IP address exposed anonymous mudslinger
'Tis the political season, so naturally the mud will be flung. But deviously minded politico aides should be aware of how transparent their dealings on the Internet can be, unless they take serious efforts to cloak themselves.
On a political blog entitled Rhode Island's Future, Matthew Jerzyk posted allegations
that someone from the Senate offices sent a series of e-mails to selected members of the press disparaging a Senate candidate.
The candidate in question is Democrat Sheldon Whitehouse if you must know, but we're steering clear of the political aspects (as much as possible). Jerzyk is seeing red--sorry, we couldn't resist--because, in his estimation, these e-mails constitute clear evidence that someone used a government computer to do campaign work (or, let's be honest, to do campaign work against his preferred party, but we're slipping into politics already).
We will say that Jerzyk's evidence is fairly damning, at least at first review. The person or people who sent these e-mails probably thought they were anonymous. They used the free Yahoo! e-mail service and deployed the handle "firstname.lastname@example.org."
They weren't anonymous, though. Not totally. Each e-mail sent over the Internet arrives with a detailed description of every step it took to get to its end destination, back to the origin. And the Yahoo! Web mail service goes one better, helpfully including the Internet address (called the Internet Protocol, or IP, address) of the computer that connected to that Web mail server.
It is this information Jerzyk (or rather his system administrator) used to pinpoint the origin of these e-mails. They claimed that originating IP address found on the headers of these e-mails was "220.127.116.11." A quick look through an IP number lookup service
finds that the U.S. Senate Sergeant at Arms controls that IP number. For evidence, Jerzyk posted a full header in his blog entry.
Assuming the header is genuine, we will say it is almost absolutely certain
that the e-mail was generated by a computer connected to a Senate network. (Please note the IP says nothing about who was at the computer--janitor, interloper?--nor does it rule out trespass via an unsecured wireless network hanging off the subnet.)
Why are we so sure? Spoofing an IP address on the Net is darn near impossible, especially if you're interacting with the Web.
In that header, Yahoo! noted that the source material arrived "via HTTP," indicating that someone wrote this e-mail through the company's Web-based mail account (HTTP is the protocol for traffic Web pages). HTTP is nothing if not chatty. In other words, the Yahoo! server and a computer with the address 18.104.22.168 needed to swap quite a lot of packets across the Internet in order to compose these missives. And just renaming your computer 22.214.171.124 won't do the trick, unless you could get a major portion of the world's routers to recognize your machine as the legitimate bearer of that address (which is possible, though not bloody likely).
Jerzyk is calling for the Senate security office to reveal who is, or was, at 126.96.36.199. He insinuates that the e-mail may have come from a certain Rhode Island senator's office. But here he is on far shakier ground, at least technically speaking. All we will say is that if you must fling mud, for goodness sakes, filter it through an anonymizer
: The Associated Press reports
that the office of Republican Sen. Lincoln Chafee has admitted to being the source of the e-mails. The staff member reputedly behind the dispatches has been suspended.
Posted by Joab Jackson on Nov 01, 2006 at 9:39 AM