Comments on: The Curious Exchange Between the Blogger and a Military Spokesperson http://codesmithy.wordpress.com/2007/10/29/the-curious-exchange-between-the-blogger-and-a-military-spokesperson/ Thoughts from the Age of Pisces Thu, 03 Dec 2009 07:19:49 +0000 http://wordpress.com/ hourly 1 By: codesmithy http://codesmithy.wordpress.com/2007/10/29/the-curious-exchange-between-the-blogger-and-a-military-spokesperson/#comment-353 codesmithy Tue, 30 Oct 2007 03:49:46 +0000 http://codesmithy.wordpress.com/2007/10/29/the-curious-exchange-between-the-blogger-and-a-military-spokesperson/#comment-353 I just want to mention a few things. First, I highly doubt 02exbhizn02.iraq.centcom.mil has been compromised and is an open relay. However, feel free to prove me wrong. Forge an email from Boylan just like your apparent attacker did and get the headers to match. Send the email to a disposable email address and make the information on how to access it public so others can verify it along with the steps you took so it can be reproduced. I would try, but apparently I have more faith in the DoD and various law enforcement agencies to track down the attempted intrusion. However, since bithead is a professional and it is MS Exchange, I’m sure he is more than qualified to attempt it without getting caught. Or maybe he could ask his apparently equally qualified friends to do so. Although, I feel obliged to tell anyone that might actually attempt this, that you are probably violating multiple federal laws, and breaking the law is wrong even if it is innocent. But I‘m no lawyer. Regardless, there is no evidence as of yet to support the claim that the server has been compromised. I’m not going to attempt to poke around a government server, so I’m just going to move on. Secondly, TallDave is right that someone in the DoD is vastly more likely to have sent the email, but it may not have been Boylan. This could be as low-tech as someone typing at Boylan’s computer when he forgot to either to lock it or log-off. In this regard, all evidence will show that the digital Boylan sent the email, but not the person. This version fits all the evidence and maintains Boylan‘s honesty. However, it moves the simple deception of Boylan’s ploy of just playing dumb, to an as of yet undetermined actor with a motive to conceal their identity and pose as Boylan for some inscrutable reason. Boylan’s fraud is incredibly small and understandable as opposed to that of this mysterious and unknown agent. Yet, the fundamental question remains: why go to all the trouble? At this point, I’m going to invoke Occam’s razor. Boylan playing dumb to a blogger that proved himself in the course of this fiasco to have a degree of intellectual dishonesty is an adequate explanation for the events. Boylan being impersonated by someone for, as of yet, inscrutable reasons and deceitful means to write a completely factual email about specific issues to left-wing blogger is a more complex explanation. More people, more deceit, less obvious motive, therefore the "inscrutable deceiver theory" is less likely to be true. But, that is just my opinion, I could be wrong and look forward to any new or overlooked evidence people are able to find. I just want to mention a few things. First, I highly doubt 02exbhizn02.iraq.centcom.mil has been compromised and is an open relay. However, feel free to prove me wrong. Forge an email from Boylan just like your apparent attacker did and get the headers to match. Send the email to a disposable email address and make the information on how to access it public so others can verify it along with the steps you took so it can be reproduced. I would try, but apparently I have more faith in the DoD and various law enforcement agencies to track down the attempted intrusion. However, since bithead is a professional and it is MS Exchange, I’m sure he is more than qualified to attempt it without getting caught. Or maybe he could ask his apparently equally qualified friends to do so. Although, I feel obliged to tell anyone that might actually attempt this, that you are probably violating multiple federal laws, and breaking the law is wrong even if it is innocent. But I‘m no lawyer. Regardless, there is no evidence as of yet to support the claim that the server has been compromised. I’m not going to attempt to poke around a government server, so I’m just going to move on.

Secondly, TallDave is right that someone in the DoD is vastly more likely to have sent the email, but it may not have been Boylan. This could be as low-tech as someone typing at Boylan’s computer when he forgot to either to lock it or log-off. In this regard, all evidence will show that the digital Boylan sent the email, but not the person. This version fits all the evidence and maintains Boylan‘s honesty. However, it moves the simple deception of Boylan’s ploy of just playing dumb, to an as of yet undetermined actor with a motive to conceal their identity and pose as Boylan for some inscrutable reason. Boylan’s fraud is incredibly small and understandable as opposed to that of this mysterious and unknown agent. Yet, the fundamental question remains: why go to all the trouble?

At this point, I’m going to invoke Occam’s razor. Boylan playing dumb to a blogger that proved himself in the course of this fiasco to have a degree of intellectual dishonesty is an adequate explanation for the events. Boylan being impersonated by someone for, as of yet, inscrutable reasons and deceitful means to write a completely factual email about specific issues to left-wing blogger is a more complex explanation. More people, more deceit, less obvious motive, therefore the “inscrutable deceiver theory” is less likely to be true. But, that is just my opinion, I could be wrong and look forward to any new or overlooked evidence people are able to find.

]]> By: TallDave http://codesmithy.wordpress.com/2007/10/29/the-curious-exchange-between-the-blogger-and-a-military-spokesperson/#comment-352 TallDave Mon, 29 Oct 2007 19:14:19 +0000 http://codesmithy.wordpress.com/2007/10/29/the-curious-exchange-between-the-blogger-and-a-military-spokesperson/#comment-352 "Hacking into" a DOD server is totally unnecessary. All anyone would need is Boylan's user/pass. People have been circumventing systems through social engineering for decades. Given the level of detail, I would say it's most likely it was sent by an aide. Regardless, Greenwald is a disgustingly dishonest person. The infamous sock puppeteer actually claimed to have been "professional and civil," after all the incredibly nasty things he had said about our soldiers, and continued saying in the same post. Really, it's astonishing and dismaying that anyone takes GG's drivel seriously. “Hacking into” a DOD server is totally unnecessary. All anyone would need is Boylan’s user/pass. People have been circumventing systems through social engineering for decades. Given the level of detail, I would say it’s most likely it was sent by an aide.

Regardless, Greenwald is a disgustingly dishonest person. The infamous sock puppeteer actually claimed to have been “professional and civil,” after all the incredibly nasty things he had said about our soldiers, and continued saying in the same post.

Really, it’s astonishing and dismaying that anyone takes GG’s drivel seriously.

]]> By: John Small Berries http://codesmithy.wordpress.com/2007/10/29/the-curious-exchange-between-the-blogger-and-a-military-spokesperson/#comment-349 John Small Berries Mon, 29 Oct 2007 13:05:03 +0000 http://codesmithy.wordpress.com/2007/10/29/the-curious-exchange-between-the-blogger-and-a-military-spokesperson/#comment-349 <i>"One thing that someone else noted is that Greenwald lists the originating IP address as 10.70.20.16. They are correct that 10.70.20.16 is a private IP address. Anyone can claim to be 10.70.20.16, just like anyone can claim to be 192.168.1.1."</i> I can't speak for the US military, but my experience on another government network was that all their router ports were assigned static IP addresses, and each machine had to be set to use the appropriate address for the port they were plugged into - they weren't dynamically assigned. Which meant that each machine could be uniquely identified by its IP address, despite the fact that they were on a private network. As I said, I don't know if the military does the same thing; but given that information leaks are a big concern to the military, that's what they'll be doing if they have competent network administrators. “One thing that someone else noted is that Greenwald lists the originating IP address as 10.70.20.16. They are correct that 10.70.20.16 is a private IP address. Anyone can claim to be 10.70.20.16, just like anyone can claim to be 192.168.1.1.”

I can’t speak for the US military, but my experience on another government network was that all their router ports were assigned static IP addresses, and each machine had to be set to use the appropriate address for the port they were plugged into – they weren’t dynamically assigned. Which meant that each machine could be uniquely identified by its IP address, despite the fact that they were on a private network.

As I said, I don’t know if the military does the same thing; but given that information leaks are a big concern to the military, that’s what they’ll be doing if they have competent network administrators.

]]> By: Greenwald, part duex | BitsBlog http://codesmithy.wordpress.com/2007/10/29/the-curious-exchange-between-the-blogger-and-a-military-spokesperson/#comment-347 Greenwald, part duex | BitsBlog Mon, 29 Oct 2007 11:00:50 +0000 http://codesmithy.wordpress.com/2007/10/29/the-curious-exchange-between-the-blogger-and-a-military-spokesperson/#comment-347 [...] So this morning, comes a defender, who says I got the IP part  right, but missed a clue: [...] [...] So this morning, comes a defender, who says I got the IP part  right, but missed a clue: [...]

]]> By: Bithead http://codesmithy.wordpress.com/2007/10/29/the-curious-exchange-between-the-blogger-and-a-military-spokesperson/#comment-346 Bithead Mon, 29 Oct 2007 10:43:05 +0000 http://codesmithy.wordpress.com/2007/10/29/the-curious-exchange-between-the-blogger-and-a-military-spokesperson/#comment-346 I should have mentioned... Particularly one running Microsoft Exchange. Trust me... I do this for a living. I should have mentioned… Particularly one running Microsoft Exchange. Trust me… I do this for a living.

]]> By: Bithead http://codesmithy.wordpress.com/2007/10/29/the-curious-exchange-between-the-blogger-and-a-military-spokesperson/#comment-345 Bithead Mon, 29 Oct 2007 10:40:35 +0000 http://codesmithy.wordpress.com/2007/10/29/the-curious-exchange-between-the-blogger-and-a-military-spokesperson/#comment-345 You under-estimate the powers of an open server, CS. As I mentioned in the article. You under-estimate the powers of an open server, CS.
As I mentioned in the article.

]]>