[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help] 

Status: Not Logged In; Sign In

How Anish heat a barn

This is an Easy Case SCOTUS Takes On The UN and Mexico's Gun Control Alliance!

Would China Ever Invade Russia? Examining a Possible Scenario

Why Putin Can NEVER Use a Nuclear Weapon

Logical Consequence of Freedom4um point of view

Tucker Carlson: This current White House is being run by Satan, not human beings

U.S. Submarines Are Getting a Nuclear Cruise Missile Strike Capability: Destroyers Likely to Follow

Anti-Gun Cat Lady ATTACKS Congress Over Mexico & The UN!

Trump's new border czar will prioritize finding 300,000 missing migrant children who could be trafficking victims

Morgan Stanley: "If Musk Is Successful In Streamlining Government, It Would Broaden Earnings Growth And Stock Performance"

Bombshell Fauci Documentary Nails The Whole COVID Charade

TRUTH About John McCain's Service - Forgotten History

Bombshell Fauci Documentary Nails The Whole COVID Charade

Joe Rogan expressed deep concern that Joe Biden and Ukrainian President Zelensky will start World War III

Fury in Memphis after attempted murder suspect who ambushed FedEx employee walks free without bail

Tehran preparing for attack against Israel: Ayatollah Khamenei's aide

Huge shortage plagues Israeli army as losses mount in Lebanon, Gaza

Researchers Find Unknown Chemical In Drinking Water Posing "Potential Human Health Concern"

Putin visibly ‘shocked’ by US green-light for long-range missiles to strike inside Russia

The Problem of the Bitcoin Billionaires

Biden: “We’re leaving America in a better place today than when we came into office four years ago … "

Candace Owens: Gaetz out, Bondi in. There's more to this than you think.

OMG!!! Could Jill Biden Be Any MORE Embarrassing??? - Anyone NOTICE This???

Sudden death COVID vaccine paper published, then censored, by The Lancet now republished with peer review

Russian children returned from Syria

Donald Trump Indirectly Exposes the Jewish Neocons Behind Joe Biden's Nuclear War

Key European NATO Bases in Reach of Russia's Oreshnik Hypersonic Missile

Supervolcano Alert in Europe: Phlegraean Fields Activity Sparks Scientists Attention (Mass Starvation)

France reacted to the words of a US senator on sanctions against allies

Trump nominates former Soros executive for Treasury chief


Neocon Nuttery
See other Neocon Nuttery Articles

Title: The Boylan trail...he's a stone liar
Source: U of Oregon
URL Source: http://www.uoregon.edu/~pboothe1/iraq_emails/
Published: Oct 30, 2007
Author: Peter Boothe
Post Date: 2007-10-30 23:21:58 by Mekons4
Keywords: None
Views: 1189
Comments: 4

Deciphering the email headers to determine if the same person sent them both

Glenn Greenwald posted email headers from a discussion he was having where a person denied sending an email that Glenn received. The post about the email and denial are here: http://www.salon.com/opinion/greenwald/2007/10/28/boylan/index.html and the post where he gives email headers is here: http://utdocuments.blogspot.com/2007/10/e-mail-headers-from-col-boylan-and-mnf.html

I have experience programming, in syadmin work, netops work, and have been studying the Internet in an effort to get a PhD in computer science. I'm pretty sure those emails came from the same person. My reasoning is explained below. The one unfortunate thing is that the email headers got a bit mangled when they were posted. I have attempted to unmangle them, and if I get a better copy of them, I will replace the old with the new. Original Email Headers Headers from the denial email Return-Path: X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on imap3.salon.com X-Spam-Level: X-Spam-Status: No, score=0.2 required=4.0 tests=AWL autolearn=disabled version=3.1.7 Received: from rich.salon.com (rich.salon.com [206.80.4.124]) by mailer.salon.com (8.13.6/8.13.6) with ESMTP id l9SBFgrP024411 for ; Sun, 28 Oct 2007 04:15:43 -0700 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on imap3.salon.com X-Spam-Level: X-Spam-Status: No, score=0.2 required=4.0 tests=AWL autolearn=disabled version=3.1.7 Received: from rich.salon.com (rich.salon.com [206.80.4.124]) by mailer.salon.com (8.13.6/8.13.6) with ESMTP id l9SFwcx5001032 for ; Sun, 28 Oct 2007 08:58:38 -0700

The first chunk is not very interesting. As emails make their way from source to destination, each relay point adds on their own line. These lines all correspond to Salon internal stuff. The next chunk is where the action is. Original Email Headers (cont'd) Headers from the denial email (cont'd) Received: from 02exbhizn02.iraq.centcom.mil (02exbhizn02.iraq.centcom.mil [214.13.200.111]) by rich.salon.com (8.12.11/8.12.11) with ESMTP id l9SBFSff004148 for ; Sun, 28 Oct 2007 04:15:36 -0700 Received: from 02exbhizn02.iraq.centcom.mil (02exbhizn02.iraq.centcom.mil [214.13.200.111]) by rich.salon.com (8.12.11/8.12.11) with ESMTP id l9SFwT1S017514 for ; Sun, 28 Oct 2007 08:58:33 -0700

These are the really important lines. This is where the handoff to Salon from 02exbhizn02.iraq.centcom.mil took place. Or, at least, it was a handoff from 214.13.200.111, which claims to be 02exbhizn02.iraq.centcom.mil - let's see if that claim holds up. Running the host command, designed for just such an occasion, we see: $ host 214.13.200.111 111.200.13.214.in-addr.arpa domain name pointer 02exbhizn02.iraq.centcom.mil. and we see $ host 02exbhizn02.iraq.centcom.mil 02exbhizn02.iraq.centcom.mil has address 214.13.200.111

So now we know that a military computer, and the same one each time, was the computer that handed both these emails to Salon's system. Also note that the above lines are exactly the same except for the ESMTP id and timestamp - this small difference is because the headers are from two different emails sent at two different times, and the ESMTP id is unique for a given email. This is about as good as we can guarantee - subsequent lines depend on systems outside of Salon's audit purview. But looking at the following lines should still provide evidence.

In particular, radical differences in subsequent lines would be evidence that the military email system was compromised in some fashion, while them being largely similar indicates that that same person and machine sent all the emails. Original Email Headers (cont'd) Headers from the denial email (cont'd) Received: from INTZEXEBHIZN01.iraq.centcom.mil ([10.70.20.11]) by 02exbhizn02.iraq.centcom.mil with Microsoft SMTPSVC(6.0.3790.3959); Sun, 28 Oct 2007 14:15:05 +0300 Received: from INTZEXEBHIZN01.iraq.centcom.mil ([10.70.20.11]) by 02exbhizn02.iraq.centcom.mil with Microsoft SMTPSVC(6.0.3790.3959); Sun, 28 Oct 2007 18:58:11 +0300 Received: from INTZEXEVSIZN02.iraq.centcom.mil ([10.70.20.16]) by INTZEXEBHIZN01.iraq.centcom.mil with Microsoft SMTPSVC(6.0.3790.3959); Sun, 28 Oct 2007 14:15:05 +0300 Received: from INTZEXEVSIZN02.iraq.centcom.mil ([10.70.20.16]) by INTZEXEBHIZN01.iraq.centcom.mil with Microsoft SMTPSVC(6.0.3790.3959); Sun, 28 Oct 2007 18:58:11 +0300 Content-class: Content-class: urn: urn: content-classes:message content-classes:message MIME-Version: 1.0 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Type: text/plain; charset="us-ascii" Subject: The growing link between the U.S. military and right-wing media and blogs Subject: RE: The growing link between the U.S. military and right-wing media and blogs X-MimeOLE: Produced By Microsoft Exchange V6.5 X-MimeOLE: Produced By Microsoft Exchange V6.5 Date: Sun, 28 Oct 2007 14:15:05 +0300 Date: Sun, 28 Oct 2007 18:58:11 +0300 Message-ID: In-Reply-To: <9EE79D5BD1CA47D49B60A519F190F98D@GlennPC> X-MS-Has-Attach: X-MS-Has-Attach: X-MS-TNEF-Correlator: X-MS-TNEF-Correlator: Thread-Topic: The growing link between the U.S. military and right-wing media and blogs Thread-Topic: The growing link between the U.S. military and right-wing media and blogs Thread-Index: AcgZU8rMDQqwmH5eRre22Ga+dQFPsw== Thread-Index: AcgZeFOWoEK/zLZxSZm4qrlSEvjjHQAAf2iw References: <7EED9730BDFDA64183D4BE1C41F917BB397123@INTZEXEVSIZN02.iraq.centcom.mil> <9EE79D5BD1CA47D49B60A519F190F98D@GlennPC> From: "Boylan, Steven COL MNF-I CMD GRP CG PAO" From: "Boylan, Steven COL MNF-I CMD GRP CG PAO" To: To: "Glenn Greenwald" X-OriginalArrivalTime: 28 Oct 2007 11:15:05.0804 (UTC) FILETIME=[CAF430C0:01C81953] X-OriginalArrivalTime: 28 Oct 2007 15:58:11.0534 (UTC) FILETIME=[573CE6E0:01C8197B] Content-Transfer-Encoding: 8bit Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mailer.salon.com id l9SBFgrP024411 X-MIME-Autoconverted: from quoted-printable to 8bit by mailer.salon.com id l9SFwcx5001032 X-IMAPbase: 1193356123 291 NonJunkStatus: O Status: O X-UID: 273 X-UID: 291 Content-Length: 4757 Content-Length: 5860 X-Keywords: X-Keywords:

And these headers are about what you would expect if they were to come from the same person. The main differences between them have to do with the fact that the second message is a reply to the first, and so contains references to the first so that email clients will know what thread to put the message in.

Note, in particular, that the exact same version of Microsoft Exchange is credited with sending out both emails (and it's an old version), and also that the weird Microsoft tags are the same.

Based on this, I have to conclude that these two emails were written by the same person. Or, someone has hacked into the military infrastructure in an effort to discredit this one Colonel by sending cranky emails to bloggers. But one of the two, certainly.

— Peter Boothe pboothe1@uoregon.edu Sun Oct 28 13:04:18 PDT 2007

Post Comment   Private Reply   Ignore Thread  


TopPage UpFull ThreadPage DownBottom/Latest

#1. To: Mekons4 (#0)

What are the odds that this public affairs Colonel Boylan will survive with his out and out lies?

Fred Mertz  posted on  2007-10-30   23:32:12 ET  Reply   Trace   Private Reply  


#2. To: Mekons4 (#0)

So now we know that a military computer, and the same one each time, was the computer that handed both these emails to Salon's system.

This one is difficult to follow.

Ron Paul for President - Join a Ron Paul Meetup group today!

robin  posted on  2007-10-31   0:36:28 ET  Reply   Trace   Private Reply  


#3. To: Fred Mertz (#1)

What are the odds that this public affairs Colonel Boylan will survive

100% certain he survives.

nolu_chan  posted on  2007-10-31   18:52:33 ET  Reply   Trace   Private Reply  


#4. To: nolu_chan (#3)

100% certain he survives.

Maybe not, if Petraeus's boss CENTCOM commander Adm. Fallon has anything to say about it.

If Fallon despises Petraeus, it's easy to guess what he thinks of Boylan.

To reason, indeed, he was not in the habit of attending. His mode of arguing, if it is to be so called, was one not uncommon among dull and stubborn persons, who are accustomed to be surrounded by their inferiors. He asserted a proposition; and, as often as wiser people ventured respectfully to show that it was erroneous, he asserted it again, in exactly the same words, and conceived that, by doing so, he at once disposed of all objections. - Macaulay, "History of England," Vol. 1, Chapter 6, on James II.

aristeides  posted on  2007-10-31   18:54:51 ET  Reply   Trace   Private Reply  


TopPage UpFull ThreadPage DownBottom/Latest


[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help]