Donate for the Cryptome archive of files from June 1996 to the present

3 August 2014

Akamai Affiliated with NSA

Date: Sun, 3 Aug 2014 14:37:46 +0200
Subject: update
From: koot[at]
To: cryptome[at]

In response to

Nothing to see, please move along. Akamai is hosting, just as
it does and a lot of others, probably including many of the
following lists:

The NSA in its DNS servers configured "" to be a CNAME for
"". The DNS for "*" is controlled by
Akamai, and Akamai configured "" to be a CNAME for
another domain name, which in turn has an A record and resolves to some IP
address associated with Akamai. For example:

$ dig
[...]            3600    IN      CNAME

$ dig
[...] 21600  IN      CNAME

$ dig
[...] 20  IN      A

There's no doubt Akamai is of interest to the NSA: the aforementioned
Wikipedia page states that Akamai is responsible for serving "between 15
and 30 percent of all web traffic", and that "accessing a website hosted
on Akamai servers results in tracking". But the fact that
resolves to an Akamai-controlled IP address is not evidence of Akamai and
NSA being in cahoots.

I would like to call your attention to a possible NetRange of Akamai Technologies IP addresses possibly controlled by/affiliated with NSA that does not appear on your lists. As a matter of curiosity (having watched Jacob Appelbaum's 30c3 "To Protect and Infect, Part 2" lecture), I decided to start capturing packets with Wireshark and make a "risky click" on a Yahoo News story

--for reference), just to see if any odd endpoints might pop up.

Sure enough: ( --amidst mostly a bunch of garbage otherwise.=

So I asked my terminal:

whois [?]

# ARIN WHOIS data and services are subject to the Terms of Use
# available at:
# If you see inaccuracies in the results, please report at

# The following results may also be obtained via:

NetRange: -
OriginAS: =20
NetHandle: NET-23-32-0-0-1
Parent: NET-23-0-0-0-0
NetType: Direct Allocation
RegDate: 2011-05-16
Updated: 2012-03-02

OrgName: Akamai Technologies, Inc.
Address: 8 Cambridge Center
City: Cambridge
StateProv: MA
PostalCode: 02142
Country: US
RegDate: 1999-01-21
Updated: 2014-03-19

OrgTechHandle: MHA379-ARIN
OrgTechName: Hannigan, Martin
OrgTechPhone: +1-617-444-2535

OrgTechHandle: ZIPKI-ARIN
OrgTechName: Zipkin, Justin
OrgTechPhone: +1-617-444-9713

OrgTechHandle: SJS98-ARIN
OrgTechName: Schecter, Steven Jay
OrgTechPhone: +1-617-274-7134

OrgAbuseHandle: MHA379-ARIN
OrgAbuseName: Hannigan, Martin
OrgAbusePhone: +1-617-444-2535

# ARIN WHOIS data and services are subject to the Terms of Use
# available at:
# If you see inaccuracies in the results, please report at

Nothing to worry about at face value per se, but soon thereafter, I found this: --i.e., IP:

(Note that this falls within the NetRange [ -] from above....)

As I've said, I don't actually know much about all of this (especially as to whether this latter-most bit of information regarding the NSA IP address is at all significant). When I've discussed this issue with others I've been told some strategic partnership between NSA and Akamai is old news (and was, in fact, directed to your nsa-ip-update11 page as proof of this). Hence, I suppose, this email.

Again, my apologies if I'm totally wasting your time with this due to some ignorance or another...But if, on the off-chance I'm NOT, I thought you might like to know that there might be a little extra something else that's rotten in the state of Massachusetts.