- BitsBlog - http://bitsblog.theconservativereader.com -

Greenwald, Again

An interesting set of conditions leads to some interesting mail to catch up on, this morning.

Last night, I took a healthy swipe at Glenn Greenwald [1]. (I know… it’s a target that’s all too easy, but someone hadda do it.)

So this morning, comes a defender, who says I got the IP part right, but missed a clue: [2]

(OK… this oughta be fun…)

One thing that someone else noted [3] is that Greenwald lists the originating IP address as 10.70.20.16. They are correct that 10.70.20.16 is a private IP address. Anyone can claim to be 10.70.20.16, just like anyone can claim to be 192.168.1.1. However, that is missing a key piece of evidence. I’ll trim the header for the relevant information.

Received: from rich.salon.com (rich.salon.com [206.80.4.124]) by mailer.salon.com (8.13.6/8.13.6)
Received: from 02exbhizn02.iraq.centcom.mil (02exbhizn02.iraq.centcom.mil [214.13.200.111]) by rich.salon.com (8.12.11/8.12.11)
Received: from INTZEXEBHIZN01.iraq.centcom.mil ([10.70.20.11]) by 02exbhizn02.iraq.centcom.mil with Microsoft SMTPSVC(6.0.3790.3959);
Sun, 28 Oct 2007 14:15:05 +0300Received: from INTZEXEVSIZN02.iraq.centcom.mil ([10.70.20.16]) by INTZEXEBHIZN01.iraq.centcom.mil with Microsoft SMTPSVC(6.0.3790.3959);

The key piece is the 214.13.200.111.  That is a public address.  You can use nslookup to verify it.  Heck, you can look up who owns the 214 address chunk [4]. Here is a hint:

214/8 Mar 98 US-DOD

The email got routed through a US-DOD server, that is not something that one can just do.

Well, bucko, there’s where you’re wrong… and it’s you that’s missed the clue. Look again:

02exbhizn02.iraq.centcom.mil with Microsoft SMTPSVC(6.0.3790.3959)

(How shall I count the ways?  )

You would need to compromise the server to forward the email.

Ummmmm…. Yeahhhhhh…. Tell me… Did you happen to note this is an Microsoft Exchange server?  My hacker friends tell me that getting by a hastily set up Exchange server isn’t all that hard, particularly for a professional sock puppet and his buddies. Beyond that, hacking up a header isn’t at all hard, either.

Isn’t it funny how the conspiracy minded left loses it’s imagination in situations like this?

Further, let’s consider motivation:

What possible motivation would a drooling band of leftists, ones so desperate to get something / anything on our military and the current President, and one in particular who has a history of faking network activity [5], want to put up a story like this if it wasn’t true?

Gee. Maybe you oughta give up the forensic stuff.

I note others blogging on the subject:

A Second Hand Conjecture [6]

Blue Crab Boulivard [7]