Map of NSA Internet Interception
Sniffmap is a project to map the potential Internet mass interception performed by NSA and its allies (USA, UK, Canada, Australia, New Zealand). Since Edward Snowden disclosure, the security space has changed: rumors have been confirmed, data points have been available and new knowledge about security exposure and attack vectors is now known. This project tries to put this in easy to grasp visual representation, within the bigger context of TelcoMap.org.
Research methodology
As stated in the fateful NSA document, many telecommunication links go through USA and its allies to connect two other countries. This is due to least cost routing and link usage. Therefore, NSA can leverage on this to capture a lot of traffic that otherwise would not go through its points of interception.
To create our dataset, we try to detect each time an internet route between two IP addresses pass by an NSA controlled country and therefore can be considered as intercepted. As you’ll see, around 80% of the Internet is captured by NSA and allies.
Our methodology is the following
- Choose a random list of target IP address
- For each country take all known traceroute gateways
- For each traceroute gateways test each target IP address (within a pool of 255 random IP with each of the 255 class A networks)
- If this route goes through one NSA-controlled country, mark the route as “bad”, otherwise the route is marked as good.
- Compute percentage over all routes for a given country (using multiple traceroute gateways hence hopefully multiple ISPs and operators to have meaningful results)
