How to Check for NSA Wire Taps

If you’re a Windows user, fire up an MS-DOS command prompt. Now type tracert followed by the domain name of the website, e-mail host, VoIP switch, or whatever destination you’re interested in. Watch as the program spits out your route, line by line.

C:\tracert nsa.gov
 
1 2 ms 2 ms 2 ms 12.110.110.204
[...]
7 11 ms 14 ms 10 ms as-0-0.bbr2.SanJose1.Level3.net [64.159.0.218]
8 13 12 19 ms ae-23-56.car3.SanJose1.Level3.net [4.68.123.173]
9 18 ms 16 ms 16 ms 192.205.33.17
10 88 ms 92 ms 91 ms tbr2-p012201.sffca.ip.att.net [12.123.13.186]
11 88 ms 90 ms 88 ms tbr1-cl2.sl9mo.ip.att.net [12.122.10.41]
12 89 ms 97 ms 89 ms tbr1-cl4.wswdc.ip.att.net [12.122.10.29]
13 89 ms 88 ms 88 ms ar2-a3120s6.wswdc.ip.att.net [12.123.8.65]
14 102 ms 93 ms 112 ms 12.127.209.214
15 94 ms 94 ms 93 ms 12.110.110.13
16 * * *
17 * * *
18 * *

In the above example provided by Wired News, traffic is jumping from Level 3 Communications to AT&T’s network in San Francisco, presumably over the OC-48 circuit that AT&T tapped on February 20th, 2003, according to the Klein docs.

The magic string you’re looking for is sffca.ip.att.net. If it’s present immediately above or below a non-att.net entry, then — by Klein’s allegations — your packets are being copied into room 641A, and from there, illegally, to the NSA.

Leave a Reply