GCN Tech Blog

By GCN Staff

Blog archive

IP address exposed anonymous mudslinger

'Tis the political season, so naturally the mud will be flung. But deviously minded politico aides should be aware of how transparent their dealings on the Internet can be, unless they take serious efforts to cloak themselves.

On a political blog entitled Rhode Island's Future, Matthew Jerzyk posted allegations that someone from the Senate offices sent a series of e-mails to selected members of the press disparaging a Senate candidate.

The candidate in question is Democrat Sheldon Whitehouse if you must know, but we're steering clear of the political aspects (as much as possible). Jerzyk is seeing red--sorry, we couldn't resist--because, in his estimation, these e-mails constitute clear evidence that someone used a government computer to do campaign work (or, let's be honest, to do campaign work against his preferred party, but we're slipping into politics already).

We will say that Jerzyk's evidence is fairly damning, at least at first review. The person or people who sent these e-mails probably thought they were anonymous. They used the free Yahoo! e-mail service and deployed the handle "againstsheldon@yahoo.com."

They weren't anonymous, though. Not totally. Each e-mail sent over the Internet arrives with a detailed description of every step it took to get to its end destination, back to the origin. And the Yahoo! Web mail service goes one better, helpfully including the Internet address (called the Internet Protocol, or IP, address) of the computer that connected to that Web mail server.

It is this information Jerzyk (or rather his system administrator) used to pinpoint the origin of these e-mails. They claimed that originating IP address found on the headers of these e-mails was "156.33.77.83." A quick look through an IP number lookup service finds that the U.S. Senate Sergeant at Arms controls that IP number. For evidence, Jerzyk posted a full header in his blog entry.

Assuming the header is genuine, we will say it is almost absolutely certain that the e-mail was generated by a computer connected to a Senate network. (Please note the IP says nothing about who was at the computer--janitor, interloper?--nor does it rule out trespass via an unsecured wireless network hanging off the subnet.)

Why are we so sure? Spoofing an IP address on the Net is darn near impossible, especially if you're interacting with the Web.

In that header, Yahoo! noted that the source material arrived "via HTTP," indicating that someone wrote this e-mail through the company's Web-based mail account (HTTP is the protocol for traffic Web pages). HTTP is nothing if not chatty. In other words, the Yahoo! server and a computer with the address 156.33.77.83 needed to swap quite a lot of packets across the Internet in order to compose these missives. And just renaming your computer 156.33.66.83 won't do the trick, unless you could get a major portion of the world's routers to recognize your machine as the legitimate bearer of that address (which is possible, though not bloody likely).

Jerzyk is calling for the Senate security office to reveal who is, or was, at 156.33.77.83. He insinuates that the e-mail may have come from a certain Rhode Island senator's office. But here he is on far shakier ground, at least technically speaking. All we will say is that if you must fling mud, for goodness sakes, filter it through an anonymizer first.


Update (11/1/06): The Associated Press reports that the office of Republican Sen. Lincoln Chafee has admitted to being the source of the e-mails. The staff member reputedly behind the dispatches has been suspended.

Posted by Joab Jackson on Nov 01, 2006 at 9:39 AM


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.