http://msgboard.snopes.com/cgi-bin/ultimatebb.cgi?ubb=get_topic;f=67;t=002074;p=1
http://mike.essl.com/comments.php?id=82_0_1_0_C
and this one:
http://inessential.com/?comments=1&postid=2462
The poster edits and says he thinks it's a prank but scroll down, down, down to the last comment by user: darkhorsecometh.
I polled some of my pals in higher-level IT positions than I and their educated feelings tend towards it NOT being a spoof prank.
Is anyone NOT a "turriss" in this country?
*sigh*
i really wonder what your higher-level IT pals arguments would be for this not being a spoof prank.
referers are ridiculously easy to fake, it's not a browser setting, but privoxy (usually comes with Tor) can do it, and so can a single line of linux code.
someone mentioned that 26.000 bloggers wrote about this, i think that's a ludicrously high number, probably 90% of it is automated cock&repost.
but even then, it's really very easy to write a little script that gathers a few 1000 blogs from a couple of google queries, and then starts hitting them with faked referer headers. (very easy = if you know how to program, of course)
then there is the issue of referal spam. as you know spammers write their shit everywhere they can get their hands on, it started with emails, then blog comments, automated forum posts and wikispam, and yes, they are hitting the referal-logs as well.
could be one of the spammers was testing out their new script and has a sense of humour.
little story: a few years ago i tried as an experiment once to surf the web with a faked header with some sort of webmaster-bait in it, just to see what kind of response it would draw --result: hardly anything-- but i must have hit at least a few hundred sites with that faked header (i had modded my browser to send the fake header everywhere i went with my normal surfing habits).
so my guess is: probably a spoof/prank.
although the argument "the FBI wouldn't be so stupid to leave their traces like that" doesn't really hold. more stupider things have happened in more secure agencies.
Seeing foo.bar.baz in a ref log means only that the client told the server that the browser came to that site from foo.bar.baz Note that there are not checks in the system... If I tell my system to always tell websites that I just came to their site from foo.bar.baz, they will have no idea that I didn't.
In fact, this system makes it easy to get into pr0n sites, since many assume that IF you came from "authorized.pornpage.com" then you must be authorized...
Check out zSpoof for an easy plugin tool that does this sort of thing for Winblows.
I know it CAN be spoofed and I know HOW.
I don't think it WAS.
Why?
Well actually, I'm split:
On one hand, I tend to trust the guys I asked and the fact is; the FBI can do whatever they want, they don't HAVE to hide their shit and there ain't a goddamned thing anyone can do about it.
I worked for the DoD and I know firsthand that people in supposed "high intelligence" positions make mistakes like this...it's typical, in fact. Not that they're not bright or anything, just that the guy who's trained in "picking up on wonky psychological signals in webpages" isn't trained in "IT security and covering yr tracks," nor do they work together (or even like each other in some cases).
Starting a watch page of sites for "all hands in xyz department to peruse" is prolly par for the course and someone not trained in security would name a thing using what he'd think is the obvious choice or whatever the DoD jargon is at the time.
On the other hand, fbi.gov/watchlist/suspect/ *does* seem extraordinarily hokey. Also, some people I asked whose sites might be candidates for a list like that due to "counter-culture and fringe-esque political views," checked their referrer logs and found zippo. It makes no sense why some d00d's blog is on there but other sites are not.
It wouldn't surprise me either way. I tend to believe someone pulling a prank would eventually take credit though.
Quote from: navkat on June 18, 2007, 08:29:10 PM
It wouldn't surprise me either way. I tend to believe someone pulling a prank would eventually take credit though.
not if they're smart about it
fade away into the background and live to jake another day
is troof. if i were to pull such a prank, and it would be successful (that is, i'd see the blogosphere buzzing about it a littlebit), i sure wouldn't brag about it on any public forum.
doing some searching, i found the IP address of those hits, and with a bit more searching, the IP-address appears all over the place on old semi-public (read: hacked) http-proxy lists.
so either, someone at the FBI was smart enough to create a webpage with a huge watchlist, stupid enough not to know about referers, but smart enough to cover their tracks by using a proxy that a lot of other people would also be using.
.. or it was someone pulling a successfull prank with a little script and a public proxy.
---
anyway if the original point of your post was ZOMG the FBI is reading our websitez with watchlists! then, yes, yes they most certainly are.
but i don't think the links you provided were a very good example of that happening.
http://www.principiadiscordia.com/forum/index.php?topic=12475.0
^^^thx.