Friday, June 30, 2006

Am I being watched? Are you?

Remember when we discussed the secret room in San Francisco where ATT redirects internet traffic to NSA monitors? Wired has outlined a way to find out if your net activity is going there -- and thus, presumably, to Uncle.

The Wired site isn't accessible at this writing, but the story was republished in pertinent part by the Left Coaster. Basically, the technique is pretty simple.

If you're running Windows, go to Start/Run/cmd to get to the DOS prompt.

Then type tracert nsa.gov

Your computer will then try to find a path to the NSA (whose IP number is 12.110.110.204) in 30 easy steps. This process will take a little while.

The NSA's IP number probably won't show up in your traceroute -- but that's not the location you're really looking for. What you're looking for is that small room in San Francisco. Which means that the following string is key:

sffca.ip.att.net.

If those letters show up at any point in the trace route, you MAY have trouble. Here is what Wired writer Kevin Poulsen says:
If it's present immediately above or below a non-att.net entry, then -- by [AT&T whistleblower Mark] Klein's allegations -- your packets are being copied into room 641A, and from there, illegally, to the NSA.

Of course, if internet pioneer and former FCC advisor J. Scott Marcus (who held a Top Secret security clearance) is correct, and AT&T has installed these secret rooms all around the country, then any att.net entry in your route is a bad sign.
Naturally, I tried this trick. Naturally, the magic string -- sffca.ip.att.net -- showed up in my traceroute.

Two steps above it was an IP connected to my service provider. Sandwiched between this (quite legitimate) address and that dreaded room in San Francisco was this number: 144.232.9.206. I used this service to check out who owns that number; the trail led to a building in downtown L.A. An NSA outpost? Hell if I know.

Below the sffca number, the information was routed to another att.net location in Saint Louis, and from there to att.net in Washington, DC. From there, it went to a mysterious number in...Ohio.

At this point, my soi-disant computer savvy has reached its limit, and I'm not sure how to interpret the info. Where does paranoia end and legitimate concern begin? We need a True Geek to speak with authority on this matter.

Try this trick at home, kids. Tell me what you come up with. Perhaps someone who knows more about tracert can tell us whether those att.net addresses really do spell trouble.

35 comments:

Anonymous said...

I tried it. On the 13th step, the IP of 12.110.110.132 came up. After that, which is suspiciously close to the NSA IP, every other step timed out.

Does this mean I'm on Nixon's enemy list? Or am I inflating my own self-importance?

Jeff Wells said...

Same thing happened here: 12.110.110.132 followed by time outs.

Anonymous said...

Just slightly different here. My 9th and 10th steps both had wswdc.ip.att.net as part of the address. My 12th was 12.110.110.131. After that, nothing but timeouts.

Anonymous said...

lately in south carolina, numerous cities, if you report any phone or internet problems, Bellsouth now wants to COME TO YOUR HOME! Mind you, Bellsouth did not come to your home for any installations until recently. Also be aware that " sending a repairman" is the FIRST option now offered on ALL problems....
wierder than wierd and likewise the corporate response when they were asked if this new " service" was in any way connected to the NSA spying..
Be aware people.......

Anonymous said...

A Quick google dig. Using an iplookup tool, the owner of 12.110.110.132 is LinguaLISTek. Here's a small company profile of them at http://www.dnovus.com/seaport1.asp

"

LinguaLISTek is a Woman-Owned, Minority-Owned, and Veteran-Owned company, and is certified by the Small Business Administration as an 8(a), Small & Disadvantaged Business. LinguaLISTek has been in business since 1997, with their corporate office located in Columbia, Maryland, and a branch office in San Antonio, Texas. LinguaLISTek has additional personnel in auxiliary locations to include Georgia, North Carolina, and Pennsylvania.

Lingual Information System Technologies (LinguaLISTek), a leader in IT solutions and Language services, is dedicated to providing state-of-the-art language training, system/software development and life cycle support, networking, language and network security and IT business services and solutions to customers such as the National Security Agency, Defense Intelligence Agency, the United States Navy, US Army, and the US Air Force in various industries throughout the United States."

Through the iplookup, their ip range is directly connected to AT&T Worldnet Services.

Again, my tech savvy is limited as to what this may mean. But, grounds for paranoia and possibly some FOIA requests? I'd say it's likely.

Anonymous said...

Thanks for allowing me to sleep at night, I think. I tried it, too, and got 12.110.110.131 on the 12th step, then timed out. This IP is located in Las Vegas with the host not named. I'm still paranoid. It's my nature.

Anonymous said...

anon from SF:

Yup, I got this too using comcast cable for internet connectivity:

5 10 ms 10 ms * 10g-9-3-ur02.sfpine.ca.sfba.comcast.net [68.87.1
92.241]
6 10 ms 13 ms 12 ms 10g-9-3-ur02.oakland.ca.sfba.comcast.net [68.87.
192.246]
7 16 ms 11 ms * 10g-9-1-ur01.oakland.ca.sfba.comcast.net [68.87.
192.250]
8 * * * Request timed out.
9 * * 10 ms 68.87.226.134
10 * * 11 ms 12.116.188.13
11 73 ms 91 ms 82 ms tbr2033201.sffca.ip.att.net [12.123.12.126]
12 81 ms 74 ms 75 ms tbr1-cl2.sl9mo.ip.att.net [12.122.10.41]
13 76 ms 83 ms 73 ms tbr1-cl4.wswdc.ip.att.net [12.122.10.29]
14 75 ms 78 ms 72 ms ar2-a3120s6.wswdc.ip.att.net [12.123.8.65]
15 89 ms 80 ms 87 ms 12.127.209.218
16 78 ms 90 ms 89 ms 12.110.110.131
17 * * * Request timed out.

Anonymous said...

what if you're using a MAC? what is the MAC equivalent for doing a tracert?

thanks

I have no doubt whatsoever that everything that Joseph posts is being closely monitored by our gov. In Greg Palast's new book, "armed madhouse", homeland security contracted out with choicepoint as part of its nobid $67 million contract to collect information on potential 911 hijackers/terrorists also got information on voters in Venezuela, Mexico and other Latin nations with presidential elections favoring anti-bush candidates. page 42 thru 45.

Joseph Cannon said...

anon 12:47, that was pretty much the same route my own trace followed.

Folks, we need a geek -- a real GOOD geek -- who can tell us what this means. Do you know of anyone who can help? Will he need to be bribed with pizza and Lord of the Rings action figures?

anon 1:04 -- visit the left coaster. You'll find Mac instructions.

Boy, I hate Macs.

Anonymous said...

I got 12.110.110.31 and the wswde.ip.att.net on some of the hops

Anonymous said...

Same here -- on the 12th step, the IP of 12.110.110.132 came up -- geobytes locator traced that to Las Vegas, NA.

I also recall reading recently that there presumably are 'secret' NSA rooms all across the nation.

Posted by bvonahansen on rigorous intuition:
--quote--
# posted by Anonymous : 7:37 AM
A Quick google dig. Using an iplookup tool, the owner of 12.110.110.132 is LinguaLISTek. Here's a small company profile of them at www.dnovus.com/seaport1.asp

"
LinguaLISTek is a Woman-Owned, Minority-Owned, and Veteran-Owned company, and is certified by the Small Business Administration as an 8(a), Small & Disadvantaged Business. LinguaLISTek has been in business since 1997, with their corporate office located in Columbia, Maryland, and a branch office in San Antonio, Texas. LinguaLISTek has additional personnel in auxiliary locations to include Georgia, North Carolina, and Pennsylvania.

Lingual Information System Technologies (LinguaLISTek), a leader in IT solutions and Language services, is dedicated to providing state-of-the-art language training, system/software development and life cycle support, networking, language and network security and IT business services and solutions to customers such as the National Security Agency, Defense Intelligence Agency, the United States Navy, US Army, and the US Air Force in various industries throughout the United States."

Through the iplookup, their ip range is directly connected to AT&T Worldnet Services.

Again, my tech savvy is limited as to what this may mean. But, grounds for paranoia and possibly some FOIA requests? I'd say it's likely.
--unquote--

***
What's up with the different origins between geobytes locator and anonymos's result via iplookup tool (which is probably more accurate)? Proxy-cutout, fake addy,?

I suspect LinguaLISTek could be an NSA dummy-front for Business As Usual (by the Usual Suspects).

'Something's goin on here but you don't know what it is, do you Mr. Jones?'
Starman

Anonymous said...

um, what if it 'timed out' on every step after the third ?

i guess the first ip addr is me?, and there is one for the ISP, and then they are all 'timed out' after that...

is that an uh oh ?

art guerrilla
aka ann archy

artguerrilla@alltel.net

eof

Anonymous said...

LinguaLISTek is a company under the umbrella of dNovus, which sounds a lot like the kind of defense contracting company that Wilkes ran. Clearly it relies on government contracts for its bread and butter. This is from its website:
***
"Our people have extensive intelligence backgrounds and are fully backed by a corporate leadership team with significant senior-level DOD expertise in high-level policy initiatives and requirements driving intelligence and information operations. We will assist you with your unique challenges in the areas of:

Analysis
Concept Development
Consulting
Operations & Operations Support
Example of Results That Count:

We pioneered improved methodologies for analyzing, cataloguing, and disseminating of all source Signal Intelligence (SIGINT) threat data for the Air Force Information Warfare Center, in direct support of on-going military operations and our nation's global war on terrorism."

Sounds to me like it is sifting through Internet traffic for the NSA/DIA/DoD.

Wow. Hope I don't go sailing, wrap an anchor around my feet, shoot myself in the head, and jump overboard in a fit of suicidal depression!

Joseph Cannon said...

uni, I think you may have stumbled across something important. I've bookmarked the dNovus page you cite -- a fact which the bad guys probably already know.

Seems to me that LinguaListTec may be one of those operations which mine data that might be illegal for the NSA to look for.

Now I have a whole weekend to work up the gumption to just call them up and ask what it is that they do.

Joseph Cannon said...

Oh man -- researching these companies IS a trip down the rabbit hole. Apparently the guy running dNovus is Glen SHaffer, a former assistant director of operations for the National Security Agency:

http://www.mysanantonio.com/business/stories/MYSA061205.1R.technology.2fa0b5813.html

Interestingly, they make sure women are in the front positions, so they can get woman-owned business status. These guys all have Texas roots, it seems.

Elaine Medoza, one of the founders of dNovus, also runs a biotech firm with the rather odd name of Conceptual MindWorks.

dNovus lists Lockheed Martin as a "team member." What the hell does THAT mean?

Anonymous said...

Since 12.110.110.132 is the last known hop before all the timeouts, it might just be the last system before actually getting to the destination (nsa.gov) - not necessarily significant, just the last place before the protected addresses.

Anonymous said...

If 12.110.110.204 is really the NSA IP address, it's a fair guess that NSA owns a whole block of addresses that includes the .131 and .132.

Joseph, great catch on Shaffer being ex-NSA! Sounds like he found a way to cash in on his contacts, like Wilkes/Foggo.

Anonymous said...

Joseph,

Hey in the same article you found in the SanAntonio Express, there is a description of a new spook firm called "karta". see below.

I'm anon 12:47 from SF. I must have the honor of being on the same watch list as you. oh well. Hi everyone at Novus reading this comment! remember the golden rule and treat others as you would like to be treated, not how prisoners and young boys have been tortured and sexually abused at Abu Gharif.

Here's the blurb on dNovus from a year ago as featured in up and coming new businesses column in a San Antonio newspaper. The last sentence ends with a quote from Shaffer:

"dNovus is also opening up a new line of business to pursue work in intelligence surveillance and reconnaissance, Shaffer said."'

so Shaffer has certainly succeeded in getting new contracts to do internet snooping on a massive scale on domestic political dissidents. I suppose each and everyone of us who posts to Joseph's blog have files somewhere. well until the door gets kicked in (supreme court ruled in favor of a recent lawsuit upholding a police action of breaking down the door without knocking first) during the middle of the night to take us to a newly built Halliburton "immigration upheaval" or really labor/concentraion camp, Joseph keep doing what you're doing!

Bravo and a standing ovation!


Business : Gaining momentum
Web Posted: 06/12/2005 12:00 AM CDT

San Antonio Express-News

Karta Technologies

Karta Technologies Inc. plans to aggressively pursue more contracts in the intelligence area and in homeland security with defense agencies next year.
The company has worked for the National Security Agency before and has security clearances. It plans to go after more work with the agency, especially when NSA opens its satellite campus in the fall, said G.P. Singh, Karta's founder and CEO.

"Our business is all about winning new contracts and providing solutions to our customers," Singh said.

About 80 percent of Karta's work is research and development projects for government agencies, with the rest focused on commercial companies. Karta's revenue hit $60 million last year and Singh expects it to top $70 million this year. He forecasts revenue hitting $150 million in 2007 and plans to have more than 1,000 employees. Eventually Karta plans to go public.

"It's great to be in San Antonio," Singh said. "We've got great community support."

Already Karta has become one of the city's largest military contractors, with more than $20 million worth of Department of Defense awards in 2003 and $30 million in 2004.

To prepare for the growth, Karta is spending $52 million to add another 20,000-square-foot building next to its 27,000-square-foot headquarters at 5555 Northwest Parkway. It also plans to add 150 employees to its work force of 250 in San Antonio and 200 employees at its offices in Washington, D.C., Oklahoma, Utah and Georgia.

"The biggest changes are that we have brought in an executive team who are veterans of the industry," Singh said. "They have come from working for the billion-dollar companies. That is where we want to go. You need people who have been there and done that to get there."

dNovus RDI


dNovus RDI plans to greatly expand its defense business in 2006 focusing on the intelligence area.
Historically the company has worked primarily for the Department of Defense, the Air Force and the Veteran's Administration, said President Glen D. Shaffer.

Shaffer retired from the Air Force last year as a major general and formerly served as assistant director of operations for the National Security Agency. He decided to join dNovus RDI because he said the company has great people with good hearts who truly believe in working to better the country and support military missions.

Nancy Kudla, a member of the first female class to graduate from the Air Force Academy and a former officer, founded dNovus RDI in 1989. The company has 150 employees at offices in Texas, Maryland and Florida and expects revenue to top $20 million in 2005, up 20 percent from a year ago. dNovus also has joint ventures involved in defense work with Frontline Systems and Conceptual Mindworks.

dNovus is in the process of getting credentials and being certified by the NSA so it can go after contracts with the agency. The company expects certification by the end of the year, though it began the process more than a year ago. Shaffer said the process needs to be slow so the government can ensure that all of its contractors meet security regulations.

To go after intelligence work, dNovus recently hired three national experts in high-end information assurance, Shaffer said.

"We want to start doing work for the CIA," Shaffer said.

dNovus is also opening up a new line of business to pursue work in intelligence surveillance and reconnaissance, Shaffer said.

Anonymous said...

I guess I'm in good company as well. My traces went from local cable to two addresses in New Jersey, to Illinois, to Rockville MD, to Ohio..., then finally to Las Vegas, NV. Several timeouts then followed.

I'm not quite sure what this means either, but have a strange feeling that this is possibly one of the most important catches you've made thus far, Joseph, and that's saying a lot. Obviously, take care.

Kim in PA

Anonymous said...

py Agency Sought U.S. Call Records Before 9/11, Lawyers Say

June 30 (Bloomberg) -- The U.S. National Security Agency asked AT&T Inc. to help it set up a domestic call monitoring site seven months before the Sept. 11, 2001 attacks, lawyers claimed June 23 in court papers filed in New York federal court.

The allegation is part of a court filing adding AT&T, the nation's largest telephone company, as a defendant in a breach of privacy case filed earlier this month on behalf of Verizon Communications Inc. and BellSouth Corp. customers. The suit alleges that the three carriers, the NSA and President George W. Bush violated the Telecommunications Act of 1934 and the U.S. Constitution, and seeks money damages.

``The Bush Administration asserted this became necessary after 9/11,'' plaintiff's lawyer Carl Mayer said in a telephone interview. ``This undermines that assertion.''

The lawsuit is related to an alleged NSA program to record and store data on calls placed by subscribers. More than 30 suits have been filed over claims that the carriers, the three biggest U.S. telephone companies, violated the privacy rights of their customers by cooperating with the NSA in an effort to track alleged terrorists.

``The U.S. Department of Justice has stated that AT&T may neither confirm nor deny AT&T's participation in the alleged NSA program because doing so would cause `exceptionally grave harm to national security' and would violate both civil and criminal statutes,'' AT&T spokesman Dave Pacholczyk said in an e-mail.

U.S. Department of Justice spokesman Charles Miller and NSA spokesman Don Weber declined to comment.

http://www.bloomberg.com/apps/news?pid=20601087&sid=abIV0cO64zJE&refer=

Anonymous said...

if you're on a mac, download the free "whatroute" from versiontracker.com.

And yes, I hit the att office in new york and the final 12.110.110.132 before the timeouts.

Anonymous said...

Okay, I'm a geek, and a radical leftist, and certainly no friend of the Bush administration...but you guys are whacked.

The instructions you have for doing the traceroute are always going to have some att.net addresses in them because it looks like the address you are trying to traceroute to is almost certainly connected via at&t. Having an at&t router show up in the traceroute output is no indication that you are being monitored, particularly if all you perform is a single traceroute to a host where the route has to travel across at&t's network.

Try tracerouting to somewhere else. Does that route also go via at&t? Are there any hosts in common between the two, particularly the "scary" host of sffca.ip.att.net? If so, are you in the Bay area? Because if you are, there's a pretty damn good chance all of your traffic always went through that host, monitoring or not - at&t is a major bandwidth provider, and a lot of you local SF ISP's will be connected to their backbone. Nor is the presence of any other at&t routers in your route of any real evidence of anything, because again, they provide a significant portion of the national internet infrastructure, and a lot of your traffic is going to go via their routers no matter where you are and what host you are trying to reach.

The only way the traceroute instructions you guys are all worked up about is if you were somewhere way outside of SF, like in the Midwest or East coast, and every traceroute you did went via sffca.ip.att.net - and while that might be suspicious, even that wouldn't be proof of anything. Frankly, if the NSA was dumb enough to make it that freakin' easy for network neophytes to be able to tell that their net traffic was being intercepted, the technical press would have broken this story ages before the supposed at&t whistleblower made his case.

Here's the bottom line - You aren't going to get any useful information about NSA net traffic monitoring with a simple network analysis tool like a traceroute. It's just too easy to spoof. I'm not at all saying that the NSA isn't monitoring communications - we know that they are. I am saying that the means you all are trying to use to detect them are no more efficacious than throwing chicken bones in a chalk circle.

Finally, for the guy who said you needed a geek and wanted to know if you'd have to bribe them with pizza and Lord of the Rings Action figures? Get stuffed. I bet the IT people wherever you work hate your guts, you condescending windbag.

Anonymous said...

Okay, so assume we can take our not-so-friendly neighborhood geek's word for it that winding up with AT&T locations is a trivial result of the designated search. But in that case, how do LinguaLISTek, dNovus, and Conceptual Mindworks come into the picture? Can anyone explain that part?

I googled on Conceptual Mindworks a bit, by the way, and found a page with the interesting heading "Click on the titles below to find US government-authored or -collected reports written by CONCEPTUAL MINDWORKS INC SAN ANTONIO TX." It included such eyebrow-raising topics as:

# Crowd Control Modeling and Simulation Research Plan
Date: JUL 2003

# Taser Area Denial Device: A Human Effects Review
Date: MAR 2003

# 66 MM Non-Lethal Grenade: Human Effects Review
Date: MAR 2003

# Simulating the Effects of Laser Damage to the Retina
Date: DEC 2001

Interesting business they're in.

Link

Joseph Cannon said...

Thanks, Doug. Info like yours is the reason why I asked for advice. I'm still pretty damned suspicious, since people all over the country seem to be reporting the same route and the same final destination. At any rate, I see no harm in finding out more about LinguaListek.

I plead guilty to being the guy who made the crack about pizza and LOTR action figures. You have my apologies if you need 'em, but I'll have you know that I get along just fine with the tech guys at the agency where I work. Of course, they really ARE into Lord of the Rings stuff. (The pizza thing is just a guess -- but does anyone scorn a good slice of pie?)

Joseph Cannon said...

If you go to this page, you'll see a comment from a guy in Sweden whose trace went through the same steps -- att.net to LinguListek:

http://www.conspiracycafe.net/board_forum/index.php?showtopic=5362&pid=37403&st=0&

Anonymous said...

Okay, I can see I wasn't clear enough in my explanation of traceroute in my earlier comment. The issue isn't just where you are, but equally what destination you are trying to reach. When you run a traceroute to nsa.gov, from wherever you are, you are going to get an att.net router address in the results because the network the nsa.gov domain is connected to is connected to att.net. You could ping that host from the freakin' moon, and you are going to get att.net. This is no conspiracy people, this is standard internet routing. If the nsa.gov network connected out via sprint, you'd get a sprint.net address, level3.net if connected to Level3, etc. - from wherever you are. The fact that some guy in Sweden sees an att.net address is entirely what is supposed to happen if you are all trying to trace a route to the very same destination!

Look at it this way - let's say that Mr. Cannon here lives on Smith Court, and the only Interstate that runs past Mr. Cannon's home city is I-90, and the exit from I-90 to Mr. Cannon's house is Exit 100. For years, the only way to get to Mr. Cannon's house and Smith Court is to exit I-90 at Exit 100.

Somebody tells you that a cop is taking pictures of cars that pass through Exit 100 on I-90. To test if you are being spied on during your drive to work, you all get out maps and look to see if going to Mr. Cannon's house takes you through Exit 100! It does of course, so you conclude that you're being spied on during your drive to work, even if your drive to work never comes within 100 miles of Mr. Cannon's house, and you, during your normal daily commute, never ever drive through Exit 100, or indeed even on I-90 at all.

Look, the Bushies have perpetrated an awful lot of horrible stuff, and I've proclaimed loudly and often against the war, against Guantanamo, and against the steady erosion of our civil liberties by these thugs. I believe them to be war criminals and elitist bastards intent on fucking over anyone not of their social class and who doesn't toe their line. They are bad, bad people. It's even possible that some of you who think that you are being watched may very well be.

But you aren't proving shit with your traceroutes beyond the fact that you don't understand how Internet routing works. I do, since I help run one of the largest public hospital networks in the US, and deal with this stuff daily. If you want to believe you've outed the NSA with a simple network analysis tool provided in every commercial operating system available today, be my guest, but anyone with any technical knowledge of how this stuff works is just rolling their eyes at you.

Anonymous said...

Here's an even simpler way to say it: you are all tracing a route to nsa.gov, so of course you are all going to end up at the same destination. If you all use Google maps to see how to get to Joseph's house, you're all going to end up at the same destination, right? So how are you surprised that traceroute, which is simply a route lookup tool like Google maps, works the same way?

Here is the output of a simple 'host' command for nsa.gov:

[dougmil@ariel ~]\$ host nsa.gov
nsa.gov has address 12.110.110.204

A very little bit of investigating reveals that the host nsa.gov, far from being some sort of super-secret spy computer, is the public web server for the NSA. If you know anything about web servers, you'll know that it is very likely that the NSA doesn't manage their own web server, but rather has a hosting company do it. That hosting company could be anywhere, in any city, and on anyone's network. The fact that it connects through att.net is again, not particularly significant of anything.

Running 'dig', a slightly more sophisticated network analysis tool against the "mysterious" address of 12.110.110.132 reveals:

; <<>> DiG 9.2.2 <<>> -x 12.110.110.132 any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41313
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;132.110.110.12.in-addr.arpa. IN ANY

;; AUTHORITY SECTION:
110.12.in-addr.arpa. 1650 IN SOA xbru.br.ns.els-gms.att.net. rm-hostmaster.ems.att.com. 1318 86400 10000 600000 172800

;; Query time: 64 msec
;; SERVER: 207.69.188.185#53(207.69.188.185)
;; WHEN: Sat Jul 1 12:43:10 2006
;; MSG SIZE rcvd: 132

In short, the mystery device isn't any of the suggestive organizations that some of you have come up with using rather questionable online tools - it's an at&t gateway router, which is doing exactly with your traceroute ICMP packets what it is suppose to do - throwing them on the floor instead of allowing your trace to reach inside it's protected network. We do exactly the same thing for our hospital network - do you think that means we're spying on you, too? In fact, I'll guarantee you that all of you who work somewhere that contracts with a larger ISP for internet access would see the same thing if you tried to reach hosts inside your company's network with a traceroute from outside. It's just the way it's done.

As to being "not so friendly," I'm sorry, but this sort of chasing after red herring conspiracy theories is exactly why the bad guys have us on the ropes. Instead of getting all hopped up about if you, personally are being surveilled, why not just assume you are, and do something about it?! Send money to the EFF (Electronic Frontier Foundation) to help support their court case against at&t. Volunteer to help an opposition candidate in their campaign. Volunteer time to help somehow in your community. Getting all spooled up about non-existent evidence is just wasting time and resources while the totalitarians cement their grip.

Anonymous said...

Why do people that feel the need to even use the words conspiracy theories? What is theoretical about the strings of facts that show how our government has essentially turned itself into a dictatorship through cancellation of checks and balances, used 9/11 as justification for 2 illegal invasions/undeclared wars, and countless strippings of American freedom.

That is the only conspiracy and it is no theory.

Joseph Cannon said...

Doug, I thank you for your words. But before anyone goes searching for a high horse to hop aboard, let's review the history of who said what. It was the folks at Wired (not usually considered the journal of computer illitrates) said "'Tis so."

I am the one who said: "At this point, my soi-disant computer savvy has reached its limit, and I'm not sure how to interpret the info. Where does paranoia end and legitimate concern begin? We need a True Geek to speak with authority on this matter.

Try this trick at home, kids. Tell me what you come up with. Perhaps someone who knows more about tracert can tell us whether those att.net addresses really do spell trouble."

This has happened to me before. Someone else on the net says "X is Y." I quote that person. I ask the readers: "It has been said that X is Y. Can anyone verify?" Inevitably, someone out there will get all huffy and act as though *I* made the original claim that X is Y.

Not long ago (in the piece on Rush in the Domincan Republic) I had a web site re-quote the material I quoted and then score ME for the poor grammar of the interview subject!

Now, please understand that I am very grateful for your time and expertise, Doug. Perhaps the thing to do is to run what you've said past the original writer at Wired. Let's see if we can get some sort of useful dialogue going.

Joseph Cannon said...

On the other hand, I AM responsible for misspelling the word "illiterate" in the above comment.

Anonymous said...

Joseph, a writer at Wired is not an engineer. Wired isn't even a technical publication. Given that you consider it to be so, I begin to understand some of your confusion.

Frankly, I don't much care if a writer from Wired said it. Allthat proves is that he doesn't understand TCP/IP routing anymore than anyone else on this board does. I'm a senior network engineer managing the network for the fourth largest public hospital in the US, with a career almost 20 years long. That is verifiable, and a little time spent doing some research on me (I'm far from imp;ossible to find via Google) will verify that. I know whereof I speak, and if that collides with your need for a conspiracy, so be it.

If we're going to review who said what, lets keep in min that I never, ever claimed that the NSA wasn't gathering data and snooping net traffic. They unquestionably are. All I'm trying to tell you is that what you and some ignorant Wired writer seem to consider to be advanced network analysis ain't, and what you're doing proves nothing. Neither of you has the skill or background to interpret what you're seeing. Wired pulled their article because it was inaccurate, you persist in your fantasy.

Joseph Cannon said...

I persist in my fantasy, Doug? I did nothing of the sort, and I did not call Wired a technical journal. I said that it is not generally considered a journal written by computer illiterates, which is true. You persist in ascribing words to me that I did not say. You persist in ascribing a position to me that I did not take. That sort of thing makes me doubt both your technical judgment and -- to be frank -- your basic mental stability.

Do not bother commenting again, nutball. I will trash anything you say on sight.

Anonymous said...

Joseph,

this is anon from SF and my day job is in IT support. i have found Doug's posts really helpful since I am familiar with doing tracerts and using the iplookup tool but doug has a great deal more technical knowledge and experience with routing than you or I.

I'm sorry your dialogue with Doug has spiraled down into name calling. Doug, yes you demonstrate a high degree of technical knowledge of tcp/ip and internet routing but you also err with having a certain attitude that some super geeks of talking down to non-geeks. give Joseph a break and give him room, don't be so judgemental from a geek point of view. Doug you should give Joseph credit for looking at the actual traffic itself and learning more about the companies that own certain blocks of IP's at the very least.

Getting back to the original post, "am I being watched", if you read the original SF Chronicle front page article from May 22nd, it was claimed that all traffic was effectively mirrored and split off. so if all internet traffic going through ATT's data circuits is being split off, then there would not be an interim router. It sounds to me that all internet traffic is being directed into a router that makes a copy of each packet and routes it accordingly into the "secret room".

thus there would be no interim router since all traffic is being mirrored.

"http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2006/05/23/MNGIOJ0G7L1.DTL&hw=AT+snoop&sn=001&sc=1000"

by the way, I complained about the AT&T snooping to one of the head hunchos at my firm and he basically rolled his eyes when I said this was a concern with our ATT T-1 data circuits and to "leave my politics" out of this and that I am being paranoid.

Anonymous said...

step 10-15 showed att.net from laca and 19mo and a wswdc,

step 16 showed ip 12.127.209.214
and 17 showed 12.110.110.131.


scarrrrred now.

Mark said...

Here is what I got, Using the iptool you provided, and the new bing search engine map I got a birds eye view of most of the locations and I have to say Im quite concerned. If these locations are people receiving our packets it doesn't make sense.

One location is in the ocean off the florida coast, one is in NJ at what looks like a strip mining facility, one is a mansion in MD. and the list goes on and on.

When you use the IP search copy the longitude and latitude. Paste them into the search bar here maps.live.com once the location comes up click the "birds eye view" link close to the compass and see what you get.

I wish I understood this tracert thing. Maybe I'll look into it.

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Knox>tracert nsa.gov

Tracing route to nsa.gov [12.120.66.169]
over a maximum of 30 hops:

1 33 ms 33 ms 33 ms L100.HRBGPA-DSL-01.verizon-gni.net [71.114.128.1
]
2 36 ms 35 ms 35 ms P1-0.HRBGPA-LCR-02.verizon-gni.net [130.81.34.22
]
3 46 ms 46 ms 45 ms so-12-1-0-0.RES-BB-RTR2.verizon-gni.net [130.81.
28.254]
4 48 ms 47 ms 48 ms 0.so-6-1-0.XL4.IAD8.ALTER.NET [152.63.36.237]
5 47 ms 47 ms 45 ms 0.ge-7-1-0.BR2.IAD8.ALTER.NET [152.63.41.161]
6 47 ms 47 ms 47 ms 204.255.168.30
7 124 ms 124 ms 123 ms cr1.wswdc.ip.att.net [12.122.135.10]
8 124 ms 123 ms 124 ms cr2.phlpa.ip.att.net [12.122.4.53]
9 125 ms 123 ms 123 ms cr2.cl2oh.ip.att.net [12.122.2.209]
10 131 ms 123 ms 121 ms cr1.cl2oh.ip.att.net [12.122.2.125]
11 126 ms 124 ms 123 ms cr1.cgcil.ip.att.net [12.122.2.205]
12 121 ms 122 ms 122 ms cr2.dvmco.ip.att.net [12.122.31.85]
13 124 ms 124 ms 124 ms cr1.slkut.ip.att.net [12.122.30.25]
14 122 ms 122 ms 123 ms cr2.la2ca.ip.att.net [12.122.30.30]
15 121 ms 123 ms 120 ms 12.123.30.129
16 121 ms 122 ms 122 ms 12.120.66.169

Trace complete.