[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help]  [Register] 

Status: Not Logged In; Sign In

"Gestapo" Müller - Hunting Hitler's Secret Police Chief How Michelle Obama Could Become Democrats' Nominee after Biden's Terrible Debate, with Steve Bannon Was This Lethal Spitfire Ace Killed by His Own Tactics? Welsh Police Pay Home Visit To Man For Displaying Reform UK Political Sign Liz Harrington Drops a BOMBSHELL on How Georgia Was Stolen Trudeau govt to make all bathrooms in Parliament buildings GENDER NEUTRAL French official admits censorship is needed for government to control public opinion Bill Maher Predicts Trump Victory: The Left Is Aggressively Anti-Common Sense Google is suppressing Blaze Media. Heres how you can help. Large-scale prisons being secretly erected in all 50 states will they be used to house illegals or force Americans into concentration camps? Hezbollah is ready to confront Israels military, with Jon Elmer Balloons Land in Southern Lebanon, Warning Locals the Land Belongs to Jews German Politician Hit With Hate Crime Investigation For Demanding Migrant Criminals Be Deported DNC Caught Funneling Millions to Law Firms Involved in Unprecedented Lawfare Campaign Against Trump Here Are The 20 Biggest Whoppers Biden Told During His Debate With Trump NYC to ban cellphones in public schools. New York Times Columnists Turn On Biden After Disastrous Debate Performance 8 Armed Men With Venezuelan Accents Violently Rob Denver Jewelry Store Uvalde Police School Chief Indicted, Arrested Over Response To 2022 Shooting Greetings from the Horse Tonight confirmed every Democrats worst fear. Five Women Soon To Die In 1928 How Trump Can Lose The Debate Tucker Carlson Savagely Dismantles ‘Dumb’ and ‘Stupid’ Far-Left Reporter at Australian Freedom Conference James Clapper, Mr. October Surprise: How Obama's Intel Czar Rigged 2016 And 2020 Debates Against Trump Biden Campaign Balks Wont Commit to Drug Test S-500 Prometheus: Designed To Kill Stealth Jets, ICBMs The US military chases shiny new things and the ranks suffer USS Dwight D. Eisenhower Now in the Med, USS Theodore Roosevelt Heads to the Middle East Lefties losing it: Rita Panahi mocks Democrat judge acting like a ‘confused simpleton’

Neocon Nuttery
See other Neocon Nuttery Articles

Title: The Boylan trail...he's a stone liar
Source: U of Oregon
URL Source: http://www.uoregon.edu/~pboothe1/iraq_emails/
Published: Oct 30, 2007
Author: Peter Boothe
Post Date: 2007-10-30 23:21:58 by Mekons4
Keywords: None
Views: 1138
Comments: 4

Deciphering the email headers to determine if the same person sent them both

Glenn Greenwald posted email headers from a discussion he was having where a person denied sending an email that Glenn received. The post about the email and denial are here: http://www.salon.com/opinion/greenwald/2007/10/28/boylan/index.html and the post where he gives email headers is here: http://utdocuments.blogspot.com/2007/10/e-mail-headers-from-col-boylan-and-mnf.html

I have experience programming, in syadmin work, netops work, and have been studying the Internet in an effort to get a PhD in computer science. I'm pretty sure those emails came from the same person. My reasoning is explained below. The one unfortunate thing is that the email headers got a bit mangled when they were posted. I have attempted to unmangle them, and if I get a better copy of them, I will replace the old with the new. Original Email Headers Headers from the denial email Return-Path: X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on imap3.salon.com X-Spam-Level: X-Spam-Status: No, score=0.2 required=4.0 tests=AWL autolearn=disabled version=3.1.7 Received: from rich.salon.com (rich.salon.com [206.80.4.124]) by mailer.salon.com (8.13.6/8.13.6) with ESMTP id l9SBFgrP024411 for ; Sun, 28 Oct 2007 04:15:43 -0700 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on imap3.salon.com X-Spam-Level: X-Spam-Status: No, score=0.2 required=4.0 tests=AWL autolearn=disabled version=3.1.7 Received: from rich.salon.com (rich.salon.com [206.80.4.124]) by mailer.salon.com (8.13.6/8.13.6) with ESMTP id l9SFwcx5001032 for ; Sun, 28 Oct 2007 08:58:38 -0700

The first chunk is not very interesting. As emails make their way from source to destination, each relay point adds on their own line. These lines all correspond to Salon internal stuff. The next chunk is where the action is. Original Email Headers (cont'd) Headers from the denial email (cont'd) Received: from 02exbhizn02.iraq.centcom.mil (02exbhizn02.iraq.centcom.mil [214.13.200.111]) by rich.salon.com (8.12.11/8.12.11) with ESMTP id l9SBFSff004148 for ; Sun, 28 Oct 2007 04:15:36 -0700 Received: from 02exbhizn02.iraq.centcom.mil (02exbhizn02.iraq.centcom.mil [214.13.200.111]) by rich.salon.com (8.12.11/8.12.11) with ESMTP id l9SFwT1S017514 for ; Sun, 28 Oct 2007 08:58:33 -0700

These are the really important lines. This is where the handoff to Salon from 02exbhizn02.iraq.centcom.mil took place. Or, at least, it was a handoff from 214.13.200.111, which claims to be 02exbhizn02.iraq.centcom.mil - let's see if that claim holds up. Running the host command, designed for just such an occasion, we see: $ host 214.13.200.111 111.200.13.214.in-addr.arpa domain name pointer 02exbhizn02.iraq.centcom.mil. and we see $ host 02exbhizn02.iraq.centcom.mil 02exbhizn02.iraq.centcom.mil has address 214.13.200.111

So now we know that a military computer, and the same one each time, was the computer that handed both these emails to Salon's system. Also note that the above lines are exactly the same except for the ESMTP id and timestamp - this small difference is because the headers are from two different emails sent at two different times, and the ESMTP id is unique for a given email. This is about as good as we can guarantee - subsequent lines depend on systems outside of Salon's audit purview. But looking at the following lines should still provide evidence.

In particular, radical differences in subsequent lines would be evidence that the military email system was compromised in some fashion, while them being largely similar indicates that that same person and machine sent all the emails. Original Email Headers (cont'd) Headers from the denial email (cont'd) Received: from INTZEXEBHIZN01.iraq.centcom.mil ([10.70.20.11]) by 02exbhizn02.iraq.centcom.mil with Microsoft SMTPSVC(6.0.3790.3959); Sun, 28 Oct 2007 14:15:05 +0300 Received: from INTZEXEBHIZN01.iraq.centcom.mil ([10.70.20.11]) by 02exbhizn02.iraq.centcom.mil with Microsoft SMTPSVC(6.0.3790.3959); Sun, 28 Oct 2007 18:58:11 +0300 Received: from INTZEXEVSIZN02.iraq.centcom.mil ([10.70.20.16]) by INTZEXEBHIZN01.iraq.centcom.mil with Microsoft SMTPSVC(6.0.3790.3959); Sun, 28 Oct 2007 14:15:05 +0300 Received: from INTZEXEVSIZN02.iraq.centcom.mil ([10.70.20.16]) by INTZEXEBHIZN01.iraq.centcom.mil with Microsoft SMTPSVC(6.0.3790.3959); Sun, 28 Oct 2007 18:58:11 +0300 Content-class: Content-class: urn: urn: content-classes:message content-classes:message MIME-Version: 1.0 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Type: text/plain; charset="us-ascii" Subject: The growing link between the U.S. military and right-wing media and blogs Subject: RE: The growing link between the U.S. military and right-wing media and blogs X-MimeOLE: Produced By Microsoft Exchange V6.5 X-MimeOLE: Produced By Microsoft Exchange V6.5 Date: Sun, 28 Oct 2007 14:15:05 +0300 Date: Sun, 28 Oct 2007 18:58:11 +0300 Message-ID: In-Reply-To: <9EE79D5BD1CA47D49B60A519F190F98D@GlennPC> X-MS-Has-Attach: X-MS-Has-Attach: X-MS-TNEF-Correlator: X-MS-TNEF-Correlator: Thread-Topic: The growing link between the U.S. military and right-wing media and blogs Thread-Topic: The growing link between the U.S. military and right-wing media and blogs Thread-Index: AcgZU8rMDQqwmH5eRre22Ga+dQFPsw== Thread-Index: AcgZeFOWoEK/zLZxSZm4qrlSEvjjHQAAf2iw References: <7EED9730BDFDA64183D4BE1C41F917BB397123@INTZEXEVSIZN02.iraq.centcom.mil> <9EE79D5BD1CA47D49B60A519F190F98D@GlennPC> From: "Boylan, Steven COL MNF-I CMD GRP CG PAO" From: "Boylan, Steven COL MNF-I CMD GRP CG PAO" To: To: "Glenn Greenwald" X-OriginalArrivalTime: 28 Oct 2007 11:15:05.0804 (UTC) FILETIME=[CAF430C0:01C81953] X-OriginalArrivalTime: 28 Oct 2007 15:58:11.0534 (UTC) FILETIME=[573CE6E0:01C8197B] Content-Transfer-Encoding: 8bit Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mailer.salon.com id l9SBFgrP024411 X-MIME-Autoconverted: from quoted-printable to 8bit by mailer.salon.com id l9SFwcx5001032 X-IMAPbase: 1193356123 291 NonJunkStatus: O Status: O X-UID: 273 X-UID: 291 Content-Length: 4757 Content-Length: 5860 X-Keywords: X-Keywords:

And these headers are about what you would expect if they were to come from the same person. The main differences between them have to do with the fact that the second message is a reply to the first, and so contains references to the first so that email clients will know what thread to put the message in.

Note, in particular, that the exact same version of Microsoft Exchange is credited with sending out both emails (and it's an old version), and also that the weird Microsoft tags are the same.

Based on this, I have to conclude that these two emails were written by the same person. Or, someone has hacked into the military infrastructure in an effort to discredit this one Colonel by sending cranky emails to bloggers. But one of the two, certainly.

— Peter Boothe pboothe1@uoregon.edu Sun Oct 28 13:04:18 PDT 2007

Post Comment   Private Reply   Ignore Thread  

Begin Trace Mode for Comment # 1.

#1. To: Mekons4 (#0)

What are the odds that this public affairs Colonel Boylan will survive with his out and out lies?

Fred Mertz  posted on  2007-10-30   23:32:12 ET  Reply   Untrace   Trace   Private Reply  

#3. To: Fred Mertz (#1)

What are the odds that this public affairs Colonel Boylan will survive

100% certain he survives.

nolu_chan  posted on  2007-10-31 18:52:33 ET  Reply   Untrace   Trace   Private Reply  

Top • Page Up • Full Thread • Page Down • Bottom/Latest

[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help]  [Register]