3 August 2014
Akamai Affiliated with NSA
Date: Sun, 3 Aug 2014 14:37:46 +0200
Subject: update
From: koot[at]cyberwar.nl
To: cryptome[at]earthlink.net
In response to
http://cryptome.org/2014/08/akamai-nsa.htm:
Nothing to see, please move along. Akamai is hosting
www.nsa.gov, just as
it does www.cia.gov and
a lot of others, probably including many of the
following lists:
http://www.akamai.com/html/customers/customer_list.html
http://en.wikipedia.org/wiki/Akamai_Technologies#Customers
The NSA in its DNS servers configured
"www.nsa.gov" to be a
CNAME for
"www.nsa.gov.edgekey.net".
The DNS for "*.edgekey.net" is controlled by
Akamai, and Akamai configured
"www.nsa.gov.edgekey.net"
to be a CNAME for
another domain name, which in turn has an A record and resolves to some IP
address associated with Akamai. For example:
$ dig @dsdn-gh1-uea05.nsa.gov
www.nsa.gov
[...]
www.nsa.gov. 3600 IN CNAME www.nsa.gov.edgekey.net.
$ dig @ns7-65.akam.net
www.nsa.gov.edgekey.net
[...]
www.nsa.gov.edgekey.net.
21600 IN CNAME e6655.dscna.akamaiedge.net.
$ dig @n0dscna.akamaiedge.net e6655.dscna.akamaiedge.net
[...]
e6655.dscna.akamaiedge.net.
20 IN A 23.66.212.226
There's no doubt Akamai is of interest to the NSA: the aforementioned
Wikipedia page states that Akamai is responsible for serving "between 15
and 30 percent of all web traffic", and that "accessing a website hosted
on Akamai servers results in tracking". But the fact that
www.nsa.gov
resolves to an Akamai-controlled IP address is not evidence of Akamai and
NSA being in cahoots.
I would like to call your attention to a possible NetRange of Akamai Technologies
IP addresses possibly controlled by/affiliated with NSA that does not appear
on your lists. As a matter of curiosity (having watched Jacob Appelbaum's
30c3 "To Protect and Infect, Part 2" lecture), I decided to start capturing
packets with Wireshark and make a "risky click" on a Yahoo News story
news.yahoo.com/3008-selectors-150000255.html
--for reference), just to see if any odd endpoints might pop up.
Sure enough: a23-67-60-144.deploy.static.akamaitechnologies.com (23.67.60.144)
--amidst mostly a bunch of yahoodns.net garbage otherwise.=
So I asked my terminal:
whois 23.67.60.144 [?]
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# http://www.arin.net/public/whoisinaccuracy/index.xhtml
#
#
# The following results may also be obtained via:
#
http://whois.arin.net/rest/nets;q=3D23.67.60.144?showDetails=3Dtrue&showA=
RIN=3Dfalse&ext=3Dnetref2
#
NetRange: 23.32.0.0 - 23.67.255.255
CIDR: 23.32.0.0/11, 23.64.0.0/14
OriginAS: =20
NetName: AKAMAI
NetHandle: NET-23-32-0-0-1
Parent: NET-23-0-0-0-0
NetType: Direct Allocation
RegDate: 2011-05-16
Updated: 2012-03-02
Ref: http://whois.arin.net/rest/net/NET-23-32-0-0-1
OrgName: Akamai Technologies, Inc.
OrgId: AKAMAI
Address: 8 Cambridge Center
City: Cambridge
StateProv: MA
PostalCode: 02142
Country: US
RegDate: 1999-01-21
Updated: 2014-03-19
Ref: http://whois.arin.net/rest/org/AKAMAI
OrgTechHandle: MHA379-ARIN
OrgTechName: Hannigan, Martin
OrgTechPhone: +1-617-444-2535
OrgTechEmail: ip-admin@akamai.com
OrgTechRef: http://whois.arin.net/rest/poc/MHA379-ARIN
OrgTechHandle: ZIPKI-ARIN
OrgTechName: Zipkin, Justin
OrgTechPhone: +1-617-444-9713
OrgTechEmail: ip-admin@akamai.com
OrgTechRef: http://whois.arin.net/rest/poc/ZIPKI-ARIN
OrgTechHandle: SJS98-ARIN
OrgTechName: Schecter, Steven Jay
OrgTechPhone: +1-617-274-7134
OrgTechEmail: ip-admin@akamai.com
OrgTechRef: http://whois.arin.net/rest/poc/SJS98-ARIN
OrgAbuseHandle: MHA379-ARIN
OrgAbuseName: Hannigan, Martin
OrgAbusePhone: +1-617-444-2535
OrgAbuseEmail: ip-admin@akamai.com
OrgAbuseRef: http://whois.arin.net/rest/poc/MHA379-ARIN
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# http://www.arin.net/public/whoisinaccuracy/index.xhtml
#
Nothing to worry about at face value per se, but soon thereafter, I found
this: http://www.nsa.gov.ipaddress.com/ --i.e., IP: 23.45.36.226
(Note that this falls within the NetRange [23.32.0.0 - 23.67.255.255] from
above....)
As I've said, I don't actually know much about all of this (especially as
to whether this latter-most bit of information regarding the NSA IP address
is at all significant). When I've discussed this issue with others I've been
told some strategic partnership between NSA and Akamai is old news (and was,
in fact, directed to your
nsa-ip-update11 page
as proof of this). Hence, I suppose, this email.
Again, my apologies if I'm totally wasting your time with this due to some
ignorance or another...But if, on the off-chance I'm NOT, I thought you might
like to know that there might be a little extra something else that's rotten
in the state of Massachusetts.
|
