Sprint did this as well starting in the mid to late 90's but covering a much deeper/wider data set. for hypothetical example, mobile phones add much more richness/detail at this scale when you consider the location tracking aspects of monitoring radio signal levels, cell tower associations (with associated GIS attributes) and hand off / interpolation with multiple towers to get within a few hundred meters or better. they tapped their fiber at the backbone peering / termination points. company line was "monitoring packet headers/circuit|path ids only, for routing optimization only, for a brief period of time only". (yes, that means voice, data, leased optical circuits, all of it) the under reported capabilities and extensive secrecy around this project indicated other uses and other "collaborators" to assist with processing and collection. like anonymous hero in the story below calling out att i'm not going into much detail (NDA's aren't the only stick they can beat you with, heh). keep digging all you guys/gals, this story just gets nastier the deeper you look... and keep blowing those whistles; we need some real accountability and this "legalize it in retrospect" / "classify and compartmentalize it into deep black" bullshit doesn't cut it. (just be careful when you do so, and that goes for reporters who receive the info - see the previous post about holding reporters liable for merely possessing classified materials) [[ i'm one of a small set of people who has been through a tour of the Sprint world network headquarters / technical operations center and salivated over the equipment present (not the new campus, not the old HQ, it's below ground, and you either know what i'm talking about or don't. i never got to see the geographic fail-over location but it had to be just as impressive. a nuke in this facility, the nerve core of sprint enterprise, and you had recovery on the order of seconds via this redundant remote "hot backup" data center. it still makes me go 'wow' this many years later. the raw technology located here, and the processing it was capable of doing, coupled with the fact that collection and subsequent analysis was distributed and comprised centers like this one and others meant public estimates of what was "possible to tap and process" at the global level for even an NSA style adversary were almost always grossly underestimated. the closer you got to ballpark, the more likely such scenarios were publicly declared "tin foil hat paranoia" :) NOTE: to the corporate legal departments, TLA spooks: all of the above information is public in some form or another given enough digging; please don't interpret this as proprietary or classified. and please don't send the white vans for remote technical surveillance like FBI Infragard over the wireless security debacle; i'm no dummy. (Hi Mary! i'm still waiting for that apology...) ]] P.S. who is going to start an open public/community driven data mining program to perform knowledge discovery against our tax payer funded entities and public corporations and those who serve them? large scale decentralized / distributed computing is possible these days with broadband and gaming boxes laying aplenty across this nation. perhaps if accountability will not be enforced by those in power charged with doing so a more grass roots approach is appropriate... P.P.S is this funny / amusing (funsec) in a dark humor (haha, we got so pwn'ed!) kinda way? *grin* ok, enough parens and commentary. i've spoken my mind and said my peace. ---------- Forwarded message ---------- From: Richard M. Smith <rms@bsf-llc.com> Date: Feb 25, 2006 6:36 AM Subject: [funsec] AT&T's database of 1.92 trillion phone calls To: funsec@linuxbox.org http://www.nytimes.com/2006/02/25/technology/25data.html?_r=1&oref=slogin Taking Spying to Higher Level, Agencies Look for More Ways to Mine Data ... He was alluding to databases maintained at an AT&T data center in Kansas, which now contain electronic records of 1.92 trillion telephone calls, going back decades. The Electronic Frontier Foundation, a digital-rights advocacy group, has asserted in a lawsuit that the AT&T Daytona system, a giant storehouse of calling records and Internet message routing information, was the foundation of the N.S.A.'s effort to mine telephone records without a warrant. An AT&T spokeswoman said the company would not comment on the claim, or generally on matters of national security or customer privacy. But the mining of the databases in other law enforcement investigations is well established, with documented results. One application of the database technology, called Security Call Analysis and Monitoring Platform, or Scamp, offers access to about nine weeks of calling information. It currently handles about 70,000 queries a month from fraud and law enforcement investigators, according to AT&T documents. A former AT&T official who had detailed knowledge of the call-record database said the Daytona system takes great care to make certain that anyone using the database - whether AT&T employee or law enforcement official with a subpoena - sees only information he or she is authorized to see, and that an audit trail keeps track of all users. Such information is frequently used to build models of suspects' social networks. The official, speaking on condition of anonymity because he was discussing sensitive corporate matters, said every telephone call generated a record: number called, time of call, duration of call, billing category and other details. While the database does not contain such billing data as names, addresses and credit card numbers, those records are in a linked database that can be tapped by authorized users. New calls are entered into the database immediately after they end, the official said, adding, "I would characterize it as near real time." According to a current AT&T employee, whose identity is being withheld to avoid jeopardizing his job, the mining of the AT&T databases had a notable success in helping investigators find the perpetrators of what was known as the Moldovan porn scam. In 1997 a shadowy group in Moldova, a former Soviet republic, was tricking Internet users by enticing them to a pornography Web site that would download a piece of software that disconnected the computer user from his local telephone line and redialed a costly 900 number in Moldova. While another long-distance carrier simply cut off the entire nation of Moldova from its network, AT&T and the Moldovan authorities were able to mine the database to track the culprits. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.