Thursday :: Jun 29, 2006

Is The Big Bu$hCo Brother Reading Your Email?


by pessimist

The good folks over at Wired News have posted a means by which you can check to see if your ISP is funneling your Internet traffic to the NSA.

Here's the 27B Stroke 6 guide to detecting if your traffic is being funneled into the secret room on San Francisco's Folsom street.

If you're a Windows user, fire up an MS-DOS command prompt. Now type 'tracert' followed by the domain name of the website, e-mail host, VoIP switch, or whatever destination you're interested in.

Care to try this yourself? Details below the fold.

This is what the Wired News article provided as a result of their tracert command. Don't worry if you don't understand everything you see here. The explanation of what is important to look for follows the example:

C:\> tracert nsa.gov

Watch as the program spits out your route, line by line [IP addresses deleted]:

1 2 ms 2 ms 2 ms xxx.xxx.xxx.xxx
[...]
7 11 ms 14 ms 10 ms as-0-0.bbr2.SanJose1.Level3.net
8 13 12 19 ms ae-23-56.car3.SanJose1.Level3.net
9 18 ms 16 ms 16 ms xxx.xxx.xxx.xxx
10 88 ms 92 ms 91 ms tbr2-p012201.sffca.ip.att.net
11 88 ms 90 ms 88 ms tbr1-cl2.sl9mo.ip.att.net
12 89 ms 97 ms 89 ms tbr1-cl4.wswdc.ip.att.net
13 89 ms 88 ms 88 ms ar2-a3120s6.wswdc.ip.att.net
14 102 ms 93 ms 112 ms xxx.xxx.xxx.xxx
15 94 ms 94 ms 93 ms xxx.xxx.xxx.xxx

The magic string you're looking for is sffca.ip.att.net.

If it's present immediately above or below a non-att.net entry, then -- by [AT&T whistleblower Mark] Klein's allegations -- your packets are being copied into room 641A, and from there, illegally, to the NSA.

Of course, if internet pioneer and former FCC advisor J. Scott Marcus (who held a Top Secret security clearance) is correct, and AT&T has installed these secret rooms all around the country, then any att.net entry in your route is a bad sign.

Posted by Kevin Poulsen

As not everyone is a WeanDoze user, Mac users can use this method. I also post the Linux method as provided by a commenter of the original post:

$ traceroute nsa.gov

I tried this myself, and this is what I got [minus a few deletions to protect my own privacy as well as the timing durations]:

traceroute nsa.gov
traceroute to nsa.gov (12.110.110.204), 30 hops max, 40 byte packets
5 ae-14-53.car4.LosAngeles1.Level3.net (4.68.102.79)
ae-14-51.car4.LosAngeles1.Level3.net (4.68.102.15)
6 4.68.111.190 (4.68.111.190) att-level3-oc48.LosAngeles1.Level3.net (4.68.127.134)s
7 tbr2-p033601.la2ca.ip.att.net (12.123.222.38)
8 tbr2-cl21.sl9mo.ip.att.net (12.122.10.13)
9 tbr1-cl24.sl9mo.ip.att.net (12.122.9.141)
10 tbr1-cl4.wswdc.ip.att.net (12.122.10.29)
11 ar2-a3120s6.wswdc.ip.att.net (12.123.8.65)
12 12.127.209.218 (12.127.209.218)12.127.209.218 (12.127.209.218)
13 12.110.110.131 (12.110.110.131)

Looks like I went through several AT&T servers to get to the NSA. They should have a whole lot on me, shouldn't they?

Let's keep it simple in the comments. Did you find '.att.net' in your results? Do you think that AT&T is snooping on Americans? Should they be?

Copyrighted [©] source material contained in this article is presented under the provisions of Fair Use.


FAIR USE NOTICE


This article contains copyrighted material, the use of which has not always been specifically authorized by the copyright owner. I am making such material available in my efforts to advance understanding of democracy, economic, environmental, human rights, political, scientific, and social justice issues, among others. I believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material in this article is distributed without profit for research and educational purposes.

pessimist :: 8:39 PM :: Comments (19) :: TrackBack (0) :: Digg It!