NSA, AT&T and the NarusInsight Intercept Suite

June 14th, 2007

In the Ugly Truth About Online Anonymity, I wrote:

There are dozens of off the shelf products that you would swear were designed for use by intelligence agencies, but they’re routinely peddled to—and used by—corporations. If corporations have and use these surveillance capabilities, what are the intelligence agencies running on the service providers’ networks? I’ll be buggered if I know, but I know it’s not good.


What are the intelligence agencies running on the service providers’ networks?

Today, EFF released unredacted court documents related to the ATT/NSA intercept case.

I don’t know how to express this in a way that fully conveys my utter astonishment that these documents are publicly available in their entirety. If there is a more riveting and technically revealing account of recent NSA IP intercept operations out there, I’d like to know about it.

This is arcane information. But… For those of you who want names, model numbers, techniques, and locations all related to how, IN FACT, They are watching EVERYTHING we are doing online, this is it.

The only reason this is public is because Mark Klein, an ATT engineer who participated in building the secret NSA infrastructure, outed it. There can be no idiotic commentary about “conspiracy theories” or “paranoia” with this. These are court documents containing information provided under penalty of perjury by an eye witness and participant in the operation. The expert analysis provided by J. Scott Marcus–which was just unsealed today—is shocking. For those of us who just knew this was happening, but couldn’t put our fingers on how, well, now we know.

I’ve followed publicly available information on NSA for about fifteen years and I’ve never seen anything like this. The capabilities of this system are awesome and terrifying.

When you read J. Scott Marcus’ analysis, it will become very clear to you why NSA and ATT wanted that thing sealed.

So, how does NSA do it?

A company called Narus has developed the NarusInsight Intercept Suite: a purpose built network surveillance system that is capable of analyzing (in real time) ALL of the data passing through the largest network nodes in existence. This system is capable of applying sophisticated targeting rules to the traffic, as well as recording entire, individual sessions for later analysis. According to the Narus website:

These capabilities include playback of streaming media (i.e. VoIP), rendering of web pages, examination of e-mail and the ability to analyze the payload/attachments of e-mail or file transfer protocols. Narus partner products offer the ability to quickly analyze information collected by the Directed Analysis or Lawful Intercept modules. When Narus partners’ powerful analytic tools are combined with the surgical targeting and real-time collection capabilities of Directed Analysis and Lawful Intercept modules, analysts or law enforcement agents are provided capabilities that have been unavailable thus far.

How many nodes?

Unknown, but according to Mark Klein in his Declaration in Support of Plaintiffs’ Motion for Preliminary Injunction:

In the course of my employment, I was required to connect new circuits to the “splitter cabinet” and get them up and running. While working on a particularly difficult one with another AT&T technician, I learned that other such “splitter cabinets” were being installed in other cities, including Seattle, San Jose, Los Angeles and San Diego.

That, in a nutshell, is the system that’s keeping an eye on us. It sits between the large peering nodes where different carriers’ networks come together. It searches for traffic based on tasking provided by NSA, captures it and phones it home over a private IP based optical carrier link. Where is that data winding up? Yesterday we saw information on the National Security Analysis Center, which might become the repository for the longer term storage of the information that is captured from this and other surveillance operations.

Are They building electronic dossiers on as many of us as they can? I don’t know, but it sure looks that way.

Wouldn’t you love to know what that thing was actually looking for? Which websites get you thrown on a permanent shit list? Which books? Which phrases?

Who devises the tasking orders? That’s got to be the holiest of holies. The family jewels. How many years of dedicated, vetted, zombie-like order following are required before one winds up in a position like that? How many people have access to the full tasking package?

One last point here: Look at the Narus board of directors. At the top we find William P. Crowell. In addition to a long list of black bag related jobs, he was Deputy Director of Operations and Deputy Director of, that’s right, the U.S. National Security Agency.

What other interesting stuff is out there on this matter? That might be a fun project for some of you younger whipper snappers out there to fathom out. If you find something interesting, leave a comment.

Via: EFF:

Whistleblower Declaration and Other Key Documents Released to Public

San Francisco – More documents detailing secret government surveillance of AT&T’s Internet traffic have been released to the public as part of the Electronic Frontier Foundation’s (EFF’s) class-action lawsuit against the telecom giant.

Some of the unsealed information was previously made public in redacted form. But after negotiations with AT&T, EFF has filed newly unredacted documents describing a secret, secure room in AT&T’s facilities that gave the National Security Agency (NSA) direct access to customers’ emails and other Internet communications. These include several internal AT&T documents that have long been available on media websites, EFF’s legal arguments to the 9th Circuit, and the full declarations of whistleblower Mark Klein and of J. Scott Marcus, the former Senior Advisor for Internet Technology to the Federal Communications Commission, who bolsters and explains EFF’s evidence.

“This is critical evidence supporting our claim that AT&T is cooperating with the NSA in the illegal dragnet surveillance of millions of ordinary Americans,” said EFF Legal Director Cindy Cohn. “This surveillance is under debate in Congress and across the nation, as well as in the courts. The public has a right to see these important documents, the declarations from our witnesses, and our legal arguments, and we are very pleased to release them.”

EFF filed the class-action suit against AT&T last year, accusing the telecom giant of illegally assisting in the NSA’s spying on millions of ordinary Americans. The lower court allowed the case to proceed and the government has now asked the 9th U.S. Circuit Court of Appeals to dismiss the case, claiming that the lawsuit could expose state secrets. EFF’s newly released brief in response outlines how the case should go forward respecting both liberty and security.

“The District Court rejected the government’s attempt to sweep this case under the rug,” said EFF Senior Staff Attorney Kurt Opsahl. “This country has a long tradition of open court proceedings, and we’re pleased that as we present our case to the Court of Appeals, the millions of affected AT&T customers will be able to see our arguments and evidence and judge for themselves.”

Oral arguments in the 9th Circuit appeal are set for the week of August 13.

For the unredacted Klein declaration:

For the internal documents:

For the unredacted Marcus declaration:

For EFF’s 9th Circuit brief:

For more on the class-action lawsuit against AT&T:

17 Responses to “NSA, AT&T and the NarusInsight Intercept Suite”

  1. slomo Says:

    Last summer I attended a talk about IBM’s Blue Gene computer, where it was remarked that the supercomputer (promoted as state-of-the-art) had the processing power to be able to analyze 100 phone calls per American. That was the analogy used, although the word “analyze” was left completely vague (and the difference between a simple record and the application of sophisticated machine learning techniques could be large in terms of processing power required).

    I immediately asked myself what other computers might exist that we don’t know about, and were they in fact “analyzing” our phone calls, internet activity, etc.

    So, none of your articles on this subject come as much of a surprise to me, not even this one really.

  2. Larry Glick Says:

    As I have noted in other posts, we are now in a position where we have become our own enemy. Human nature being what it is, without question all this information being gathered to stop “terrorists” will eventually be turned against all of us. Americans need to take a proactive stance against all this. If we are all suspect anyway, and we are all, in effect, “persons of interest,” then perhaps we should give them what they want. In every e-mail we send out and every phone call to which we are a party, maybe we should mention the words jihad, infidel and Osama. Create plenty of “noise” and “chaff.” As I have said before, fill a rat’s cage with food and it will soon eat itself to death!

  3. Ed Says:

    Last year 12/01/2006 I ran across an article titled ‘Ghost in the machine, Encounters with the NSA’ by Charles Sullivan in which he spoke of his run in with the NSA. Well…, Before I came across this I had a my suspicions. On 11/17/2006 I ran a Tracert from one of my box’s to yahoo mail and was amazed. Below is a link to this article along with a snapshot of the TRACERT I ran. Go have a look. I will add that at the time I had access to a computer for only 3 years. You can learn a lot in 3 years,and not all good.

    And they call me a CONspiracy Nut….
    Who’s laughing now……..


  4. Ed Says:

    Oh I forgot to mention in my post http://cryptogon.com/?p=877#comment-8872

    At the time AT&T didnt control everything as they do now and they WERE NOT MY ISP, but now they are since the re-merger. My ISP at the time was Mediacom.

  5. fallout11 Says:

    I already do that, Larry, just for kicks.
    Semtex. Nuclear. Rapture.
    As Kevin has pointed out, anonymity is impossible (if you’ve ever paid bills or bought anything using electronic means, paid taxes, made phone calls from home, or worked anywhere they withheld taxes), we are all trapped in the Matrix.
    But hiding in plain sight is highly possible. Humans are lazy by evolution….lot of work for little reward inevitably led to starvation. There are 509,000 people on the no-fly list, yet they haven’t caught a single terrorist trying to board an aircraft yet. Why? Because the system is overloaded already. Same logic applies to this as in avoiding becoming a victim of crime.

  6. Jake Says:


    This is the NSA. Please turn yourself in to your nearest internment camp immediately. You are dangerous to our well-being.

    Thank you for your cooperation.

  7. DrFix Says:

    Traceroute doesn’t tell you everything. Sniffers can sit anywhere and anonymously sniff out all your traffic and it will NEVER show up in your log. And even if you happen to see your routes going someplace suspicious what are you going to do? Trace route every piece of communication you make? To avoid all this you’d simply have to quit using computers at all, no more phone calls, no credit cards, no electronic transactions period. Have a nice day.

  8. snorky Says:

    I guarantee it all of this is true…from my own experience. About a month ago my computer became hijacked WHEN I WAS WATCHING THE VIDEO “LOOSE CHANGE” (about the 9-11 truth movement) from “You Tube” linked from Alex Jones’s Infowars site. when I realized I was being hijacked I simply switched off the computer. I am absolutely sure the NSA had done the hijacking. Unfortunately, WildBlue, a satellite internet service, is the ONLY affordable option where I live (HughesNet is too expensive; and further, I know the installer and don’t trust those people). I don’t even have the option of dialup! Wildblue, of course, is owned by ATT. As is the phone service and the phone card we use. I will not say where I live but it is one of the most remote areas still left in the US and I have no intention of moving, to anywhere else in the US or to any other country. I posted this just to back up what the article says. My watchword is: have no fear.

  9. Matt Says:

    Zimbabwe just passed a ‘net surveillance law. (See link below). In response to critics who’re complaining that ubiquitous surveillance will be misused:

    Communications Minister Christopher Mushowe defended [the law], saying it was similar to anti-terror laws elsewhere such as in the UK, US and South Africa.

    “These are countries which are regarded as the beacons of democracy,” he said.

    Just a reminder to the “If you have nothing to hide, you shouldn’t be worried” fascist sympathizers out there: when America takes the low road, every government around the world follows. What’s happening in America should be of concern to every freedom-loving individual in the world, regardless of citizenship.


  10. Geoff T Says:

    @Ed: Traceroutes will show up some stuff, but it’s easy to intercept traffic without being detected. All an interception device has to do is not decrement the Time To Live field in the IP packet and it would not show up on a traceroute. Alternatively it could be a passive intercept at the physical layer and you’d never know.

    There’s nothing we can do to prevent this, short of a burning-torch and pitchfork revolution. The EFF’s lawsuit is commendable, but I believe ultimately futile.

    How do we get around this? It all depends if the government still has some interest in not locking up innocent citizens. (Once they can disappear people at will all bets are off). I think the way to go about it is to fly under the radar. Using encryption would raise flags (only terrorists use encryption, what are you trying to hide?), so one option is to use steganographic techniques to hide your real message in something innocent-looking. If you’re super-paranoid, your message could be conveyed as an extra full stop after a certain word in an email.

    @Larry: Dont you think putting filter-fodder such as “Death to the Infidels” is a bit risky in these days of imprisonment without charge or trial and confession by waterboarding?

  11. George Kenney Says:


    OK, the discussion over internet security is over. The internet is 100% compromised.

    Do you think it will be possible to create an outernet, with open source laptops (say linux) using extreme local encryption connecting to self-meshing wireless routers?


    It may take a few thousand hops to get to your end destination via your neighbors, but you would not need any central network.

    But you would have to design a distributed, instead of root, dns system that perhaps hashes the dns lookups across voluntary peer servers.

    And the destination server, such as bluehost, would need a connection to a peer somewhere and would need to be an uncompromised open-source system as well.

    And it would be a stretch to figure out how to connect Kevin’s local network in NZ across the ocean.

    Probably worthless even thinking about an alternative. Might was well just jump into The Oculus and accept the matrix.


  12. Tim Says:

    I read your online anonymity article and it doesn’t mention leaving your phone or other electronic devices that you use for one persona back at home when you go out using a wifi ap. Otherwise they can probably correlate which mobile phones were active at the same times and location as the source wifi point was accessed.

    Leave your phone on and update your blog via wifi and they would probably be able to single you out from one session…

    oh yeah, take the batteries out:

  13. Larry Glick Says:

    You can be sure that the powers that be using this technology are not merely after the “terrorists” (as that term has been used since 9/11). There are powerful political forces looking to find any “garbage” on their perceived competitors/enemies in the upcoming elections. This environment has driven many ethical and decent potential candidates totally out of the political arena. Now the choices are more a matter of deciding between the jackal and the hyena.

  14. Matt Savinar Says:


    LMAO that you think the NSA cares that you’re watching “Loose Change”

    Don’t get me wrong, I have no doubt everything is being tracked. But I can just about guaran-damn-tee you “THEY” don’t care if every person in America watches “Loose Change.”

  15. Ozzy "The Man" Diaz Says:

    Historically speaking, the U.S. government has frowned upon “pitchfork and torch” revolutions. This is because it has a built-in distrust of majoritarian, or populist “tyrannies,” and aims to protect “minority” rights. Of course, minority means property-holders. If you can acquire and hold property, you are more or less in the club. The holding is just as important as the getting, because the Framers also distrusted land-based, agrarian aristocracies, that were stagnant, or too traditionalist.

    This does not mean you cannot have a “revolution,” it just means that the affair will be relatively slow, uncertain, and fought on the field of ideas.

    But you cannot expect other people to do it for you. You cannot expect to witness it happen on the Internet, or see it on the TV. While “infowar” is important, it’s a waste of time if no changes manifest in the real world.

    I’ve said it before and I’ll say it again. The Internet was designed as a double-edged sword. It’s a free and open public forum. You are free to go and have discourse, and THEY are free to observe, and perhaps mess around with you. It was the same with pamphlets, newspapers, radio and TV stations.

    Therefore, one should not cringe in fear at the prospect of NSA surveillance, because it should be expected that the folks who designed the Internet would also want to regulate it. Don’t you think that your subscriptions and TV stations are monitored too? Why not?

    Now, if you are worried about privacy, I suggest you have two computers; one for surfing the Internet, and one that never gets hooked up to the Internet for doing private work. And when I say never, I mean, never. Not even for “updates,” although you could always have everything on a portable hard-drive.

    I used to think that I was going to “dissident” web-sites by going to sites like cryptogon, but historically speaking, Americans have always feared, distrusted, and hated their government, as well as other quasi-governmental institutions. There is nothing on here that hasn’t been said before; additionally, I guarantee that a lot of people in government, perhaps, dare I say it, maybe even in Their quarters, share concerns expressed here. One should always write with the idea of persuading the largest audiences. Ideas have power, regardless of their source.

  16. amanfromMars Says:

    “so one option is to use steganographic techniques to hide your real message in something innocent-looking.”

    Hmmm.As good an idea as Total Information Awareness is, and let us all assume that plugged into the Internet via any electronic device, hardwired or wireless, the NSA/SIS/FSB/DSGE/BND/…..every man and his dog is enabled to read/see what you do, after all most of you will be opening the Vista/opening the doors for them with Windows anyway [and there I was thinking that Microsoft was the boy next door made good, when all along he was a Hoovering clone] ….can waste all their time searching for info against which they can react, based upon a remote third party analysis of semantic intent supposedly implicit in a specific communication and/or a string in communications, how much simpler would it be for them to use their alleged overall IT capability to proactively push Strings of Coordinated Intelligence for others/all others to Follow.

    A much SMARTer Option, which you may tell me is already part and parcel of their Intelligence portfolio, but which would be the one which keeps failing them catastrophically presumably, given that they have lost Control of the Management of Perception because they have no Viable Creative Imagination working for them, only ITs Destructive Forces. And a much SMARTer SMARTer Option would be to Virtualise the whole IT Operation, with CyberSpace carrying Creative Vision for Inquiry and Uptake rather than Reality being the first sign of Change. If we know what is going to happen next, virtually, we can support IT, wholeheartedly in Reality if it is Intelligently Designed to be Mutually Beneficial to All and not particularly designed for anyone/anything specific….. even if IT be so Intelligently Designed to Server New World Order Programs/Programmers.

    IT would appear that there are some of them, doing a botch job of IT but laughing all the way to the Bank. But hey, don’t blame them for a shit job, whenever it is a shit job which so few know about and even fewer could even attempt to fix for it is going down the toilet on its present course/settings and that would be because of a failure of Intelligence in whomever you would think thought they were Real SMART.

    And as for Stealth, there is a certain attraction in ITs “They Think like Crazy” Department, for then you can hide everything out in the Open and Share IT Openly. If you Bait AI Hook, Masterfully, Goodness knows what Phishing will land in your lap via your laptop. ……. http://jamesstgeorge.proboards.....1181834806

    The old school may be at the Helm, pulling levers and pushing buttons, but in CyberSpace where Communication of Intelligently Designed Content and Ethereal Concepts is the Dominant Omnipotent Omniscient Force, you are a Nobody in Thrall to Nobody if you don’t Play IT for Real, Virtually.

    IT is a whole New Real Highly Sexual Game, which explains perfectly why the fat cats are slow to play. Play IT badly, and if you are hitched to a partner, you can lose more than just your shirt.

    But IT is simply solved …. if you are a Chicken …. buy in an Exotic Rooster …..to clear out the cobwebs in the Coop. Or they could always make another Coup attempts and make IT look like yet another one of their terrorist attacks….. although that would be the dumbest of dumb chickens*** hits, surely.

    Wwwe can do much Better with Beta IntelAIgents…. and IT is not as if there is no money to buy it therefore it must be low Intelligence which is stopping IT working for them.

    🙂 A Hellerish Catch 22 in an Age of 42 ….. a DNA thing which XXXXcentric British Intelligence has Crafted Steganographically…. for, well, let us just say, a Right Royal, Out of this World, Secure Communications Schannel.

    I trust you have Adequate Protection for ITs Zero Day Wwways although just like real Medicine, ITs VXXXXines are IDed to do you Good even should you not like the taste.

    I Kid U Not.


  17. bob m Says:

    we’ve discussed honeypot techniques before, with the focus on luring a ‘person of interest’ into a particular venue for surveillance, etc. while it’s been mentioned before it may be worth mentioning other honeypotting as well. the searchable databases with everyones pictures….. http://www.facebook.com/ and look, we even tell anyone with access everyone we know and associate with via a viral meme of ‘gotta have it’. socially engineered personally crafted data profiles with known associates, i wonder whether the original idea was spook related or simply an amazing boon to anyone wondering either now, or in the future about known associates. thought it worth mentioning again.

Leave a Reply

You must be logged in to post a comment.