bureau42 Anonymous Remailer <nobody@bureau42.ml.org> writes:

On Sun, 14 Dec 1997 at 08:12:31 -0600 Human Gus-Peter wrote:

...

It is interesting to note that the emails from treasury.gov constituted the same type of 'threat' that Bell was roundly accused of by government officials and the press.

I've seen brief mention of this before, but have never seen any details on the list. Aside from Jim Choate questioning my arithmetic or attention span, would anyone be kind enough to provide pointers to information about incidents of c-p list members having received unsolicited email from .gov?

Check the archives. There was plenty of discussion when it happened. I'm convinced they used names pulled out of Bell's computer, not a cypherpunks subscriber list as they sent my copy of the SPAM to an email address that had long been retired at the time of the mailing, but had been used to exchange email with Jim. Far more active list members than I didn't get a copy.

Declan, did you catch a whiff of this when it happened? I would think everyone's alarm bells would have gone off and people would have been intensely interested in the messages themselves, particularly the headers.

They did, and we were. Here's a copy of one message I saved: To: cypherpunks@algebra.com Subject: gotcha (was Re: DEATH TO THE TYRANTS) References: <1.5.4.32.19970723233941.006d1374@pop.pipeline.com> <v03102800affc86bdca7e@[207.167.93.63]> From: SL Baur <steve@xemacs.org> In-Reply-To: Tim May's message of "Wed, 23 Jul 1997 21:21:48 -0700" Date: 23 Jul 1997 22:18:12 -0700 Message-ID: <m2lo2xauzv.fsf_-_@altair.xemacs.org> Tim May <tcmay@got.net> writes:

Namely, who is "irsnwpr@net.insp.irs.gov" and what does he or she think of the "DEATH TO TYRANTS" subject header, sent to me (and maybe others). ... The headers in the first of the messages I received were:

Received: from tcs_gateway1.treas.gov (tcs-gateway1.treas.gov [204.151.245.2]) by you.got.net (8.8.5/8.8.3) with SMTP id PAA28395 for <tcmay@got.net>; Fri, 18 Jul 1997 15:29:59 -0700 ... Received: from tcs_gateway1.treas.gov (tcs-gateway1.treas.gov [204.151.245.2]) by you.got.net (8.8.5/8.8.3) with SMTP id PAA28954 for <tcmay@got.net>; Fri, 18 Jul 1997 15:39:39 -0700

If those headers are forged, it is an expert forgery. The MX hosts for the net.insp.irs.gov domain are fun: net.insp.irs.gov preference = 10, mail exchanger = tcs-gateway2.treas.gov net.insp.irs.gov preference = 20, mail exchanger = tcs-gateway1.treas.gov net.insp.irs.gov preference = 30, mail exchanger = gotcha.treas.gov irs.gov nameserver = gotcha.treas.gov irs.gov nameserver = nis.ans.net irs.gov nameserver = ns.ans.net tcs-gateway2.treas.gov internet address = 204.151.246.2 tcs-gateway1.treas.gov internet address = 204.151.245.2 gotcha.treas.gov internet address = 204.151.246.80 `gotcha.treas.gov'? It's a real host connected through ans.net ... 12 h10-1.t32-0.New-York.t3.ans.net (140.223.57.30) 139.839 ms 126.702 ms 125.82 ms 13 h11-1.t56-1.Washington-DC.t3.ans.net (140.223.57.21) 147.248 ms 124.774 ms 118.815 ms 14 f0-0.cnss60.Washington-DC.t3.ans.net (140.222.56.196) 192.54 ms 125.939 ms 166.529 ms 15 enss3080.t3.ans.net (192.103.66.18) 130.917 ms 131.057 ms 145.377 ms 16 gotcha.treas.gov (204.151.246.80) 133.065 ms 134.345 ms 131.596 ms Except for hop 16, this is the same traceroute as to tcs-gateway2.treas.gov. For what it's worth, the traceroute to tcs-gateway1 is slightly different: 8 h13-1.t16-0.Los-Angeles.t3.ans.net (140.223.9.14) 44.997 ms 51.526 ms 51.875 ms 9 h14-1.t112-0.Albuquerque.t3.ans.net (140.223.17.10) 60.895 ms 60.426 ms 57.762 ms 10 h14-1.t64-0.Houston.t3.ans.net (140.223.65.9) 81.131 ms * 85.067 ms 11 h14-1.t80-1.St-Louis.t3.ans.net (140.223.65.14) 117.62 ms 100.623 ms 104.878 ms 12 h10-1.t60-0.Reston.t3.ans.net (140.223.61.13) 126.368 ms 136.017 ms 123.367 ms 13 f2-0.c60-10.Reston.t3.ans.net (140.223.60.220) 129.505 ms 128.214 ms 128.52 ms 14 enss3079.t3.ans.net (204.148.66.66) 134.707 ms 162.912 ms 160.774 ms 15 tcs-gateway1.treas.gov (204.151.245.2) 154.268 ms * 155.898 ms

any details on the list. Aside from Jim Choate questioning my arithmetic or attention span, would anyone be kind enough to provide pointers to information about incidents of c-p list members having received unsolicited email from .gov?

Sigh, answering a question about a possible forgery asked by TruthMonger?, I must be losing it.

From irsnwpr@net.insp.irs.gov Date: Thu, 17 Jul 1997 12:29:08 -0400 From: IRS Inspection <irsnwpr@net.insp.irs.gov> To: Interested-Parties@net.insp.irs.gov Subject: Something of Interest

United States Attorney Western District of Washington FOR IMMEDIATE RELEASE July 18, 1997 JAMES D. BELL PLEADS GUILTY TO OBSTRUCTING THE IRS AND USING FALSE SOCIAL SECURITY NUMBERS United States Attorney Kate Pflaumer announced that JAMES DALTON BELL, 39, pleaded guilty today in the federal court in Tacoma to two felony charges. BELL, a resident of Vancouver, Washington, pleaded guilty to obstructing and impeding the Internal Revenue Service (IRS), and to falsely using a social security number with the intent to deceive. United States District Court Judge Franklin D. Burgess presided over today's proceedings. The charges stem from an investigation initiated in October, 1996 by IRS Internal Security Inspectors into reports that BELL was gathering the names and home addresses of IRS employees. In previous court hearings, IRS Inspectors testified that BELL had obtained the names and home addresses of 70 IRS employees as part of "Operation LocatIRS." In the eight page plea agreement signed by BELL, he acknowledged that he had gathered the names and addresses of the IRS employees in order to intimidate them in the performance of their official duties. During the course of their investigation, IRS Inspectors discovered that BELL was advocating a scheme called "Assassination Politics", whereby persons would be rewarded with "digital cash" for killing certain undesirable people. BELL identified these undesirables as government employees, such as IRS employees, who would be intimidated from enforcing internal revenue laws for fear of being assassinated. In the plea agreement, BELL admitted that he suggested using "Assassination Politics" as an enforcement mechanism for the "Multnomah County Common Law Court", and that this was part of his effort to obstruct and impede the enforcement of internal revenue laws. In affidavits previously filed in this case, IRS investigators identified BELL as a participant in the "Multnomah County Common Law Court", which was described as a self-appointed anti-government extremist group which purports to hold "trials" of IRS and other Government employees for the performance of their official duties. The affidavits indicated that in January, 1997 the "Multnomah County Common Law Court" held a "trial" of IRS and other Government officials. In the plea agreement, BELL also admitted that on March 16, 1997, he conducted a chemical "stink bomb" attack on the IRS office in Vancouver, Washington, using the noxious chemical mercaptan. In affidavits filed with the Court, IRS Inspectors tied BELL to two previous mercaptan attacks against non-government targets: one being a lawyer's office in 1984, and the other a vehicle in 1989. The IRS investigators also linked BELL to two purchase orders for noxious chemicals, one in 1994 and one in 1996. According to the plea agreement, the attack on the IRS office resulted in a cost to the government of $1,359, and caused a number of IRS employees to have to leave work. In an affidavit previously filed in this case, IRS Inspectors indicated that the mercaptan attack may have been linked to the February 20, 1997 seizure of BELL's vehicle by the IRS for unpaid taxes. As part of the plea agreement, BELL also admitted that he used several different social security numbers in order to hide assets from the IRS and thus to impede the IRS's ability to collect taxes he owed and to prevent the IRS from levying his wages. Federal agents had previously executed two search warrants on BELL's residence. On April 1, 1997, IRS agents seized computers, documents, and firearms during a search. In a follow-up search, the Environmental Protection Agency seized a variety of dangerous chemicals which had been discovered during the execution of the IRS warrant. BELL was arrested by IRS Inspectors on May 16, 1997. BELL continues to be held in custody based on a May 23, 1997 ruling by Magistrate Judge J. Kelley Arnold that BELL posed a danger to the community and was a flight risk. BELL faces a maximum sentence of three years in prison and a $250,000 fine for the obstruction charge, and five years and a $250,000 fine for using a phony social security number. The IRS received assistance in the investigation of BELL from the Portland Police Bureau, Oregon Department of Justice, Oregon State Police, Federal Bureau of Investigation, and the Vancouver, Washington Police Department. --end Datacomms Technologies data security Paul Bradley, Paul@fatmans.demon.co.uk Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: FC76DA85 "Don`t forget to mount a scratch monkey"