Military Spooks Need to Understand: JavaScript Reveals Your Activities, Too
Fun & games time.
Being an ex-Army COMSEC guy myself, who has worked for over 20 years in the networking & security industry, it never really ceases to amaze me that people don't really understand how to adequately cover their tracks.
I mean, the Bad Guys (tm) learned this a long time ago, so why haven't the assorted military and intelligence people also learned?
I ran across this log entry in my super-secret JavaScript tracker logs tonight:
So, having lived & worked in the Washington, D.C. area, and also being familiar with the "military industrial complex" -- as well as the "special" relationships between Beltway-area spook activities and other military command operations-- there's an interesting turn of events that can be gleaned in these two log entries.
First, it's pretty easy to connect the dots here -- clearly the people sitting behind computers at these locations are passing along information to one another, or came across the same memo, for reasons unknown (well, you can guess). Or maybe just a red flag on a widely cast net trawling for open source intelligence, who knows.
But I digress.
Both log entries -- first a host in Silver Springs, MD/Wash.D.C. area, and then immediately followed by a host located outside of Ft. Polk, Louisiana (Leesville, Louisiana) -- reference an Able Danger article I linked to by Shane Harris back in July 2007. Shane writes feature and investigative stories about intelligence, homeland security, and counterterrorism.
It's anyone's guess who is actually behind the Silver Spring Verizon FiOS-connected host in Silver Springs [area map above], but just as an aside, Ft. Polk [area map below] is the home of the U.S. Military's Joint Readiness Training Center (JRTC).
One further bit -- the system in Leesvile, LA, is has a static IP address, strongly suggesting that it is no home/consumer user:
%tracert 209.33.51.46
Tracing route to doc-209-33-51-46.leesville.la.cebridge.net [209.33.51.46]
over a maximum of 30 hops:
[snip]
7 16 ms 17 ms 17 ms vlan69.csw1.SanJose1.Level3.net [4.68.18.62]
8 13 ms 14 ms 34 ms ae-63-63.ebr3.SanJose1.Level3.net [4.69.134.225]
9 47 ms 35 ms 21 ms ae-2.ebr3.LosAngeles1.Level3.net [4.69.132.10]
10 28 ms 34 ms 35 ms ae-78.ebr2.LosAngeles1.Level3.net [4.69.135.13]
11 63 ms 69 ms 55 ms ae-3.ebr3.Dallas1.Level3.net [4.69.132.78]
12 54 ms 66 ms 53 ms ae-78.ebr2.Dallas1.Level3.net [4.69.135.5]
13 57 ms * * ae-24-56.car4.Dallas1.Level3.net [4.68.122.176]
14 * 63 ms 60 ms BROADWING-C.car4.Dallas1.Level3.net [4.71.122.18
]
15 88 ms 105 ms 87 ms lbkb-crs01.suddenlink.net [66.76.30.138]
16 79 ms 77 ms 89 ms lbkb-crs02.suddenlink.net [66.76.31.66]
17 97 ms 78 ms 87 ms bssr-crs02.suddenlink.net [66.76.30.153]
18 90 ms 73 ms 75 ms cdm-66-76-31-42.lfkn.suddenlink.net [66.76.31.42
]
19 74 ms 80 ms 77 ms s208-180-49-5.tylrtx.tl.sta.suddenlink.net [208.
180.49.5]
20 86 ms 85 ms 82 ms cdm-208-180-214-142.shvp.static.suddenlink.net [
208.180.214.142]
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
^C
Lesson: Guys, please learn to cover your tracks a bit better.
- ferg
0 Comments:
Post a Comment
<< Home