[Home] [Headlines] [Latest Articles] [Latest Comments] [Post] [Sign-in] [Mail] [Setup] [Help]
Status: Not Logged In; Sign In
|
Neocon Nuttery See other Neocon Nuttery Articles Title: The Boylan trail...he's a stone liar Deciphering the email headers to determine if the same person sent them both Glenn Greenwald posted email headers from a discussion he was having where a person denied sending an email that Glenn received. The post about the email and denial are here: http://www.salon.com/opinion/greenwald/2007/10/28/boylan/index.html and the post where he gives email headers is here: http://utdocuments.blogspot.com/2007/10/e-mail-headers-from-col-boylan-and-mnf.html I have experience programming, in syadmin work, netops work, and have been studying the Internet in an effort to get a PhD in computer science. I'm pretty sure those emails came from the same person. My reasoning is explained below. The one unfortunate thing is that the email headers got a bit mangled when they were posted. I have attempted to unmangle them, and if I get a better copy of them, I will replace the old with the new. Original Email Headers Headers from the denial email Return-Path: X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on imap3.salon.com X-Spam-Level: X-Spam-Status: No, score=0.2 required=4.0 tests=AWL autolearn=disabled version=3.1.7 Received: from rich.salon.com (rich.salon.com [206.80.4.124]) by mailer.salon.com (8.13.6/8.13.6) with ESMTP id l9SBFgrP024411 for ; Sun, 28 Oct 2007 04:15:43 -0700 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on imap3.salon.com X-Spam-Level: X-Spam-Status: No, score=0.2 required=4.0 tests=AWL autolearn=disabled version=3.1.7 Received: from rich.salon.com (rich.salon.com [206.80.4.124]) by mailer.salon.com (8.13.6/8.13.6) with ESMTP id l9SFwcx5001032 for ; Sun, 28 Oct 2007 08:58:38 -0700 The first chunk is not very interesting. As emails make their way from source to destination, each relay point adds on their own line. These lines all correspond to Salon internal stuff. The next chunk is where the action is. Original Email Headers (cont'd) Headers from the denial email (cont'd) Received: from 02exbhizn02.iraq.centcom.mil (02exbhizn02.iraq.centcom.mil [214.13.200.111]) by rich.salon.com (8.12.11/8.12.11) with ESMTP id l9SBFSff004148 for ; Sun, 28 Oct 2007 04:15:36 -0700 Received: from 02exbhizn02.iraq.centcom.mil (02exbhizn02.iraq.centcom.mil [214.13.200.111]) by rich.salon.com (8.12.11/8.12.11) with ESMTP id l9SFwT1S017514 for ; Sun, 28 Oct 2007 08:58:33 -0700 These are the really important lines. This is where the handoff to Salon from 02exbhizn02.iraq.centcom.mil took place. Or, at least, it was a handoff from 214.13.200.111, which claims to be 02exbhizn02.iraq.centcom.mil - let's see if that claim holds up. Running the host command, designed for just such an occasion, we see: $ host 214.13.200.111 111.200.13.214.in-addr.arpa domain name pointer 02exbhizn02.iraq.centcom.mil. and we see $ host 02exbhizn02.iraq.centcom.mil 02exbhizn02.iraq.centcom.mil has address 214.13.200.111 So now we know that a military computer, and the same one each time, was the computer that handed both these emails to Salon's system. Also note that the above lines are exactly the same except for the ESMTP id and timestamp - this small difference is because the headers are from two different emails sent at two different times, and the ESMTP id is unique for a given email. This is about as good as we can guarantee - subsequent lines depend on systems outside of Salon's audit purview. But looking at the following lines should still provide evidence. In particular, radical differences in subsequent lines would be evidence that the military email system was compromised in some fashion, while them being largely similar indicates that that same person and machine sent all the emails. Original Email Headers (cont'd) Headers from the denial email (cont'd) Received: from INTZEXEBHIZN01.iraq.centcom.mil ([10.70.20.11]) by 02exbhizn02.iraq.centcom.mil with Microsoft SMTPSVC(6.0.3790.3959); Sun, 28 Oct 2007 14:15:05 +0300 Received: from INTZEXEBHIZN01.iraq.centcom.mil ([10.70.20.11]) by 02exbhizn02.iraq.centcom.mil with Microsoft SMTPSVC(6.0.3790.3959); Sun, 28 Oct 2007 18:58:11 +0300 Received: from INTZEXEVSIZN02.iraq.centcom.mil ([10.70.20.16]) by INTZEXEBHIZN01.iraq.centcom.mil with Microsoft SMTPSVC(6.0.3790.3959); Sun, 28 Oct 2007 14:15:05 +0300 Received: from INTZEXEVSIZN02.iraq.centcom.mil ([10.70.20.16]) by INTZEXEBHIZN01.iraq.centcom.mil with Microsoft SMTPSVC(6.0.3790.3959); Sun, 28 Oct 2007 18:58:11 +0300 Content-class: Content-class: urn: urn: content-classes:message content-classes:message MIME-Version: 1.0 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Type: text/plain; charset="us-ascii" Subject: The growing link between the U.S. military and right-wing media and blogs Subject: RE: The growing link between the U.S. military and right-wing media and blogs X-MimeOLE: Produced By Microsoft Exchange V6.5 X-MimeOLE: Produced By Microsoft Exchange V6.5 Date: Sun, 28 Oct 2007 14:15:05 +0300 Date: Sun, 28 Oct 2007 18:58:11 +0300 Message-ID: In-Reply-To: <9EE79D5BD1CA47D49B60A519F190F98D@GlennPC> X-MS-Has-Attach: X-MS-Has-Attach: X-MS-TNEF-Correlator: X-MS-TNEF-Correlator: Thread-Topic: The growing link between the U.S. military and right-wing media and blogs Thread-Topic: The growing link between the U.S. military and right-wing media and blogs Thread-Index: AcgZU8rMDQqwmH5eRre22Ga+dQFPsw== Thread-Index: AcgZeFOWoEK/zLZxSZm4qrlSEvjjHQAAf2iw References: <7EED9730BDFDA64183D4BE1C41F917BB397123@INTZEXEVSIZN02.iraq.centcom.mil> <9EE79D5BD1CA47D49B60A519F190F98D@GlennPC> From: "Boylan, Steven COL MNF-I CMD GRP CG PAO" From: "Boylan, Steven COL MNF-I CMD GRP CG PAO" To: To: "Glenn Greenwald" X-OriginalArrivalTime: 28 Oct 2007 11:15:05.0804 (UTC) FILETIME=[CAF430C0:01C81953] X-OriginalArrivalTime: 28 Oct 2007 15:58:11.0534 (UTC) FILETIME=[573CE6E0:01C8197B] Content-Transfer-Encoding: 8bit Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mailer.salon.com id l9SBFgrP024411 X-MIME-Autoconverted: from quoted-printable to 8bit by mailer.salon.com id l9SFwcx5001032 X-IMAPbase: 1193356123 291 NonJunkStatus: O Status: O X-UID: 273 X-UID: 291 Content-Length: 4757 Content-Length: 5860 X-Keywords: X-Keywords: And these headers are about what you would expect if they were to come from the same person. The main differences between them have to do with the fact that the second message is a reply to the first, and so contains references to the first so that email clients will know what thread to put the message in. Note, in particular, that the exact same version of Microsoft Exchange is credited with sending out both emails (and it's an old version), and also that the weird Microsoft tags are the same. Based on this, I have to conclude that these two emails were written by the same person. Or, someone has hacked into the military infrastructure in an effort to discredit this one Colonel by sending cranky emails to bloggers. But one of the two, certainly. — Peter Boothe pboothe1@uoregon.edu Sun Oct 28 13:04:18 PDT 2007
Post Comment Private Reply Ignore Thread Top • Page Up • Full Thread • Page Down • Bottom/Latest Begin Trace Mode for Comment # 4.
#1. To: Mekons4 (#0)
What are the odds that this public affairs Colonel Boylan will survive with his out and out lies?
100% certain he survives.
Maybe not, if Petraeus's boss CENTCOM commander Adm. Fallon has anything to say about it. If Fallon despises Petraeus, it's easy to guess what he thinks of Boylan.
There are no replies to Comment # 4. End Trace Mode for Comment # 4.
Top • Page Up • Full Thread • Page Down • Bottom/Latest |
||
|
[Home]
[Headlines]
[Latest Articles]
[Latest Comments]
[Post]
[Sign-in]
[Mail]
[Setup]
[Help]
|
||