U.S. Terrorist Screening Center Visits Cryptogon; Reveals Activity Due to Stupidity
June 19th, 2007The U.S. Terrorist Screening Center user (host: techtrack.gov, ip: 67.108.115.178) conducted the following Google search: “national security analysis center”
The user clicked on this Google cache page of a Cryptogon story about the National Security Analysis Center, but I saw it in the log anyway (explained below). In fact, I saw two visits simultaneously. The one above along with one from something called cypresscom.net (host: 64-190-60-164.static.cypresscom.net, ip:64.190.60.164). It contained the same referrer info as the visit above, and arrived at the same time.
The techtrack.gov ip comes back to XO infrastructure in Virginia:
OrgName: XO Communications
OrgID: XOXO
Address: Corporate Headquarters
Address: 11111 Sunset Hills Road
City: Reston
StateProv: VA
PostalCode: 20190-5339
Country: US
cypresscom.net ip 64.190.60.164 comes back to:
OrgName: Cypress Communications
OrgID: CYPC
Address: 15 Piedmont Center Suite 100
City: Atlanta
StateProv: GA
PostalCode: 30305
Country: US
But look at the DNS machine names:
NameServer: LOYAL.CYPRESSCOMM.COM
NameServer: CLEAN.CYPRESSCOMM.COM
NameServer: BRAVE.CYPRESSCOMM.COM
Loyal. Clean. Brave.
(I almost don’t want to know.) UPDATE: I was just about the only one who didn’t know the Boyscout Law. Many Cryptogon readers did.
I’m not really sure why both of those visits happened at the same exact moment. And both user agent headers were the same. Does it have something to do with the fact that that the TSC user clicked the Google cache link instead of clicking the direct link to Cryptogon? Something to do with the spooky splice jobs?
Now, you might be wondering, “Kevin, how do you know it’s the Terrorist Screening Center if the hostname is techtrack.gov?”
In Review of the Terrorist Screening Center (Redacted for Public Release) Audit Report 05-27 June 2005 Office of the Inspector General Appendix IV Terrorist Screening Center Response, under IT Operations, Grasshopper will find exactly two sentences that have not been redacted:
For SBU connectivity, each of the partner agencies has brought its system into TSC space and used those paths to pass data to and from the home systems. Purely unclassified connectivity is provided by the Techtrack system.
Grasshopper may also refer to page 14 of the Michigan Chapter of The Association of Public-Safety Communications Officials – International, Inc. – APCO International Newsletter from May/June 2005 which mentions the “possible terrorist alert” handling codes and procedures for law enforcement. This information was provided by the Terrorist Screening Center. Note the email address and domain name to which questions about the TSC should be sent. That’s right. It goes to techtrack.gov. That thing is some kind of TSC gateway to the public Internet.
(Now, I don’t know about you, but I think that the Michigan Chapter of The Association of Public-Safety Communications Officials – International, Inc. f#@*%d up big time by placing that document on the Internet. Let me know if they remove that information.)
Since the number of people being added to the terrorist watch list is “out of control” there is an increasing chance that you might find yourself in a situation where a cop is handling you according to the directives on page 14 of that document above. In short, NOT volunteering information to pigs is more important than ever, since the Homeland’s Magic 8-Ball might have you listed with the “handling codes” 3 or 4. If that system lists you with the “handling codes” 1 or 2, you’re going to be arrested/detained on terrorism related offenses regardless of what you say or don’t say to the cop.
Note to the TSC user (and other clueless computer users) about trying to avoid showing up in server logs by using Google cache:
Google caches only the text of the Web page. All the external files (Javascript, Cascading Style Sheets, images, Flash, etc.) are not saved by Google. If a Web site deletes its style sheet, for instance, and the old page is viewed in Google’s cache, it will render without the style sheet. Same thing for images, etc.
When a browser requests a file from a Web server, that request is stored in the Web site’s logs. So it is only if a Web page has no external files that you will not show up in someone’s Web log by viewing Google’s cache.
Thanks Terrorist Screening Center user. Because of your stupidity, we learned some interesting information about how evil works today.
A boy scout is
* Trustworthy,
* Loyal,
* Helpful,
* Friendly,
* Courteous,
* Kind,
* Obedient,
* Cheerful,
* Thrifty,
* Brave,
* Clean,
* and Reverent.
It’s the Boy Scout Law.
Loyah, clean and brave are part of the Boy Scouts code (or motto, or whatever they call it)
“A scout is trustworthy, loyal, helpful, friendly, courteous, kind, obedient, cheerful, thrifty, brave, clean and reverent.”
I can’t believe I remembered that from 12 years ago (I only forgot one, “thrifty”).
XOXO Communications, huh? That rings a bell with me, so pardon me while I tell you a little story. I wrote the following letter to Jame Howard Kunstler in December 2005, after reading one of his columns in which he basically said that those of us who suspect our government of spying on us are basically paranoid.
Dear Mr. Kunstler,
Reading your recent columns on the Clusterfuck Nation Chronicle, I felt compelled to write to you and share my little story that touches on both the themes of electronic surveillance and 9/11. You can draw your own conclusions about whether it qualifies as evidence of non-jihadist surveillance.
Last June I organized a speaking engagement for Michael Ruppert in Portland, Oregon. It was a fairly big deal for me personally, as I put about $4k on the line to bring him to town to express his views on Peak Oil and 9/11. The afternoon of the event I received an email on my Windows computer at work. The email was addressed to me personally, and it was purportedly from my email provider (or so the return address said). It said that my email account was being terminated and that I would have to read the enclosed attachment to find out why. The attachment appeared to be a plausibly named .txt file, so I clicked on it… and then instantly regretted it. For I saw a brief little window telling me that Windows was installing something. Quickly I unplugged my computer’s ethernet cable, and ran to get the IT guys involved.
The IT guys weren’t busy, so we had time to figure out what had happened. We checked the server logs, and learned that my computer ‘phoned home’ immediately after the virus/worm installed itself. We made a note of the IP address it sent packets to.
Next I signed into my email account from a different computer, and examined the headers for the suspect email. Because each email forwarding computer leaves a trail of bread crumbs in the form of IP addresses, we were able to determine that the email return address was forged. We made note of the real originating IP address for the email. We also noted that the attachment in the email cleverly exploited a vulnerability in my provider’s web mail interface, in which spaces could be used push the real file type suffix off the end of the attachment name field. Slick, very slick.
Back at the still-running and infected computer, we poked around trying to see if we could detect the virus using the usual common tools. Windows task manager showed nothing unusual. MacAfee virus scan showed nothing unusual. Finally, after picking through the registry manually the IT guys were able to determine that it had installed a variant of one of the more deadly worms of last summer, though not a variant common enough to be detected by standard anti-virus tools. We eventually found the files that it installed, and verified them against Norton’s online encyclopedia of virii/worms.
Then I noticed that the email address that the suspect email came in on was an email address that I had created expressly for the purpose of organizing the Ruppert lecture. It had never been given to or used with anyone other than a few other helpers in the organizing. It was certainly never given to any commercial enterprise, nor posted on any web site or forum page. The other thing you have to know is that I almost never get dangerous emails of this type; I use an email alias service that lets me delete any email address that I give out if it becomes known to spammers. This email attack was the only one that I received in all of 2005, as a matter of fact.
I looked up the two IP addresses of interest. One was for XOXO Communications, 11111 Sunset Hills Road, Reston, Virginia. The other was for Beyond The Network America, 12100 Sunset Hills Road, Reston, Virginia. I find myself wondering about what entity is large enough to send an email from one address in Reston, VA, and then have the response directed back to another entity in Reston about a block away… The CIA’s Technical Directorate, whose primary function is electronic eavesdropping, is headquartered in Reston. Want to bet that it has an address on Sunset Hills Road?
So, adding it all up, what do we have? A forged, virus laden email, originating in Reston, Virginia. Addressed to me personally, by name, arriving the day of an event featuring Ruppert, whose views you are familiar with. Coming in on an email address used exclusively for organizing that event. Very professionally designed, nearly undetectable. Phones home to Reston, Virginia. You can draw your own conclusions, but for me the most important fact about this virus attack was the fact that it was an asymptomatic delivery: virus attack emails either come as mass-mailings (which this was not), or they come as emails from the infected computers of people I’ve corresponded with (which this one was not).
============
Well, that’s my little story. It is not 100% provable, just suspicious. And although I do happen to believe the Ruppert 9/11 story line, I won’t hold it against you if you don’t. I’m sure that others have pointed out the good work that David Ray Griffin has done in documenting how poorly the official Commission has done in investigating the tragedy.
Anon E. Mouse
Tsk. Tsk. How do you know it was stupidity? The TSC user could just as easily have been a cryptogon sympathizer who was trying to pass you “some interesting information about how evil works today,” by “accidentally” clicking a cache of your site. If questioned by a superior, his leak could then be ascribed to “stupidity.”
That’s another thing that’s interesting about the I-net. It’s a two-way street.
BTW- clicking the cache is good for when the page mysteriously “disappears” off the regular URL; it also highlights your search terms too, thus saving you time.
Bwahahahaha! These guys are the dinks who are protecting us from pure evil! It is a very good thing that the Taleban, the Muji, and the Al-Quida types don’t have T1 lines, or computers, or electricity, otherwise we might be truly screwed.
The DNS names are alarming, as if chosen by ex-boy scouts who love God and fear sin, or maybe they have a thing for Dr. Strangelove. (I have so much more to say, but it would wander into simple dispair and rude, sarcastic insults.)
Oh m’God, Oberreichsturmbannfuhrer Reinhard Heydrich has returned from the grave and learned how to play with Information Technology! Now all vee vill hear is zuh incessant pounding of boots in zuh streets!
The Eagle Scout in me says those DNS server names come from the Boy Scout Law: http://en.wikipedia.org/wiki/Scout_law#Boy_Scouts_of_America
Here’s some things to check out:
http://www.dtra.mil/about/index.cfm
http://www.lib.lsu.edu/gov/alpha
This is really scary:
http://www.ocrwm.doe.gov/ymp/index.shtml
Kevin can you just make it clear, If I just keep reading your site is some authority going to bother me later? What if I send you an email? Like are they monitoring your site and all of us are tagged to be hauled away in boxcars with shackles in them?
Because Ive got a lot of toys and zombie pleasures Id like to enjoy for awhile before Im declared a threat because I read all these crazy websites saying this and that.
Jason, link comes back as “Error Page Not Found”
What was it?
@ Jason
Oops, the link in 9. has been disappeared. Probably being electronically shredded at a secret facility right now . . . .
What was that link in 9 Jason?
I was just noting the irony of an apology on a page titled “Civilian Radioactive Waste Management”. Like a possible Freudian slip. I could have alternately linked to this:
http://www.ocrwm.doe.gov/youth/index.shtml
Yay! Yucca Mountain Johhny! Yay!
You should check out the critters hangin’ at Yucca Mountain Johnny’s Cabin of Prosperity, Democracy, and Freedom:
http://www.nsa.gov/kids/home.cfm
@possum
I’d say they probably are following us already. The people who think they “know”, the political activists, are going to be metaphorically (and possibly in reality) hanged, but those of us who really do know, are going to be disappeared and likely with no warning.
I love “XOXO” communications, hilarious!
oh well thats really great, this is what I get for my curiousity , now my possum ass is going to be hung.
Here’s another one for you:
obedient.cypresscomm.com = 216.230.64.2
I only dropped a few topics relating to stuff
I heard on here in other forums.
I now get XO sniff/scans,…I guess
I am in
http://ca.fwalerts.zonelabs.com/fwanalyze.jsp?record=ZLN02182553178841-1051/1264c8401138a016bbb04dd8&tab=whois