Tracking the RIAA Source
Thanks to help from a person here we have developed a likely source for the RIAA meeting messages, and at the moment it appears likely Safeweb was used to send the messages as well as check on the Cryptome file. Safeweb appears to dynamically assign addresses to users, though within a limited range which might be set by the location of the user, but we are not sure of that. Indeed, if Safeweb does not cloak location by avoiding a predictable range that would be a serious weakness. But we need to test that. Safeweb is, at least in part, hosted by the giant ISP Abovenet, home-based in San Jose, CA, with facilities all around the US and overseas. To help us triangulate a likely location from which the messages were sent we need to log accesses to Cryptome from a variety of US and overseas locations. For example I get the same range of addresses as those of the RIAA messages and file accesses by logging in from New York City to Safeweb.com then using Safeweb to request a Cryptome file. What I don't know is whether those same addresses would be used from other physical locations around the world. For anybody who wants to risk giving away their own location I ask that accesses be made from the Safeweb.com from any location in the world to a fictitious file on Cryptome: http://cryptome.org/this-is-safeweb-xxxxxxxx.htm Replace xxxxxxx with a clue to your location, say, texas, germany, whereever I could identify. The request will generate an error code and an originating address from Safeweb which I can use to compare to what I've got for the RIAA messages and for NYC. Presumably Safeweb will cloak your actual IP address. Let me emphasize that I do not yet believe the source was perpetrating a hoax, or if so whether the hoax was run to benefit RIAA which is the current outcome. My intention is not to out the source if the leak is legitimate, but I damn well want to broadcast it if RIAA, its friends or a TLA cooked up the ruse. Declan has jumped the gun on assigning blame here, apparently doing little more checking than Tony Smith. But hell that snotty Net competition at its best: fire, aim, oh, the safety was off.
From 14 users of Safeweb scattered around the US and several overseas, the same range of IP addresses were used. Which makes sense if all users logged into
the same Safeweb home page and from there logged onto Cryptome. A few users logged in from their own addresses just before or after using Safeweb for comparison. No triangulation with that method. One thing my co-cpunk found by pinging Safeweb is that the last couple of hops were in the NYC area: 13 lga1-ord2-oc48-2.lga1.above.net (208.185.156.158) 112.562 ms 111.984 ms 112.53 ms 14 core2-lga1-oc192.lga2.above.net (208.184.232.198) 114.423 ms 113.431 ms 112.688 ms 15 main1colo45-core2-oc48.lga2.above.net (216.200.127.174) 113.138 ms 113.855 ms 111.581 ms 16 208.184.48.189.safeweb.com (208.184.48.189) 113.78 ms 115.876 ms 113.534 ms 17 64.124.150.130.safeweb.com (64.124.150.130) 112.797 ms 112.937 ms 112.228 ms This is on the assumption that "lga2" refers to "La Guardia," but that is not certain for the tag may have nothing to do with physical location. However other above.net hops used airport tags. If you would like to ping Safeweb we would appreciate getting the logs for comparison. Just be alert to this being a scam to snarf your true identity, so leave off the first hop if you like, or just send in the last four or five hops leading up to Safeweb. The IP addresses of 64.124.150.130 et seq. is what we are tracking, but note the other Safeweb address in the ping log. So we would like to get any fresh safeweb addresses in ping logs beyond this range and altogether different domains: 64.124.150.130 - 64.124.150.144 Thanks.
John Young wrote:
From 14 users of Safeweb scattered around the US and several overseas, the same range of IP addresses were used. Which makes sense if all users logged into the same Safeweb home page and from there logged onto Cryptome. A few users logged in from their own addresses just before or after using Safeweb for comparison.
No triangulation with that method.
One thing my co-cpunk found by pinging Safeweb is that the last couple of hops were in the NYC area:
13 lga1-ord2-oc48-2.lga1.above.net (208.185.156.158) 112.562 ms 111.984 ms 112.53 ms 14 core2-lga1-oc192.lga2.above.net (208.184.232.198) 114.423 ms 113.431 ms 112.688 ms 15 main1colo45-core2-oc48.lga2.above.net (216.200.127.174) 113.138 ms 113.855 ms 111.581 ms 16 208.184.48.189.safeweb.com (208.184.48.189) 113.78 ms 115.876 ms 113.534 ms 17 64.124.150.130.safeweb.com (64.124.150.130) 112.797 ms 112.937 ms 112.228 ms
This is on the assumption that "lga2" refers to "La Guardia," but that is not certain for the tag may have nothing to do with physical location. However other above.net hops used airport tags.
If you would like to ping Safeweb we would appreciate getting the logs for comparison. Just be alert to this being a scam to snarf your true identity, so leave off the first hop if you like, or just send in the last four or five hops leading up to Safeweb.
The IP addresses of 64.124.150.130 et seq. is what we are tracking, but note the other Safeweb address in the ping log. So we would like to get any fresh safeweb addresses in ping logs beyond this range and altogether different domains:
64.124.150.130 - 64.124.150.144
Thanks.
I get the same thing here once you hit the above.net edge router. jbdigriz
On Thu, Oct 11, 2001 at 11:08:26AM -0700, John Young wrote:
Declan has jumped the gun on assigning blame here, apparently doing little more checking than Tony Smith. But hell that
Naturally this is incorrect. I had all day yesterday to check with folks who were supposedly there, and I've satisfied myself that the "meeting" was a fiction. Face it, John: You and Cryptome got suckered. Now everyone knows all they have to do to post some document on your site is to come up with a reasonably plausible forgery sent from a hotmail.com address or the equivalent. Maybe some Feds will send you "leaked cypherpunk grand jury investigation" documents that the fine friendly folks in Seattle wrote over drinks and giggles last evening. Now, I'm not really faulting you, since you never claimed that the document was real, as the Register did. In fact, Cryptome's policy, as I understand it, has not been to vouch for the authenticity of information. Post what you get, we love it, it's a wonderful experience in online bottom feeding, a tour of the muck and mud, and an unprecedented lure for Feds, journalists, and cypherpunks alike. But, my friend, if what you post turns out to be a malicious forgery, don't get huffy about it. -Declan
But Declan, are you saying your word about checking is to be believed? I didn't see your proof. How is your position not a hoax? Names and dates and documents to back them or you're a fucking lying hoaxer. Did you ask to see any of the RIAA messages, and if so, did you see them. You didn't ask me what might be in the ones I got, if there were others (there are), if this is a campaign run by RIAA to create sympathy, or some other vile deed much worse than a trivial hoax which seems to beguile overmuch. Why the rush to judgment to believe "people who allegedly were there?" Where's your healthy skeptcism of these people. None of the persons listed in the message are trustworthy if you're not in their loop. Are you in their loop, then you got a problem vouching for what they told you. You slimey suckup, you boy with cute eyes. you, you, Brad Pitt. Were you so blinded by the desire to whack your competition that you failed to see a genuine story -- which has yet to researched and reported? Why the eagerness to wash your hands, as with Tony Smith, to not follow the lead handed to you. Why not do an truly original interesting story, you, you recycler. Let me give you some pointers on getting why getting sucker punched works, compared to getting fat-headed on inside dope. You need more punchdrunkenness to offset your condescending pretentiousness. Grow half a beard. Chop a finger. And stop grinning so much. Take the sucker punches for they give you a look at the enemy not available by a frank and earnest confab. Truth comes out by hammer blows not by popping zits. You have performed worse than The Register on this, I opine from this pinnacle of Absolom. And you are now using delphic putdowns to beg the important issue -- which is why do reporters run from really brusing challenges yet brag about the creampufferies of, what else, free speech (spit). A hoax is not worth the time it takes to debunk it, they are every where. More interesting is what's behind the RIAA orchestrated deception kind. If guys like you, offal meisers, did a good job there would be no need for us purehearted bottom-feeders where the repugant action takes place and where you never know for sure who's out to plant false info -- you've done that with me more than once. You, you American. This is the word of Jehovah Allah, so watch your fucking obscenity.
John, we all adore you, but you gotta decide whether you're going to stand behind what you post or not. Either way -- you say it's legit or you disclaim all knowledge of its validity -- is fine with me, and, I suspect, the bulk of your readers. But right now you seem to want to have it both ways. You want to be able to claim credit for when what you post is legit, and you want to be able to slink away from what you post that's a fucking lying hoax, to use your words. Otherwise you'll just be used by fucking lying hoaxers, and worse. Let me put this another way. Based on my conversations yesterday, I have every reason to believe that the hoax was, well, a hoax. If you have a shred of evidence to the contrary that your hoax-report was in fact true, please do post it. No? You don't? I see. Your fan, Declan On Thu, Oct 11, 2001 at 08:29:08PM -0700, John Young wrote:
But Declan, are you saying your word about checking is to be believed? I didn't see your proof. How is your position not a hoax? Names and dates and documents to back them or you're a fucking lying hoaxer.
Did you ask to see any of the RIAA messages, and if so, did you see them. You didn't ask me what might be in the ones I got, if there were others (there are), if this is a campaign run by RIAA to create sympathy, or some other vile deed much worse than a trivial hoax which seems to beguile overmuch.
Why the rush to judgment to believe "people who allegedly were there?" Where's your healthy skeptcism of these people. None of the persons listed in the message are trustworthy if you're not in their loop. Are you in their loop, then you got a problem vouching for what they told you. You slimey suckup, you boy with cute eyes. you, you, Brad Pitt.
Were you so blinded by the desire to whack your competition that you failed to see a genuine story -- which has yet to researched and reported? Why the eagerness to wash your hands, as with Tony Smith, to not follow the lead handed to you. Why not do an truly original interesting story, you, you recycler.
Let me give you some pointers on getting why getting sucker punched works, compared to getting fat-headed on inside dope. You need more punchdrunkenness to offset your condescending pretentiousness. Grow half a beard. Chop a finger. And stop grinning so much.
Take the sucker punches for they give you a look at the enemy not available by a frank and earnest confab. Truth comes out by hammer blows not by popping zits.
You have performed worse than The Register on this, I opine from this pinnacle of Absolom. And you are now using delphic putdowns to beg the important issue -- which is why do reporters run from really brusing challenges yet brag about the creampufferies of, what else, free speech (spit). A hoax is not worth the time it takes to debunk it, they are every where. More interesting is what's behind the RIAA orchestrated deception kind. If guys like you, offal meisers, did a good job there would be no need for us purehearted bottom-feeders where the repugant action takes place and where you never know for sure who's out to plant false info -- you've done that with me more than once. You, you American.
This is the word of Jehovah Allah, so watch your fucking obscenity.
FAS falls. fas.org's Project on Government Secrecy, has not only pulled 200 documents from it's web-site (including crude NSA HQ maps), but has apparently lobbied Google to remove fas, in its entireity, from the Google cache. FAS and Aftergood have now fallen to the trolls. Long cherished thorns in the US intelligence oligarchy's backside, PGS has become an oxymoron. -- Julian Assange |If you want to build a ship, don't drum up people |together to collect wood or assign them tasks and proff@iq.org |work, but rather teach them to long for the endless proff@gnu.ai.mit.edu |immensity of the sea. -- Antoine de Saint Exupery
participants (4)
-
Declan McCullagh -
James B. DiGriz -
John Young -
proff@iq.org