|
Comment on this article |
View comments |
Email this Article
|
|
News :: Civil & Human Rights : Crime & Police : Government Secrecy : Labor : Regime |
|
AT&T Whistle-Blower's Evidence |
Current rating: 0 |
by via Wired
(No verified email address) |
17 May 2006
|
Former AT&T technician Mark Klein is the key witness in the Electronic Frontier Foundation's class-action lawsuit against the company, which alleges that AT&T illegally cooperated in an illegal National Security Agency domestic-surveillance program.
In this recently surfaced statement, Klein details his discovery of an alleged surveillance operation in an AT&T office in San Francisco, and offers his interpretation of company documents that he believes support his case.
For its part, AT&T is asking a federal judge to keep those documents out of court, and to order the EFF to return them to the company. Here Wired News presents Klein's statement in its entirety, along with select pages from the AT&T documents |
Former AT&T technician Mark Klein is the key witness in the Electronic Frontier Foundation's class-action lawsuit against the company, which alleges that AT&T illegally cooperated in an illegal National Security Agency domestic-surveillance program.
In this recently surfaced statement, Klein details his discovery of an alleged surveillance operation in an AT&T office in San Francisco, and offers his interpretation of company documents that he believes support his case.
For its part, AT&T is asking a federal judge to keep those documents out of court, and to order the EFF to return them to the company. Here Wired News presents Klein's statement in its entirety, along with select pages from the AT&T documents.
AT&T's Implementation of NSA Spying on American Citizens
31 December 2005
I wrote the following document in 2004 when it became clear to me that AT&T, at the behest of the National Security Agency, had illegally installed secret computer gear designed to spy on internet traffic. At the time I thought this was an outgrowth of the notorious Total Information Awareness program which was attacked by defenders of civil liberties. But now it's been revealed by The New York Times that the spying program is vastly bigger and was directly authorized by President Bush, as he himself has now admitted, in flagrant violation of specific statutes and constitutional protections for civil liberties. I am presenting this information to facilitate the dismantling of this dangerous Orwellian project.
AT&T Deploys Government Spy Gear on WorldNet Network
-- 16 January, 2004
In 2003 AT&T built "secret rooms" hidden deep in the bowels of its central offices in various cities, housing computer gear for a government spy operation which taps into the company's popular WorldNet service and the entire internet. These installations enable the government to look at every individual message on the internet and analyze exactly what people are doing. Documents showing the hardwire installation in San Francisco suggest that there are similar locations being installed in numerous other cities.
The physical arrangement, the timing of its construction, the government-imposed secrecy surrounding it, and other factors all strongly suggest that its origins are rooted in the Defense Department's Total Information Awareness (TIA) program which brought forth vigorous protests from defenders of constitutionally protected civil liberties last year:
"As the director of the effort, Vice Adm. John M. Poindexter, has described the system in Pentagon documents and in speeches, it will provide intelligence analysts and law enforcement officials with instant access to information from internet mail and calling records to credit card and banking transactions and travel documents, without a search warrant." The New York Times, 9 November 2002
To mollify critics, the Defense Advanced Research Projects Agency (Darpa) spokesmen have repeatedly asserted that they are only conducting "research" using "artificial synthetic data" or information from "normal DOD intelligence channels" and hence there are "no U.S. citizen privacy implications" (Department of Defense, Office of the Inspector General report on TIA, December 12, 2003). They also changed the name of the program to "Terrorism Information Awareness" to make it more politically palatable. But feeling the heat, Congress made a big show of allegedly cutting off funding for TIA in late 2003, and the political fallout resulted in Adm. Poindexter's abrupt resignation last August. However, the fine print reveals that Congress eliminated funding only for "the majority of the TIA components," allowing several "components" to continue (DOD, ibid). The essential hardware elements of a TIA-type spy program are being surreptitiously slipped into "real world" telecommunications offices.
In San Francisco the "secret room" is Room 641A at 611 Folsom Street, the site of a large SBC phone building, three floors of which are occupied by AT&T. High-speed fiber-optic circuits come in on the 8th floor and run down to the 7th floor where they connect to routers for AT&T's WorldNet service, part of the latter's vital "Common Backbone." In order to snoop on these circuits, a special cabinet was installed and cabled to the "secret room" on the 6th floor to monitor the information going through the circuits. (The location code of the cabinet is 070177.04, which denotes the 7th floor, aisle 177 and bay 04.) The "secret room" itself is roughly 24-by-48 feet, containing perhaps a dozen cabinets including such equipment as Sun servers and two Juniper routers, plus an industrial-size air conditioner.
The normal work force of unionized technicians in the office are forbidden to enter the "secret room," which has a special combination lock on the main door. The telltale sign of an illicit government spy operation is the fact that only people with security clearance from the National Security Agency can enter this room. In practice this has meant that only one management-level technician works in there. Ironically, the one who set up the room was laid off in late 2003 in one of the company's endless "downsizings," but he was quickly replaced by another.
Plans for the "secret room" were fully drawn up by December 2002, curiously only four months after Darpa started awarding contracts for TIA. One 60-page document, identified as coming from "AT&T Labs Connectivity & Net Services" and authored by the labs' consultant Mathew F. Casamassima, is titled Study Group 3, LGX/Splitter Wiring, San Francisco and dated 12/10/02. (See sample PDF 1-4.) This document addresses the special problem of trying to spy on fiber-optic circuits. Unlike copper wire circuits which emit electromagnetic fields that can be tapped into without disturbing the circuits, fiber-optic circuits do not "leak" their light signals. In order to monitor such communications, one has to physically cut into the fiber somehow and divert a portion of the light signal to see the information.
This problem is solved with "splitters" which literally split off a percentage of the light signal so it can be examined. This is the purpose of the special cabinet referred to above: Circuits are connected into it, the light signal is split into two signals, one of which is diverted to the "secret room." The cabinet is totally unnecessary for the circuit to perform -- in fact it introduces problems since the signal level is reduced by the splitter -- its only purpose is to enable a third party to examine the data flowing between sender and recipient on the internet.
The above-referenced document includes a diagram (PDF 3) showing the splitting of the light signal, a portion of which is diverted to "SG3 Secure Room," i.e., the so-called "Study Group" spy room. Another page headlined "Cabinet Naming" (PDF 2 -- http://blog.wired.com/images/nsadocs1_f.jpg) lists not only the "splitter" cabinet but also the equipment installed in the "SG3" room, including various Sun devices, and Juniper M40e and M160 "backbone" routers. PDF file 4 shows one of many tables detailing the connections between the "splitter" cabinet on the 7th floor (location 070177.04) and a cabinet in the "secret room" on the 6th floor (location 060903.01). Since the San Francisco "secret room" is numbered 3, the implication is that there are at least several more in other cities (Seattle, San Jose, Los Angeles and San Diego are some of the rumored locations), which likely are spread across the United States.
One of the devices in the "Cabinet Naming" list is particularly revealing as to the purpose of the "secret room": a Narus STA 6400. Narus is a 7-year-old company which, because of its particular niche, appeals not only to businessmen (it is backed by AT&T, JP Morgan and Intel, among others) but also to police, military and intelligence officials. Last November 13-14, for instance, Narus was the "Lead Sponsor" for a technical conference held in McLean, Virginia, titled "Intelligence Support Systems for Lawful Interception and Internet Surveillance." Police officials, FBI and DEA agents, and major telecommunications companies eager to cash in on the "war on terror" had gathered in the hometown of the CIA to discuss their special problems. Among the attendees were AT&T, BellSouth, MCI, Sprint and Verizon. Narus founder, Dr. Ori Cohen, gave a keynote speech. So what does the Narus STA 6400 do?
"The (Narus) STA Platform consists of stand-alone traffic analyzers that collect network and customer usage information in real time directly from the message.... These analyzers sit on the message pipe into the ISP (internet service provider) cloud rather than tap into each router or ISP device" (Telecommunications magazine, April 2000). A Narus press release (1 Dec., 1999) also boasts that its Semantic Traffic Analysis (STA) technology "captures comprehensive customer usage data ... and transforms it into actionable information.... (It) is the only technology that provides complete visibility for all internet applications."
To implement this scheme, WorldNet's high-speed data circuits already in service had to be rerouted to go through the special "splitter" cabinet. This was addressed in another document of 44 pages from AT&T Labs, titled "SIMS, Splitter Cut-In and Test Procedure," dated 01/13/03 (PDF 5-6). "SIMS" is an unexplained reference to the secret room. Part of this reads as follows:
"A WMS (work) Ticket will be issued by the AT&T Bridgeton Network Operation Center (NOC) to charge time for performing the work described in this procedure document....
"This procedure covers the steps required to insert optical splitters into select live Common Backbone (CBB) OC3, OC12 and OC48 optical circuits."
The NOC referred to is in Bridgeton, Missouri, and controls WorldNet operations. (As a sign that government spying goes hand-in-hand with union-busting, the entire (Communication Workers of America) Local 6377 which had jurisdiction over the Bridgeton NOC was wiped out in early 2002 when AT&T fired the union work force and later rehired them as nonunion "management" employees.) The cut-in work was performed in 2003, and since then new circuits are connected through the "splitter" cabinet.
Another "Cut-In and Test Procedure" document dated January 24, 2003, provides diagrams of how AT&T Core Network circuits were to be run through the "splitter" cabinet (PDF 7). One page lists the circuit IDs (http://blog.wired.com/images/nsadocs2_f.jpg) of key Peering Links which were "cut-in" in February 2003 (PDF 8), including ConXion, Verio, XO, Genuity, Qwest, PAIX, Allegiance, AboveNet, Global Crossing, C&W, UUNET, Level 3, Sprint, Telia, PSINet and Mae West. By the way, Mae West is one of two key internet nodal points in the United States (the other, Mae East, is in Vienna, Virginia). It's not just WorldNet customers who are being spied on -- it's the entire internet.
The next logical question is, what central command is collecting the data sent by the various "secret rooms"? One can only make educated guesses, but perhaps the answer was inadvertently given in the DOD Inspector General's report (cited above):
"For testing TIA capabilities, Darpa and the U.S. Army Intelligence and Security Command (INSCOM) created an operational research and development environment that uses real-time feedback. The main node of TIA is located at INSCOM (in Fort Belvoir, Virginia)…."
Among the agencies participating or planning to participate in the INSCOM "testing" are the "National Security Agency, the Defense Intelligence Agency, the Central Intelligence Agency, the DOD Counterintelligence Field Activity, the U.S. Strategic Command, the Special Operations Command, the Joint Forces Command and the Joint Warfare Analysis Center." There are also "discussions" going on to bring in "non-DOD federal agencies" such as the FBI.
This is the infrastructure for an Orwellian police state. It must be shut down!
© Copyright 2006, Lycos, Inc.
http://www.wired.com/ |
Copyright by the author. All rights reserved. |
Comments
|
Re: AT&T Whistle-Blower's Evidence |
by more
(No verified email address) |
Current rating: 0
17 May 2006
|
Lots more on this developing story the government is actively trying to shut down at Cryptome:
http://www.cryptome.org/ |
|
Stumbling Into a Spy Scandal |
by Ryan Singel
(No verified email address) |
Current rating: 0
17 May 2006
|
When former AT&T technician Mark Klein learned of a secret room installed in the company's San Francisco internet switching center, he was certain he had stumbled onto the Total Information Awareness program, a Defense Department research project that intended to scour databases across the country for telltale signs of terrorists.
Though the program had mostly been terminated by Congress in September 2003, portions of the program were allowed to continue.
Klein believed he had found these remnants, according to a written statement by Klein acquired by Wired News. AT&T built the secret room in 2003 and wired it up to receive a copy of the internet traffic running through its fiber-optic network, according to Klein's statement and accompanying documents. Inside the room, AT&T had installed routers, Sun Microsystems servers and traffic-analysis software from a company called Narus.
One of the documents appears to describe AT&T's successful efforts to tap into 16 fiber-optic cables connecting the company's WorldNet internet backbone to other internet service providers. The document shows AT&T technicians phasing in fiber-optic splitters throughout February 2003, cutting them in four at a time on a weekly schedule, ending with a link to Mae West, an internet exchange point for West Coast traffic.
"It's not just WorldNet customers who are being spied on," Klein wrote.
"The essential hardware elements of a (Total Information Awareness)-type spy program are being surreptitiously slipped into 'real world' telecommunications offices," Klein wrote, referring to "secret rooms" in central offices across the country that Klein believed contained "computer gear for a government spy operation which taps into the company's popular WorldNet service and the entire internet."
At times, Klein comes across as unhappy with AT&T, making a pointed reference to company downsizing and grumbling about union workers being prohibited from working in the secret rooms.
In December 2005, following The New York Times' revelation -- and government confirmation -- that the National Security Agency was engaged in warrantless surveillance of Americans' overseas calls, and e-mails to and from people suspected of ties to al-Qaida, Klein revised his thesis.
"But now it's been revealed by The New York Times that the spying program is vastly bigger and was directly authorized by President Bush, as he himself has now admitted, in flagrant violation of specific statutes and constitutional protections for civil liberties," Klein wrote. "I am presenting this information to facilitate the dismantling of this dangerous Orwellian project."
Klein noted that only persons with a clearance from the NSA could enter this room.
Included in Klein's statement are snippets of wiring diagrams stamped "AT&T Proprietary," several photos of Room 641A in AT&T's switching center at 611 Folsom St., and copies of web pages showing that Narus had sponsored a 2003 conference where industry and law enforcement discussed internet surveillance and phone wiretapping.
Klein showed up at the Electronic Frontier Foundation unannounced in late January with documents in hand. At the time, the EFF was already preparing a class-action lawsuit against AT&T for allegedly turning over customer phone-record data to the NSA -- relying on reporting from the Los Angeles Times about AT&T giving the NSA access to a phone-record database with 1.88 trillion entries.
The EFF later filed an affidavit from Klein, along with the full wiring documents and an evaluation of those documents by a former FCC internet specialist, under temporary seal in U.S. District Court. AT&T has told the court it wants the documents returned, and both parties will argue their positions before U.S. District Court Judge Vaughn Walker in San Francisco on Wednesday.
Several high-level network experts who reviewed the documents, which Klein has provided to civil liberties groups and The New York Times, say the pages may not be the smoking gun that Klein believes them to be.
One network expert familiar with AT&T's internet operations suggests that Klein may have simply stumbled upon an effort to monitor internet traffic for security threats, abnormal traffic patterns and network-management issues.
He said technicians may not have known about these programs, which can be used to monitor AT&T's WorldNet internet traffic, as well as corporate networks administered by AT&T.
For example, the setup described in the documents largely resembles AT&T Internet Protect, a service that "provides valuable real-time analysis of internet traffic, which customers can use to predict and prevent malicious traffic from infecting their network," according to AT&T's website.
Steve Bellovin, a Columbia University computer science professor and a former AT&T researcher, says that the documents don't contradict Klein's accusation that this is an NSA-related operation, but they also don't prove the existence of widespread NSA internet monitoring, because the equipment could simply be building up a traffic matrix for internal network monitoring.
"AT&T is probably the top ISP for doing its own network analysis and measurement," Bellovin said. "A lot of that monitoring is producing the internet equivalent of the call-detail-record databases that all the phone companies, except Qwest, are alleged to have given to NSA. This is the internet equivalent at the IP address level. If A is talking to B at the IP address level, this will show you connectivity patterns.
"Much of this stuff the documents describe is 100 percent innocent. The suspicious part is the business about security clearances rather than the equipment," Bellovin said.
A third networking researcher familiar with internet and telecommunications networks who spoke on condition of anonymity echoes Bellovin's analysis.
"What is clear from these documents is that all of the traffic going on the fiber-optics links is being copied into this other room," the researcher said. "The question is why would you want to do this? One obvious conclusion is you might want to do it to turn it over to government, but by themselves, these documents don't definitely say that is what happened. The other reason you might want to do something like this is for network monitoring.
"The much more interesting stuff is the Narus box," the researcher added. "That stuff is incredibly computationally powerful and can do kinds of filtering on very high-bandwidth traffic. That does make it very suitable for pushing NSA surveillance into the edges of the network so they can pick off the stuff they are interested in.
"The big unanswered question is what happens to that data," he said. The documents would be a smoking gun "if there were another picture in the diagram showing another fiber-optic link to Fort Meade (NSA's headquarters), but as far as I can tell that's not there."
For its part, Narus says it can't confirm or deny Klein's allegations. But AT&T is an announced customer, according to Steve Bannerman, Narus' vice president of marketing and product management.
Narus' traffic processing enables ISPs to monitor traffic for billing and service reasons, secure their networks and comply with lawful interception requirements such as the Communications Assistance for Law Enforcement Act, or CALEA.
The company also has little to no knowledge of how a customer uses or extends the software's functions.
"We take great pains to build into the product the ability to manage those warrants so you don't accidentally target a user for longer than the warrant specifies," Bannerman said. "However, once a user installs our product, it's completely opaque to us if they actually type in a warrant."
The EFF hopes Klein's statement, along with the full documents it has filed with the court, persuade the judge it has a good-faith reason to believe AT&T is violating the law. If the court agrees with EFF, and decides not to honor the government's request to dismiss the suit for national security reasons, EFF would be able to obtain further documents through the discovery process.
For its part, AT&T says it vigorously defends its customers' privacy, though it has not directly contradicted Klein's accusations.
"If and when AT&T is asked by government agencies for help, we do so strictly within the law and under the most stringent conditions," reads a statement released by AT&T. "Beyond that, we can't comment on matters of national security. This is a national security issue and needs to be addressed on a national level."
AT&T plans to ask that the courtroom be cleared of observers for Wednesday's 10 a.m. hearing, according to the EFF.
© Copyright 2006, Lycos, Inc.
http://www.wired.com/ |
|
