TexasJack
Penultimate Amazing
- Joined
- May 2, 2008
- Messages
- 10,906
I should have known it from the start. OK, that explains a lot.
Truthers...what is your best piece of evidence ?
- Thread starter Crazytimes
- Start date
I should have known it from the start. OK, that explains a lot.
TexasJack
Penultimate Amazing
- Joined
- May 2, 2008
- Messages
- 10,906
Here's some more thoughts from Mark Carter:
"In this article I wil connect the World Trade Tower bombing in 1993, the bombing in Oaklahoma City and 911 all together. These three incidents strung together progressively took us into the war in Iraq.This article will also shed new light on the simple fact that the CIA which is secretly a Jewish organization were behind all three events."
http://www.911weknow.com/forums/index.php?topic=496.0
"In this article I wil connect the World Trade Tower bombing in 1993, the bombing in Oaklahoma City and 911 all together. These three incidents strung together progressively took us into the war in Iraq.This article will also shed new light on the simple fact that the CIA which is secretly a Jewish organization were behind all three events."
http://www.911weknow.com/forums/index.php?topic=496.0
A W Smith
Philosopher
its hard to see the watermelon seeds in Mark Carter's lap behind the podium
Crazytimes
Critical Thinker
- Joined
- Sep 9, 2008
- Messages
- 348
I wanted to bump this thread because we are coming up on a year from when I first posted this and I am wondering if anyone can answer the question from my original post.
I am wondering if there is anything new that you truthers would like to ad to the list of evidence.
I ask because in my mind I still believe there is not one single piece of evidence that makes me even question the official story.
Anyone ?
I am wondering if there is anything new that you truthers would like to ad to the list of evidence.
I ask because in my mind I still believe there is not one single piece of evidence that makes me even question the official story.
Anyone ?
codered.d works for me
I hate to do this, nothing rankles me more than having my quiet delusions torn asunder...nevertheless... If I were to pick one primary event that indicated conspiracy I would definitely do a serious lookup on the code red scare that occurred during the winter/spring/summer of 2001. In particular, the fourth incarnation of that worm titled coderedII v2 or codered.d which appeared (i think) around august the 4th/and then again on the 22nd. This particular code had a wonderful trap door built into all effected computers and a kill date of Oct1, 2001.
So, if I were going to run a mission of this type, I'd want access to man-in-the-middle control over media broadcasts so that real time information could be analyzed and filtered or changed if needed.
While much of the news surrounding Code Red centered on home users, very little has been reported about the effects on the routers and media bridging devices of the major telecommunication giants.
It is my contention that code red.d was capable of and may have allowed for real time access to event reporting whereby an individual or individuals could have previewed and disseminated news as it was being sent from the source to the studio.
Affected media products employing Cisco solutions
http://www.cisco.com/warp/public/707/cisco-sa-20010720-code-red-worm.shtml
Code Red Stats
http://andrew.triumf.ca/codered/
CodeRed.d source
http://unixwiz.net/techtips/CodeRedII.html
Any thoughts on this as a concrete approach to investigation?
I hate to do this, nothing rankles me more than having my quiet delusions torn asunder...nevertheless... If I were to pick one primary event that indicated conspiracy I would definitely do a serious lookup on the code red scare that occurred during the winter/spring/summer of 2001. In particular, the fourth incarnation of that worm titled coderedII v2 or codered.d which appeared (i think) around august the 4th/and then again on the 22nd. This particular code had a wonderful trap door built into all effected computers and a kill date of Oct1, 2001.
So, if I were going to run a mission of this type, I'd want access to man-in-the-middle control over media broadcasts so that real time information could be analyzed and filtered or changed if needed.
While much of the news surrounding Code Red centered on home users, very little has been reported about the effects on the routers and media bridging devices of the major telecommunication giants.
It is my contention that code red.d was capable of and may have allowed for real time access to event reporting whereby an individual or individuals could have previewed and disseminated news as it was being sent from the source to the studio.
Affected media products employing Cisco solutions
http://www.cisco.com/warp/public/707/cisco-sa-20010720-code-red-worm.shtml
Code Red Stats
http://andrew.triumf.ca/codered/
CodeRed.d source
http://unixwiz.net/techtips/CodeRedII.html
Any thoughts on this as a concrete approach to investigation?
Justin39640
Illuminator
- Joined
- May 22, 2009
- Messages
- 4,202
i think the field reporters would have noticed something that night when they got home
and most of the telecom gear that transmits to the stations from the remotes
guess where that was?
the antenna farm atop tower 1
most of the remote reports were taped for broadcast and hand delivered to the stations
the only station that went out broadcast that day (cable feeds still worked) was channel 11 (wpix whos gear was on top of the empire state building IIRC)
and how can you edit a live feed on the run? someone would noticed
the best you could do is with the few seconds of dump but they probably canned that too as people were cursing up a storm on TV that day
unless of course youre implicating the thousands of employees that work for the about 50 or more news shows that cover Manhattan
No, I'm not implicating any individual at all, I'm suggesting rather that there was a mechanism available on the day of the event for some serious system control of the media by a remote hidden hand.
What was codered.d? Why the latest changes to its source allowing the back door exploit for remote control of systems employing IIS? Why the kill date? Why was no one ever found to be the party involved in writing or delivering its payload?
The question was for a piece of evidence...look at the code and what it did - examine the systems affected, determine what sort of adversary would employ such a strategy - it seems suggestive of a man-in-the-middle type exploit.
What was codered.d? Why the latest changes to its source allowing the back door exploit for remote control of systems employing IIS? Why the kill date? Why was no one ever found to be the party involved in writing or delivering its payload?
The question was for a piece of evidence...look at the code and what it did - examine the systems affected, determine what sort of adversary would employ such a strategy - it seems suggestive of a man-in-the-middle type exploit.
That's not evidence. That's like saying the existence of knife technology is evidence that I'm a murderer.
Just because a piece of code exists says absolutely nothing about how it could be used. Evidence, more specifically, is evidence that it was used in the fashion you describe. Of that, you have absolutely none.
I also gravely doubt you can even construct a speculative hypothesis around this technology that is even self-consistent, let alone supported by evidence.
Just because a piece of code exists says absolutely nothing about how it could be used. Evidence, more specifically, is evidence that it was used in the fashion you describe. Of that, you have absolutely none.
I also gravely doubt you can even construct a speculative hypothesis around this technology that is even self-consistent, let alone supported by evidence.
ElMondoHummus
0.25 short of being half-witted
Seconded. I can tell you from experience that the only excess CodeRed traffic we noticed (I work at a public midwest US university) was simply self-propogation traffic. Nowhere have I seen, read, or been told that any compromise by that infection was used to actually alter traffic.
Besides which, that's not something that's truly that easy to do without noticing. You can always preproduce traffic, compromise the traffic stream, and push out your own false message, but the problem lies in detection of such: For starters, any significant change to what news organizations wrote for their text pages would be quite obvious and apparent; changes to audio and video streams or recordings even more so. Two, the traffic required to compromise any organization's or ISP's core routing system to the degree Spinelli's talking about would be noticed very fast. Yes, even back in 2001. To significantly change the content of the message, you're doing more than just removing a comma or changing a word; you're fundamentally rewriting the content. And that's just for text; video you simply substitute wholesale. None of that is insignificant traffic-wise.
And remember, in order to guarantee that it's your message that's getting out, you have to conduct a denial of service attack on the source service itself. So you're not only having to set up a situation where you and you alone are getting the true, original, unmodified content in realtime so you can modify it, but you're also having to prevent that original, unmodified content from flowing to other clients. Even if this could be done, that amount of traffic would be hideously apparent to even a newbie networking jock.
I supposed you can argue that an answer for that would be to change the routing so that the original content only routes to you and a blackhole, but changing that would be so highly, painfully obvious that it would be ridiculous. This would have been completely, totally public, and no, there's no way the government could even think of suppressing this information.
I can go on, but the essence is this: Simply compromising core routing doesn't mean a thing in this scenario. You'd have to identify traffic - and not all traffic flowing out of a news organization is, in fact, news content - modify it, then reinject it in real time, and I simply see no real way of doing that, let alone doing it in a way that nobody's noticed in the intervening years. Router compromises can be used to mess with traffic flow quite easily, and only in a disruptive way. Proposing that traffic content can be messed with is, to be kind, stretching things.
Right, we are referring to a "partitioned internet space"(1) - or dark corners notions of the internet where border routers are intercepted and Man-in-the-Middle
becomes possible: When a party succeeds in interposing itself between two endpoints and is thereby able to intercept and possibly modify the communication without either party being aware, this is referred to as a "man-in-the-middle" (MiM) attack.
(2)
"Man in the middle attacks against cryptographic protocols or
application layer protocols allow an adversary to effectively proxy
communication between two parties allowing any data to either be read
or altered. Although not impossible to conduct after a session has
been established, the attack is easier done prior to session
initiation."(2a)
MiM is related to interception, but requires that the interception occurs as the result of the interposition of a listener rather than strictly passive eavesdropping.
Of interest:
Bob Gerber was the CIA fellow in charge of investigating Code Red in 2001 - he was hot on the heels of the leaves worm and had to switch out with his group to counteract the code red attack. While the creator of leaves creator was found, no perpetrator was ever established for the Code Red attack. Interestingly, the leaves creators identity has never been made public and Scotland Yard refused to divulge information of him or even prosecute.(3)
1.http://research.arbor.net/downloads/research38/dark_address_space.pdf
2.Schneier, B., "Attack Trees", December 1999.
2a. ibid.
3. http://www.govexec.com/dailyfed/0103/012903worm.htm (a hyped article but of interest)
I reference
A Snapshot of Global Internet Worm Activity
Dug Song, Arbor Networks
Rob Malan, Arbor Networks
Robert Stone, Arbor Networks
November 13, 2001,
Internet Routing Behaviour on 9/11
and in the following weeks
Andy Ogielski and Jim Cowie
Renesys Corporation
Shining Light on Dark Address Space1
Craig Labovitz, Arbor Networks, Merit Network, Inc.
Abha Ahuja, Arbor Networks, Merit Network, Inc.
Michael Bailey, Arbor Networks
November 13, 2001
becomes possible: When a party succeeds in interposing itself between two endpoints and is thereby able to intercept and possibly modify the communication without either party being aware, this is referred to as a "man-in-the-middle" (MiM) attack.
(2)
"Man in the middle attacks against cryptographic protocols or
application layer protocols allow an adversary to effectively proxy
communication between two parties allowing any data to either be read
or altered. Although not impossible to conduct after a session has
been established, the attack is easier done prior to session
initiation."(2a)
MiM is related to interception, but requires that the interception occurs as the result of the interposition of a listener rather than strictly passive eavesdropping.
Of interest:
Bob Gerber was the CIA fellow in charge of investigating Code Red in 2001 - he was hot on the heels of the leaves worm and had to switch out with his group to counteract the code red attack. While the creator of leaves creator was found, no perpetrator was ever established for the Code Red attack. Interestingly, the leaves creators identity has never been made public and Scotland Yard refused to divulge information of him or even prosecute.(3)
1.http://research.arbor.net/downloads/research38/dark_address_space.pdf
2.Schneier, B., "Attack Trees", December 1999.
2a. ibid.
3. http://www.govexec.com/dailyfed/0103/012903worm.htm (a hyped article but of interest)
I reference
A Snapshot of Global Internet Worm Activity
Dug Song, Arbor Networks
Rob Malan, Arbor Networks
Robert Stone, Arbor Networks
November 13, 2001,
Internet Routing Behaviour on 9/11
and in the following weeks
Andy Ogielski and Jim Cowie
Renesys Corporation
Shining Light on Dark Address Space1
Craig Labovitz, Arbor Networks, Merit Network, Inc.
Abha Ahuja, Arbor Networks, Merit Network, Inc.
Michael Bailey, Arbor Networks
November 13, 2001
ElMondoHummus
0.25 short of being half-witted
What?? Wait... all versions of CodeRed attacked IIS. This wasn't something new with the variant that went out in August 2001. And the modification to that worm - dubbed "Code Red II - was an IP address randomizer that allowed it to more easily jump subnets. There wasn't anything about that August version of the worm that was specific to "remote control of systems employing IIS". All varients of that worm, plus damn near every IIS exploit that came before and existed since was aimed at remote control of systems employing IIS. That's not something unique to CodeRed.
Many infections had kill dates embedded. Sobig and Mydoom-B were two specific examples. Why do coders write them in? I don't know for certain, but based on what I've learned, I would guess that it's nothing more than an attempt to keep an infection from identifying to other competing exploit coders as well as ISP's which computers out there are vulnerable. Remember: Most ISPs dealt with infected computers by simply cutting them off the network; a worm writer would end up denying himself the botnet he's usually after by letting his infection run rampant and knock all the systems he wants to own off the 'net.
Two reasons:
- Botnets are always used to disguise points of injection. Take a look at your own computer's Event Viewer (if you're running Windows) or syslogs (if you're running some Unix variant; I'm not sure how non-BSD Macs (i.e. Macs prior to OS X) logged things). Tell me if your computer is set up to log connection attempts from the outside. From the point of view of backtracking the point of origin of an infection, the most you can do is track it back to whatever zombied computer served as the original injection point to the internet. And that's been the case for damn near every infection that's ever been written; I can only think of one, single exception (the author of the Melissa worm). The ISP's not going to log traffic for you, and even if you were unusual and logged such connections, that computer is compromised. There's nothing preventing a malicious exploiter to modify or outright erase logs pertaining to his connection. And yes, that does indeed happen; that's why mission critical systems can be configured to use external log hosts.
- The original writer was determined somehow to be in the Philippines. I'm not sure how that was determined, but if it's true, I can tell you from familial experience that getting the local police to deal with electronic crime is as futile as teaching a pig to sing.
No. What it was was a classic for a botnet propogation vector. Sure, it could be used in that manner - any compromise can be - but it's too big a leap to judge it as a MITM exploit simply because it compromised routers. Router compromises tend to be used to mess with traffic and little more.
BigAl
Philosopher
- Joined
- Jun 9, 2007
- Messages
- 5,397
I've just put Spinelli on ignore.
FWIW, what he rambles on about is something I've done for a living.
ElMondoHummus
0.25 short of being half-witted
(*Facepalm*)
Good Lord, now you're just tossing together word salad. First of all, you provided a dead link. The Arbor Networks document link you're referring to is:
http://www.arbornetworks.com/index.php?option=com_docman&task=doc_download&gid=98
Secondly, you're mischaracterizing it.
Wrong, wrong, wrong, wrong, wrong! The "dark address space" referred to with your Arbor Networks links is NOT some hinterland far from internet civilization where the WWW equivalent of the Wild Wild West sans Sherrifs and Marshalls occur. The "Dark addresses" are nothing more than addresses that because of a variety of causes (routing or misrouting, internal reservation, etc.) are not accessible from any and every point on the internet. That is not an address space where routers are uniquely vulnerable because they're in "dark corners.. of the internet"!
Furthermore, border routers are not ones on the edges of network civilization. Border routers are devices that define the logical boundary of a network. Everything on one side of a border is the "outside world", everything on the other is your organization. Because of their importance in talking to the rest of the world, a border router is NOT unmonitored. The exact opposite is true; those are among the most monitored points on an entire network. Your first tier of firewalling will face the border; so will your intrusion detection monitors. Compromises to border routers become immediately obvious.
Furthermore: How in the hell do you"intercept" a border router? You have to mean intercept the traffic, and all the points I mentioned in prior posts still apply.
This is nothing more than a statement of the obvious. It's a classic definition reaching all the way back to the original Mitnick attack in the mid 90's. This doesn't do anything to answer the issues I raised above, let alone all the other problems with conducting a successful MITM attack.
Why are you even referencing either of these articles? The first paper is self explanitory, and has zero relevance on your thesis about man-in-the-middle attacks. Unless you reference pg. 3, note the prevalence of Code Red.d infections in Korea, and hypothesize that the Koreans had something to do with 9/11.
The second is nothing more than a study on how routing was affected by the outages that occurred on 9/11. It specifically tracked blackouts that occurred either due to the towers collapse itself (the South Tower collapse killed some fiber connecting a major datacenter with one of the trans-Atlantic cables) or power problems that occurred in the days after the collapse. This paper, too, establishes nothing about router compromises induced by Code Red, let alone any modification of traffic due to such compromises.
Spinelli, I seriously think you don't understand whatever main source you're getting this idea from and are therefore giving too much credence to flawed information. You really, really need to realize that you're not putting together a coherent argument. Nothing you've said establishes your point, and simply retailing terms and providing links to sources that contribute zero support to your proposal accomplishes zilch.
Good Lord, now you're just tossing together word salad. First of all, you provided a dead link. The Arbor Networks document link you're referring to is:
http://www.arbornetworks.com/index.php?option=com_docman&task=doc_download&gid=98
Secondly, you're mischaracterizing it.
Wrong, wrong, wrong, wrong, wrong! The "dark address space" referred to with your Arbor Networks links is NOT some hinterland far from internet civilization where the WWW equivalent of the Wild Wild West sans Sherrifs and Marshalls occur. The "Dark addresses" are nothing more than addresses that because of a variety of causes (routing or misrouting, internal reservation, etc.) are not accessible from any and every point on the internet. That is not an address space where routers are uniquely vulnerable because they're in "dark corners.. of the internet"!
Furthermore, border routers are not ones on the edges of network civilization. Border routers are devices that define the logical boundary of a network. Everything on one side of a border is the "outside world", everything on the other is your organization. Because of their importance in talking to the rest of the world, a border router is NOT unmonitored. The exact opposite is true; those are among the most monitored points on an entire network. Your first tier of firewalling will face the border; so will your intrusion detection monitors. Compromises to border routers become immediately obvious.
Furthermore: How in the hell do you"intercept" a border router? You have to mean intercept the traffic, and all the points I mentioned in prior posts still apply.
This is nothing more than a statement of the obvious. It's a classic definition reaching all the way back to the original Mitnick attack in the mid 90's. This doesn't do anything to answer the issues I raised above, let alone all the other problems with conducting a successful MITM attack.
So? The problem lays in the difficulties involved with the interception, as well with what one does with what they've intercepted, as well as what timeframe they have in which to modify the traffic they've intercepted. This doesn't address the inherent problems either.
Again, so what? Unless you're inferring that the coder behind Leaves is or has something to say about the creator of Code Red, this means zero. Leaves is irrelevant to Code Red.
Why are you even referencing either of these articles? The first paper is self explanitory, and has zero relevance on your thesis about man-in-the-middle attacks. Unless you reference pg. 3, note the prevalence of Code Red.d infections in Korea, and hypothesize that the Koreans had something to do with 9/11.
The second is nothing more than a study on how routing was affected by the outages that occurred on 9/11. It specifically tracked blackouts that occurred either due to the towers collapse itself (the South Tower collapse killed some fiber connecting a major datacenter with one of the trans-Atlantic cables) or power problems that occurred in the days after the collapse. This paper, too, establishes nothing about router compromises induced by Code Red, let alone any modification of traffic due to such compromises.
Spinelli, I seriously think you don't understand whatever main source you're getting this idea from and are therefore giving too much credence to flawed information. You really, really need to realize that you're not putting together a coherent argument. Nothing you've said establishes your point, and simply retailing terms and providing links to sources that contribute zero support to your proposal accomplishes zilch.
Last edited:
ElMondoHummus
0.25 short of being half-witted
I'm not even in networking or IT Security, yet even I see just how garbled and nonsensical his stuff is. It's bad.
Justin39640
Illuminator
- Joined
- May 22, 2009
- Messages
- 4,202
i live on LI almost all the data and voice traffic went through those hubs
for a while you could only access certain parts of the internet
phone calls out of local were tough to make
my bank's (the Bank of New York now Chase) main ATM database was destroyed and their ATMs didnt work for months
they reimbursed you every time you paid another ATMs fee
my mom called crying at 430 cause she knew i worked in the city a lot
she said the phone lines were jammed all day to NY
this is a setup for a "no-planer" obviously
the media altering virus argument is pretty silly seeing the result would be so blatantly obvious
Dave Rogers
Bandaged ice that stampedes inexpensively through
Given the intense scrutiny to which any 9/11 content has been subjected over the past eight years, it would seem impossible that no changes to content would have been noticed by the originators of that content. In particular, for example, video footage of flight 175 striking WTC2 might be noticed as anomalous by those who filmed it.
Any approach to investigation that focuses purely on technological capability - in fact, on hypothetical technological capability - and completely excludes (a) a plausible scenario for its use and (b) any consideration of the possibility of detection of its use, is no more than research for a possible spy novel.
Dave
ElMondoHummus
"all versions of CodeRed attacked IIS" - true
"There wasn't anything about that August version of the worm that was specific to "remote control of systems employing IIS"." - demonstrably false
ISA Server can be used to prevent the spread of the Code Red worm and its current (as of August 24, 2001) variants (such as Code Red and Code Red II). This has not been tested against the new Code Red.d variant. Microsoft website late August, 2001
"Just tried it in the lab to make sure, and upon popping the box with
Code Red, no logs were created- no event logs, no IIS logs August 18th, 2001 "
- Steve Friedl's Unixwiz.net Tech Tips Analysis of the new "Code Red II" Variant
"The government seems to have done a good job of getting the word out and getting the patch in place,” he said.
The new worm, called variously Code Red II, CodeRed.C and Version 3, is not merely a new version of the worm.
It creates a Trojan copy of explorer.exe. When this is executed by Windows it brings up the real Explorer but disables file protection and opens a back door for the intruder.
Although it is simple to prevent the new worm from infecting a server, once it is infected the Trojan code is more difficult to get rid of than Code Red. The only effective way to disinfect a machine is to reformat the hard drive and reinstall a patched version of the operating system, Hale said. "
Son of Code Red is wilier
By William Jackson, GCN Staff
August 13, 2001
Possible Kill Date Scenario:
"But this worm is a truly autonomous replicator
without ANY MEANS for external control. I believe, therefore, that
it is going to be with us for a LONG time. And, so long as SOME
(even one) IIS server has an incorrect date, the worm will be "kept
alive" through this overlapping of replication efforts. I don't know
how we're ever going to get rid of it entirely.... a fully autonomous and ram resident worm like Code Red ...DOES have access to *ALL* of the native Application-level API in the machine."
Bruce Gibson
http://www.grc.com/codered/codered.htm
I still think there was MUCH more to the last version of codered.d than we are prepared to address in this forum.
There was no one in the Philippines who was charged with this event.
To my knowledge, it and Nimda are the only worm written where the author has not been determined. (although the current round of Conficker is under investigation without any knowledge of its author...yet). Sasser, MyDoom,BlasterB,Melissa,Kournikova,Panda the list of successful prosecutions appears at least on a cursory look - to be all but complete.
I also find it curious that Scotland Yard was unwilling to prosecute the Leaves author or divulge their identity.
As to what or whom or how?? I really have no thought. We are so far past the point at which forensics could be conducted. This is all conjecture. That the last incarnation or variant seemed to be a logless invisible entity; that Nimda appeared one week later and wrecked havoc through those machines infected with CodeRed - leaving any traces of purpose of proof lost forever.
My point in suggesting this as a possible article of evidence was that it has the hallmarks of a true maleficent exploit. It seemed like the first versions were a public feint for the real mischief. Perhaps as the kind author above suggests, this is all and good for a spy novel.
"all versions of CodeRed attacked IIS" - true
"There wasn't anything about that August version of the worm that was specific to "remote control of systems employing IIS"." - demonstrably false
ISA Server can be used to prevent the spread of the Code Red worm and its current (as of August 24, 2001) variants (such as Code Red and Code Red II). This has not been tested against the new Code Red.d variant. Microsoft website late August, 2001
"Just tried it in the lab to make sure, and upon popping the box with
Code Red, no logs were created- no event logs, no IIS logs August 18th, 2001 "
- Steve Friedl's Unixwiz.net Tech Tips Analysis of the new "Code Red II" Variant
"The government seems to have done a good job of getting the word out and getting the patch in place,” he said.
The new worm, called variously Code Red II, CodeRed.C and Version 3, is not merely a new version of the worm.
It creates a Trojan copy of explorer.exe. When this is executed by Windows it brings up the real Explorer but disables file protection and opens a back door for the intruder.
Although it is simple to prevent the new worm from infecting a server, once it is infected the Trojan code is more difficult to get rid of than Code Red. The only effective way to disinfect a machine is to reformat the hard drive and reinstall a patched version of the operating system, Hale said. "
Son of Code Red is wilier
By William Jackson, GCN Staff
August 13, 2001
Possible Kill Date Scenario:
"But this worm is a truly autonomous replicator
without ANY MEANS for external control. I believe, therefore, that
it is going to be with us for a LONG time. And, so long as SOME
(even one) IIS server has an incorrect date, the worm will be "kept
alive" through this overlapping of replication efforts. I don't know
how we're ever going to get rid of it entirely.... a fully autonomous and ram resident worm like Code Red ...DOES have access to *ALL* of the native Application-level API in the machine."
Bruce Gibson
http://www.grc.com/codered/codered.htm
I still think there was MUCH more to the last version of codered.d than we are prepared to address in this forum.
There was no one in the Philippines who was charged with this event.
To my knowledge, it and Nimda are the only worm written where the author has not been determined. (although the current round of Conficker is under investigation without any knowledge of its author...yet). Sasser, MyDoom,BlasterB,Melissa,Kournikova,Panda the list of successful prosecutions appears at least on a cursory look - to be all but complete.
I also find it curious that Scotland Yard was unwilling to prosecute the Leaves author or divulge their identity.
As to what or whom or how?? I really have no thought. We are so far past the point at which forensics could be conducted. This is all conjecture. That the last incarnation or variant seemed to be a logless invisible entity; that Nimda appeared one week later and wrecked havoc through those machines infected with CodeRed - leaving any traces of purpose of proof lost forever.
My point in suggesting this as a possible article of evidence was that it has the hallmarks of a true maleficent exploit. It seemed like the first versions were a public feint for the real mischief. Perhaps as the kind author above suggests, this is all and good for a spy novel.
Last edited:
ktesibios
Worthless Aging Hippie
- Joined
- Feb 23, 2002
- Messages
- 1,493
Your hypothesis seems to be completely dependent on the assumption that the pathway for all the news of the day from the point at which it was filmed or recorded all the way to the broadcast viewer or listener ran through the public Internet, so that your hypothetical virus could intercept and alter it.
Okay, the belief that everything on Earth can be taken over and controlled by a "hacker" tippy-tapping away at a keyboard holds true in the movies, but I question the validity of this assumption IRL.
I'm an audio geek and my experience in engineering concerts which were broadcast live on the radio and transmitted across the country via satellite would not be a representative sample of how the electronic media transmit information from the point of acquisition to the studio. However, I know that there are people hanging out on this forum who work in TV and have direct experience in ENG.
Perhaps some of those people could chime in about how ENG is actually done and the role of the 'net in doing it.
Okay, the belief that everything on Earth can be taken over and controlled by a "hacker" tippy-tapping away at a keyboard holds true in the movies, but I question the validity of this assumption IRL.
I'm an audio geek and my experience in engineering concerts which were broadcast live on the radio and transmitted across the country via satellite would not be a representative sample of how the electronic media transmit information from the point of acquisition to the studio. However, I know that there are people hanging out on this forum who work in TV and have direct experience in ENG.
Perhaps some of those people could chime in about how ENG is actually done and the role of the 'net in doing it.
No, my assumption lies in the notion that a remote controller could have real time access to those very production machines in studio - or conversely have access to say Verizon's voice communications - my thesis is not asserting that any object was necessarily altered - but rather that the listener(s) with capability to alter content or filter and or block reports was possible.
Contingent to this thesis was that wonderful rub of a story about Nabil Khan Kani - the Ismamic Steganography jingle. The story attributed here to Debka (yikes!), but also in the Washinton Post and on the AP wire, and referenced in a series of Ari Fleischer replies went something like this: that a certain Nabil Khan Kani, a Syrian cryptography specialist who it is claimed, was employed by Usama and that it was the direct work of this cryptographer that had led to assertions in the media directly after 911 that the computer security at the highest levels on 911 had been breeched. They backed away from this little nugget almost immediately. It raised too many questions. The initial spin gave the Admin a reason to suggest why Bush had been kept out of Washington that day. By the end of September, Whitehouse Spokesman Ari Fleischer denied the source of the threat, and failed to acknowledge that the degree with which the protective cordon around the US government had been thwarted by whatever conspirators had actually been in on the 911 electronic warfare aspect. To maintain the lie would show that pants were down, and Usama was massively capable. A world power capable of infiltrating the electronics of the SS, The Air Force, FAA, NSA. Except all of these systems are 'air gripped' and inaccessible unless you had a mole.
Whoever was the bad guy on 911, they didn't do it over the internet. The entire "Angel is next" subplot that the government threw at the media. Suddenly not only was 911 achieved by men in caves, but men in caves with the passwords to isolated computer systems within government.
"Finally, there is this postscript to the puzzle of how someone presumed to be a terrorist was able to call in a threat against Air Force One using a secret code name for the president's plane. Well, as it turns out, that simply never happened. Sources say White House staffers apparently misunderstood comments made by their security detail."
-- CBS News reporter Jim Stewart on the Sept. 25 CBS Evening News.
Vice President Cheney : "The president was on Air Force One. We received a threat to Air Force One -- came through the Secret Service ..."
Tim Russert : "A credible threat to Air Force One. You're convinced of that."
Vice President Cheney : "I'm convinced of that. Now, you know, it may have been phoned in by a crank, but in the midst of what was going on, there was no way to know that. I think it was a credible threat, enough for the Secret Service to bring it to me."
-- NBC's Meet the Press, Sept. 16.
"Q : "[It was] yesterday reported that some of the people in the Pentagon were a little bit skeptical about your comments yesterday that the White House and Air Force One were attacked -- were targets of attack, given that the plane had come from the south. What do you --"
Fleischer : "Who are these people ?"
Q : "Well, I don't know. They weren't my sources, so -- "(Cross talk.)
Fleischer : "No. There's -- I wouldn't have said it if it wasn't true."
Q : "Can you confirm the substance of that threat that was telephoned in ... that Air Force One is next and using code words?"
Fleischer : "Yes, I can. That's correct."
-- White House "press gaggle" with Ari Fleischer, Sept.13.
"We have specific and credible information that the White House and Air Force One were also intended targets of these attacks."
-- White House spokesman Ari Fleischer, Sept. 12 briefing.
"They also made it clear they wanted to get us up quickly, and they wanted to get us to a high altitude, because there had been a specific threat made to Air Force One. ... A declaration that Air Force One was a target, and said in a way that they called it credible. ... So they wanted to get us up quickly. They also wanted to get us up with fighter air cover."
-- White House senior counselor Karl Rove, quoted by Nicholas Lemann in the Sept. 28 New Yorker.
The above series of news articles about Air Force One determined for me forever that the truth of 911 was never going to be a clear run. Trying to find something to prove such doubts seems ridiculous, given the complexity. However, I believe that if one could find the author of code red.d, one would be a step closer to uncovering what actually happened that day and why, before the blood was even dry, the government was lying about events that took place.
Contingent to this thesis was that wonderful rub of a story about Nabil Khan Kani - the Ismamic Steganography jingle. The story attributed here to Debka (yikes!), but also in the Washinton Post and on the AP wire, and referenced in a series of Ari Fleischer replies went something like this: that a certain Nabil Khan Kani, a Syrian cryptography specialist who it is claimed, was employed by Usama and that it was the direct work of this cryptographer that had led to assertions in the media directly after 911 that the computer security at the highest levels on 911 had been breeched. They backed away from this little nugget almost immediately. It raised too many questions. The initial spin gave the Admin a reason to suggest why Bush had been kept out of Washington that day. By the end of September, Whitehouse Spokesman Ari Fleischer denied the source of the threat, and failed to acknowledge that the degree with which the protective cordon around the US government had been thwarted by whatever conspirators had actually been in on the 911 electronic warfare aspect. To maintain the lie would show that pants were down, and Usama was massively capable. A world power capable of infiltrating the electronics of the SS, The Air Force, FAA, NSA. Except all of these systems are 'air gripped' and inaccessible unless you had a mole.
Whoever was the bad guy on 911, they didn't do it over the internet. The entire "Angel is next" subplot that the government threw at the media. Suddenly not only was 911 achieved by men in caves, but men in caves with the passwords to isolated computer systems within government.
"Finally, there is this postscript to the puzzle of how someone presumed to be a terrorist was able to call in a threat against Air Force One using a secret code name for the president's plane. Well, as it turns out, that simply never happened. Sources say White House staffers apparently misunderstood comments made by their security detail."
-- CBS News reporter Jim Stewart on the Sept. 25 CBS Evening News.
Vice President Cheney : "The president was on Air Force One. We received a threat to Air Force One -- came through the Secret Service ..."
Tim Russert : "A credible threat to Air Force One. You're convinced of that."
Vice President Cheney : "I'm convinced of that. Now, you know, it may have been phoned in by a crank, but in the midst of what was going on, there was no way to know that. I think it was a credible threat, enough for the Secret Service to bring it to me."
-- NBC's Meet the Press, Sept. 16.
"Q : "[It was] yesterday reported that some of the people in the Pentagon were a little bit skeptical about your comments yesterday that the White House and Air Force One were attacked -- were targets of attack, given that the plane had come from the south. What do you --"
Fleischer : "Who are these people ?"
Q : "Well, I don't know. They weren't my sources, so -- "(Cross talk.)
Fleischer : "No. There's -- I wouldn't have said it if it wasn't true."
Q : "Can you confirm the substance of that threat that was telephoned in ... that Air Force One is next and using code words?"
Fleischer : "Yes, I can. That's correct."
-- White House "press gaggle" with Ari Fleischer, Sept.13.
"We have specific and credible information that the White House and Air Force One were also intended targets of these attacks."
-- White House spokesman Ari Fleischer, Sept. 12 briefing.
"They also made it clear they wanted to get us up quickly, and they wanted to get us to a high altitude, because there had been a specific threat made to Air Force One. ... A declaration that Air Force One was a target, and said in a way that they called it credible. ... So they wanted to get us up quickly. They also wanted to get us up with fighter air cover."
-- White House senior counselor Karl Rove, quoted by Nicholas Lemann in the Sept. 28 New Yorker.
The above series of news articles about Air Force One determined for me forever that the truth of 911 was never going to be a clear run. Trying to find something to prove such doubts seems ridiculous, given the complexity. However, I believe that if one could find the author of code red.d, one would be a step closer to uncovering what actually happened that day and why, before the blood was even dry, the government was lying about events that took place.
Last edited: