AT&T's database of 1.92 trillion phone calls (Sprint does it too, and i'm sure they aren't the only ones)

coderman coderman at
Sat Feb 25 08:52:24 PST 2006

Sprint did this as well starting in the mid to late 90's but covering
a much deeper/wider data set.  for hypothetical example, mobile phones
add much more richness/detail at this scale when you consider the
location tracking aspects of monitoring radio signal levels, cell
tower associations (with associated GIS attributes) and hand off /
interpolation with multiple towers to get within a few hundred meters
or better.

they tapped their fiber at the backbone peering / termination points. 
company line was "monitoring packet headers/circuit|path ids only, for
routing optimization only, for a brief period of time only". (yes,
that means voice, data, leased optical circuits, all of it)

the under reported capabilities and extensive secrecy around this
project indicated other uses and other "collaborators" to assist with
processing and collection.

like anonymous hero in the story below calling out att i'm not going
into much detail (NDA's aren't the only stick they can beat you with,

keep digging all you guys/gals, this story just gets nastier the
deeper you look...

and keep blowing those whistles; we need some real accountability and
this "legalize it in retrospect" / "classify and compartmentalize it
into deep black" bullshit doesn't cut it.  (just be careful when you
do so, and that goes for reporters who receive the info - see the
previous post about holding reporters liable for merely possessing
classified materials)

i'm one of a small set of people who has been through a tour of the
Sprint world network headquarters / technical operations center and
salivated over the equipment present (not the new campus, not the old
HQ, it's below ground, and you either know what i'm talking about or
don't. i never got to see the geographic fail-over location but it had
to be just as impressive.  a nuke in this facility, the nerve core of
sprint enterprise, and you had recovery on the order of seconds via
this redundant remote "hot backup" data center. it still makes me go
'wow' this many years later.

the raw technology located here, and the processing it was capable of
doing, coupled with the fact that collection and subsequent analysis
was distributed and comprised centers like this one and others meant
public estimates of what was "possible to tap and process" at the
global level for even an NSA style adversary were almost always
grossly underestimated.  the closer you got to ballpark, the more
likely such scenarios were publicly declared "tin foil hat paranoia" 

NOTE: to the corporate legal departments, TLA spooks: all of the above
information is public in some form or another given enough digging;
please don't interpret this as proprietary or classified.  and please
don't send the white vans for remote technical surveillance like FBI
Infragard over the wireless security debacle; i'm no dummy.  (Hi Mary!
 i'm still waiting for that apology...)

P.S.  who is going to start an open public/community driven data
mining program to perform knowledge discovery against our tax payer
funded entities and public corporations and those who serve them? 
large scale decentralized / distributed computing is possible these
days with broadband and gaming boxes laying aplenty across this
nation.  perhaps if accountability will not be enforced by those in
power charged with doing so a more grass roots approach is

P.P.S is this funny / amusing (funsec) in a dark humor (haha, we got
so pwn'ed!) kinda way?  *grin*

ok, enough parens and commentary.  i've spoken my mind and said my peace.

---------- Forwarded message ----------
From: Richard M. Smith <rms at>
Date: Feb 25, 2006 6:36 AM
Subject: [funsec] AT&T's database of 1.92 trillion phone calls
To: funsec at

Taking Spying to Higher Level, Agencies Look for More Ways to Mine Data


He was alluding to databases maintained at an AT&T data center in Kansas,
which now contain electronic records of 1.92 trillion telephone calls, going
back decades. The Electronic Frontier Foundation, a digital-rights advocacy
group, has asserted in a lawsuit that the AT&T Daytona system, a giant
storehouse of calling records and Internet message routing information, was
the foundation of the N.S.A.'s effort to mine telephone records without a

An AT&T spokeswoman said the company would not comment on the claim, or
generally on matters of national security or customer privacy.

But the mining of the databases in other law enforcement investigations is
well established, with documented results. One application of the database
technology, called Security Call Analysis and Monitoring Platform, or Scamp,
offers access to about nine weeks of calling information. It currently
handles about 70,000 queries a month from fraud and law enforcement
investigators, according to AT&T documents.

A former AT&T official who had detailed knowledge of the call-record
database said the Daytona system takes great care to make certain that
anyone using the database - whether AT&T employee or law enforcement
official with a subpoena - sees only information he or she is authorized to
see, and that an audit trail keeps track of all users. Such information is
frequently used to build models of suspects' social networks.

The official, speaking on condition of anonymity because he was discussing
sensitive corporate matters, said every telephone call generated a record:
number called, time of call, duration of call, billing category and other
details. While the database does not contain such billing data as names,
addresses and credit card numbers, those records are in a linked database
that can be tapped by authorized users.

New calls are entered into the database immediately after they end, the
official said, adding, "I would characterize it as near real time."

According to a current AT&T employee, whose identity is being withheld to
avoid jeopardizing his job, the mining of the AT&T databases had a notable
success in helping investigators find the perpetrators of what was known as
the Moldovan porn scam.

In 1997 a shadowy group in Moldova, a former Soviet republic, was tricking
Internet users by enticing them to a pornography Web site that would
download a piece of software that disconnected the computer user from his
local telephone line and redialed a costly 900 number in Moldova.

While another long-distance carrier simply cut off the entire nation of
Moldova from its network, AT&T and the Moldovan authorities were able to
mine the database to track the culprits.
Fun and Misc security discussion for OT posts.
Note: funsec is a public and open mailing list.

More information about the cypherpunks-legacy mailing list