Computer Geek freepers, I need help covering my tracks.

2/07/05 | Luigi Vasellini

[Luigi Vasellini]

Moderator could you please let this thread run a bit?? I have been receiving anti-semitic emails to my hotmail account. I have been receiving these from muslims who are doing medical residency. I want to send copies to their residency director and to the staff physicians. I plan to send xerox copies of said emails. I dont want to happen to me what happened to the resident in Wausau WI (he was kicked out for questioning muslims on the koran after being forced to listen to their 9-11 was Americas fault talk). Please tell me what numbers I need to erase off the email as I am also blacking out my email addy and do not want it traced. Thanks, these people are traitors and I really want to take care of them!!

[ruiner]

You'll look worse if you try to cover your tracks.

Speak in confidence with an authority figure you can trust and offer to show him your hotmail account as proof. Take the "I'm not sure it its them, or someone using their account" approach.

If you try to sneak it will look like a false accusation.

[sourcery]

To be clear: you want to send copies of e-mails you've received, with all reference to your identity removed, but not that of those who sent you the e-mails?

[Luigi Vasellini]

thats correct

[hiredhand]

Look up the local field office nearest you for the FBI and talk to them.

Not to heighten your paranoia, but if you use a fax, you're going to leave SMDR (station message detail recording) records on all telephone switches in the path. Supposing they have a sympathazer locally who has anything to do with IT, or inside plant (PBX maintenance), they'll find out more about you by the phone number you use to send the fax.

If you're still serious about scrubbing the SMTP header, I can tell you what you need to scrub, but I'd contact the FBI computer crime folks.

[Luigi Vasellini]

No these people are already doctors, they are doing resideency at 2 different hospitals. I am not at their hospital.

[Luigi Vasellini]

The FBI will put this in a drawer and go ho hum. The hospital however may make their advancement difficult. One of these idiots is actually at a Jewish Hospital, Maimonides. I think Ill just blackout every number on the email and mail it to the hospital

[Tax Government]

Hire a lawyer; let him/her forward the emails with a cover letter. That may put the fear of god in somebody.

[tiamat]

Have they threatened you?

If so, consider both FBI and Homeland Security.

[tacticalogic]

If you're going to destroy the entire header, then just copy and paste the From: address and message body into notepad, and print that and mail it.

[Tax Government]

I believe several organizations exist that can help Jewish people counter discrimination and form a legal response to it. Please contact Rabbis you may know, and try to get a referral.

[Redcloak]

You could try an anonymous remailer. Send the messages with their headers (redacted to remove your ID, of course) as plain text. The only problem is that you have no way of knowing if they received the message or not. A university mailserver may reject mail from the remailer's domain.

[sourcery]

Here's a typcial e-mail header, with examples of the changes you'll need to make in bold:

Return-path: <culprit@islamofascit.com>
Envelope-to: victim@anonymous.com
Delivery-date: Mon, 07 Feb 2005 10:01:36 -0600
Received: from exim by hidden.anonymous.com with spam-scanned (Exim 3.36 #2)
id 1CyBKF-0003uj-00
for victim@anonymous.com; Mon, 07 Feb 2005 10:01:35 -0600
Received: from [123.456.789.123] (helo=intermediatehost.com)
by hidden.anonymous.com with esmtp (Exim 3.36 #2)
id 1CyBKE-0000Px-00
for victim@anonymous.com; Mon, 07 Feb 2005 10:01:22 -0600
Received: from smtp1.islamofascist.com (smtp1.islamofascist.com [123.456.789.123])
by spf6.us4.outblaze.com (Postfix) with ESMTP id 1653053772
for victim@anonymous.com; Mon, 7 Feb 2005 15:54:16 +0000 (GMT)
Received: from localhost (128-13.islamofascist.com [123.456.789.123] (may be forged))
by smtp1.islamofascist.com (10.8.10/10.12.9) with ESMTP id j17FrfNc017647
for <victim@anonymous.com>; Mon, 7 Feb 2005 09:53:41 -0600
Received: from bneu-c35.realtimecomm.net (bneu-c35.unrealtime.org [456.789.12.456])
by newwebmail.islamofascist.com (IMP) with HTTP
for <culprit@imap.islamofascist.com>; Mon, 7 Feb 2005 09:39:59 -0600
Message-ID: <1107790799.42078bcf5adfb@newwebmail.islamofascist.com>
Date: Mon, 7 Feb 2005 09:39:59 -0600
From: culprit@islamofascit.com
To: victim <victim@anonymous.com>
Subject: hate mail
References: <200502050556.j155umir027090@mp07.hou.islamofascist.com>
MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1
User-Agent: Internet Messaging Program (IMP) 3.2.1
X-Originating-IP: 123.456.789.123
X-Virus-Info: Please contact the ISP for more information
X-Virus-Scanner: Found to be clean
X-Virus-Scanner-From: bcr@wt.net
Content-Transfer-Encoding: quoted-printable

[muawiyah]

That's all very true unless he can hack through an unprotected PBX switch in some small office.

This happened to our ol'buddy Matt Drudge a few years back. He had all the numbers, etc., that he needed to confidently publish something with a good source.

Problem was it was a hack job and he barely removed the information in time to keep Sidney Blumenthal from crying foul. Sid probably did the deed himself, or maybe one of his little buddies Billzo had hired into the Secret Service.

These days there are fewer and fewer unprotected PBX's. That's because funny little foreign guys in the narcotics business find them and place all their long distance calls over them. Best place to look for one would be a small business with a suite of 5 or 6 offices in a rundown office building. Walk down the halls on any of the mid-level floors, find a name, and go from there. Uh, do that hacking from remote FUR SHUR.

[hiredhand]

The FBI will put this in a drawer and go ho hum. The hospital however may make their advancement difficult. One of these idiots is actually at a Jewish Hospital, Maimonides. I think Ill just blackout every number on the email and mail it to the hospital

Alright....bear with me here...

Here's a typical SMTP header...I divided it up into sections. Typically, you can follow the flow by the Received: line, which sometimes wraps across several lines. For the purposes of this header, you'll have to assume that I am stumpy@att.com. I struck out all the sections that could reveal anything worthwhile about my source. The flow of an SMTP header usually can be traced from top to bottom, from recipient back to sender. So if YOU are the recipient, YOUR MTAs (mail transport agents) data will be on top. The farther you go down toward the bottom of the transcript, the farther you get from your provider's MTAs.

Return-Path: lgnqvj@cdlnet.com.br

Received: from pancake.att.com (pancake.att.com [12.38.8.216]) by kit.int.goju.net (8.12.6p2/8.12.6) with ESMTP id i2IEuabr010289 for <root@kit.goju.net.net > Thu, 18 Mar 2004 09:56:36 -0500 (EST) (envelope-from lgnqvj@cdlnet.com.br)

Received: from pcp516644pcs.nash01.tn.comcast.net (pcp516644pcs.nash01.tn.comcast.net [68.53.136.13]) by ns.goju.net.net (8.12.6p3/8.12.6) with SMTP id i2IEm9bG066944 for <stumpy@att.com> Thu, 18 Mar 2004 09:48:21 -0500 (EST) (envelope-from lgnqvj@cdlnet.com.br)

Received: from (HELO poj) [190.179.77.197] by pcp516644pcs.nash01.tn.comcast.net with ESMTP id 4494C00AA0A; Thu, 18 Mar 2004 12:45:17 -0200

Message-ID: <c-$pqy$-7$zv4z4q9t-r56@0p6dvohz2j >
From: "Alba Darden" <lgnqvj@cdlnet.com.br >
Reply-To: "Alba Darden" <lgnqvj@cdlnet.com.br >
To: stumpy@att.com

Hope this helps. :-)

[hiredhand]

That's all very true unless he can hack through an unprotected PBX switch in some small office.

This happened to our ol'buddy Matt Drudge a few years back. He had all the numbers, etc., that he needed to confidently publish something with a good source.

Problem was it was a hack job and he barely removed the information in time to keep Sidney Blumenthal from crying foul. Sid probably did the deed himself, or maybe one of his little buddies Billzo had hired into the Secret Service.

These days there are fewer and fewer unprotected PBX's. That's because funny little foreign guys in the narcotics business find them and place all their long distance calls over them. Best place to look for one would be a small business with a suite of 5 or 6 offices in a rundown office building. Walk down the halls on any of the mid-level floors, find a name, and go from there. Uh, do that hacking from remote FUR SHUR.

If and when I MUST do something like this, I use a couple of "trusted" friends who are prepared for "layer one"....smack on the bottom of the ole protocol stack....the PHYSICAL layer. It's a killer I tell you. What's needed in this case is a friend who is a couple of states away who can fax this from a relatively safe location, and then be prepared for anybody that might come looking for him.

Not everybody knows people like this. Don't call me lucky to have such friends either. The favor "reciprocates" sometimes. :-) Ah well...such is the world we live in. Treat your friends well...be cautious, stay armed, but trust God above all.

[muawiyah]

It's impossible to keep a secret if more than one person knows about it.

The hack I recommended keeps it all secret.

Just about any telcolineman can tell you how to do this.