Esoteric Dissertations from a One-Track Mind

October 29, 2007

The Curious Exchange Between the Blogger and a Military Spokesperson

Filed under: politics — codesmithy @ 7:31 am

If one wants to participate in a real-life whodunit, there is ample evidence over at Glenn Greenwald’s blog where he receives a “bizarre” and “unsolicited” email from someone claiming to be Col. Steven A. Boylan.

The basic outline of the story is as follows. Greenwald had an exchange with Boylan a few months ago in regards to Greenwald’s request to do an interview with Gen. David Petraeus. Today, Greenwald received a detailed email from someone claiming to be Boylan in regards to the Greenwald’s post about “The growing link between the U.S. military and right-wing media and blogs.” Certain commenters questioned the authenticity of the email, so Greenwald emailed Boylan for confirmation. Boylan denied writing the original email. Was Greenwald duped? Or is Boylan lying?

Let’s examine the evidence. The email in question is expertly written. It takes issue with specific claims in Greenwald’s post about links between the U.S. military and right-wing media. Specifically, Steve Schmidt and Gen. Kevin Bergner. Here is the context of Greenwald’s post.

Throughout this year, the U.S. military in Iraq has become staffed with pure Republican political hacks — including long-time Bush/Cheney P.R. hack Steve Schmidt and former White House aide Gen. Kevin Bergner

Now, this would lead a reader to believe Schmidt and Gen. Bergner are currently on staff, working for the military in Iraq this year and were primarily put in place to color the news coming out of Iraq. The email sets out to correct those assertions.

The email asserts Bergner was qualified for his past and current position. Namely, the email seems to be of the opinion that Greenwald unfairly characterized the history of Bergner. He had worked as North Assistant Division Commander for more than a year before joining the White House National Security Council. Now, he is back in Iraq as a Military spokesperson.

As for Schmidt, the email claims:

Schmidt was here, but at the time for the vote on the Iraqi Constitution, October 2005 for 30 days. He was never on the MNF-I staff and for that short period was actually detailed to the Department of State.

So Schmidt was never on military staff and in fact was not in Iraq this year.

All the corrections in the email to Greenwald’s post appear to be correct. So, the picture goes something like this. In order for Boylan’s claim of not writing the original email to be correct, someone would need fairly expert knowledge in the military to correct specific statements about obscure government officials to a blogger. Not only that, these corrections claim to come from another relatively obscure government official that is intimately familiar with all the facts. A person whose very job it is to correct mischaracterizations of the military in the media. An email that is not only likely to represent his knowledge and viewpoint but also manages to fit his writing style. In fact, the email headers (the electronic history of the paths the emails took) match all the previous emails Greenwald has received from Boylan. Not just superficially, but down to network topology, likely software configurations of servers that handled the messages and IP address ranges of the servers in question that can be confirmed using other public information. We are talking about what has to be one of the greatest electronic mail forgeries in history of the Internet. In this case, for these purposes, it is safe to say that didn’t happen. It would take a skill on the order of the Flying Spaghetti Monster to conduct such a widespread deception, about issues that are specific and limited to a vast minority of the population.

The other scenario is much more likely. Boylan doesn’t like Greenwald. He thinks that he plays fast and loose with the facts and is especially upset about two things. One, that despite the plea from the beginning of the email that

I am not sending this as anyone’s spokesperson, just a straight military Public Affairs Officer, with about 27 months overall time in Iraq who is concerned with accuracy, context and characterization of information and has worked with media of all types since joining the career field in 1991. The issues of accuracy, context, and proper characterization is something that perhaps you could do a little research and would assume you are aware of as a trained lawyer.

Then Greenwald subsequently titles the post “A bizarre, unsolicited email from Gen. Petraeus’ spokesman.” Col. Boylan made it clear he wasn’t serving in a official capacity, but rather a concerned citizen. There is a difference. For example, I work for a company, let’s call them Company X. Nothing I say on this blog is as a spokesperson of the company. Let’s say I respond to someone attacking Company X on some random blog. I’m not authorized to do so in any official capacity, and it would be a huge mistake if I tried. But, if the error was so blatant, the conspiracy theory conclusions were so off-the-wall and the site popular enough, I would tempted to write something to correct it. Even though, I knew I shouldn’t. Now, let’s say the person I tried to correct completely mischaracterized what I said and titled it “Bizarre and Unsolicited email from Company X Spokesperson.” I might be a little upset. Especially, if I considered, like the writer of the email did, to a basic privacy of exchanges unless both people agree to post it openly.

Despite Boylan’s claims of identity theft, the two incidents are unrelated. It would be like saying I must have been a victim of arson, because someone stole my bike. Identity theft has a clear motive for the thief, writing a well researched email does not. Especially when it so convoluted to dupe a blogger into thinking it was you, but wasn’t, however it confirms your point of view.

One thing that someone else noted is that Greenwald lists the originating IP address as 10.70.20.16. They are correct that 10.70.20.16 is a private IP address. Anyone can claim to be 10.70.20.16, just like anyone can claim to be 192.168.1.1. However, that is missing a key piece of evidence. I’ll trim the header for the relevant information.

Received: from rich.salon.com (rich.salon.com [206.80.4.124]) by mailer.salon.com (8.13.6/8.13.6)
Received: from 02exbhizn02.iraq.centcom.mil (02exbhizn02.iraq.centcom.mil [214.13.200.111]) by rich.salon.com (8.12.11/8.12.11)
Received: from INTZEXEBHIZN01.iraq.centcom.mil ([10.70.20.11]) by 02exbhizn02.iraq.centcom.mil with Microsoft SMTPSVC(6.0.3790.3959);
Sun, 28 Oct 2007 14:15:05 +0300Received: from INTZEXEVSIZN02.iraq.centcom.mil ([10.70.20.16]) by INTZEXEBHIZN01.iraq.centcom.mil with Microsoft SMTPSVC(6.0.3790.3959);

The key piece is the 214.13.200.111. That is a public address. You can use nslookup to verify it. Heck, you can look up who owns the 214 address chunk. Here is a hint:

214/8 Mar 98 US-DOD

The email got routed through a US-DOD server, that is not something that one can just do. You would need to compromise the server to forward the email. The choices are clear, either a government official lied because he didn’t like what a blogger was writing about and got more upset by what he saw as unfair and unprofessional behavior or someone pulled off a hoax. A hoax with the unusual property that the more evidence that comes to light, the more convincing it becomes. I think it is safe to say Boylan lied, but more importantly I love mysteries.

Advertisements

6 Comments »

  1. You under-estimate the powers of an open server, CS.
    As I mentioned in the article.

    Comment by Bithead — October 29, 2007 @ 10:40 am

  2. I should have mentioned… Particularly one running Microsoft Exchange. Trust me… I do this for a living.

    Comment by Bithead — October 29, 2007 @ 10:43 am

  3. […] So this morning, comes a defender, who says I got the IP part  right, but missed a clue: […]

    Pingback by Greenwald, part duex | BitsBlog — October 29, 2007 @ 11:00 am

  4. “One thing that someone else noted is that Greenwald lists the originating IP address as 10.70.20.16. They are correct that 10.70.20.16 is a private IP address. Anyone can claim to be 10.70.20.16, just like anyone can claim to be 192.168.1.1.”

    I can’t speak for the US military, but my experience on another government network was that all their router ports were assigned static IP addresses, and each machine had to be set to use the appropriate address for the port they were plugged into – they weren’t dynamically assigned. Which meant that each machine could be uniquely identified by its IP address, despite the fact that they were on a private network.

    As I said, I don’t know if the military does the same thing; but given that information leaks are a big concern to the military, that’s what they’ll be doing if they have competent network administrators.

    Comment by John Small Berries — October 29, 2007 @ 1:05 pm

  5. “Hacking into” a DOD server is totally unnecessary. All anyone would need is Boylan’s user/pass. People have been circumventing systems through social engineering for decades. Given the level of detail, I would say it’s most likely it was sent by an aide.

    Regardless, Greenwald is a disgustingly dishonest person. The infamous sock puppeteer actually claimed to have been “professional and civil,” after all the incredibly nasty things he had said about our soldiers, and continued saying in the same post.

    Really, it’s astonishing and dismaying that anyone takes GG’s drivel seriously.

    Comment by TallDave — October 29, 2007 @ 7:14 pm

  6. I just want to mention a few things. First, I highly doubt 02exbhizn02.iraq.centcom.mil has been compromised and is an open relay. However, feel free to prove me wrong. Forge an email from Boylan just like your apparent attacker did and get the headers to match. Send the email to a disposable email address and make the information on how to access it public so others can verify it along with the steps you took so it can be reproduced. I would try, but apparently I have more faith in the DoD and various law enforcement agencies to track down the attempted intrusion. However, since bithead is a professional and it is MS Exchange, I’m sure he is more than qualified to attempt it without getting caught. Or maybe he could ask his apparently equally qualified friends to do so. Although, I feel obliged to tell anyone that might actually attempt this, that you are probably violating multiple federal laws, and breaking the law is wrong even if it is innocent. But I‘m no lawyer. Regardless, there is no evidence as of yet to support the claim that the server has been compromised. I’m not going to attempt to poke around a government server, so I’m just going to move on.

    Secondly, TallDave is right that someone in the DoD is vastly more likely to have sent the email, but it may not have been Boylan. This could be as low-tech as someone typing at Boylan’s computer when he forgot to either to lock it or log-off. In this regard, all evidence will show that the digital Boylan sent the email, but not the person. This version fits all the evidence and maintains Boylan‘s honesty. However, it moves the simple deception of Boylan’s ploy of just playing dumb, to an as of yet undetermined actor with a motive to conceal their identity and pose as Boylan for some inscrutable reason. Boylan’s fraud is incredibly small and understandable as opposed to that of this mysterious and unknown agent. Yet, the fundamental question remains: why go to all the trouble?

    At this point, I’m going to invoke Occam’s razor. Boylan playing dumb to a blogger that proved himself in the course of this fiasco to have a degree of intellectual dishonesty is an adequate explanation for the events. Boylan being impersonated by someone for, as of yet, inscrutable reasons and deceitful means to write a completely factual email about specific issues to left-wing blogger is a more complex explanation. More people, more deceit, less obvious motive, therefore the “inscrutable deceiver theory” is less likely to be true. But, that is just my opinion, I could be wrong and look forward to any new or overlooked evidence people are able to find.

    Comment by codesmithy — October 30, 2007 @ 3:49 am


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: