US firm spread hostage video - Silicon Valley Land Surveying Incorporated

Berlin - Video images of a US engineer taken hostage in Saudi Arabia, possibly by the al-Qaeda network, could have been put on the internet via a US firm based in California, Der Spiegel magazine reported on Thursday.

The video was released on Tuesday and shows relatively high-quality film of hostage Paul Johnson, who kidnappers from a group called "al-Qaeda in the Arabian Peninsula" have threatened to kill by Friday.

The origin of the video was traced to Silicon Valley Land Surveying Incorporated, a California land surveying and mapping company, said Spiegel online, the internet service for the respected German weekly.

http://www.news24.com/News24/World/News/0,,2-10-1462_1544211,00.html

.....or is it this site has been uncovered as bein' in *collusion* as to the real perps of this new *hostage* situation?? :shrug: How bizzare and interesting! :tinfoilhat:

whateverittakes

I read the Spiegel-article yesterday and it did not imply that the video was put on the the Internet by Silicon Valley Land Surveying Incorporated (I know that you don't say this either, but some people could nevertheless get that impression).

The author of the article describes that the webserver that hosts the company's website was hacked. The islamists then uploaded several propaganda videos into a subdirectory on the server. This hacking method is called "Subdirectory Defacement".

The link to the original article is http://www.spiegel.de/politik/ausland/0,1518,304473,00.html

(Sorry, only in German).


It's a sick world and a sad day.

Organization:
Silicon Valley Land Surveying
Tim Redd
144 South 3rd St. #507`
San Jose, CA 95112
US
Phone: 408-971-0944
Email: [email protected]

Registrar Name....: Register.com
Registrar Whois...: whois.register.com
Registrar Homepage: http://www.register.com

Domain Name: SVLANDSURVEYING.COM

Created on..............: Thu, Nov 25, 1999
Expires on..............: Sat, Nov 25, 2006
Record last updated on..: Thu, Apr 17, 2003

Administrative Contact:
Silicon Valley Land Surveying
Tim Redd
144 South 3rd St. #507`
San Jose, CA 95112
US
Phone: 408-971-0944
Email: [email protected]

Technical Contact, Zone Contact:
Register.Com
Domain Registrar
575 8th Avenue - 11th Floor
New York, NY 10018
US
Phone: 902-749-2701
Fax..: 902-749-5429
Email: [email protected]

Domain servers in listed order:

NS1.RWHMAX.NET 207.142.132.180
NS2.RWHMAX.NET 207.142.132.181

What does this really mean? What government?(how I wish I knew more about programing and web hosting :argh: )

Picked this stuff off of this link after punching up NS2.RWHMAX.NET 207.142.132.181

http://www.thememoryhole.org/govt/dotgov-domains2.htm

(snip)
$TTL 86400
GOV. IN SOA A.ROOT-SERVERS.NET. REGISTRAR.NIC.GOV. (
2001062200 ;serial
3600 ;refresh every 1 hours
900 ;retry every 15 minutes
604800 ;expire after 7 days
86400 ;minimum TTL of 1 day
)
GOV. IN NS A.ROOT-SERVERS.NET.
GOV. NS H.ROOT-SERVERS.NET.
GOV. NS G.ROOT-SERVERS.NET.
GOV. NS F.ROOT-SERVERS.NET.
GOV. NS I.ROOT-SERVERS.NET.
GOV. NS E.ROOT-SERVERS.NET.
GOV. NS D.ROOT-SERVERS.NET.
GOV. NS B.ROOT-SERVERS.NET.
GOV. NS C.ROOT-SERVERS.NET.
1877US2JOBS.GOV. NS NS1.XPANDCORP.COM.
1877US2JOBS.GOV. NS NS2.XPANDCORP.COM.
1877USAJOBS.GOV. NS NS1.XPANDCORP.COM.
NS NS2.XPANDCORP.COM.
1903TO2003.GOV. NS NS1.HQ.NASA.GOV.
1903TO2003.GOV. NS NS2.HQ.NASA.GOV.
1903TO2003.GOV. NS NS3.HQ.NASA.GOV.
1STGOVT.GOV. NS NS-WEST.CERF.NET.
1STGOVT.GOV. NS NS-EAST.CERF.NET.
21STCENTURY.GOV. NS AUTH00.NS.UU.NET.
21STCENTURY.GOV. NS AUTH61.NS.UU.NET.
4GIRLS.GOV. NS CHERRY.HHS.GOV.
4GIRLS.GOV. NS DNSAUTH1.SYS.GTEI.NET.
4GIRLS.GOV. NS DNSAUTH3.SYS.GTEI.NET.
4GIRLS.GOV. NS DNSAUTH2.SYS.GTEI.NET.
4WOMAN.GOV. NS CHERRY.HHS.GOV.
(snip)

Frankly, I don't think it means too much. What you've come across is a listing of internet servers which defines name and IP address associations (A records), as well as the related "authoritative" name server (NS records) for each server in the .GOV domain.

In brief, each machine on the net has to have a unique IP address (a "dotted" number). Since people usually prefer to remember names instead of numbers, servers typically have arbitrary names prepended to the root domian of each address in the organization's network.

Files such as the one linked are used by an ISP to inform the rest of the internet of these associations. This information propogates through the internet via the "root" name servers (A-H.ROOT-SERVERS.NET).

Why you got this link from your search, I'm not sure, since I looked for both the strings "NS2.RWHMAX.NET" & "207.142.132.181" in the URL you listed w/o finding either.

The interesting thing about the link, though is that it comes from a Canadian university, and apparently the government refuses to provide this information (despite a FOIA request).

I thought the .GOV file extension was meaning of the type of server it came from.

This is also is interesting though I am sure they already have it or something, but if someone could write a program to use this type of information like stringing it together, finding the common links looking backward you could find hackers or other folks like this that produced it.

It looks kind of simple to do if you were in that trade. I only fix trucks, but origination of reasons for failure, what,why,when etc is always a back track thing. From what I can see most servers keep things around for a while. It just sounds so stupid they couldn't figure out where different things originate, considering one greatest reasons for the use of computers is recording and keeping track of information.

All this stuff is kind of creepy, enlightening and makes me wonder why anybody with any common sense would ever put anything a computer they wanted to keep secret :think:

I've enjoyed your contributions to DU, and it's my pleasure to return the favor in some way.

It's actually a central tenet of professional computer security that one should never keep anything sensitive on a machine which is connected to anything outside the enterprise, except through rigorously controlled interfaces. As you say, this seems almost common sense. In this case though, there wasn't any compromise of sensitive info, but rather just enough access to the server to allow the attack to post one or more files, a much simpler task which doesn't imply that the attackers had any actual access to anything particularly secret.

You're right that computers are good at logging info, and that finding the reasons for failure, whether involving trucks or computers require back-tracking through things. There are however at least a couple of different reasons why this may not be of so much use after the fact on a computer.

Although servers typically record the unique address of each "host" making a request of it, it is not too hard to route the request through 3rd party machines which "anonymize" the request by substituting the original requesting IP w/ the 3rd parties. If these intermediary machines reside outside the US executing a search warrant to look at the record of "mappings" between the anonmizer's IP w/ the original request IP can be unwieldy as well.

The real pros avoid even this problem by simply hijacking a machine, typically poorly protected ones in a university settings or Internet cafes, or by connecting to a wireless home-based LAN w/ default security settings, or surreptitiously taking control of a machine through a trojan-horse worm or virus attack. In these cases the requesting address will pretty effective mask the attacker's.

In all events, any competent hacker will make an effort to compromise the logs on a target host by gaining sufficient rights so that they can delete or edit the logs, thus covering their tracks.

As you imagine there are whole suites of programs, some sold for five or six figures and up which attempt to help IT managers detect and prevent hackings attempts.

I say not afraid, but fore-warned, and wary. This is the main reason I am extremely careful about the software I install on my machine. As a programmer, I can verifiy that it's a pretty easy matter to write a program which silently sends email, makes Internet requests, or copies the contents of anything in the file system, including a log of keystrokes, especially on a machine w/ a non-dialin connection, even on dial-in ones w/ a little more work. I never install or run anything I don't completely trust the source of.

Cheers

Yea, I guess I had forgotten about them third party work around and all that other hacker junk. Come to think of it, does make more sense that it would be also so easy to be illusive with this stuff.

Some where, some how, someone will trip up though. Some second or third tier person that does not know any better. We know that's what happened with Bev Harris. She struck a gold mine on them guys, she was looking and she found it. Thanks for the inspiration, we will keep working.

P.S. I did know some of that, like buying that off-shore anonymous address for five or ten bucks or that WI-fi drive-by hijack deal. The wireless home-based LAN w/ default security settings deal really seems like a bonanza for them kind of folks also ( really just thinking about that one now)

That last one increasing in numbers by hundreds or even thousands each week. That does sound like some deep dew-do for the web-masters and computer security operations

that since this is possible and MOST people have no clue about how all of this works, with the Patriot Act they could really set people up and slam them away for a lifetime in Gitmo for contributing to terrorism or whatever when there really was nothing the person had done!

Really makes you even more leary of the Patriot Act!!!!

Hardware firewalls just got a notch higher on the necessity list....

I'm behind one. You should be too! :)

had that video within minutes?

Are they really all that interested in Land Surveying?

Plus,
who first came up with the notion that another "Islamic" website was the one spreading this stuff?
http://www.azcentral.com/news/articles/0621IslamicWebSites21-ON.html

was disseminated in a similar way. First it pops up on a server that seems like a bogus front for an al Qaeda site. Then some of the key Bu$hbots find it and spread it from there. Then the site and link for the original video disappears.

It seems there is a similar pattern here.

until we forget or stop caring about torture gate

Some will never, but as the worm turns and whats good for the goose as for the gander. It could get worse for them also, as they pile the stakes higher



http://www.sw33t.com/pixs/jtree.html