Your Email Address and Usenet
Earlier in this chapter, I claimed that your email address could expose you to spying on Usenet.
In this section, I will prove it.
Your email address is like any other text string. If it
appears on (or within the source of) a Web page, it is reachable by search
engines. When a spy has your email address, it's all over but the
screaming. In fact, perhaps most disturbing of all, your email address and
name (after they are paired) can reveal other accounts that you might have.
To provide you with a practical example, I pondered a
possible target. I was looking for someone who changed email addresses
frequently and routinely used others as fronts. Fronts
are third parties who post information for you. By using a front, you avoid
being pinned down because it's the front's email address that appears, not
your own.
I decided to do a bit of research on a controversial
person, Kirk D. Lyons of the Southern Legal Resource Center (SLRC). This
name might not be too familiar to many people right away. Mr. Lyons is an
outspoken attorney with a history of defending right-wing and extremist
groups. He has also been a prominent voice and an active participant in
several newsworthy incidents, especially in the last 10 years. Mr. Lyons
has been directly involved with
issues relating to the Oklahoma Federal Building bombing and Timothy
McVeigh, the Ruby Ridge incident with Randy Weaver, and the Waco stand-off,
to name a few.
Note
The following exercise is not an invasion of Mr. Lyons'privacy.
All information was obtained from publicly available databases on the
Internet. Instead, this exercise is very similar to the results of an
article in a June 1997 Time magazine about Internet privacy. In that
article, a Time reporter tracked California Senator Dianne Feinstein. The
reporter did an extraordinary job, and even managed to ascertain Senator
Feinstein's Social Security number. The article, "My Week as an
Internet Gumshoe," is by Noah Robischon. At the time of this writing,
it is available online here: http://www.pathfinder.com/time/magazine/1997/dom/970602/technology.my_wek.html.
The first step in tracking an individual is to capture his or her email addresses. To find
Kirk D. Lyons's email address, any garden-variety search engine will do,
although http://www.altavista.com
and http://www.google.com have the
most malleable designs. That's where I started. (Remember that I have never
met Mr. Lyons and know very little about him.)
I began my search with AltaVista
(http://www.altavista.com).
AltaVista is one of the most powerful search engines available on the
Internet and is provided as a public service by CMGI, Inc. It accepts
various types of queries that can be directed toward WWW pages (HTML),
images and video, and other forms of digital media. I followed up using Google (http://www.google.com),
a newer but amazingly powerful search engine. Don't let the clean, simple
interface fool you. Google quickly grew out of obscurity into one of the
best search engines available.
I chose AltaVista for one reason: It performs
case-sensitive, exact-match regular expression searches. That means that it
will match precisely what you search for. (In other words, there are no
"close" matches when you request such a search. This feature
enables you to narrow your results to a single page out of millions.)
In order to force such a precise search, you must enclose your search string in
double-quotation marks. I began by searching the Web for this string:
"Kirk D. Lyons"
This search returned nearly 200 matches, and I started
sorting them looking for anything interesting. Most of what I found were
various articles and publications either about Mr. Lyons or written by him.
I was able to discover an older, shared email address used by Mr. Lyons and
one of his colleagues, unreconfed@cheta.net.
Searching for just this email address yielded very little, so I turned to
Usenet postings. Using http://www.deja.com/usenet/,
I was able to search thousands of postings. I came across some by Kirk
himself using the email address above. What was interesting here is that
the email header information was left intact, which gives quite a bit of
information:
Return-Path: unreconfed@cheta.net Received: from lexington.ioa.net (IDENT:root@lexington.ioa.net [208.131.128.7]) by mail.hal-pc.org (8.9.1/8.9.0) with ESMTP id DAA09388 for <abnrngrs@hal-pc.org>; Thu, 4 Nov 1999 03:23:08 -0559 (CST) Received: from 1861 (ppp227.arden.dialup.ioa.com [205.138.38.236]) by lexington.ioa.net (8.9.3/8.9.3) with SMTP id EAA29654; Thu, 4 Nov 1999 04:19:27 -0500 Message-ID: <1bed01bf26a5$a5ea0560$cb268acd@1861> To: <Undisclosed.Recipients@lexington.ioa.net> From: "Kirk D. Lyons or Dr. Neill H. Payne" <unreconfed@cheta.net> Subject: HELP
From this, it is possible to determine who is using this
address, and where they were connecting from and which service provider
they were using to send the message. I can also determine that this is a
dial-up account, possibly a home user account in Arden, North Carolina.
Further investigation helped me discover that this individual is heavily
involved in Civil War re-enactment.
This led me to discover Mr. Lyons's sideline business, Different Drummer,
including more detailed information including the address, phone number,
fax number and email for this business.
Note
Google acquired Deja's Usenet archive as this book went to
press. The Deja URLs redirect to http://groups.google.com/,
however, Google has yet to make available the entire archive, as Deja had
done. Check in often with the Google site to check the progress of that
endeavor.
This may not seem like much information, but, in reality,
it is enough that I could easily start pulling up business and tax records,
property information, and other public data on Mr. Lyons. There is very
little limit on how far this investigation could be taken. In just a few minutes
using freely available Internet Web site based searching, I was able to
gather a considerable amount of information about Mr. Lyons.
That might not initially seem very important. You are
probably thinking, "So what?" However, think back to what I wrote
at the beginning of this chapter. Twenty years ago, the FBI would have
spent thousands of dollars (and secured a dozen wiretaps) to discover the
same information.
Usenet is a superb tool for building models of human
networks. (These are groups of people that think alike.) If you belong to such a group (and maintain
controversial or unpopular views), do not post those views to Usenet.
Even though you can prevent your Usenet posts from being
archived by making x-no-archive: yes
the first line of your post, you cannot prevent others from copying the
post and storing it on a Web server. By posting unpopular political views
to Usenet (and inviting others of like mind to respond), you are
inadvertently revealing your associations to the world.
DejaNews
As previously noted in this chapter, Google bought the
Usenet archives from Deja. At press time, the entire archive was not online
as it had been with Deja. However, it's quite likely that the archives will
be back online eventually. Check in with http://groups.google.com/
for the status. So do not assume that your postings cannot be found one
day!
To recap, assume that although your real name does not
appear on Usenet postings, it does appear in the /etc/passwd file on the UNIX server
that you use as a gateway to the Internet. Here are the steps someone must
take to find you:
1. The
snooping party sees your post to Usenet. Your email address is in plain
view, but your name is not.
2. The
snooping party tries to finger your address, but, as it happens, your
provider pro hibits finger requests.
3. The
snooping party telnets to port 25 of your server. There, he issues the expn command and obtains your real
name.
Having gotten that information, the snooping party next
needs to find the state you live in. For this, he turns to the WHOIS service.
The WHOIS Service
The WHOIS service (centrally located at rs.internic.net) contains domain registration records of all American,
non-military Internet sites. This registration database contains detailed
information on each Internet site, including domain name, server addresses,
technical contacts, the telephone number, and the address. Here is a WHOIS
request result on the provider Netcom, a popular Northern California
Internet service provider:
NETCOM On-Line Communication Services, Inc (NETCOM-DOM) 3031 Tisch Way, Lobby Level San Jose, California 95128 US Domain Name: NETCOM.COM Administrative Contact: NETCOM Network Management (NETCOM-NM) dns-mgr@NETCOM.COM (408) 983-5970 Technical Contact, Zone Contact: NETCOM DNS Administration (NETCOM-DNS) dns-tech@NETCOM.COM (408) 983-5970 Record last updated on 03-Jan-97. Record created on 01-Feb-91. Domain servers in listed order: NETCOMSV.NETCOM.COM 192.100.81.101 NS.NETCOM.COM 192.100.81.105 AS3.NETCOM.COM 199.183.9.4
Take a good look at the Netcom WHOIS information. From
this, the snooping party discovers that Netcom is in California. (Note the location
at the top of the WHOIS return listing, as well as the
telephone points of contact for the technical personnel.)
Armed with this information, the snooping party proceeds
to http://www.worldpages.com/.
WorldPages is a massive database that houses the names, email addresses,
and telephone numbers of several million Internet users.
At WorldPages, the snooping party uses your real name as a search string, specifying California
as your state. Instantly, he is confronted with several matches that
provide name, address, and telephone number. Here, he might run into some
trouble, depending on how common your name is. If your name is John Smith,
the snooping party will have to do further research. However, assume that
your name is not John Smith—that your name is common, but not that common.
The snooping party uncovers three addresses, each in a different California
city: One is in Sacramento, one is in Los Angeles, and one is in San Diego.
How does he determine which one is really you? He proceeds to the host utility.
The host utility will list all machines on a given network
and their relative locations. With large networks, it is common for a
provider to have machines sprinkled at various locations throughout a
state. The host command can
identify which workstations are located where. In other words, it is
generally trivial to obtain a listing of workstations by city. These
workstations are sometimes even named for the cities in which they are
deposited. Therefore, you might see an entry such as the following:
chatsworth1.target_provider.com
Chatsworth is a city in southern California. From this
entry, we can assume that chatsworth1.target_provider.com
is located within the city of Chatsworth. What remains for the snooper is
to reexamine your Usenet post.
By examining the source code of your Usenet post, he can
view the path the message took. That path will look something
like this:
[View full width] news2.cais.com!in1.nntp.cais.net!feed1.news.erols.com!howland.erols.net!  ix.netcom.com!news
By examining this path, the snooping party can now
determine which server was used to post the article. This information is
then coupled with the value for the NNTP posting host:
grc-ny4-20.ix.netcom.com
The snooping party extracts the name of the posting server
(the first entry along the path). This is almost always expressed in its
name state and not by its IP address. For the snooping party to complete
the process, the IP address is needed. Therefore, he telnets to the posting
host. When the Telnet session is initiated, the hard, numeric IP is
retrieved from DNS and printed to STDOUT.
The snooping party now has the IP address of the machine that accepted the
original posting. This IP address is then run against the outfile obtained
by the host
query. This operation reveals the city in which the machine resides.
Tip
If this information does not exactly match, the snooping
party can employ other methods. One technique is to issue a traceroute request. When tracing the
route to a machine that exists in another city, the route must invariably
take a path through certain gateways. These are main switching points
through which all traffic passes when going in or out of a city. Usually,
these are high-level points, operated by telecommunication companies such
as MCI, Sprint, and so forth. Most have city names within their addresses.
Bloomington and Los Angeles are two well-known points. Thus, even if the
reconciliation of the posting machine's name fails against the host
outfile, a traceroute will
reveal the approximate location of the machine.
Having obtained this information (and having now
differentiated you from the other names), the snooping party returns to
WorldPages and chooses your name. Within seconds, a graphical map of your
neighborhood appears. The exact location of your home is marked on the map
by a circle. The snooping party now knows exactly where you live and how to
get there. From this point, he can begin to gather more interesting
information about you. For example:
·
The snooping party can determine your status as a registered
voter and your political affiliations. He obtains this information at http://www.wdia.com/lycos/voter-records.htm.
·
From federal election records online, he can determine which
candidates you support and how much you have contributed. He gets this
information from http://www.tray.com/fecinfo/zip.htm.
·
He can also get your Social Security number and date of
birth. This information is available at http://kadima.com/.
Many people minimize the seriousness of this. Their
prevailing attitude is that all such information is available through other
sources anyway. The problem is that the Internet brings these sources of
information together. Integration of such information allows this activity
to be conducted on a wholesale basis, and that's
where the trouble begins.
As a side note, complete anonymity on the Internet is
possible, but usually not achievable by legal means. Given enough time, for
example, authorities could trace a message posted via anonymous remailer.
(Although, if that message were chained through several remailers, the task
would be far more complex.) The problem is in the design of the Internet
itself. As Ralf Hauser and Gene Tsudik note in their article On Shopping Incognito:
From the outset the nature of current network protocols
and applications runs counter to privacy. The vast majority have one thing
in common: they faithfully communicate end-point identification
information. "End-point" in this context can denote a user (with
a unique ID), a network address or an organization name. For example,
electronic mail routinely communicates sender's [sic]
address in the header. File transfer (e.g., FTP), remote login (e.g.,
Telnet), and hypertext browsers (e.g., WWW) expose addresses, host names
and IDs of their users.
Then there is the question of whether users are entitled
to anonymity. I believe they are. Certainly, there are plenty of
legitimate reasons for allowing anonymity on the Internet. The following is
excerpted from Anonymity for Fun and Deception:
The Other Side of "Community" by Richard Seltzer:
Some communities require anonymity for them to be
effective, because without it members would not participate. This the case
with Alcoholics Anonymous, AIDS support groups, drug addiction support and
other mutual help organizations, particularly when there is some risk of
social ostracism or even legal consequences should the identity of the
members be revealed.
This is a recurring theme in the now-heated battle over
Internet anonymity. Even many members of the "establishment"
recognize that anonymity is an important element that might preserve free
speech on the Internet—not just here, but abroad. This issue has received
increased attention in legal circles. An excellent paper on the subject was
written by A. Michael Froomkin, a lawyer and prominent professor. In Anonymity and Its Enmities, Froomkin writes
Persons who wish to criticize a repressive government or
foment a revolution against it may find remailers invaluable. Indeed, given
the ability to broadcast messages widely using the Internet, anonymous
email may become the modern replacement of the anonymous handbill. Other
examples include corporate whistle-blowers, people criticizing a religious
cult or other movement from which they might fear retaliation, and persons
posting requests for information to a public bulletin board about matters
too personal to discuss if there were any chance that the message might be
traced back to its origin.
 Anonymity and Its Enmities by
Professor Froomkin is an excellent source for links to legal analysis of
Internet anonymity. The paper is an incredible resource, especially for
journalists. It can be found on the Web at http://warthog.cc.wm.edu/law/publications/jol/froomkin.html.
However, not everyone feels that anonymity is a good
thing. Some people believe that if anonymity is available on the
Internet, it amounts to nothing but anarchy. A rather ironic quote,
considering the source, is found in Computer
Anarchy: A Plea for Internet Laws to Protect the Innocent, by Martha
Seigel:
People need safety and order in cyberspace just as they do
in their homes and on the streets. The current state of the Internet makes
it abundantly clear that general anarchy isn't working. If recognized
governments don't find a way to bring order to the growing and changing
Internet, chaos may soon dictate that the party is over.
You might or might not know why this quote is so
incredibly ironic. The author, Martha Seigel, is no stranger to
"computer anarchy." In her time, she has been placed on the
Internet Blacklist of Advertisers for violating network policies against
spamming the Usenet news network. The Inter net Blacklist of Advertisers is
intended to curb inappropriate advertising on Usenet newsgroups and via
junk e-mail. It works by describing offenders and their offensive behavior,
ex pecting that people who read it will punish the offenders in one way or another. The following is quoted from the docket
listing on that Blacklist in regards to Cantor & Seigel, Ms. Seigel's
law firm:
The famous greencard lawyers. In 1994, they repeatedly
sent out a message offering their services in helping to enter the U.S.
greencard lottery to almost all Usenet newsgroups. (Note in passing: they
charged $100 for their service, while participating in the greencard
lottery is free and consists merely of sending a letter with your personal
information at the right time to the right place.) When the incoming mail
bombs forced their access provider to terminate their account, they
threatened to sue him until he finally agreed to forward all responses to
them.
The Internet Blacklist can be found on
the Web at http://math-www.uni-paderborn.de/~axel/BL/blacklist.html.
However, all this is academic. As we move toward a
cashless society, anonymity might be built in to the process. In this respect, at least, list brokers (and other
unsavory information collectors) had better do all their collecting now.
Analysis of consumer-buying habits will likely become a thing of the past,
at least with relation to the Internet. The majority of electronic payment
services being developed (or already available) on the Internet include
anonymity as an inherent part of their design.
Several digital electronic payment
systems exist today. A lot of research has been done in this area. Several
companies currently developing systems are
·
eCash Technologies
·
Zero-Knowledge Systems
·
CyberCash
·
Millicent
What I have a hard time understanding is how these systems
can provide anonymous transactions. The reason I bring this up is simply that records must
be maintained, log files generated, transactions authorized, and people
involved to ensure the system works. Therefore, these "anonymous"
transactions really aren't—and that brings you to my warning.
|