Left Coaster: Is the NSA Reading Your E-mail? A Simple Test

http://www.theleftcoaster.com/archives/008082.php

by pessimist

The good folks over at Wired News have posted a means by which you can check to see if your ISP is funneling your Internet traffic to the NSA.

Here's the 27B Stroke 6 guide to detecting if your traffic is being funneled into the secret room on San Francisco's Folsom street.

If you're a Windows user, fire up an MS-DOS command prompt. Now type 'tracert' followed by the domain name of the website, e-mail host, VoIP switch, or whatever destination you're interested in.

Care to try this yourself? Details below the fold.

This is what the Wired News article provided as a result of their tracert command. Don't worry if you don't understand everything you see here. The explanation of what is important to look for follows the example:

C:\> tracert nsa.gov

Watch as the program spits out your route, line by line <IP addresses deleted>:

1 2 ms 2 ms 2 ms xxx.xxx.xxx.xxx
<...>
7 11 ms 14 ms 10 ms as-0-0.bbr2.SanJose1.Level3.net
8 13 12 19 ms ae-23-56.car3.SanJose1.Level3.net
9 18 ms 16 ms 16 ms xxx.xxx.xxx.xxx
10 88 ms 92 ms 91 ms tbr2-p012201.sffca.ip.att.net
11 88 ms 90 ms 88 ms tbr1-cl2.sl9mo.ip.att.net
12 89 ms 97 ms 89 ms tbr1-cl4.wswdc.ip.att.net
13 89 ms 88 ms 88 ms ar2-a3120s6.wswdc.ip.att.net
14 102 ms 93 ms 112 ms xxx.xxx.xxx.xxx
15 94 ms 94 ms 93 ms xxx.xxx.xxx.xxx

The magic string you're looking for is sffca.ip.att.net.

If it's present immediately above or below a non-att.net entry, then -- by <AT&T whistleblower Mark> Klein's allegations -- your packets are being copied into room 641A, and from there, illegally, to the NSA.

collected mail whether or not the data collected is from an AT & T user?

I'll buy WIRED or go to the library, but it has to be later. But I'm curious now.

In other words should everyone think about doing this since a certain per cent of our e-mails probably go to an AT & T user or come from an AT & T user?

But you don't have to buy Wired to find out. This is apparently on their News Service.

You're a good man in a tight corner.

What it means is the internet connection the public side of the NSA is using connects VIA ATT.

If I did this trace route for my company it would be quite similar, since their main connection is via ATT, with a backup connection on a different provider.

What the original author from Wired (Kevin Poulsen) seems to be claiming is CONTAMINATION with the POSSIBILITY; If ATT is involved, then it's suspect. Fine, it's suspect, but it's not evidence, it's supposition.

We need more whistle blowers, with copies of the routing tables (the code that says what goes where), pictures, and documents with names and orders attached.

What's more important is to check the tracert to a site that you have traffic with you are concerned about.

Say you are worried if your traffic with du is being tracked, then:

twofish:user {3} /usr/sbin/traceroute www.democraticundergound.com

1 X.X.X (192.168.1.1) 5.601 ms 6.528 ms 5.208 ms
2 X.X.X.X (X.X.X.X) 5.704 ms 6.378 ms 5.680 ms
3 X.X.X.X (X.X.X.X) 13.599 ms 11.492 ms 11.424 ms
4 gbr2-p51.phlpa.ip.att.net (12.123.137.18) 15.604 ms 15.104 ms 15.759 ms
5 tbr2-p012601.phlpa.ip.att.net (12.122.12.109) 16.52 ms 16.485 ms 16.862
s
6 tbr1-cl9.wswdc.ip.att.net (12.122.2.85) 15.477 ms 15.857 ms 15.410 ms
7 ar9-p310.wswdc.ip.att.net (12.123.8.185) 14.124 ms 14.67 ms 15.942 ms
8 p6-0.core01.iad01.atlas.cogentco.com (154.54.11.77) 43.16 ms 39.988 ms
.945 ms
9 v3492-mpd01.iad01.atlas.cogentco.com (154.54.3.222) 41.280 ms 41.178 ms
2.798 ms
10 v3497-mpd01.dca01.atlas.cogentco.com (154.54.5.65) 41.815 ms 41.269 ms *
11 g11-0-0.core01.dca01.atlas.cogentco.com (154.54.5.53) 41.829 ms 45.682 m
41.574 ms
12 p4-0.core01.phl01.atlas.cogentco.com (66.28.4.18) 40.790 ms 41.206 ms 40.55 ms
13 v104.na01.b003003-1.phl01.atlas.cogentco.com (66.28.5.38) 42.902 ms 42.260 ms 42.751 ms
14 dcanet.demarc.cogentco.com (66.28.12.46) 43.530 ms 42.592 ms 42.235 ms
15 core-4-gig-vlan-500.hq.dca.net (216.158.2.2) 43.480 ms 43.236 ms 48.838 ms

that shows how your traffic to that site is routed (at least, how it's routed this second; Internet routing is vastly complex and changes minute-to-minute).

If I go someplace far (like DU), it times out after about 12 hops. If I go someplace close (like my ISP), it shows a few hops and then the entire window disappears before I can read it - ????????

have the most sophisticated encryption and listening technologies in the world, and i am to believe they would make it this easy to tell if your being directed through their site? I am not buying this. I really don't think they would be that obvious especially when govt agrncies can "hide" portions of their infrastructure.

A firewall's job is to HIDE what's on the inside from the outside world.

I very much doubt the NSA's public side would be shuffling "secret" data over the public network.

Unless the NSA has managed to get every edge router to break their ICMP implementation, they can't hide the fact that traffic would go to a certain host. They can black out ICMP as far as AT&T controls, but we'd still see that the traffic gets to the suspect network.

The lesson here: encrypt your traffic. There isn't much NSA can do (yet) about 512-bit blowfish.

The guys who wrote the book on encryption wouldn't be able to break one that is available? The guys that wrote an exncrytion program that uses the earths random noise to encrypt data? I think we are fooling ourselves on this. They have the worlds largest computing center and maybe the most powerful. I seriously doubt given a few days they could defeat alomost any encryption. And since when does the govt have to play by standard rules? My guess if they did re route it would just show an ip add. And all you would see is they were owned by AT&T or us gov. I am just saying that they wouldn't be so obvious with this tracking. too many geeks would have found it by now.

A) yes, NSA can break any encryption given enough time. But so can IBM or the mafia. "Enough" time is, in this case, several years for most ciphers, unless NSA knows things about elliptical curves that have somehow escaped the best mathematicians (these are the same guys who can't tell us where Bin Ladin is making those video tapes from).

B) Of course an ICMP trace will just return an IP address, that's all it does. However, ARIN will have allocated that to someone, and we can know who that was (unless you think ISPs just route that traffic without knowing whom to bill for it).

C) You asked since when does the gov't play by the standard rules? Well, in this case, the answer is "since 1969", when DARPANET went up. It's not a question of the government's morality, it's a question of the fact that each network on the Internet is an independent agent and they all *have to* follow the same rules or no traffic gets routed. The only way the NSA could hide the routing of traffic would be to get *every* network *simultaneously* to change their implementation of ICMP, which I can assure you as a midlevel ISP employee hasn't happened.

The stronger the encryption, the more steps it takes to crack that encryption. The more people that use that encryption, the more time it takes to crack it all, which forces NSA to actually focus on tedious things like suspects with motive.

Here's a classic example: during World War II, the British (with a lot of Polish and French help) devised several successful ways to crack German messages encyphered with the Enigma machine. The basic Enigma machine used three rotors to encypher messages, however, there were other versions which used a fourth and even a fifth rotor (the Americans used a similar machine called SIGABA which used five rotors for its first encyphering step; so far, nobody has claimed to have ever cracked SIGABA while it was in use) or were based on other forms of encryption. Each additional encryption stage vastly complicated the steps required to crack the cypher.

The short and necessarily oversimplified version is that the German three-rotor codes could be cracked comparatively easily and in time for the encoded information to be useful, but much of the encoded information (like Hermann Goering's daily evangelizing) proved to be not very useful at all. The so-called FISH codes, on the other hand, were far more difficult to deal with, and the British had to be careful about which messages they chose to attempt to crack. Far fewer FISH messages were read, but they were also far more important, and FISH messages proved useful more often because they were carefully selected for cracking based on other factors which hinted at the messages' importance.

I am a patriotic American and I love my country very much. I don't particularly like the fact that my government is treating me like an enemy. I really don't like the fact that the government is wasting its time and my money to track my data, when I know I'm no enemy of the state. One way I can gently nudge the government back in the direction of having a goddamned fucking reason to read other gentlefolks' mail is by encrypting any large data files I send. Why? Because then NSA might just have to evaluate whether or not I'm actually a threat to this country that I love before they bother to read my data. That protects me two ways: by keeping The Man off my back, and by keeping them focused on the real enemies of my country--except of course for the biggest enemies, who now control the government itself.

Clear you mind.

And think about the fact that this fucking conversation is even taking place in the USofA.

:mad:

Kinda mindblowing isn't it?

For all my outrage over the NSA's actions, I'm still astounded that so many people expected privacy from a medium that is incapable of delivering it.

And, just like with cell phone and cordless phone intercepts, as troubling as the NSA listening in on them is, the more immediate danger is "normal" criminals like identity thieves listening in on them.

Fortunately, there are solutions to this problem (at least as far as email goes):

1. Use PGP encryption like GNU Privacy Guard (that one is open source and so it's free and pretty damn reliable; there are some proprietary implementations as well) when you send and receive email. This will not only allow you to encrypt it so that even the NSA can't get to it (at least not without a few years of supercomputer time), it also lets you verify that you did send a given email at a given time. Publish your public key on a keyserver (that's what lets people send encrypted email to you) and tell your friends you won't read their email anymore until they start encrypting it.

2. If you use POP3 or IMAP4 email, ask your email hosting provider to provide TLS or SSL service to prevent interception of your emails when you check them.

3. If you use a web-based email provider like Yahoo or gmail, make sure that when you check your mail you are using the HTTPS protocol rather than HTTP (check the address bar of your browser: if it starts "http://", change that to "https://"

4. If you use instant messaging, download a client that supports encryption like GAIM. Not only is GAIM more functional than most proprietary clients, it has several encryption plugins.

5. Finally, if you use wireless networking, never send any information you would like to keep secret over wireless without additional encryption (like the 4 methods mentioned above)

Encryption is out there. It's available, for free, in very secure implementations. If your privacy (from the government, from spammers, and from identity thieves) isn't worth the few hours it takes to set up, then there's no sense complaining about it when it's violated.

* NSAT&T is in bed with the NSA
* AT&T is one of the biggies in backbone traffic (99.999% of your electronic communications)
* The current government only admits things after they have been caught.

This story ties in nicely with a thread I had put up a while ago on the phone system.

So they're reading our email, listening to our phone conversations, giving away our identity and personal information, and looking at our bank records. Stalin would be proud.

K&R

How do I get to a DOS prompt?

select Run and type in CMD, click, you're there.

Click the "Start" button, and select "run"

In the dialog box that pops up, type "cmd" and press enter.

but I did the trace and wonder why/what these IPs are listed in my trace:

Ae-23-52-.ca3.Washington1.Level3.net
att.level3-oc192.Washington1.level3.net
tbrl-p014001.wswdc.ip.att.net
ar2-a3120s6.wswdc.ip.att.net

I looked in my history and see nothing like these.

You give your packets to your ISP and they find a way to get those packets from point A to point B.

In your case, those 4 hosts you listed are between point A and point B.

This, incidentally, is why Net Neutrality is so important, because Level3 and AT&T (in this case) are already getting paid for carrying that traffic, but they want to charge an additional toll, or even just prevent it if they don't like the idea of point A and point B talking to each other.

How tracert works is it sends a little tiny packet that basically says "hey, dude, are you online? bounce me back to the sender after I've been routed 1 time". And then, "hey, dude, are you online? bounce me back to the sender after I've been routed 2 times". Etc.

Say your traffic gets routed 7 times between your computer and the site you're tracerouting; in principle, those little packets will count up to 7 and show you each router that handles your traffic. However, any administrator can (and many do) turn off the service that answers those little packets, so it will look like the network is not reachable.

Also it could just mean your ISP is having problems.

however the 'net is working just fine but I will check back later just in case. If the ICMP isn't enabled does that only mean I can't check and not that it wouldn't or couldn't be going to nsa.

spelling

the magic string did not show up!
sffca.ip.att.net



but I'm still not convinced that the NSA is not monitoring me, LOL

Thanks!

I get to line 17 and it times out, but before that, I get the following:

10 88 ms 92 ms 91 ms tbr2-p012201.sffca.ip.att.net
11 88 ms 90 ms 88 ms tbr1-cl2.sl9mo.ip.att.net
12 89 ms 97 ms 89 ms tbr1-cl4.wswdc.ip.att.net
13 89 ms 88 ms 88 ms ar2-a3120s6.wswdc.ip.att.net

then it times out...

but here is the thing, I use Bellsouth, not ATT, so how is it that I get any sort of ATT path?

http://www.dnsstuff.com/tools/whois.ch?ip=!EST9-ARIN&server=whois.arin.net&type=P&email=on

Name: Strom, Erik
Handle: EST9-ARIN
Company: HOMEWOOD SUITES COLUMBIA
Address: 8320 Benson Drive
City: Columbia
StateProv: MD
PostalCode: 21045
Country: US
Comment:
RegDate: 2003-09-17
Updated: 2003-09-17
Phone: +1-410-872-9200 (Office)
Email: [email protected]

--- here is more on the above from a trace:

63.209.178.190 unknown.Level3.net Broomfield, CO, USA
216.83.181.49 phlpr10-ge-0-1-0-0.sgns.net Philadelphia, PA, USA
216.203.56.119 nwkpr2-ge-0-2-0-0.sgns.net Philadelphia, PA, USA
216.203.56.125 nwkpr1-ge-1-2-0-0.sgns.net Philadelphia, PA, USA
216.203.44.20 chipr2-so-0-1-2-0.sgns.net Philadelphia, PA, USA
216.203.44.7 wdlir2-so-0-2-3-0.sgns.net Philadelphia, PA, USA
- (unnamed)
216.203.33.173 emsmta.messageone.com Wood Dale, IL

What do you get when you Google him?

:scared:

If it's not att.net, according to the Wired story, you're e-mail is being routed to the NSA.

Does that surprise you?

was what i posted... are you saying that the NSA is picking up my packet via bellsouth and taking it to MD?

your packet is being routed to a room in San Francisco, from where it gets copied and the copy (not the original packet) goes to the NSA. And this is according to an AT&T whistleblower who may be blowing smoke, although the Wired writer says there are good reasons to think he's legit, mainly because what he's shown as evidence for his allegation, according to someone familiar with the EFF case against NSA, has AT&T's signature style all over it.

Some comments under the original Wired story make me somewhat less confident in the allegation: namely that strings that may look like they're from some city, like San Francisco, for example, on the face of it aren't necessarily from that city--in fact usually aren't.

ATT uses Level3 as their backbone.

"immediately above or below a non-att.net entry,"

I entered tracert nsa.gov and got all of thos lines. But I don't understand what the above line refers to...I mean, if I see that string (which I do) when I type tracert nsa.gov, does that mean it's being copied to room 641A?

damn, that's some freaky shit...

That's the kicker right there. If none do, according to the article, you're not being routed through there. But some in this thread apparently are. (My work computer apparently isn't. Haven't tried the home one yet.)

Microsoft Windows XP
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\>tracert www.democraticunderground.com

Tracing route to www.democraticunderground.com <216.158.28.197>
over a maximum of 30 hops:

1 8 ms 8 ms 8 ms 73.75.112.1
2 6 ms 5 ms * GE-5-3-ur02.sacramento.ca.sacra.comcast.net <68.[br />87.212.161]
3 8 ms 7 ms * 10g-9-3-ur03.sacramento.ca.sacra.comcast.net <68[br />.87.212.22]
4 7 ms * 7 ms 10g-9-4-ar02.sacramento.ca.sacra.comcast.net <68[br />.87.212.13]
5 11 ms 11 ms 11 ms 12.116.188.21
6 12 ms 13 ms 13 ms tbr2033201.sffca.ip.att.net <12.123.12.126>
7 10 ms 11 ms 12 ms gbr7-ge30.sffca.ip.att.net <12.123.13.185>
8 14 ms 13 ms 14 ms p5-0.core01.sjc03.atlas.cogentco.com <154.54.11.[br />237]
9 96 ms 95 ms 96 ms g11-0-0.core01.sjc01.atlas.cogentco.com <154.54.[br />1.29]
10 97 ms 98 ms 96 ms p14-0.core01.iah01.atlas.cogentco.com <66.28.4.2[br />37]
11 96 ms 95 ms 95 ms p4-0.core01.dca01.atlas.cogentco.com <66.28.4.89[br />]
12 95 ms 95 ms 96 ms p4-0.core01.phl01.atlas.cogentco.com <66.28.4.18[br />]
13 99 ms 97 ms 97 ms v104.na01.b003003-1.phl01.atlas.cogentco.com <66[br />.28.5.38]
14 96 ms 97 ms 99 ms DCANET.demarc.cogentco.com <66.28.12.46>
15 99 ms 99 ms 100 ms core-4-gig-vlan-500.hq.dca.net <216.158.2.2>
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * ^C

:scared::shrug::scared:

:shrug:

Whadda country, eh???

:mad::nuke::mad:

Proud ta be a National Security Threat!

Impeach all them fuckers NOW!!!

;)

:scared:

.

for impeaching Bu$hCo. Don't make threats or anything, just very dryly lists facts and statistics.

Then, at the end, say hello to the boys at NSA. :hi:

I have the same unknown entity just before the XXXX.sffca.ip.att.net entry. WTF!

--snip--
8 19 ms 20 ms 19 ms 12.122.79.97
9 81 ms 82 ms 81 ms tbr2034001.sffca.ip.att.net <12.122.85.138>
10 81 ms 80 ms 80 ms tbr1-cl2.sl9mo.ip.att.net <12.122.10.41>
--snip--

So if this article is correct, the 12.122.79.97 address must belong to the device in question?

Then again... I wonder if the NSA is keeping a list of the people who ping or traceroute to nsa.gov?

Logging off now.

You would have a url that is only referred to in the email and nowhere else. You then send it to a friend, but tell them not to follow the url. If someone does follow the url (by checking the logs), you know your email is read.

I've got the Georgia AT&T. "Of course, if Marcus is correct and AT&T has installed these secret rooms all around the country, then any att.net entry in your route is a bad sign."

Tracing route to dccc.org <65.221.0.240>
over a maximum of 30 hops:

xxxxx Removed my ip
5 * * 11 ms 10g-8-2-ar01.oakland.ca.sfba.comcast.net <68.87.[br />192.90]
6 * * * Request timed out.
7 11 ms 9 ms 21 ms 12.117.240.85
8 14 ms 12 ms 13 ms tbr1012801.sffca.ip.att.net <12.123.12.49>
9 9 ms 10 ms 20 ms ggr2-p300.sffca.ip.att.net <12.123.13.190>
10 12 ms 11 ms 11 ms att-gw.ashburn.eli.net <192.205.32.74>
11 11 ms 11 ms 68 ms 0.so-2-0-0.XL2.SCL2.ALTER.NET <152.63.57.102>
12 102 ms 72 ms 71 ms 0.so-0-0-0.XL2.DCA6.ALTER.NET <152.63.19.169>
13 76 ms 76 ms 76 ms 0.so-6-0-0.WR2.IAD6.ALTER.NET <152.63.39.117>
14 74 ms 74 ms 73 ms so-1-0-0.ur2.iad6.web.wcom.net <157.130.59.82>
15 76 ms 74 ms 76

and this was in the return path:
7 41 ms 52 ms 69 ms tbr2-cl10.sffca.ip.att.net <12.122.12.113>
8 37 ms 35 ms 46 ms gbr2-a90s5.sffca.ip.att.net <12.123.12.22>

Is that a bingo?

Public forum & all.

Yes they can and do. It's just easier if they run all the text through a word filter and grab the stuff that might interest them.

sffca.ip.att.net shows up at political type websites.
It didn't show up at gmail but it did at news.yahoo.com. They have a discussion board.

what's it called? SpooksRUs?

I will not live in fear to speakout. We have nothing to hide at this townhall meeting! You post your 2 cents and say it loud and clear. If it looks like a turd, smells like a turd, CALL IT A TURD!

used an email tracer and tested an email to [email protected]. If any emails are tracked i would guess this one would be. My results

192.168.0.1 (unnamed) (Private)
10.1.41.15 (unnamed) (Private)
130.81.48.74 P4-2.LCR-02.WASHDC.verizon-gni.net Reston, VA, USA
130.81.17.179 so-7-0-0-0.ASH-PEER-RTR2.verizon-gni.net Reston, VA, USA
152.63.36.205 0.so-7-0-0.XL2.IAD8.ALTER.NET Dulles, VA, USA
152.63.32.33 0.so-0-1-0.XL2.DCA5.ALTER.NET Washington, DC, USA
152.63.43.177 0.so-7-0-0.BR1.DCA5.ALTER.NET Washington, DC, USA
209.244.219.157 so-9-1.car4.Washington1.Level3.net Washington, DC, USA
4.68.121.1 ae-1-51.bbr1.Washington1.Level3.net Washington, DC, USA
212.187.128.58 ae-1-0.bbr1.London1.Level3.net London, UK
4.68.116.11 ae-0-51.gar1.London1.Level3.net London, UK
195.50.90.86 (unnamed) United Kingdom
62.216.129.202 (unnamed) United Kingdom
62.216.134.22 (unnamed) United Kingdom
62.216.128.161 ge-1-0-0.0.cjr01.alx001.flagtel.com Alexandria, Egypt
80.77.1.182 (unnamed) London, UK
82.148.97.65 (unnamed) Qatar
82.148.96.201 (unnamed) Qatar
82.148.96.141 (unnamed) Qatar
212.77.222.226 (unnamed) Qatar
213.130.103.238 (unnamed) Qatar
- (unnamed)
213.130.112.74 mail.aljazeera.net Qatar


Hmm no AT&T whatever.

what I have been using for a sig line on my AT&T email for the past month:

NOTICE: Due to Presidential Executive Order 12958, Agent Mikey of the the National Security Agency may have read this email without warning, warrant, or notice. He may do this without any judicial or legislative oversight. You have no recourse nor protection save to add your voice to the growing calls for the impeachment of the current President.

}(

I have the same exact string that comes in lala's route AFTER the sffca line:

11 88 ms 90 ms 88 ms tbr1-cl2.sl9mo.ip.att.net
12 89 ms 97 ms 89 ms tbr1-cl4.wswdc.ip.att.net
13 89 ms 88 ms 88 ms ar2-a3120s6.wswdc.ip.att.net

does that mean anything? the line before it is an att. line that goes through dallas texas. just wondering. any reason why my route is identical to what lala's route is directly after leaving the NSA toll booth?

Thanks for posting this.

help to reload all the programs in my sons computer, some guy from India was able to access and work the mouse on my computer. Scary stuff. If they can do that, they can do anything.

That's what Remote Assistant is for.

Route to DU times out.

Route to VoteToImpeach, to Mark Crispin Miller's site and to NSA has it.

Route to our little site and to a couple of election reform sites like electionline don't have it.

Hmm.

I wonder what I did to get on 'the list'?

Every trace I've tried, including from my home to my employers web presence, has the magic string.

Maybe it was the email that my (then 5 year old son) sent to Shrub before the start of the war.

This is some freaky shit. :crazy:

It would be greatly appreciated.

I somehow lost some some protocols to get back in there and just found it easier to get a new mail box :hi:

Nice Brazil Reference!

E:\Documents and Settings\BB>tracert tbr2-p012201.sffca.ip.att.net
Unable to resolve target system name tbr2-p012201.sffca.ip.att.net.

E:\Documents and Settings\BB>tracert tbr1-cl2.sl9mo.ip.att.net
Unable to resolve target system name tbr1-cl2.sl9mo.ip.att.net.

E:\Documents and Settings\BB>tracert tbr1-cl4.wswdc.ip.att.net
Unable to resolve target system name tbr1-cl4.wswdc.ip.att.net.

E:\Documents and Settings\BB>tracert ar2-a3120s6.wswdc.ip.att.net
Unable to resolve target system name ar2-a3120s6.wswdc.ip.att.net.

E:\Documents and Settings\BB>tracert ae-23-56.car3.SanJose1.Level3.net

Tracing route to ae-23-56.car3.SanJose1.Level3.net <4.68.123.173>
over a maximum of 30 hops:


If you remember the wired post listed these nodes as resolving, now they don't
From Wired post:

1 2 ms 2 ms 2 ms xxx.xxx.xxx.xxx
<...>
7 11 ms 14 ms 10 ms as-0-0.bbr2.SanJose1.Level3.net
8 13 12 19 ms ae-23-56.car3.SanJose1.Level3.net
9 18 ms 16 ms 16 ms xxx.xxx.xxx.xxx
10 88 ms 92 ms 91 ms tbr2-p012201.sffca.ip.att.net
11 88 ms 90 ms 88 ms tbr1-cl2.sl9mo.ip.att.net
12 89 ms 97 ms 89 ms tbr1-cl4.wswdc.ip.att.net
13 89 ms 88 ms 88 ms ar2-a3120s6.wswdc.ip.att.net
14 102 ms 93 ms 112 ms xxx.xxx.xxx.xxx
15 94 ms 94 ms 93 ms xxx.xxx.xxx.xxx

see this post for followup http://www.democraticunderground.com/discuss/duboard.php?az=show_mesg&forum=364&topic_id=1546771&mesg_id=1546771

tbr2-p012201.sffca.ip.att.net
tbr1-cl2.sl9mo.ip.att.net
tbr1-cl4.wswdc.ip.att.net
ar2-a3120s6.wswdc.ip.att.net

in your lines it is evidence of being traced?

this mess... scroll back up to that Eric guy and that odd Hilton address...can we look into that? or rather, can someone with more tech skills than I?

No ATT lines pop up on my trace, BUT - I had heard that Verizon is up to no good, too.

Line 12 to 30 says Request Timed Out, followed by a Trace Complete message.

What does that mean?