[UFO Chicago] [greg@kroah.com: [CrackMonkey] [dave@farber.net : IP: U.S. DoD [seems to be djf] looking for pro-Sklyarov pages?]]

Mills Reece-RMILLS1 reecemills@motorola.com
Wed, 29 Aug 2001 07:53:24 -0500 

WHOA! That's creepy dude.  I hate to see this kind of stuff from our
government.  Where will it end?  So Much Injustice comes from our
politicians and GA's.  It is down right scarry.  Remember Phiber Optik back
in the 80's and the "Sensitive AT&T E911 document?  And the kid that ran a
BBS Magazine *Phrack* (I think?) getting railroaded?  Did you post this to
LUNI yet?  If it were me I believe that I would disseminate this info as
widely as possible (but I'm not the smartest guy in the room, unless...)
After 10 years in the Navy, then getting out to the 'real' world, WOW... I
am very disappointed with so much of the stuff that our government does (to
protect us, no doubt!).

What would they do to one of us if we scoured their systems for information?
I guess this scanning is better than getting your hardware confiscated.
Still I would contact the EFF and be sure that the are aware of this
activity.

FWIW,
Raymond Reece Mills

Vice President of Outside Sales and Marketing

UFO Chicago



> -----Original Message-----
> From: Peter A. Peterson II [mailto:pedro@tastytronic.net]
> Sent: Wednesday, August 29, 2001 12:01 AM
> To: ufo@tastytronic.net
> Subject: [UFO Chicago] [greg@kroah.com: [CrackMonkey] 
> [dave@farber.net:
> IP: U.S. DoD [seems to be djf] looking for pro-Sklyarov pages?]]
> 
> 
> Get this.
> 
> Chicago is no exception to this trend. My machines have been spidered
> too. And they weren't interested in just Dmitry, either...
> 
> wcs3-cbus.nipr.mil - - [28/Aug/2001:14:01:03 -0500] "GET 
> /ufo.html HTTP/1.0" 200 3767
> wcs3-cbus.nipr.mil - - [28/Aug/2001:14:01:10 -0500] "GET 
> /directions.html HTTP/1.0" 200 8248
> wcs3-cbus.nipr.mil - - [28/Aug/2001:14:02:13 -0500] "GET 
> /history.html HTTP/1.0" 200 6869
> bu-wcs3-kelly.nipr.mil - - [28/Aug/2001:15:37:04 -0500] "GET 
> /robots.txt HTTP/1.0" 404 -
> bu-wcs3-kelly.nipr.mil - - [28/Aug/2001:15:37:06 -0500] "GET 
> /free-sklyarov/chicago-protest-information.txt HTTP/1.0" 200 8830
> 
> Notice those top three entries. They have also perused the pictures on
> two-bit. I just hope they pick nice looking ones for my file.
> 
> Peter
> 
> ----- Forwarded message from Greg KH <greg@kroah.com> -----
> 
> From: Greg KH <greg@kroah.com>
> To: crackmonkey@crackmonkey.org
> Date: Tue, 28 Aug 2001 14:47:13 -0700
> 
> The wonders of grep...
> 
> 
> ----- Forwarded message from David Farber <dave@farber.net> -----
> 
> Date: Wed, 29 Aug 2001 07:38:38 +1000
> From: David Farber <dave@farber.net>
> To: ip-sub-1@majordomo.pobox.com
> Subject: IP: U.S. DoD [seems to be djf] looking for 
> pro-Sklyarov pages? 
> 
> 
> >From: "mobythor" <mobythor@fuckmicrosoft.com>
> >To: <farber@eff.org>
> >
> >
> >U.S. DoD looking for pro-Sklyarov pages? 
> >(english)
> >by Mark Bialkowski
> >4:26pm Mon Aug 27 '01
> ><mailto:mbialkowski@home.com>mbialkowski@home.com
> >For some reason, U.S. Department of Defense machines are 
> searching the web 
> >for pages related to Dmitry Sklyarov, the latest victim of the 
> >DMCA.  Webmasters: check your logs.
> >Early Sunday morning, long before dawn, I glanced through 
> the results 
> >Webalizer pumped out for my Code Red-tainted web access logs. In the 
> >section on hits by region, there was a tiny chunk of hits 
> from US military 
> >(.mil) hosts.  Intrigued, I located the specific hostnames. 
> Only two hosts 
> >accounted for the 47 recorded hits existing in my logs:
> >
> >
> >198.26.123.36 - BU-WCS1-KELLY.NIPR.MIL
> >
> >198.26.123.37 - BU-WCS2-KELLY.NIPR.MIL
> >The best surprises were yet to come.  Searching through my 
> logs using the 
> >wonderful Unix tool grep for the aforementioned IPs produced 
> the following 
> >results:
> >
> >198.26.123.37 - - [02/Aug/2001:13:55:35 -0400] "GET 
> /robots.txt HTTP/1.0" 
> >404 337 "-" "Inktomi Search"
> >198.26.123.37 - - [02/Aug/2001:13:55:35 -0400] "GET 
> /adobe.html HTTP/1.0" 
> >200 2121 "-" "Inktomi Search"
> >198.26.123.37 - - [02/Aug/2001:13:55:39 -0400] "GET 
> /data/files/defcon.ppt 
> >HTTP/1.0" 200 139776 "-" "Inktomi Search"
> >198.26.123.37 - - [05/Aug/2001:14:27:19 -0400] "GET 
> /robots.txt HTTP/1.0" 
> >404 337 "-" "Inktomi Search"
> >198.26.123.37 - - [05/Aug/2001:14:27:19 -0400] "GET 
> /adobe.html HTTP/1.0" 
> >200 2121 "-" "Inktomi Search"
> >198.26.123.37 - - [05/Aug/2001:14:47:36 -0400] "GET 
> /robots.txt HTTP/1.0" 
> >404 337 "-" "Inktomi Search"
> >198.26.123.37 - - [05/Aug/2001:14:47:39 -0400] "GET 
> /data/files/defcon.ppt 
> >HTTP/1.0" 200 139776 "-" "Inktomi Search"
> >198.26.123.37 - - [07/Aug/2001:15:25:47 -0400] "GET 
> /robots.txt HTTP/1.0" 
> >404 337 "-" "Inktomi Search"
> >198.26.123.37 - - [07/Aug/2001:15:25:49 -0400] "GET 
> /adobe.html HTTP/1.0" 
> >200 2121 "-" "Inktomi Search"
> >198.26.123.37 - - [07/Aug/2001:16:16:32 -0400] "GET 
> /robots.txt HTTP/1.0" 
> >404 337 "-" "Inktomi Search"
> >198.26.123.37 - - [07/Aug/2001:16:16:40 -0400] "GET 
> /data/files/defcon.ppt 
> >HTTP/1.0" 200 139776 "-" "Inktomi Search"
> >198.26.123.37 - - [08/Aug/2001:15:57:56 -0400] "GET 
> /robots.txt HTTP/1.0" 
> >404 337 "-" "Inktomi Search"
> >198.26.123.37 - - [08/Aug/2001:15:57:57 -0400] "GET 
> /adobe.html HTTP/1.0" 
> >200 2121 "-" "Inktomi Search"
> >198.26.123.36 - - [09/Aug/2001:16:33:12 -0400] "GET 
> /robots.txt HTTP/1.0" 
> >404 337 "-" "Inktomi Search"
> >198.26.123.37 - - [09/Aug/2001:16:33:30 -0400] "GET 
> /data/files/defcon.ppt 
> >HTTP/1.0" 200 139776 "-" "Inktomi Search"
> >198.26.123.36 - - [09/Aug/2001:16:33:51 -0400] "GET 
> /adobe.html HTTP/1.0" 
> >200 2121 "-" "Inktomi Search"
> >198.26.123.37 - - [11/Aug/2001:20:34:28 -0400] "GET 
> /robots.txt HTTP/1.0" 
> >404 337 "-" "Inktomi Search"
> >198.26.123.37 - - [11/Aug/2001:20:34:48 -0400] "GET 
> /data/files/defcon.ppt 
> >HTTP/1.0" 200 139776 "-" "Inktomi Search"
> >198.26.123.37 - - [11/Aug/2001:20:35:11 -0400] "GET 
> /adobe.html HTTP/1.0" 
> >200 2121 "-" "Inktomi Search"
> >198.26.123.36 - - [11/Aug/2001:20:35:42 -0400] "GET 
> /adobe.html HTTP/1.0" 
> >200 2121 "-" "Inktomi Search"
> >198.26.123.37 - - [12/Aug/2001:20:55:59 -0400] "GET 
> /robots.txt HTTP/1.0" 
> >404 337 "-" "Inktomi Search"
> >198.26.123.37 - - [12/Aug/2001:20:55:59 -0400] "GET 
> /adobe.html HTTP/1.0" 
> >200 2121 "-" "Inktomi Search"
> >198.26.123.37 - - [13/Aug/2001:20:35:36 -0400] "GET 
> /robots.txt HTTP/1.0" 
> >404 337 "-" "Inktomi Search"
> >198.26.123.37 - - [13/Aug/2001:20:35:39 -0400] "GET 
> /data/files/defcon.ppt 
> >HTTP/1.0" 200 139776 "-" "Inktomi Search"
> >198.26.123.37 - - [15/Aug/2001:23:11:59 -0400] "GET 
> /robots.txt HTTP/1.0" 
> >404 337 "-" "Inktomi Search"
> >198.26.123.37 - - [15/Aug/2001:23:11:59 -0400] "GET 
> /adobe.html HTTP/1.0" 
> >200 2121 "-" "Inktomi Search"
> >198.26.123.37 - - [15/Aug/2001:23:12:04 -0400] "GET 
> /data/files/defcon.ppt 
> >HTTP/1.0" 200 139776 "-" "Inktomi Search"
> >198.26.123.37 - - [15/Aug/2001:23:12:34 -0400] "GET 
> /data/files/defcon.ppt 
> >HTTP/1.0" 200 139776 "-" "Inktomi Search"
> >198.26.123.37 - - [16/Aug/2001:23:27:13 -0400] "GET 
> /robots.txt HTTP/1.0" 
> >404 337 "-" "Inktomi Search"
> >198.26.123.37 - - [16/Aug/2001:23:27:16 -0400] "GET 
> /data/files/defcon.ppt 
> >HTTP/1.0" 200 139776 "-" "Inktomi Search"
> >198.26.123.37 - - [17/Aug/2001:23:41:10 -0400] "GET 
> /robots.txt HTTP/1.0" 
> >404 337 "-" "Inktomi Search"
> >198.26.123.37 - - [17/Aug/2001:23:41:11 -0400] "GET 
> /adobe.html HTTP/1.0" 
> >200 2121 "-" "Inktomi Search"
> >198.26.123.37 - - [18/Aug/2001:23:47:39 -0400] "GET 
> /robots.txt HTTP/1.0" 
> >404 337 "-" "Inktomi Search"
> >198.26.123.37 - - [18/Aug/2001:23:47:39 -0400] "GET 
> /adobe.html HTTP/1.0" 
> >200 2121 "-" "Inktomi Search"
> >198.26.123.37 - - [18/Aug/2001:23:47:42 -0400] "GET 
> /data/files/defcon.ppt 
> >HTTP/1.0" 200 139776 "-" "Inktomi Search"
> >198.26.123.37 - - [18/Aug/2001:23:48:14 -0400] "GET 
> /data/files/defcon.ppt 
> >HTTP/1.0" 200 139776 "-" "Inktomi Search"
> >198.26.123.37 - - [20/Aug/2001:00:03:21 -0400] "GET 
> /robots.txt HTTP/1.0" 
> >404 337 "-" "Inktomi Search"
> >198.26.123.37 - - [20/Aug/2001:00:03:24 -0400] "GET 
> /data/files/defcon.ppt 
> >HTTP/1.0" 200 139776 "-" "Inktomi Search"
> >198.26.123.37 - - [20/Aug/2001:23:56:37 -0400] "GET 
> /robots.txt HTTP/1.0" 
> >404 337 "-" "Inktomi Search"
> >198.26.123.37 - - [20/Aug/2001:23:56:38 -0400] "GET 
> /adobe.html HTTP/1.0" 
> >200 2121 "-" "Inktomi Search"
> >198.26.123.37 - - [22/Aug/2001:00:11:04 -0400] "GET 
> /robots.txt HTTP/1.0" 
> >404 337 "-" "Inktomi Search"
> >198.26.123.37 - - [22/Aug/2001:00:11:05 -0400] "GET 
> /adobe.html HTTP/1.0" 
> >200 2121 "-" "Inktomi Search"
> >198.26.123.37 - - [22/Aug/2001:00:11:10 -0400] "GET 
> /data/files/defcon.ppt 
> >HTTP/1.0" 200 139776 "-" "Inktomi Search"
> >198.26.123.37 - - [24/Aug/2001:00:17:32 -0400] "GET 
> /robots.txt HTTP/1.0" 
> >404 337 "-" "Inktomi Search"
> >198.26.123.37 - - [24/Aug/2001:00:17:33 -0400] "GET 
> /adobe.html HTTP/1.0" 
> >200 2128 "-" "Inktomi Search"
> >198.26.123.37 - - [24/Aug/2001:00:17:36 -0400] "GET 
> /data/files/defcon.ppt 
> >HTTP/1.0" 200 139776 "-" "Inktomi Search"
> >198.26.123.37 - - [26/Aug/2001:00:19:19 -0400] "GET 
> /robots.txt HTTP/1.0" 
> >404 337 "-" "Inktomi Search"
> >
> >For the confused, each line above can be read as:
> >IP.address - - [Day/Month/Year:hour:minute:second -time zone] "File 
> >accessed" "-" "User agent"
> >NIPR.mil hosts weren't just spidering my site, they were 
> specifically 
> >looking for three files:
> >
> >robots.txt, a file that, if it exists, tells web spiders 
> what to avoid.
> >
> >adobe.html, my small page on the Dmitry Sklyarov arrest.
> >
> >defcon.ppt, my copy of Sklyarov's presentation on Adobe 
> eBook "security"
> >The spiders completely ignored my copy of Adobe PDF 
> Processor.  I don't 
> >know why.
> >
> >
> >For more info on Dmitry Sklyarov, see freesklyarov.org, and 
> keep in mind 
> >the known players in that case; Adobe and the Department of Justice.
> >
> >
> >Further research through my four weeks of back logs showed those two 
> >machines to be the only ones with "Inktomi Search" user 
> agents. Inktomi 
> >"develops and markets network infrastructure software 
> essential for global 
> >enterprises and service providers." [1]  Government organizations 
> >currently using Inktomi's products include "Argonne National 
> Laboratory, 
> >Federal Communications Commission (FCC), Library of 
> Congress, National 
> >Oceanic and Atmospheric Administration (NOAA), a division of 
> the U.S. 
> >Department of Commerce, the U.S. Department of Energy, U.S. 
> Department of 
> >Veterans Affairs, and the U.S Department of Agriculture [...] U.S. 
> >Department of State, U.S. Department of the Interior, U.S. 
> Department of 
> >Commerce, U.S. Department of Transportation, U.S. Department 
> of Education, 
> >U.S. Department of the Navy and the Executive Office of the 
> President." [2]
> >
> >
> >NIPR belongs to none of the above groups.  NIPR.mil is the Network 
> >Operations Center for the U.S. Department of Defense, a 
> division of the 
> >Defense Information Systems Agency. [3]  The particular 
> machines that my 
> >spider hits came from are housed at Kelly AFB in Texas. [4]
> >
> >
> >
> >All of this leads to a single question... why are Department 
> of Defense 
> >computers being used to search for pages on the 
> Sklyarov/Adobe case and 
> >Sklyarov's presentation?
> >
> >
> >I encourage webmasters hosting pages about Dmitry, and copies of the 
> >PowerPoint presentation, to check their logs for hits from 
> the 198.25.0.0 
> >- 198.26.255.255 netblock; this is the block controlled by 
> NIPR.  I'm 
> >specifically interested in hits from Inktomi Search spiders, 
> looking for 
> >files related to Sklyarov.  I want to find out how widespread this 
> >activity is, and I intend to find out for what purpose this 
> searching is 
> >taking place.
> >
> >
> >-Mark Bialkowski
> >
> >
> >[1] Inktomi's front page
> >[2] Press release: "Inktomi Delivers Award-Winning Search 
> Technology to 
> >Government Organizations," Aug. 20, 2001
> >
> >
> >[3] <http://www.carnicom.com>www.carnicom.com, "NIPR 
> Activity Increases"
> >
> >
> >[4] Information from tin.nu WHOIS server gateway
> 
> 
> 
> For archives see: http://www.interesting-people.org/
> 
> ----- End forwarded message -----
> 
> _______________________________________________
> CrackMonkey: Non-sequitur arguments and ad-hominem personal attacks
> http://crackmonkey.org/mailman/listinfo/crackmonkey
> 
> ----- End forwarded message -----
> 
> -- 
> ---------------------------------------------------------------------
>          FREE DMITRY SKLYAROV -- http://www.freesklyarov.org/ 
>          In prison for exercising his right to "fair use."
> 
> _______________________________________________
> UFO Chicago -- Users of Free Operating Systems
> Free Software Rules -- Proprietary Drools!
> http://ufo.chicago.il.us/cgi-bin/mailman/listinfo/ufo
>