Kushmonster

Kushmonster

Monday, May 3, 2010

US ARMY INTELLIGENCE TRAWLS KUSHMONSTER?

Access Denied (policy_denied)

Your system policy has denied access to the requested URL.

If you feel this is a mistake, click the link, conus-tnosc@netcom.army.mil, to send the CONUS-TNOSC an email with the pertinent information. If the link does not autopopulate the email, copy/paste the information in Bold above into the email message.

After repeated failed attempts to load the following site during which it was indicated that the requested URL was not responding, Kushmonster has the puzzling experience of finally being "denied access" to http://usacac.army.mil/cac2/CALL/docs/10-16/ch_15.asp, on which I was conducting research on the role of the 3rd Infantry Divisions 1rst Brigade Combat Teams redeployment from Iraq in October 2008 and its subsequent involvement with the Joint Task Force Civil Support (JTF-CS). This was all the more disturbing because I had freely accessed the site two times previously with no problem..... Strange to relate, after some two days of attempting to access the above site and finally being denied access in the official pronouncement recorded above, immediately after publishing this post, access was restored... Strange indeed.

Although next to no one ever views this blog which, like so many others rest relatively undisturbed and forlornly in the vast wastelands of cyberspace, it has for some reason attracted the attention of the United States Army Information Systems Command Center at Fort Huachuca, Arizona as well as Fort Bragg, just outside of Fayetteville, North Carolina. This was discovered after I googled the above conus-tnosc@netcom.army.mil. in attempting to ascertain why I would be denied access to the military newsletter openly published on the USACAC Army website also listed above. As I trolled through the various sites, I discovered that way back in 2004 an obscure forum site representing itself as http://www.webservertalk.com/message427958.html had registered a "strange access attempt" involving an entity identified as armygl.army.mil. by a guy at www.toms hardware.com/forum/224149-46-strange- access- attempt. This "strange access attempt" involved the above mentioned conus-tnosc@netcom.army.mil. This individuals Syngate Personal Firewall had been set to ask him if the Generic Host Processes tries to connect to the Internet. "Yesterday, it prompted me the army.glarmy.mil. is trying to connect to Generic Host Processes. Now I don't work for the military or anything like that. I denied the request. I did a Whois look up on armygl.XXXXXXXXXXXX and came up with this" He goes on to record the Whois profile and IP numbers of The Fort Huachuca/United States Army Information Systems Command (USAISC) in Arizona. IP 143.81.252.12, along with NETC-CONUS-TNOSC.

That particular name rang a bell and I realized that I had seen the name "Fort Huachuca" on the Revolver Map that records the visitors to Kushmonster. Sure enough, the"visit" had taken place on April 26, at 12:40 pm evidently during one of my attempts to load the army newsletter site. It is interesting to note that another "visit", this one from Washington D.C. took place a mere 20 minutes later, one of only several from the Capital. As I investigated further, I found a curious 8 visits from Fayetteville, North Carolina which I subsequently found is located near Fort Bragg with its own USAISC center leading me to speculate about the source of those hits as well. As has been suggested elsewhere, these transmissions are, in all probability, simply robotic messages which are triggered as an automatic response to questionable incursions into army domains. On the other hand, the frequency and prevalence of such contacts across the net lead one to believe that, at the very least, a concerted effort is being conducted in covert surveillance and information gathering by Military Intelligence and Information Technologies on the Internet.Though the tangible realization of these activities came as a surprise to this blogger, others with more experience and technological acumen are apparently quite used to this.

Other blogs and sites which have had a visit from the Fort Huachuca USAISC range from Tacomaworld, a Tacoma Truck owners and enthusiasts forum site to a radical blogspot located in New Zealand, http://tumeke.blogspot.com/2006/01/death-to-america-attack-waihopai-spy.html, which posted a particularly spirited and informative exposé of the Fort Huachuca eavesdropping which included the above mentioned "strange access attempt" by Tomshardware.com. Tumeke paid special attention to the commandant at Fort Huachuca, Barbara Fast, noting that she had indeed served in the same capacity at the notorious Abu Ghraib facility in Iraq, "as senior military intelligence officer during the time when the most in- famous abuse of prisoners occurred". Fort Huachuca has trained thousands of "interrogators" who plied their strange trade at both Abu Ghraib and the Guantanamo Bay Camp X-Ray.

Also of great interest especially to those Mac users who might have thought their computers were impervious to such intrusions we have the following from http://www.sciencetext.com/mac-hack-us-army.html:


Is Your Mac Reporting Back to the US Army?

December 4th, 2007 · by David Bradley >> 11 Comments

  • Share/Bookmark

Despite anecdotal claims to the contrary Apple Mac computers are not invulnerable. As Sig Figs’ guest blogger Jenny Oliver has reported previously there are many security issues for Mac users. She sent me an update recently in which she seems to have uncovered a very worrying conspiracy surrounding a cluster of machines with an inbuilt trojan apparently reporting back to the US government.

“It is now almost two months since I have been unable to use my Macbook Pro online,” she says. “After various offers to allow anti-cybercrime persons access to my computer for information-gathering purposes in the interests of national and international security, I realized that my personal and business needs were obviously greater and did a total erase and reinstall this week. The unidentified Trojan (or equivalent) had zombified my laptop, and the agency involved had jammed open ssh (secure shell handling)… this meant that they had complete control over it. Indeed, if I had not used it in a while, it would hopefully switch itself on (even disconnected from the ‘net!), lid closed and all! Some programming skills there… note that the said ‘agency’ was waiting for a passing Mac-user to drop by.”

The panic begins when you do more digging than you should inside your machine. “When I first got my Mac, I did lots of exploring. I noticed that if I fired up Network Utility, under the Info tab it would report a network connection which looked quite alien,” she adds, “This would only be visible if examined when completely disconnected from the Net. “Odd!” I thought, and supposed then that it must connect with Apple for some reason, and did not take the matter further. It was only after I accidentally clicked on the bogus, malicious link in Google in September that I did some more investigation. The ‘default’ IP address was there after the hack, but it was then I recalled seeing it from the first … and the reinstall established that. I looked up the address on www.arin.net – the American Registry of Internet Numbers. 144.3.8.0. The US Corps of Infrastructure and Engineers. This Corps is responsible for rebuilding in places such as Iraq and Afghanistan.”

I did a quick Google for that IP address and discovered a discussion forum talking rather haphazardly about the issue way back in November 2004, well before Jenny’s Mac purchase. Apparently the Apple Firewire TCP/IP defaults to a 144.x.x.x number on all Macs. What at first appears to be a US government conspiracy actually turns out to be nothing more than a legacy of the fact that the US government ran the first internet machines and these 144.x.x.x addresses are just some of the earliest IPs handed out to organisations, such as Apple, early on.

Anders HiPhi speaking on that forum points out that, “The server is part of the European ORSN network – a 13 strong server array network – through which all European internet traffic passes. The ORSN say they need the US side servers as they don’t have enough resources.” However, he asks, “Even if this is the reason for the IP to be a default in the OS, Apple has it’s own ORSN servers, so why should they program US ARMY servers as their deafult? USACE are almost certainly responsible for Cyber Operations as part of their brief, so why have APPLE put US ARMY CyOps servers as a default when they could have used their own?”

What does Apple have to say on this subject? Apparently, just because the machine defaults to this IP when it doesn’t have a real address to hook into does not mean it is an active address being packet sniffed by a US government employee. It’s an inactive address.

Who knows? Maybe Jenny is right and there is a conspiracy. I’m of a mind to assume that it’s nothing more than a pingback address to an ancient timeserver that is no longer used by Apple’s Firewire drives but that was hardwired in early in the design and is so low priority that there is no impetus to remove it now. Except that it would stop Mac users who dig too deep from worrying needlessly that the US Army is watching their every move. Indeed, I just spoke to Jenny Oliver again and she is relieved that I found this information but wonders why it is not more widely known and readily available to paranoid Mac users. Maybe there really is a conspiracy after all!


3 comments:

George said...

your article begs the question, was there any info on the site which you think was important? why would they bother to interfere if they did? ive heard that when you log onto any government website...you lose privacy in some way.

yardfarmer said...

As the relevant information was published in the public forum of an army newsletter, as I expressed in my post, I am at a loss to understand why access was denied and then suddenly restored only after my own response. Is it the eye of Sauron(?) haha! or probably just some programmed robotic response. In my considerable naiveté of the workings of the cyberspace, I found it novel and kind of interesting, but having been subject to humint surveillance before regarding political activities, I view it all with considerable suspicion. Who knows? I guess there are more important things to be concerned about!

George said...

maybe, maybe not. i certainly think its interesting enough to warrant a post.

i also had a post once on what i thought was some kind of virus warnings intended to make google searches more difficult...

just as an example