Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

Ok. All IT Weenies: Time for some email detective work. Front and center, please.

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread
This topic is archived.
Home » Discuss » Archives » General Discussion (1/22-2007 thru 12/14/2010) Donate to DU
 
Tandalayo_Scheisskopf Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Mar-20-07 12:51 AM
Original message
Ok. All IT Weenies: Time for some email detective work. Front and center, please.
It is known that there was at least one "clandestine" email server at the RNC, that was being used to do an end run around White House and government email retention policies. The gut feeling I have is that there is a high degree of probability that there were others out there. Now, email is almost a trivial service these days. You can rent email, lease email, buy email, or get your 15 year old nephew to setup postfix on a HP laptop on a static addressed DSL line in Tierra del Fuego IN and be pumping email, as long as you have an MX record.

The question is: How would YOU start to look for the outbound connections records that could lead to the discovery of these servers? How would you start to look for connection patterns? Let's assume, for the nonce, that we do not have Websense or anything similar to rely on for our records.

Let's remember: these guys may be fools, but they are not idiots. "Security through obscurity" and redundant systems are not some dark, arcane secrets of IT. More decentralization of email servers out there may well be one strategy they used. In fact, I expect it.

So, how would YOU look for them?
Printer Friendly | Permalink |  | Top
H2O Donating Member (125 posts) Send PM | Profile | Ignore Tue Mar-20-07 01:03 AM
Response to Original message
1. Well
with any email issue, I usually check the source code; then, I would use some online tools to help me in my search. Such tools can be found online such as www.network-tools.com. This is how I would start
Printer Friendly | Permalink |  | Top
 
Tandalayo_Scheisskopf Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Mar-20-07 01:09 AM
Response to Reply #1
2. Let's assume...
We do not have access to the code. Either it is not available or we are talking some flavor of Exchange(Which is what I expect is being used in gubmint infrastructure).
Printer Friendly | Permalink |  | Top
 
Eurobabe Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Mar-20-07 01:15 AM
Response to Original message
3. So basically what you are telling us is, it's not Watergate but
Operation Clandestine ServerGate?

Who woulda thunk. :eyes:

Can we fire the lot of them yet?
Printer Friendly | Permalink |  | Top
 
Tandalayo_Scheisskopf Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Mar-20-07 01:19 AM
Response to Reply #3
4. Consider this a mental exercise.
I have no access to anything that could prove the hypothesis. But I would not be surprised to find out that this happened. Now, the question hinges on access to White House and DoJ IT infrastructure. If one had that, say, through a court order as a special prosecutor's investigator, where would one look? How would one look? How would one sift the raw data, if it was retrieved?
Printer Friendly | Permalink |  | Top
 
Solo_in_MD Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Mar-20-07 01:20 AM
Response to Original message
5. Are the server logs available for the WH servers under FOIA?
That is where I would start. It would show to what servers mail was exchanged with. Collapse and sort by IP address, remove anything in the .gov or .mil and review what is left. Many people mail themselves things they want from one server to another. Its a place to start. Another would be to find search the registrar database for other registrations from the RNC.






Printer Friendly | Permalink |  | Top
 
Tandalayo_Scheisskopf Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Mar-20-07 01:49 AM
Response to Reply #5
7. Oooo...I strongly doubt that.
Raw server logs are unlikely to be covered. Also, you can bet that they would cite "National Security Interests" regarding them being requested under FOIA.

Now, a spec prosecutor and a subpoena might be another story.

Back to the geekishness: Where in the hardware chain would you pull server logs from first. First, think and Exchange infrastructure, well hardened. Also, a well-hardened Linux/Unix/*BSD infrastructure, using the usual Linux proggies and services.
Printer Friendly | Permalink |  | Top
 
eleny Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Mar-20-07 01:23 AM
Response to Original message
6. K&R
Printer Friendly | Permalink |  | Top
 
caligirl Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Mar-20-07 01:49 AM
Response to Original message
8. dkos onto this already this weekend
http://www.dailykos.com/story/2007/3/4/135310/0946

J. Scott Jennings
Special Assistant to the President and
Deputy Political Director
The White House
Washington D.C. 20502
SJennings@gwb43.com

Ok, so Karl's assistant doesn't use the WH email system but rather gwb43.com. So, let's query the WhoIs database to see who owns gwb43.com:

Registrant:
Republican National Committee
310 First Street SE
Washington, DC 20003
US

Domain Name: GWB43.COM

Administrative Contact, Technical Contact:
Republican National Committee dns@RNCHQ.ORG
310 First Street SE
Washington, DC 20003
US
999 999 9999 fax: 999 999 9999

Record expires on 16-Jan-2008.
Record created on 16-Jan-2004.
Database last updated on 17-Mar-2007 13:19:34 EDT.

Domain servers in listed order:

NS1.CHA.SMARTECHCORP.NET
A.NS.TRESPASSERS-W.NE

Oh, I see. The Republican National Committee maintains this server. The Washington Post mentioned this in its Wednesday's story on Gonzales---

Jennings used an e-mail account registered to the Republican National Committee, where Griffin had worked as an opposition researcher.

Democratic congressional aides said they will investigate whether using the private address for government business violated laws against using taxpayer resources for political work or signaled that White House officials considered the firing of U.S. attorneys to be primarily a political issue. Jennings did not return a call to his office seeking a comment.

"As a matter of course, the RNC provides server space and equipment to certain White House personnel in order to assist them with their political efforts," RNC spokeswoman Tracey Schmitt said.

DeepSouthdoug blogged yesterday, in Send "kr" Your Love on Karl Rove's outside email account, kr@georgebush.com. His blog was based on this WaPo article by Dan Fromklin.

Fromkin asked the WH a these questions, all of which weren't answered:

1. Does White House policy allow White House staffers to use non-White House e-mail addresses for official White House business? Does it prohibit it? What is the policy?

2. Would these e-mails be treated any differently from official White House e-mails when it comes to archiving or subpoena purposes?

3. Does it create either impropriety or the appearance of impropriety that gwb43.com is a domain owned by the Republican National Committee?

4. Do other White House staffers regularly use non-White House e-mail accounts for White House business, and if so, why?

Since then, several readers have e-mailed me with their own questions and comments. So I've added four more, passed those along as well, and still no response:

5. Does non-White House e-mail fulfill security requirements for White House communications?

6. If other non-White House e-mail accounts are used, who are the providers for all of the other accounts? (Any others besides the RNC?)

7. Does White House policy allow White House staffers to use non-White House e-mail addresses from their computers, even for non-official business? I'm told that during the Clinton administration, access to external e-mail, including Web mail, was shut off from White House (eop.gov) computers. Was there a conscious change of policy by the Bush administration?

8. Have there been any recent changes in policy relating to e-mail practices, or are changes in policy contemplated?

He also wonders who maintains the domain that Karl used, georgebush.com. Well, we can query the WhoIs database to find that answer--

Registrant:
Bush-Cheney '04, Inc.
P.O. Box 10648
Arlington, VA 22210
US

Domain Name: GEORGEBUSH.COM

Administrative Contact, Technical Contact:
Bush-Cheney '04, Inc. Chuck@georgewbush.com
P.O. Box 10648
Arlington, VA 22210
US
703-647-2700

Record expires on 01-Apr-2012.
Record created on 01-Apr-1998.
Database last updated on 17-Mar-2007 13:35:28 EDT.

Domain servers in listed order:

NS1.CHA.SMARTECHCORP.NET
A.NS.TRESPASSERS-W.NET

Karl's works in the White house, but "Chuck@georgewbush.com" and Bush-Cheney '04 is responsible for maintaining Karl's uptime.

Technical note: for both email servers the "finger function" is disabled. So, you can't find whether "kr" is the only user of that email server.

However, we can conclude that certain White House communications have been outsourced.

Does anyone remember when a convenient Windows update was made to Flordia state computers after the 2000 election and many emails were--oops!--lost!

And whatdoyaknow? Windows Vista has just been released!!

Also, I suspect that Fitzgerald did not supeona communications from these systems when he investigated the Plame affair. If this was Rove's main email server, then Fitzy--well, it's a sad St. Patrick's day for this snookered Irishman.

And perhaps most important, if matters of National Security were discussed on these servers--and we know that "National Security" is also political--then the very existance of these servers probably violates National Security laws and endangers our county.

Potentially, hackers could break in and find--well, a lot of stuff on National Security.

But--and here it gets amusing or Orwellian, depending upon your sense of humor--someone should subpoena everything on these servers bec. National Security might have been discussed on this alternative channel. But who--the NSC or the DOJ?

-----------------------
UPDATE 3/18/07; 11:45 EST

There are many great threads below, briefly some intereting threads to "find on Page" for are

Network or trespassers-w – for mailserver and host information – who to subpoena and where the actual hard drives should be located
tech (Info on Smarttech – the company hosting the mail servers),
CREW citizensforethics.org – CREW is working on this issue
litigatormom (subpoenas scope),
Britain (a similar sit. with Blair's mailservers)
George (GWB & administration’s email habbits)
Ralston (Abramoff scandal link)

JEB posts on the applicable law

-- and then there's lots of other great threads! (most more insightful than this post)

-----------------------
UPDATE 3/18/07; 12:00 EST

I spoke to someone at The Cleveland Plain Dealer about this story and server location and emailed the Times with the location and kos link.

So, I guess we'll see if the MSM has any interest in this story. I'm sure CREW has contacted them before, as they probably first noticed the email address, kudos to the tech posters on the server info, and the rest of you all for your contributions and continued posts. of course, there's still an opportunity for an intrepid Ohioian to check the location and see how many cars are in the lot. All I'm suggesting is that if there are cars there, people would pay for the video . . .
Printer Friendly | Permalink |  | Top
 
Tandalayo_Scheisskopf Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Mar-20-07 02:07 AM
Response to Reply #8
9. Slammin' stuff.
Especially when Smartech takes its website down in the middle of the thread.
Printer Friendly | Permalink |  | Top
 
DU AdBot (1000+ posts) Click to send private message to this author Click to view 
this author's profile Click to add 
this author to your buddy list Click to add 
this author to your Ignore list Thu Dec 26th 2024, 03:19 PM
Response to Original message
Advertisements [?]
 Top

Home » Discuss » Archives » General Discussion (1/22-2007 thru 12/14/2010) Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators


Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC