Corrente

If you have "no place to go," come here!

Evading Investigation Through GWB43.com

tom's picture

Um, guys:

I found this astonishing, damning post by "Citizen 92" at TPM Muckraker this afternoon. It sure looks like evidence of politicization and obstruction of justice straight out of the RNC handbook.

"In the second document dump, notice that White House Deputy Political Director is writing from the @gwb43.com email domain -- yet his official White House title and phone number is in the footer.

The gwb43.com domain WHOIS record shows that it is owned by the RNC.

Why are White House officials using e-mail accounts that are not their official White House domain server (@who.eop.gov)???

ARE THEY CONSCIOUSLY GOING AROUND HAVING IT REGISTER IN THE EOP SYSTEM SO AS NOT TO BE AN OFFICIAL PRESIDENTIAL RECORD (and hence, hidden from disclosure???)

Certainly a strange practice for a White House official to use an RNC domain for official communication with the Justice Department!!!

I think the folks in congress need to subpoena for all e-mail on GWB43.com. It sounds like W and the boys are trying to evade investigation through using non-government e-mail accounts. In fact, if I were them, I'd ask these folks for all e-mail ON ANY SYSTEM that deals with the subpoenaed topics.

Why do I suspect that this e-mail will have, um, "disappeared" by later this afternoon?

UPDATE Here's the whois information:

Registrant:
Republican National Committee
310 First Street SE
Washington, DC 20003
US

Domain Name: GWB43.COM

Administrative Contact, Technical Contact:
Republican National Committee
310 First Street SE
Washington, DC 20003
US
999 999 9999 fax: 999 999 9999

Record expires on 16-Jan-2008.
Record created on 16-Jan-2004.

Domain servers in listed order:

NS1.CHA.SMARTECHCORP.NET
A.NS.TRESPASSERS-W.NET

UPDATE 2 Apparently CREW is already on top of this.

0
No votes yet

Comments

Submitted by xan (not verified) on

All sorts of interesting questions about emails and addresses and white House work:

It's my understanding that the Presidential Records Act covers staff e-mails -- no matter what domain they come from -- as long as they are generated "in the course of conducting activities which relate to or have an effect upon the carrying out of the constitutional, statutory, or other official or ceremonial duties of the President."

Of course this has some wiggle room in it if the duties in question are NOT constitutional, dunnit? If they're just flat-out illegal and crooked and slimy? The law doesn't seem to have a provision for the office of the President being occupied from top to bottom with unapologetic self-justifying 24-hour-a-day criminals.

And another little tidbit lower down I found interesting:

And consider this: copies of e-mails between now-convicted lobbyist Jack Abramoff and Susan Ralston, then an assistant to Karl Rove, showed her using a variety of e-mail addresses at georgewbush.com, rnchq.com and aol.com.

Is there any way to just plain track EVERY email that went out of the White House regardless of the address of the sender? Hell, tons of people do this every day--send email from their employer with a return address of @hotmail.com rather than @tediousdayjob.com or whatever their employer's addy is.

I'm about to the point of brutality that says we must NOT reverse these last few years' worth of invasion of privacy measures until AFTER a couple years of Democratic control. We let them cheat their asses off then change the rules back to Play Nice Mode just before we take control?

Fuck that. Turnabout, bitches...just long enough to convict all you sorry bastards and see you in jail. We can free up a shitload of cells when we legalize pot for all.

(Yeah, I'm a little pissed at the moment. Goddamn Senate and the turncoats on the Iraq troop pullout bill....)

Submitted by xan (not verified) on

h/t to Atrios (mandatory kowtow to Great Blue Master):

Citizens for Ethics & Responsibility sez letter sent to Waxman

...asking for an investigation into whether the White House has violated its mandatory record-keeping obligation under the Presidential Records Act (PRA).

snip

CREW has learned that to fulfill its statutory obligations under the PRA, the White House email system automatically copies all messages created by staff and sends them to the White House Office of Records Management for archiving. It appears that the White House deliberately bypassed the automatic archiving function of its own email system that was designed to ensure compliance with the PRA.

[snip] In this matter, CREW cannot bring a lawsuit challenging the White House on its compliance with the PRA because of a legal precedent that relies on presidents to honor the mandatory record-keeping practices, with no judicial review.

Hollow laughter at the use of "president" and "honor" in the same sentence at this particular point in history.

So we can't go into open court and demand that they disgorge or check in to the Gray-Bar Hotel. This means Plan B, which is subterfuge, sneakery and activation of the Superhero Hacker Patrol.

What's that up in the sky, Commissioner? That searchlight reflected off that cloud? Is that shaped like....a little squatty penguin? Whatever could this mean?

**
oops, upon rereading Tom's original post I see he has an Update noting this CREW press release. Oh well, I already did all this typing and snark extrusion, wtf, may as well post it anyway.

Submitted by lambert on

... Those emails went onto a server somewhere and were saved--or deleted (for, er, whatever reason).

It's the same as with the video feeds that I'm guessing come from the torture chambers; we need to turn a sysadmin.

No authoritarians were tortured in the writing of this post.

First they ignore you, then they ridicule you, then they fight you, then you win. -- Mahatma Gandhi

Submitted by lambert on

Maybe somebody could email some questions on record keeping?

No authoritarians were tortured in the writing of this post.

First they ignore you, then they ridicule you, then they fight you, then you win. -- Mahatma Gandhi

Submitted by xan (not verified) on

(1) SmartTech.com That's the domain server for (apparently) the gwb43.com address...

(2) The second one leads to something called Coptix. Don't try logging in with the password "weluvgwb", and don't ask me how I know.

Coptix looks like it's in the process of being scrubbed; all the upper spaces for logos and such are red X's at this point. Anybody who knows the SqirrelMail system is particularly invited to play around. What's the default password usually built into such things for testing purposes?

Some of the blanked out boxes still work, notably their Contact form. Just in case Something Happens To It of an unfortunate, sleep-with-the-fishes sort, here's what it says:

Coptix Inc.
4009 Tennessee Avenue
Postal Box 2026
Chattanooga, Tennessee 37409

-------------------------------------------

Telephone: 423.822.6850
Facsimile: 423.825.2001
Email: info@coptix.com

-------------------------------------------

We live, work and love in historic St. Elmo, TN, minutes from downtown Chattanooga and Lookout Mountain.

For a detailed map, click here.

Hmm. Actually once you get past that first page it's reasonably open. Seems to be a straighforward website design company; I detect no particular hints of wingnuttery or political content of any sort. (And if they straighted out the Times-Free Press's formerly miserable excuse for a website they may have some valid reason for continued existence.)

What their connection to the WH/gwb43.com matter is, is unclear. But that was the page that came up when I put "a.ns.trespassers-w.net/" into the browser.

I dunno.

Submitted by lambert on

From Coptix's client page, we find The Maclellan Family Foundations:

The purpose of the Maclellan Foundation is to serve strategic international and national organizations committed to furthering the Kingdom of Christ and select local organizations, which foster the spiritual welfare of the community, by providing financial and leadership resources to extend the Kingdom of God to every tribe, nation, people, and tongue.

And from the FAQ:

The Maclellan Foundation does not regard the Lausanne Covenant or any other man-written creed as necessary or sufficient for salvation. Rather, it is merely a helpful (though imperfect) summary of hallmark evangelical beliefs: the authority of scripture, the uniqueness of Christ, and most of all the urgency of evangelism. Since the 1970s, subscription to the Lausanne Covenant has become an internationally recognized screen that distinguishes evangelical Christians from those who are not. Because the Maclellan Family Foundations seek to support those ministries that are faithful to Jesus Christ and His word, the Lausanne Covenant serves as such a screen. If any ministry outside of the Chattanooga community cannot in good conscience subscribe to this covenant, then it will not be considered for a grant.

Yadda yadda yadda. Go thou forth and fund the creationists. New York Times:

When President Bush plunged into the debate over the teaching of evolution this month, saying, "both sides ought to be properly taught," he seemed to be reading from the playbook of the Discovery Institute, the conservative think tank here that is at the helm of this newly volatile frontier in the nation's culture wars.

By far the biggest backers of the intelligent design efforts are the Ahmansons, who have provided 35 percent of the science center's $9.3 million since its inception and now underwrite a quarter of its $1.3 million annual operations. Mr. Ahmanson also sits on Discovery's board.

The Ahmansons' founding gift was joined by $450,000 from the MacLellan Foundation, based in Chattanooga, Tenn.

Then there's the Publius Press. www.publiuspress.com redirects to The Patriot Post, the "conservative journal of record", which is full of the usual suspects. Peggy Noonan blaming political correctness for Le Coulter's "faggot" eruption is especially excellent.

So, it's no crime to have clients, and I assume that Christianists and wingnuts are thick on the ground where coptix does its marketing, but still, "no sign of wingnuttery" is not quite correct.

And if they gave server space to the White House, that wouldn't necessarily appear anywhere.
No authoritarians were tortured in the writing of this post.

First they ignore you, then they ridicule you, then they fight you, then you win. -- Mahatma Gandhi

Hey folks, Jeffrey here at Coptix. I appreciate the fun of a good Internet egg hunt / goose chase, but I'm glad to give you some hints if you need them. You found our info address, so I'm kind of wondering why you're not just writing asking what we know? So.... maybe I shouldn't spoil the fun up front by telling you that there's no significant GWB43 connection on our side - I'll wait until you write and ask... Peace out! jeffrey at coptix dot com if you want to email me directly.

Submitted by xan (not verified) on

Chattanooga is after all right on the Georgia border. I don't know the town well (been there a couple of times for the battlefield) but it's pretty heavy in the R sector even by east TN standards.

Don't even ask about the billboard wars between the "Saturday is the True Sabbath, Dammit!" factions and the "Always On Sunday, You Heathen Bastard!" crowd. Although that's found more over towards Alabama way.

:)

Submitted by xan (not verified) on

is now running here. I posted some of the stuff from above, so anybody who's following this angle to the story might want to click and see what they can come up with.

I love our readership (and writership needless to say) but hey, gotta admit, Kos is bigger and has some people of geek status approaching godliness, so who knows.

Submitted by xan (not verified) on

I knew I didn't go far enough is snooping through that joint, fortunately one of the Kossaks did:

SmarTech Corp.
801 Broad Street, Suite 220
P.O. Box 11181
Chattanooga, TN 37401

But then the REAL kicker, geddaloadadis! (Quote from kossak Morrigan:)

Through a comment on TPM earlier this week, I found this link to a robtex dns search for gwb43.com.

Other domains sharing the same mailserver include these:

bcorker.com
bobcorkerforsenate.com
consultmhi.com
georgewbush.com
gop.com
gop.net
gop.org
gopcontact.com
gopemail.com
gopteamleader.com
govtechsolutions.com
newt.org
ohiogop.org
republicanvictoryteam.com
republicanvictoryteam.net
republicanvictoryteam.org
rga.org
rnc.org
rnchq.org
socialsecurityblueprint.com
speakergingrich.com
speakergingrich.net
technomania.com
thehuntercompanies.com
thirdwave2.com
thirdwave2.net
winningwomen.com
wrcb.com
wrcb.net

There are 873 domains sharing the gwb43.com domain's "nameserver." I'm not as computer literate as I used to be, so I'm not sure if there's anything important about either the mailserver domain list or the nameserver domain list. All I know is most of the sites listed that I checked are hard rightwing groups or christianist. Check this one out: American Weakly

Can someone explain for me what a mailserver is/does and the same for a name server?? TIA!

by Morrigan

Does the "nameserver" connection make a tighter link between gwb43.com and these other domains? And the fact that both these companies, Coptix and SmartTech, seemingly unrelated, just happen to be based in Chattanooga strikes me as more than a tad coincidental.

Submitted by lambert on

1. http://www.consultmhi.com/HTML/1024/ArticlesA.html seems innocuous. OTOH, they have no actual named clients, and of the two articles they list, neither of which is signed, one is on outsourcing. Seems odd.

2. Nameserver management is one of those easy tasks that's hateful if done wrong; what they do is map human readable names like www.bushsucks.com to machine readable IP addresses like 666.666.666, which are tied to a particular, physical server. So, if you move to a new server, the IP address changes, but the nameserver just makes the new IP address to the old name, and the humans keep using the name, and everything is seamless.

You could argue that the Republicans centralized their nameserver operations to make them easy to administer. But I'm sure there's an explanation that isn't innocent....

No authoritarians were tortured in the writing of this post.

First they ignore you, then they ridicule you, then they fight you, then you win. -- Mahatma Gandhi

Submitted by xan (not verified) on

Geddaloadathis: Up above we had a list called "domains sharing mailservers with gwb43.com". Now somebody over at dKos has used a different tracker called robtex.com, which has that list and also ANOTHER one called "domains sharing nameservers with gwb43.com"

This list has got to be seen to be believed. I am not gonna reprint the whole thing here because it is 837 names long (I am not making this up) but down just a little ways we find...

bushenergy.com
bushenergy.net
bushenespanol.net
bushfarmandranchteam.com
bushfarmteam.com
bushforpresident.com
bushgop.com
bushmajority.com
bushmajority.net
bushsux.net
bushteamleader.com
bushteamleader.net
bytehauler.net

This story just keeps getting wider, deeper--and more hilarious by the day. I think. Maybe hilarious isn't the word I'm looking for here...but wtf, if you can't get enjoyment out of your work you're in the wrong line.

I'm headin' back to read some more. A bigger post on this thing is planned but I swear ta Ghod, more just keeps being turned up by others faster than I can think of new avenues to explore. So go read them, dammit. I haven't had such a pure politcal/predatory thrill since the actual Saturday Night Massacre, which I am so damn old I remember quite well.

vamanos, muchachos...

Submitted by lambert on

... one wonders if there is the possibility of security breaches. I mean, are those servers -- and they're RNC servers -- hardened?

And what are the legal aspects of using the RNC as opposed to the *.gov address?

No authoritarians were tortured in the writing of this post.

First they ignore you, then they ridicule you, then they fight you, then you win. -- Mahatma Gandhi

Submitted by xan (not verified) on

on this diary again, which you really oughtta read if you're working on the gwb43.com thing again.

I asked, does a blackberry work as a telephone (paging NSA, NSA to the secure white courtesy phone please) or as an email transmitting device?

Still working my way down the list of gwb43.com nameservers. Besides bushsux.com they own a number of similar names...once I got over giggling it struck me that this is elementary security; buy up the insulting names referencing your candidate to deny them to the opposition. Cheesy and petty but I gotta say, legitimate. And smarter than I expected from this crew.

However there's another batch that may be more significant. Look at the "a" section and there are a long list of names like these:

afpga.com
afpga.net
afphq.com
afphq.net
afphq.org
afpia.com
afpia.net
afpil.net
afpks.com
afpks.net

These are the "Alliance For Progress" sites for a number of states. This looks very much like the old "Prosperity Project" that they had going in the '04 election which I tried to attract attention to at the time based on a story out of (iirc) the Minneapolis Star-Tribune about the Michigan one.

It purported to be a "non partisan encourage-your-employees-to-vote" site for businesses. Their supposed "nonpartisan" messages of course consisted of things like "This is the Republican position which will allow your employer to thrive and keep you on the payroll. This on the other hand is the Democrat position on Issue X which will drive them out of business with excessive taxation and regulation, sending your job to China and leaving you and your children to starve in the street. Now we hope you are better informed in your voting decision."

Haven't looked through all of them yet so count this as speculation. But these might be worth looking through in more detail to see if there is any implication of nonprofit status or other evidence to support a claim of "objectivity" that might be actionable. Slim odds I admit, but still....

Submitted by xan (not verified) on

Dunno what all this means so I depost it here just in case the original page, um, wanders off and goes all 404 on us:

lookup net
lookup org
lookup gtld-servers.net
as25817 SMARTECHCORP SMARTECH CORPORATION
route 64.203.96.0/20 error
c-net 192.12.94
c-net 192.26.92
c-net 192.31.80
c-net 192.33.14
c-net 192.35.51
c-net 192.41.162
c-net 192.42.93
c-net 192.43.172
c-net 192.48.79
c-net 192.5.6
c-net 192.52.178
c-net 192.54.112
c-net 192.55.83
route 209.61.128.0/18 Rackspace com, 112 E Pecan St , Suite 600, San Antonio, TX 78205
c-net 209.61.172
c-net 64.203.96
c-net 64.203.97
c-net 64.203.98
route 64.203.98.0/24 error
lookup as
as10532 RACKSPACE Rackspace com
lookup cha.smartechcorp.net
lookup ns.trespassers-w.net
lookup trespassers-w.net

This suggests to me that there is indeed some connection between SmartTech and "trespassers-w.net" which is Coptix. What function that Rackspace outfit serves I do not know, but if it's based in Texas ....? I note it for the record. Nothing from that state is to be trusted at least until it has been thoroughly waterboarded.

Submitted by lambert on

A.A. Milne:

THE Piglet lived in a very grand house in the middle of a beech-tree, and the beech-tree was in the middle of the forest, and the Piglet lived in the middle of the house. Next to his house was a piece of broken board which had: "TRESPASSERS W" on it. When Christopher Robin asked the Piglet what it meant, he said it was his grandfather's name, and had been in the family for a long time. Christopher Robin said you couldn't be called Trespassers W, and Piglet said yes, you could, because his grandfather was, and it was short for Trespassers Will, which was short for Trespassers William. And his grandfather had had two names in case he lost one--Trespassers after an uncle, and William after Trespassers.
"I've got two names," said Christopher Robin carelessly.
"Well, there you are, that proves it," said Piglet.

Everybody with an account on this server's got two names, eh? That other name would be called an alias...

No authoritarians were tortured in the writing of this post.

First they ignore you, then they ridicule you, then they fight you, then you win. -- Mahatma Gandhi

Submitted by xan (not verified) on

Their ownership...

gwb43.com=AirNet Group, parent of SMARTech Corp. (6+ / 0-)

Jeff Averbeck is evidently the CEO of AirNet Group, parent of SMARTech Corp., which ultimately owns the gwb43.com domain (and many others) on behalf of the RNC. OpenSecrets.org shows that Jeff Averbeck gave $10,270 to the RNC, Bush, and Sen. Corker (R-TN) in the last 3 cycles.

imho, this is big news. Using a RNC lapdop ISP is the electronic equivalent of a paper shredder, and provides numerous "hey, over here!" opportunities for data theft of official WH communications. And I feel so much better about their "killer" security -- a bank basement in TN:

How safe will your content be when stored at our facility? As safe as the basement of the former Pioneer Bank building. Our facility is located along with shared security within the bank basement.

Better yet, their shared email servers hang off of some vanilla BellSouth internet connection in Chattanoga, TN:

gwb43.com. 85697 IN MX 10 mailscan1.smartechcorp.net.

21 her00cha-ge-1-3-0.bellsouth.net (205.152.151.85)
22 65.14.206.46 (65.14.206.46)
23 cha-core-02-edge.smartechcorp.net (64.203.96.97)
24 cha-cust-01-core-02.smartechcorp.net (64.203.97.138)
25 mailscan1.smartechcorp.net (64.203.97.101)

Doesn't even pass the weakest "sniff test" for DoD government-level IT security...

h/t to "kiva" at Casa del Orange.

Submitted by lambert on

afpks.com

remaps to

http://www.americansforprosperity.org/in...

with TABOR ads on it (paid ads, yeah right, unless its money laundering)

TABOR (Taxpayer's Bill of Rights, essentially designed to give the 30% of KoolAid drinkers a veto over tax policy) is nasty; we beat one back in Maine:

http://www.progressivestates.org/content...

http://www.heartland.org/Article.cfm?art...

No authoritarians were tortured in the writing of this post.

First they ignore you, then they ridicule you, then they fight you, then you win. -- Mahatma Gandhi

Submitted by rove roller (not verified) on

all we need are some teckys near smarttech and similar company's to sniff aka a citizens carnivore for interesting words in the data streams....
and record it for retention purpose...
To help our Government retain records... for later cases....
I figure at least a dozen ( nsa) hardened linux boxes should do for sniffing and retention analysis....
Or how about a seti like background program to analyze the contents???? for 100's of computer

have fun

Submitted by lambert on

As you can see, I turned it into a post.

What an interesting data point!

No authoritarians were tortured in the writing of this post.

First they ignore you, then they ridicule you, then they fight you, then you win. -- Mahatma Gandhi

intranets's picture
Submitted by intranets on

So is this the first link to the phony pic? I remember seeing it "planted" somewhere else first. Boy, "J" sure did a number on us.

Take a uber-Christian wingnut webdeveloper and punk everyone by implying that Rove met with the company he is already peripherally involved with. I can't help but think that your Chatta-buddies and Rove didn't put you up to this. What is funny is that if it was a SMARTech folder it would have raised the same questions, and been TRUE regardless of if it was photoshopped or not.