You can view the imagery for the entire project here.
A special thanks to the GOP for providing the motivation to finish this project! >:P
Read about the Mount Jackson, VA satellite farm!
During the time I was working on Project 4, the FBI and Infragard project, I kept coming across references about their Carnivore program. For those of you who are not familiar with it, that program was the FBI's attempt to capture someone's Internet traffic coming and going from a particular ISP. There are more details about it below, but it caused such an outcry in the US that the FBI changed the name to something more innocuous, like DCS1000. By the time I was coming to the end of the FBI project, the media revealed via a leaked source that the NSA had been spying on Americans within the US and bypassing all Constitutional requirements of search warrants, even bypassing the secret courts that were set up for national security reasons. So, nearly 230 years of the Republic is coming to an end because one beady-eyed prick in the White House rationalized away our Constitutional rights in the name of national security. So, I thought it only proper to take a quick look at the Agency which raped the Fourth Amendment- the NSA.
The NSA is the United States' premier spy agency when it comes to eavesdropping on communications. I won't dwell on their Echelon program and their eavesdropping capabilities because that has been done to death. Just look it up on Google. But, there was one particular area I was curious about. What is the NSA's approach to monitoring the Internet? I can't imagine they would've just left the most extensive communications system in modern times alone.
This project is about an assumption I'm making. And although it is a pretty big assumption, I have no doubt that someone is perusing the Internet traffic from Europe and the Middle East and it makes sense that it be the NSA. Think about it- a huge chunk of the Internet traffic is going through North America and what better opportunities for the NSA to catch that traffic than now! Don't think you're going through America to get to another country's websites? For those of you in Europe, you should try doing a traceroute to a website in Japan and look at the IPs and machine names you go through to get there. Because the Internet was created by the US, they wield a huge control over where much of that traffic is directed, and which is I might add, why the US will probably never relinquish control of the Internet over to an international body.
But, you might say, how could the NSA possibly monitor every ISP in North America? Well, the answer is they wouldn't. There are far too many ISPs for the NSA to look at, but then, they don't need to look at every ISP. Here's where knowing how the Internet is structured helps. There are key areas of the Internet known as Internet Exchange Points in which all providers can meet to exchange their traffic with other providers. It increases speed on the network and in theory lowers costs. Nearly all this infrastructure in the US is privately owned and there are a few major players which also hold multi-billion dollar contracts with the US Government. One that comes to mind is MCI and their MAE facilities. And don't think for one minute that MCI wouldn't cooperate with the NSA without a warrant. They are not going to jeopardize those lucrative US government contracts for freedom and Constitutional rights. On the flip side, if MCI performs their services to the NSA in a way that I'm familiar with, then the war is over and the terrorists have already won.
As for the Internet Exchange Points (IXP), Wikipedia defines them as thus:
"An Internet Exchange Point (IXP for short) is a physical infrastructure that allows different Internet Service Providers (ISPs) to exchange Internet traffic between their networks (autonomous systems) by means of mutual peering agreements, which allow traffic to be exchanged without cost. IXPs are typically used by ISPs to reduce the amount of traffic needing to be carried on their respective upstream providers, at a cost; furthermore, they are used to increase efficiency and fault-tolerance."
You can go to Wikipedia and do a search on this subject to bring up more information on it; I'm not going to repeat it here. However, their site and other websites I came across mention these players as being the largest in the business:
1. Switch And Data
2. MCI (MAE East, Central, and West)
3. Equinix
4. AADS (SBC Communications in Chicago)
5. Telehouse
6. Cryptome.org reports that another key IXP is run by Sprint and is located at 4101 Maple Avenue, Merchantville, NJ. You can view Cryptome's Report on this facility at their website.
These companies provide a good chunk of the Internet Exchange Points in the Continental US. It is at some or all of these sites that I would suspect that the NSA would hang a Carnivore-like system, although much more sophisticated than the FBI's lame version, in order to capture all the traffic being exchanged at these points. For this project, I look at slightly less than 40 of these facilities. I probably missed some and some of the facilites I added into the survey may not play any role whatsoever in NSA eavesdropping, should my premise be correct. I will also be just looking at US North American facilities. The reader should be aware that there are major IXPs all over the world, but especially in close US allied countries like Great Britain, Canada, Australia, and New Zealand that may also play a part in Internet monitoring activities by the NSA.
The IXPs tend to be very secure facilities. In 2003 The Vulnerabilities Task Force Report for Internet Peering Security came to the following conclusions about attacks on the IXPs:
- Because of the number and geographic diversity of NAPs and the multiple means of interconnection available to ISPs, it is unlikely that the physical destruction of any single NAP, or even several NAPs, would impair Internet functionality.
- The loss of a private peering point would probably affect Internet traffic flow only for customers of those ISPs exchanging traffic at that peering point and impact only customers' facilities located within the immediate area of the peering point.
- If a physical attack were the method of choice, only a well-coordinated attack on numerous NAPs and private peering points distributed across the United States could impair overall Internet operations. Such a substantial attack would be very difficult to plan and implement and require a large amount of resources.
- An organization's Internet service is at higher risk of disruption if its ISP routes traffic exclusively through a single NAP or private peering point.
- Overall Internet functionality is probably much more vulnerable to a logical attack than to a large-scale, coordinated physical attack on NAPs or private peering points.
- Physical attacks on the Internet infrastructure would likely result in localized impacts to Internet traffic flow but would take longer to repair than logical attacks.
- Logical attacks could have a widespread impact on Internet operations but can be remediated in less time than a physical attack once a fix is promulgated.
--------------------------------------------------------
NSA Address:
9800 Savage Rd, Ft George Meade, MD 20755
(301)-688-6524
NSA HQ Apprx. Coords- -76.77416 39.10923
You can view the imagery for just the NSA and Lingualistek here.
Note all the cars in the parking lot. The NSA likes to claim they don't have the manpower to monitor all communications. I doubt all those cars there are Japanese tourist taking a tour of the place.
Sugar Grove, WV Listening Post Apprx. Coords- -79.28112 38.508415
Yakima, WA Listening Post Apprx. Coords- -120.35732 46.68186 (14km NE of Yakima)
Here is a good website which lists most of the IXPs around the world.
Here is an article which talks about the NSA moving their personnel out of Ft Meade and to other parts of the country to prevent a 9/11 style attack on their operations. But because things tend to disappear off the web, I recreate the article in its entirety. The article is from the Denver Post Online website:
By Mike Soraghan and Aldo Svaldi
Denver Post Staff Writers
Washington The National Security Agency, the country's largest and most secretive intelligence service, says it is moving some operations to the Denver area.
The NSA, which monitors communications around the world for the United States intelligence community, confirmed the move in a statement to The Denver Post but did not say how many people would be coming to Denver, when they would arrive or where in the Denver area they would be based.
“The move of some operations into Denver is a result of NSA's decentralization of expertise from Fort Meade. This strategy better aligns support to national decision makers and combatant commanders,” the agency said in a statement attributed to NSA spokesman Don Weber.
Fort Meade is the NSA's heavily guarded headquarters in Maryland, just north of Washington.
The agency breaks codes and maintains listening posts around the world to gather intelligence on foreign governments, trade negotiators and terrorists. It has come under intense scrutiny since The New York Times revealed last year that President Bush authorized the agency to eavesdrop on Americans and others inside the United States without court authorization.
In the past year, the NSA decided to move roughly 300 staff members to a satellite operation at Buckley Air Force Base in Aurora known as the Aerospace Data Facility, said James Bamford, author of two books on the NSA, “The Puzzle Palace” and “Body of Secrets.” He didn't know if that move had been implemented yet or whether it was the same move confirmed to The Post by the NSA.
Local economic development officials have been told the NSA is coming but say they don't know where or how many people are involved, said Tom Clark, executive vice president of the Metro Denver Economic Development Corp., a regional economic development group.
“The Federal Center in Lakewood does have a significant amount of surplus space,” Clark said, making it a potential contender.
Clark called the Denver Federal Center in Lakewood a potential location, but Lakewood officials said they are working closely with General Services Administration officials on development of the federal site at West Sixth Avenue and Kipling Street and have heard nothing of intelligence agencies.
“We meet regularly with the GSA and there haven't been people in trenchcoats and sunglasses,” said Lakewood City Manager Mike Rock. “They would tell us, or tell us they couldn't tell us.”
Only 7 percent of the NSA's workforce, estimated at somewhere between 20,000 and 40,000, now works outside the Washington area. According to press accounts, the agency wants to expand outside of Washington, basing 20 percent of its staff elsewhere by 2011.
“It worried people after 9/11 how vulnerable they were” at Fort Meade, Bamford said. “Everybody's right together in this big open area. From the air it's extremely vulnerable.”
In recent years, the NSA has moved some operations to Fort Gordon, Ga., and San Antonio. At San Antonio, the NSA is expected to add 3,000 new employees and spend tens of millions on construction, the San Antonio Express-News has reported.
NSA generally moves to places where it already has facilities or operations.
Bamford noted that Denver makes sense as a location because it's close to North American Aerospace Defense Command in Colorado Springs, the “golf ball” spy satellite operations at Buckley and satellite contractors in the Denver suburbs.
It was disclosed last year that the CIA plans to move its domestic operations division to the Denver Federal Center.
“It sounds like Colorado is becoming the new center for intelligence activities out of Washington,” Bamford said.
An NSA presence in Denver would not necessarily make it more likely that people in Colorado would be spied upon, Bamford said. But it would mean more people living in the metro area who won't say what they do, beyond agency instructions to tell people in conversation that they work for the Department of Defense.
--------------------------------------------------
NSA Mailservers- jazzdrum.ncsc.mil, jazzhorn.ncsc.mil
Their website has an IP address of 12.110.110.204, which I must add, is probably the worst designed website for a government agency I've ever come across. And that's after looking at the Bureau of Prisons website. This IP falls within an address space assigned to Lingualistek (12.110.110.192-12.110.110.255). This company has been caught a few times putting cookies that don't expire until 2035 on visitors' machines, even though it's clearly against Federal guidelines. They claim to be a software technology development company, while at the same time providing foreign language translators for businesses. What an odd combination for a business model. Why hasn't Microsoft pursued this angle? Hint...Hint. And I can find no information of any companies they have as clients, save these- the NSA and Department of Defense. Most software development companies like to brag who they've done work for. The company's website says that they are woman-owned, minority-owned, and veteran-owned.
Here are their company addresses:
Corporate Headquarters
9861 Broken Land Parkway
Suite 300
Columbia, MD 21046
Phone (410) 953-0300
Fax (410) 953-8114
Toll Free (877) 215-7875
Apprx. Coords- -76.84904 39.18557
LinguaLISTek Training Center (LTC)
7100 Columbia Gateway Drive
Suite 150
Columbia, MD 21046
Phone (443) 539-0884
Fax (443) 539-0887
Apprx. Coords- -76.80941 39.17538
Texas Office
7323 Highway 90 West
Suite 500
San Antonio, Texas 78227
Phone (210) 674-1155
Fax (210) 674-1166
Apprx. Coords- -98.63410 29.40218
From this article, we learn that this company was founded by Elizabeth Rendon in 1997. It also states that many (probably all) of the clients are DOD-related. And here is an interview she did back in Sep 2005. Why do I get the feeling she is more than just a civilian CEO? And I find it interesting that the NSA also moved some of their employees to San Antonio as well. What a conincidence. By the way, she also has employees in Georgia, which mirrors the NSA's moves in the Denver Post article. How odd. I'll bet Lingualistek opens an office in Denver soon.
Okay, enough about her. Getting back to the NSA, their mail servers are hosted by ncsc.mil, or the National Computer Security Center. Their physical address is listed at NSA's address in Ft. Meade, and they have the entire range: 144.51.0.0-144.51.255.255. From this website:
"The National Computer Security Center (NCSC) is a U.S. government organization within the National Security Agency (NSA) that evaluates computing equipment for high security applications to ensure that facilities processing classified or other sensitive material are using trusted computer systems and components. NCSC was founded in 1981 as the Department of Defense Computer Security Center and changed to its current name in 1985. The organization works with industry, education, and government agency partners to promote research and standardization efforts for secure information system development. The NCSC also functions in an educational capacity to disseminate information about issues surrounding secure computing, most significantly through its annual National Information Systems Security Conference.
The NCSC's computer evaluation program is carried out by another NSA organization, the Trusted Product Evaluation Program (TPEP), which tests commercial products against a comprehensive set of security-related criteria. NCSC issued the first Department of Defense (DoD) Trusted Computer System Evaluation Criteria (TCSEC) in August, 1983. The document, more commonly referred to as the "orange book," was reissued in 1985 as a DoD standard that included the stated goals of providing manufacturers with security-related standards regarding features for inclusion in products, and providing DoD components with information about security metrics for the evaluation of trust levels to be accorded various products used for processing sensitive material."
------------------------------------------------------------------
From HowStuffWorks.com about the Carnivore Program:
"Carnivore was the third generation of online-detection software used by the FBI. While information about the first version has never been disclosed, many believe that it was actually a readily available commercial program called Etherpeek.
In 1997, the FBI deployed the second generation program, Omnivore. According to information released by the FBI, Omnivore was designed to look through e-mail traffic travelling over a specific Internet service provider (ISP) and capture the e-mail from a targeted source, saving it to a tape-backup drive or printing it in real-time. Omnivore was retired in late 1999 in favor of a more comprehensive system, the DragonWare Suite, which allowed the FBI to reconstruct e-mail messages, downloaded files or even Web pages.
DragonWare contained three parts:
* Carnivore - A Windows NT/2000-based system that captures the information
* Packeteer - No official information released, but presumably an application for reassembling packets into cohesive messages or Web pages
* Coolminer - No official information released, but presumably an application for extrapolating and analyzing data found in the messages
As you can see, officials never released much information about the DragonWare Suite, nothing about Packeteer and Coolminer and very little detailed information about Carnivore. But we do know that Carnivore was basically a packet sniffer, a technology that is quite common and has been around for a while.
How Carnivore Works-
- A court grants the request for a full content-wiretap of e-mail traffic only and issues an order.
A term used in telephone surveillance, "content-wiretap" means that everything in the packet can be captured and used. The other type of wiretap is a trap-and-trace, which means that the FBI can only capture the destination information, such as the e-mail account of a message being sent out or the Web-site address that the suspect is visiting. A reverse form of trap-and-trace, called pen-register, tracks where e-mail to the suspect is coming from or where visits to a suspect's Web site originate.
- The FBI contacts the suspect's ISP and requests a copy of the back-up files of the suspect's activity.
- The ISP does not maintain customer-activity data as part of its back-up.
- The FBI sets up a Carnivore computer at the ISP to monitor the suspect's activity. The computer consists of:
* A Pentium III Windows NT/2000 system with 128 megabytes (MB) of RAM
* A commercial communications software application
* A custom C++ application that works in conjunction with the commercial program above to provide the packet sniffing and filtering
* A type of physical lockout system that requires a special passcode to access the computer (This keeps anyone but the FBI from physically accessing the Carnivore system.)
* A network isolation device that makes the Carnivore system invisible to anything else on the network (This prevents anyone from hacking into the system from another computer.)
* A 2-gigabyte (GB) Iomega Jaz drive for storing the captured data (The Jaz drive uses 2-GB removable cartridges that can be swapped out as easily as a floppy disk.)
- The FBI configures the Carnivore software with the IP address of the suspect so that Carnivore will only capture packets from this particular location. It ignores all other packets.
- Carnivore copies all of the packets from the suspect's system without impeding the flow of the network traffic.
- Once the copies are made, they go through a filter that only keeps the e-mail packets. The program determines what the packets contain based on the protocol of the packet. For example, all e-mail packets use the Simple Mail Transfer Protocol (SMTP).
- The e-mail packets are saved to the Jaz cartridge.
- Once every day or two, an FBI agent visits the ISP and swaps out the Jaz cartridge. The agent takes the retrieved cartridge and puts it in a container that is dated and sealed. If the seal is broken, the person breaking it must sign, date and reseal it -- otherwise, the cartridge can be considered "compromised."
- The surveillance cannot continue for more than a month without an extension from the court. Once complete, the FBI removes the system from the ISP.
- The captured data is processed using Packeteer and Coolminer.
- If the results provide enough evidence, the FBI can use them as part of a case against the suspect.
Obligatory line to keep Geocities from deleting project- 493775897293749