.com [216.115.108.5]

14 74 ms 74 ms 72 ms ge6-1.bas2-m.dcn.yahoo.com [216.109.120.221]
15 75 ms 73 ms 77 ms w2.rc.vip.dcn.yahoo.com [216.109.112.135]tbr2033201.sffca.ip.att.net [12.123.12.126]

Thanks for the terrific pointer!

In these strange times, it's always a comfort to have another arrow in the quiver.

Baack

I can't help to wonder if it is coincidence that AT&T would be showing up solely because it supplies much of the internet backbone for the U.S. Thoughts?

Thanks for all the help

Originally posted by surfinguru
7 20 ms 12 ms 28 ms 12.116.188.5
8 82 ms 73 ms 86 ms tbr2033201.sffca.ip.att.net [12.123.12.126]
9 74 ms 75 ms 73 ms tbr1-cl2.sl9mo.ip.att.net [12.122.10.41]
10 75 ms 74 ms 74 ms tbr1-cl4.wswdc.ip.att.net [12.122.10.29]
11 72 ms 74 ms 73 ms gar1-p310.ascva.ip.att.net [12.123.8.57]
12 * * * Request timed out.
13 75 ms 74 ms 76 ms ge-0-0-0-p110.msr2.dcn.yahoo.com [216.115.108.5]

14 74 ms 74 ms 72 ms ge6-1.bas2-m.dcn.yahoo.com [216.109.120.221]
15 75 ms 73 ms 77 ms w2.rc.vip.dcn.yahoo.com

Dude!

The magic string you're looking for is sffca.ip.att.net. If it's present immediately above or below a non-att.net entry, then -- by Klein's allegations -- your packets are being copied into room 641A, and from there, illegally, to the NSA.

Your packets are being copied into room 641A!

Is that the only place it is happening? My results look odd and it never completes (times out at the end). However, I do not get the suspicious string.

C:\> tracert nsa.gov

Tracing route to nsa.gov [12.110.110.204]
over a maximum of 30 hops:

1 5 ms 5 ms 6 ms 10.123.96.1
2 8 ms 7 ms 8 ms 81.230.95.24.cfl.res.rr.com [24.95.230.81]
3 8 ms 9 ms 9 ms 145.228.95.24.cfl.res.rr.com [24.95.228.145]
4 10 ms 9 ms 10 ms p1-0.hsa2.orl1.bbnplanet.net [63.209.120.29]
5 9 ms 9 ms 10 ms ge-5-0-0.mp1.Orlando1.Level3.net [4.68.97.201]
6 39 ms 30 ms 29 ms ae-2-0.bbr1.Washington1.Level3.net [4.68.128.201
]
7 32 ms 31 ms 32 ms ae-13-55.car3.Washington1.Level3.net [4.68.121.1
44]
8 32 ms 32 ms 33 ms att-level3-oc192.Washington1.Level3.net [209.244
.219.142]
9 34 ms 35 ms 33 ms tbr1-p014001.wswdc.ip.att.net [12.123.8.98]
10 31 ms 31 ms 31 ms ar2-a3120s6.wswdc.ip.att.net [12.123.8.65]
11 37 ms 37 ms 37 ms 12.127.209.218
12 42 ms 38 ms 43 ms 12.110.110.131
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * *

[edit on 7/2/2006 by Relentless]

Looks like they are watchin me too. hop #7

4 7 ms 8 ms * 10g-9-3-ur01.shaw.ca.fresno.comcast.net [68.87.200.57]
5 7 ms * 9 ms 10g-8-1-ar01.fresno.ca.fresno.comcast.net [68.87.200.25]
6 23 ms 11 ms 10 ms 12.124.35.89
7 73 ms 74 ms 73 ms tbr2-p033602.sffca.ip.att.net [12.123.13.154]
8 73 ms 73 ms 74 ms tbr1-cl2.sl9mo.ip.att.net [12.122.10.41]
9 74 ms 73 ms 75 ms tbr1-cl4.wswdc.ip.att.net [12.122.10.29]
10 72 ms 72 ms 72 ms ar2-a3120s6.wswdc.ip.att.net [12.123.8.65]
11 88 ms 76 ms 76 ms 12.127.209.218
12 77 ms 79 ms 79 ms 12.110.110.131
13 * *

Originally posted by MagicaRose
Thanks for all the help

If you calm down, I'll help you! Calm? Good!

Are you on a works or school computer? If you live with your parents, do they have any blocking software? If yes, then command prompt will be disabled.

It would be a good idea for everyone to familiarize themselves with EPIC and the
different privacy software available.

www.epic.org...


I would strongly consider one of the free or low cost strong encryption applications out there too.

Personally, I think PGP desktop is the best with zero back doors guaranteed.

www.pgp.com...

[edit on 2-7-2006 by FallenFromTheTree]