Thursday, January 24, 2013

A corner piece of the commenter puzzle

In the wake of the Nagin announcement, it seems every other story has been shelved or become old hat.  Not so much for me.  I've been working on two stories, one is consuming a lot of my time but I hope to get it out by Monday...buckle your seat belts and keep your hands inside the vehicle at all times....trust me.

However, the story I want to talk about now is one I've been sitting on for some time.

When this story broke in Nola.com last week, I admit I had been waiting for it.  I knew some details of the story and yes I was alluding to that in this post.  I had no interest in "breaking" the story as I'm not really too concerned with who the guy is in the photo or even why he was commenting anonymously.

I'm still not sure why Nola.com chose to go ahead and publish the photo.  If the guy is identified they have essentially outed one of their commenters that was operating under the assumption of anonymity.  I also want to point out that the privacy policy that was referred to in the article was last revised on Dec. 4, 2012.  I do not have a copy of the policy that was in place when this commenter and Eweman, Mencken, etc. were commenting.  Their decision to publish this man's picture is disturbing to me because it shows that they don't believe they have to protect their commenters' identities nor are they apparently too worried about the repercussions.

I am worried about the repercussions...greatly.  I am worried about what possible lengths Fred Heebe's "team" went to track this man down.  I am worried about how they got the information to track him down in the first place.  I have good reason for these concerns and I'm going to share that with you now.

As the article stated, there has been a lot of debate as to how Heebe's defense team actually tracked down Perricone, Mann, et al., as commenters.  Heebe has claimed that they used the services of a (forgive me) cunning linguist to match up comments by syntax and writing methods.  I didn't buy that when I first heard it.  Oyster pointed out that even he was able to find many of Perricone's comments under other pseudonyms by conducting his own sleuthing, so, admittedly, it is possible that what they're claiming could be true.

But here's the thing.  I know that they used a communications company in their efforts to track down this particular commenter.  In fact, I know who the company is and some of the information the company possessed in order to find this guy.

The company is called Affinity Dynamics and its founder is an interesting guy who wears many hats... political consultant, writer, journalist....Glenn Smith.  I don't know exactly what role AD played in the process to hunt the commenter down but I do know they were aware of the exact date and times the commenter was logging in from the hotel as well as the fact that he was using a Yahoo email address to do so.  I am not suggesting that AD or Mr. Smith did anything illicit....let me restate that....I am not suggesting that Affinity Dynamics or Glenn Smith did anything illegal.  But I am stating that they had a lot of information about this man that should have been privy only to Advanced Publications/Nola.com.  I am also stating that they were assisting Heebe's team in the effort to track the man down.

I actually made contact with Mr. Smith via email and he was very polite but stated that he could not comment about the matter due to the pending federal investigation.  Fair enough.

But this leaves a lot of questions unanswered.  How did AD obtain the information?  Was it given to them by Heebe's defense team prior to the manhunt?  Did AD acquire the information themselves?

As stated in Russell's article by the director of digital operations for the NOLA Media Group, Keith Marszalek:
"The identities and locations of NOLA.com commenters and comments cannot be discerned by viewing the website, and NOLA.com does not share identifying information about its users except as outlined in the User Agreement," he said.
So this is essentially left up to the interpretation of the user agreement, I suppose.

What are the possibilities?

1.  The IP information of this commenter was obtained from a second party marketer or vendor?

I find this one very hard to swallow because someone would still have to know exactly when this guy commented and on what post and under what name.  I don't think 2nd party marketers or vendors are even privy to that degree of information but I could be wrong.  If this is possible, it brings up a whole new can of worms with Nola.com's policies.

2.  Someone within the NOLA Media Group or Advanced Publications shared the IP and identifying information with Heebe's defense team that allowed them to track the commenter back to the hotel.

Personally....I think this is the most logical answer.  I'm not saying I know that is what happened but I am saying that not only did Affinity Dynamics know the exact location of the commenter, time and date...they also knew the guy was using a Yahoo account to log into his Nola.com account.  I don't think that is even possible in scenario one but I could be mistaken.

3.  Advanced Publications/Nola.com servers were hacked.

I think this scenario is more viable than the first but not the second.  I'm not suggesting that Affinity Dynamics did this in any way....it would be a stupid move for a company of their stature...but I am suggesting that it is a possibility that someone did in order to obtain the IP information.  If that is the case, the question becomes, "Who did the hacking and exactly what laws were broken?"  Did Heebe's team hire a black hat to obtain the IP info. of this man and possibly Perricone, Mann, et al.?  It's a frightening possibility but one that must be considered nonetheless.

4.  Heebe's team somehow knew that the commenter was using the hotel's computer already and they put a keystroke recorder on it in order to track down the exact time and date the commenter was using it.

Yeah...that is way out there...to the point where I don't even think I should entertain it but after talking with a compadre about this I think it is a distinct possibility so I mention it for posterity's sake.

Applying Occam's razor, I think scenario #2 is by far the most likely with #3 running a distant second.

Regardless, we've established something here.  Heebe's team was using the services of a communications company (I don't know what the business contract was) to track this particular commenter down way back in February of 2011, a year before Perricone was supposedly outed by the cunning linguist, Fitzpatrick.  That's a big deal....very big.

Now let's revisit what Heebe's lawyer, Kyle Schonekas said about the matter:
   How, exactly, did Heebe's team figure out that the commenter they were after had used the International House computer to express himself? They're not saying, although Schonekas suggested there was no special technology used.  
Ok...but there was certainly a special communications company used.  

We still don't have the answers but now we have another crucial piece to this puzzle.


28 comments:

Anonymous said...

#2 & #3 an insider at Advance Media hacked the information internally and gave it out. This is what the scuttlebutt around the Courthouse is saying anyway. We will soon find out when the US Gov't sends their subpoenas out and they out the person responsible. Do not think for a NY second the person won't be outed either.

Dambala - Jason B. Berry said...

Well if that is true, we have a catastrophic situation on our hands. I don't even know where to begin.

TruittLaw said...

I hate to say it, but I agree with the commenter. I am confident that someone at the TP with knowledge of the commenter identities thought they would leak that information to Team Heebe. It will be the clusterf of all time when that is revealed. You thought people were pissed off at the TP when they stopped 7 day a week, just wait.

TruittLaw said...

I hate to say it, but I agree with the commenter. I am confident that someone at the TP with knowledge of the commenter identities thought they would leak that information to Team Heebe. It will be the clusterf of all time when that is revealed. You thought people were pissed off at the TP when they stopped 7 day a week, just wait.

Anonymous said...

There has to be a lot more going on as one can only get general geographic location, ISP that owns the IP address and a few other minor details available through basic searching.

For example:

http://www.ip-address.org
http://www.ipaddresslocation.org
http://www.find-ip-address.org

Anything beyond that (specifc location address info, IP adress lesee info, etc.) involves, shall we say, a darker magic....or someone at the ISP is also leaking info as well.

Dambala - Jason B. Berry said...

Not necessarily anon. If the domain is labeled with the IP address it is very easy to get the physical location.

Dambala - Jason B. Berry said...

And anon 1. I think we need clarify the definition of hack. I don't know what the speculation is coming from but there is a security breach and then there is a hack. If someone simply accessed the stat and commenter information from with Advanced through a terminal in the company that is not a "hack". It's simply a security breach. If someone accessed the information by using an admin's username and password or even worse by more malevolent means such as a worm or keystroke recorder...that is a hack. I point this out because it may be the difference between legality and illegality.

Regardless, if you what you say is correct, the fallout is going to get ugly and then we need to look at how the hack was implemented. We also need to look at whether or not it was isolated to Nola.com or the efforts extended beyond to perhaps Slabbed or maybe even AZ or others. I doubt Heebe had any interest in AZ, but Slabbed is another matter.

Doug is speculating on this matter as well in the comment section:

http://www.slabbed.org/2013/01/25/gee-did-anything-happen-while-i-was-away/

I know I had some weird stuff going on with my blog for a while"

http://www.theamericanzombie.com/2011/01/back-online.html

And I've had even weirder stuff go on in the corporal world. But I have no real reason to believe AZ has been compromised.

The one scenario I didn't list that Anon 2 mentioned is that it actually happened at the ISP level. That....holy shit....if that is the case....I just can't imagine that. I mean I can imagine it would be pretty easy to do for an ISP but for it to actually happen is off the chart explosive.

One thing I've learned about this city...never assume the improbable is improbable.

Dambala - Jason B. Berry said...

Corporeal world...and a thousand edits....sorry I was typing from phone on that one. Jeez.

Jules B. said...

I agree with your commendable analysis and esp. your application of Occam's razor.

I think I commented to this effect a year or more ago-- my guess is that someone on the times-pic side of things "leaked" the info.

I say the times-pic (vs. nola.com) because I think back then there would've been more people at the times-pic who would be tempted to do a favor for Heebe... people on the times-pic side of the aisle would be aware what a generous pal Heebe could be, whereas at NOLA.com most staff hired post-K probably had (have?) no clue who Heebe even is.

Heebe & Co. approached Cummings in Feb 2011, but it'd be important to know exactly when the commenter identity was leaked... because in the wake of this shit-storm at Advance affiliate cleveland.com-- http://blog.cleveland.com/metro/2010/03/plain_dealer_sparks_ethical_de.html -- almost all times-pic staff were stripped of the ability to see commenters' IPs, what e-mail address they registered with, etc. Not all, I don't think, but most.

Speaking of Occam's Razor... no wait, actually this has nothing to do with anything, and I'm not making any accusations... but I do recall a certain Times-Pic city editor showing up on Heebe's 2007 River Birch "Lobbyist List," alongside Garland Robinette et al. Of course, we only have the 2007 edition!

IF the leak theory is true, then unless Heebe himself gives up the name I doubt we'll ever know who the leaker was. We can (irresponsibly?) theorize but given the stone-age state of the times-pic's IT systems there are countless people who could have gotten access to the commenter info.

Ricardo said...

Suddenly John Georges may be negotiating for a potentially more valuable Advocate.

Anonymous said...

Two words missing from your speculations: Social Engineering. Generally far more effective than technical hacks.

Check Kevin Mitnick's book, "Ghost in the wires" for many common methods.

Dambala - Jason B. Berry said...

I'm aware and I'm aware of a potential honey trap. I still don't think that's what happened here. In fact, I will go so far as to tell you that didn't happen in this case.

Anonymous said...

Re tracking Mr. International House: Obtaining the IP through nola.com would by far be the easiest method, granted, but how did Heebe's team fasten upon Mr. IH? It was something specific he said when he commented, and if that something were traceable to a certain set of documents that had recently changed hands, then he could have been tracked in the wild to the IH computer. :_)

River Birch raid took place 09/22/2010 and documents went somewhere for processing (imaging of paper, numbering, & indexing in a database), which would have taken several months depending on volume. Heebe's team is monitoring nola.com and sees an identifiable reference drawn from those documents in January 2011, then investigates habits of processing company's employees, trailing someone to IH.

If something like that had happened, then Heebe's team probably knows who Mr. IH is. On the other hand, Mr. IH used a computer not his own to make the comments, suggesting a desire to avoid detection, so perhaps Mr. IH is not directly associated with the company holding the documents, but a personal contact of one of its employees. (That type of processing can always be done in-house if the possessor of the documents has the staff, and given that they pertained to a federal case maybe they did stay in-house.)

That would be MUCH more complicated, but not impossible. --muspench

Anonymous said...

That pic of Mr. IH was chilling. All this makes me think of the book "Dr. Mary's Monkey" and the unbelievable underhanded stuff that goes on here. This might be like the Kennedy Assassination. Could be that we will never know for sure.
My money-- and probably Heebe's too--is on a TP/NOLA.com employee. Heebe's paid off everyone. It's the most logical explanation.

Anonymous said...

Growing tired of all the TP sockpupetry hacks misdirects? Really think the AUSA’s office doesn’t have both IT security specialists and/or monitoring software of it’s servers , router’s as well personal attorney computers when used at the office ?

What’s more leaking of secret Grand Jury records and documents and/or hacking of government computers or phones even those personally owned by the AUSA’a by anyone is an instant ticket to a subpoena that doesn’t need a Federal Judge to sign off on or worse a search warrant that dose prior to the invitation to a lengthily stay in a Fed Motel 6!

There is no doubt a PR firm and TP mole is involved, I said so way back when. Good God man, Newhouse Advanced Publications is a huge media PR firm in it’s own right it even owns its own public communications university in Syracuse New York as well the soft ware provider unification suite for social media sites like Facebook, Twiter etc..

One can be sure Newhouse also employees it’s own IT Security experts and has it’s own maleware detection software that’s why there should be no excuses for not stopping the rampant sock- puppetry plaguing it’s 22 city publications if it where truly unwanted .

Secondly the fact that Team Heebe was trolling the streets and public venues around the court house and AUSA’s office for bloggers seems to indicate he didn’t have a fix on IP addressee’s emanating from a computer inside the building but was reacting to being told who was blogging which was most likely due to both parties knowing the government computers and routers would be monitored.

As for a key stroke surveillance malware being placed on the TP server that would be detected upon instillation or detected in periodic scans by software as simple as Hijack This and/or periodic sophisticated remote monitoring of Newhouse IT personnel.

If you don’t believe that than explain why the TP system has no history of being hacked previously? Wouldn’t that be big news “Newhouse Advanced Publications having sources reveled by wikileaks or anonymous” , gee that would be almost as big a story exposing Rupert Murdock’s World News hacking, making news happen not just reporting on it , eh ?

What also sticks out is the manager of the IH seems to be a little too accommodating to create a story for the TP and team Heebe , you would think his hands would be full with managing the hotel and not wanting the bad press of guests being cyber stalked inside and outside his own building ? Question also is why didn’t he call the FBI rather than the AUSA’s and who did he talk with there? Why didn’t he say no to the request for the pictures knowing the FBI had an ongoing investigation and surveillance was taking place in his establishment that may put other guest’s security at risk using the hotels computers?

No if you truly believe in "Occam's Razor" the most likely explanation goes back to what Magner already testified too, he warned someone in the NOPD at a time when moral was at an all time low following the convictions of multiple officers that one or 2 of the architects of the hated NOPD Consent Decree was anonymously blogging about them and others. Now I’m not saying the intent was to get that back to Heebe but certainly you would have rocks in your head not to think this information was kept confidential particularly by the TP hacks that have a need to be in the clique and print that deliberately troll in certain circles for inside information?

Finally yes by all indications surveillance and malware software are being used but in less detectible venues used on those that don’t have the sophisticated IT knowledge. One observation was the posting of Realmalice most likely an IP misdirect really aimed at the AUSA’s office it’s purpose was to further discredit Broussard as a reliable witness by disclosing the meeting with AMV .

~JPchirper~

The Man and the Satyr

"Out you go," said the Satyr. "I will have nought to do with a man who can blow hot and cold with the same breath."

~ESOP 650BC~

Dambala - Jason B. Berry said...

"Question also is why didn’t he call the FBI rather than the AUSA’s and who did he talk with there? Why didn’t he say no to the request for the pictures knowing the FBI had an ongoing investigation and surveillance was taking place in his establishment that may put other guest’s security at risk using the hotels computers? "

I see it from another perspective, as the owner of the hotel he may have been concerned that his computer was being used for illegal activity. The bottom line is it's his prerogative and his business. I don't think he should be put on trial in this situation, he hasn't hidden anything from the authorities or the press.

" One observation was the posting of Realmalice most likely an IP misdirect really aimed at the AUSA’s office it’s purpose was to further discredit Broussard as a reliable witness by disclosing the meeting with AMV ."

Wow...never thought of that. You know I outed Randall Cajun here on AZ? The Nova Scotia dudes are behind Realmalice. I'm not sure their intent was to discredit Broussard as much as it is to discredit AMV and Doug. I don't know...the whole thing is making my head hurt.

Anonymous said...

"the whole thing is making my head hurt"

Very much agreed; the more we learn, the less I know, and it's tremendously confusing. :) --muspench

"the most likely explanation goes back to what Magner already testified too, he warned someone in the NOPD at a time when moral was at an all time low following the convictions of multiple officers that one or 2 of the architects of the hated NOPD Consent Decree was anonymously blogging about them "

Where is that testimony found? I see Engelhardt's order says Magner warned Dabdoub, who had not been with NOPD for some time:

"Additionally, in April 2011, while in trial prosecuting a case against a former NOPD officer* unrelated to this matter, Magner called former NOPD Captain Louis Dabdoub as a witness. In his outside-the-courtroom discussions with Dabdoub, Magner shared his suspicion that Perricone had posted uncomplimentary 'very critical remarks' about Dabdoub on nola.com, which Magner felt Dabdoub needed to know 'for his own protection.'"

* This has to be Michael Roussel, although he was still an NOPD employee.

But there's nothing in that section regarding testimony from Magner that he talked to anyone in NOPD, nor does that seem at all likely.

Anonymous said...

Magner shared his suspicion that Perricone had posted uncomplimentary 'very critical remarks' about Dabdoub on nola.com, which Magner felt Dabdoub needed to know 'for his own protection.'"
* This has to be Michael Roussel, although he was still an NOPD employee. But there's nothing in that section regarding testimony from Magner that he talked to anyone in NOPD, nor does that seem at all likely.

Oh really, just what protection was Magner giving Dabdoud with the knowledge that Perricone was blogging about him or others , I guess the same protection he was providing the taxpayer his real boss and the court , none ? Most of all why would Daboub have to be an active officer, or not to be the only type of NOPD personnel capable of warning others, who are those types and I guess you lose all your friends when you leave or retire from the department , eh? So much for “Occam’s Razor” seems you may have a dog in this hunt for some reason ?

~JPchirper~

Anonymous said...

Please try to read carefully to avoid confusion. In your earlier comment, you said this: "the most likely explanation goes back to what Magner already testified too, he warned someone in the NOPD... ." Although that is manifestly incorrect, I did not accuse you of deliberate falsity because it is evident you are confused. OK?

As to this fluff ("Most of all why would Daboub have to be an active officer"), you are trying to avoid a simple correction of fact, and that is completely unnecessary. I am trying to HELP you understand the source you're referring to rather than lobbing a personal attack. Is that clear? You're welcome. :) --muspench

Anonymous said...

I certainly don't need your help nor am I confused about your vitriol regardless if it's factual or not against Letten's office while portraying Magner as some hero that he's not.

You also seem too willing in accepting Magner's incompetence and lack of accountability to the court and taxpayer as being appropriate which is a false dicotomy to your perfectionism.

http://www.nola.com/crime/index.ssf/2012/11/former_federal_prosecutor_test.html

muspench,

Deplorable mismanagement, obviously. Perricone attacks Magner online, Magner correctly identifies the malefactor to supervisors, and they refuse to escalate even the allegation for fear of retaliation, which is why Magner didn't bring the problem to Letten in the first place. [11/27/2012 1:59 PM]

Later in the same post you eluded to Mr. Gibbens continuing his relationship with Magner yet the TP article never stated the colleges name who warned Magner nor was his full statements available on PACER ? Why would you know that to be true?

http://www.slabbed.org/2012/11/27/the-cancer-in-jim-lettens-office-diagnosed-as-metastatic-and-the-patient-is-terminal-a-playing-on-the-internet-update/ November 27, 2012 at 11:27 am

muspench

* Or learned counsel for garbage kings, but of course that news may have taken a more direct route, since Mr. Gibbens was a former AUSA, and no doubt he and Magner stayed in touch when Gibbens moved on. [11/27/2012 4:37 PM]

~JPchirper~

Anonymous said...

"I certainly don't need your help"

:) I see you don't like it, but that's quite a different matter. Your confused statement sent me back to Engelhardt's order to see if I had read it incorrectly,* and I had not. It's hard enough to discern what's actually going on without introducing factual errors, and presumably it's in everyone's best interest to correct that one.

To recap: witness Dabdoub, former NOPD employee, warned by Magner. Then-current NOPD member, defendant Roussel, NOT warned, according to Magner's testimony. :)

"Later in the same post you eluded to Mr. Gibbens continuing his relationship with Magner"

That's what I think probable, yes. My words were, "Mr. Gibbens was a former AUSA, and no doubt he and Magner stayed in touch when Gibbens moved on." See how that works? :) When I have a source, I cite it.

"yet the TP article never stated the colleges name who warned Magner"

Alluded, colleague, please read carefully. That colleague was obviously NOT Gibbens, because Gibbens left the USAO in 2006. Hence my statement about Gibbens moving on. Richard Rainey refers to Gibbens as "River Birch attorney Billy Gibbens" in April of 2010, and Magner was tipped in December of 2010.

To be perfectly clear, Engelhardt describes that colleague thus: "a former EDLA colleague still in the employ of the DOJ." And your further attempts at criticizing Magner, who was instrumental in bringing wrongdoing to light, tell us everything we need to know about where YOUR interests lie. :)

--muspench

* Yes, I should have known better.

Dambala - Jason B. Berry said...

I am a humble observer, here.

Can I grab you guys a drink?

Anonymous said...

No let’s be clear what I don’t like is the BS magpie credit steeling of other sources that you are doing while through your false perfectionism demands of others to name their sources and suggest they should use time and date stamps to become like you . It’s no secret that you are reading off PACER and commenting before others have a chance to read the motions.

You are monitoring other Newhouse publications and other blogs in multiple states, the question is why? The most likely answer is you make a living off the internet the deceptions seem prevalent once you know what to look for. I would say you have a degree in criminal investigations possibly been a member of NOPD for short period of time and most likely known a s a brown nose .

http://media.nola.com/crime_impact/other/engelhardtorder.pdf

It had been brought to Magner’s attention that several posts of a critical
or negative nature, some singling Magner out for ad hominem attack on his professional skills,
appeared during the trial of the “Glover” matter, United States v. Warren, et al., USDC-EDLA
Criminal Action No. 10-154, which occurred between the dates of November 8, 2010, and December
9, 2010. (Id.). Then, in December 2010, a former EDLA colleague still in the employ of the DOJ,
but stationed overseas, communicated to Magner his belief that Perricone was “legacyusa.” (Id.).

Additionally, in April 2011, while in trial prosecuting a case against a former NOPD officer
unrelated to this matter, Magner called former NOPD Captain Louis Dabdoub as a witness. In his
outside-the-courtroom discussions with Dabdoub, Magner shared his suspicion that Perricone
had posted uncomplimentary “very critical remarks” about Dabdoub on nola.com, which Magner felt
Dabdoub needed to know “for his own protection.” (Id. at p. 13, l. 9-11).

~JPchirper~

Anonymous said...

Hello, AZ! Apologies, and please allow me to buy-- just finishing up, and perhaps the conversation between Tom/JPChirper & Doug on this page might clarify the Magner issue (slabbed.org/2012/11/28/if-i-could-impart-a-general-idea-of-the-battle-going-on-in-jefferson-parish/). The first time I ever saw JPChirper (on nola.com), he waxed wroth when I said Letten was about to be ditched, and he's been like that ever since, but fortunately he's very funny when he yells. :)

As for JPChirper's guesses as to my identity, they are hilarious and I will always treasure them for the entertainment value, but alas! they're completely wrong.* :) Now if you want to know why he's making them, THAT you'd have to ask him.

* For the record: no to PACER, NOPD, monitoring Newhouse, "degree in criminal investigations," and whatever else (not that any odium attaches to those characteristics, that's just not who I am).

--muspench

Anonymous said...

Oh Really ?

Seems cataloging crime statics, PACER cases, blogs, plus Newhouse venues in three or four states must keep you very busy and that's just one persona?

http://skyscraperpage.com/forum/showthread.php?t=136088&page=194

http://connect.gulflive.com/user/muspench_03012012_clive/index.html

http://connect.ohiohssports.com/user/muspench/index.html

~JPchirper~

Anonymous said...

"...sophisticated remote monitoring...."

Forgive my ignorance, but what keeps anyone on the street from using something like this? Is this the type system that mirrors an employee's (or victim's) screen and, consequently, all of their activity?

Anonymous said...

:) I don't want to keep sidetracking this thread unnecessarily, because we already owe AZ an apology for doing that. I'm going to go ahead & post the response on a nola.com thread that died a natural death years ago, so as not to trouble anyone: http://www.nola.com/crime/index.ssf/2009/12/lagniappe_industries_prosecuto.html . --muspench

Anonymous said...

Big news yesterday after 4 months New York Times caught China's attempted hacking attempts using bot USA university computers,very sophisticated. I would say they alowed it to continue while protecting files in order to for the FBI to determin who was behind the attack.

http://news.yahoo.com/china-hacked-york-times-four-months-straight-032139389--finance.html

I'm sure Newhouse Advanced Publications and the DOJ are using software they have developed better than below to detect network Rootkits.

It's all about how the Kernel is delivered and how to get out undetected ? Could be something as simple as a windows application like a parser and a HTML converter such as Creole C which writers use to change their font format and/or deliver those little smiley faces or some other picture ?

http://www.nsauditor.com/network_security/network_security_auditor.html

~JPchirper