Searching for the FBI

During the course of the trial I lost three computers to shut down Trojans while researching the source of the shutdown Trojan for the contraband computer held in evidence. I also lost another computer when challenged by the prosecution to visit a particular page at Cert. Prior to this, the prosecution had me identified for the record even though my position was a researcher and not a witness. To say the Department of Justice was interacting with my computers during the course of the trial is an understatement.

Over the past two years ago, I discovered my computer constantly interacting with IP numbers which were owned by my ISP. Since Carnivore was known to be stationed at a local ISP, I made the incorrect assumption that I was being monitored by that program. As time passed, I noticed extremely aggressive behavior and if I went to a suspected Federal Honeypot, as many as 60-100 ports would be opened with connections to my ISP. This reproducible behavior occurred with Linux and both current versions of Windows. (XP and Vista). When using a live Linux cd , there were no connections on start-up and the connections occurred only after I went to a suspicious site.

While I assumed that these connections were the FBI, I had no way to prove it until I stumbled on it last week. Since, I assume I am already a person of interest, I run a periodic search for the location of internet spy rooms to find out who is being watched. It should be obvious that if they can monitor my internet traffic, they can also monitor web sites offering seditious material using the same splitter technology. The perfect tool to track my signal is of course Neotrace which unfortunately has security issues so I install a new copy daily and repeat my work and use different ISP connections to verify the results.

One thing I never checked was the path to http://www.FBI.gov until last week when I ran Neotrace. I was shocked to find I was only 3 jumps from The FBI which had the same ISP as the constant connections to my machine. I double checked it with the DOS traceroute command and find that this is part of akamai technology, but the loop never leaves the United States Virgin Islands unlike any other akamai served connections I’ve traced.

Moreover, the constant connections are through parallel iexplore.exe connections which are usually spyware and the same block of IP’s have been in use for two years. (The iexplore.exe connection exists even when using Firefox) The supporting experiment of using the DOS command, “netstat –ano” allows you to observe that a browser call for http://www.fbi.gov increases the number of connections to my machine but no other new IP numbers connect to deliver content or probe my machine (aside from possibly Google.)

Interestingly enough, since this connection is being made intrastate, it may not be clearly illegal. First, most people would not dwell on the connection or try to block it as it is part of their ISP service so most would never notice or complain. Next, the site is clearly an FBI location and delivers the FBI homepage locally which is not exactly a clandestine operation. Next, Federal laws governing wiretaps, Keystroke loggers, and Trojans regulate interstate traffic and Neotrace finds no link to anything beyond the United States Virgin Islands.

As an aside, I asked a friend to do a tracert to the FBI in New York City and consistent with my suspicions, the IP she got was 204.2.199.25 which Neotrace places in New York City. I would expect that most connections to the FBI are intrastate connections.

If this is the so called Magic Lantern or the euphemism beyond that, it has a lot more power than previously described and is not simply a key stroke logger. It has the power to shut down by altering video settings, by altering the window’s registry settings so windows appear counterfeit, or by destroying the motherboard. It can also interfere with posting on a blog, and sending emails and temporarily freezing the system at an inopportune time.

Check it out yourself.

In DOS use “tracert http://www.fbi.gov” or in Linux Counsol use “traceroute http://www.fbi.gov” to find the IP of the FBI server which would deliver content to you. (It’s the last IP listed.) Give me the IP you got for http://www.fbi.gov in the comment section and I’ll let you know where it is located.

Advertisements

Tags: , , ,

2 Responses to “Searching for the FBI”

  1. Tommy Says:

    Its only 9 hops away from me whats that mean man? 63.85.36.48

    • Poppa John Says:

      Probably not much if the information I have is correct. 63.85.36.48 is part of the Akamai system which is used by the FBI and others and the server is in Chicago. Your IP appears to be in Columbus which I expect has it’s own Akamai servers. Since your route crosses state lines, Federal wiretap laws would apply. Conclusion, no one is watching you – Yet?

      But as the FBI responded to my freedom of information request, if I know enough to ask detailed questions, then I already know they don’t have to answer.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: