Archive for the ‘Holocaust’ Category

A Texas Ranger Testifies

May 24, 2007

The most bothersome thing about are the abused and haunting faces of the naked children reminiscent of the Holocaust Museum. Now, no matter how disgusting these pictures or the 500 pictures shown at trial are, at least one must depict violence and at least one must be a real person to insure that they are not retouched photos for a sick audience. This is the only way to insure a conviction.

Someone must testify that this is a living human being, who was sexually abused. You have to admit, it’s a lot easier task for the Government to find one picture when hundreds of pictures automatically downloaded from a stinkpot you happened to wander into and then its hidden in a secret index.dat file so there is no chance it will be erased.

According to the newspaper report, Sergent Matthew Cawthon, testified that he had worked a case of a know sexual predator and earlier had seen a haunting picture of a young child (5 years old) being abused. He was able to track her down after they arrested the pervert and located his former wife. In addition to others, he was abusing his own daughter. He testified that she is now a living nine year old child. The pervert got a five year sentence for screwing his daughter and distributing the pictures.

Actually, there was a lot more to his testimony, it was presented in full gory details while the picture remained on the screen. After his testimony, a woman ran from the room in tears and the Defense Attorney’s only question was why they didn’t execute the man. No other Defense question was possible.

Now Texas Ranger Cawthon appeared to be an honorable older man who probably didn’t know shit about law enforcement honeypots and the claims of law enforcement personnel that they own all kiddie porn distribution.

My questions would have been slightly different. I would want to know if it’s so easy for the Fat Savage to track these hosts to big business hosting and backbone carriers, why doesn’t the government shut them down. Why is it that every single site that I traced which publishes kiddie porn is residing in America.? Why are kiddie porn sites all not for profit in an industry driven by greed? Why do these sites load you with pictures, redirect you to sites you never asked to go to and spawn new browsers that load URL’s and pictures into your cache memory without your consent or participation? Why is our government condoning the publication in America of real pictures of abused naked girls who are just now reaching puberty? Why have these sites stayed on line for almost a decade while the government goes to the expense of flying you all over the world to prosecute little boys and old men caught playing with themselves?

If that dumb fuck knew how easy it was for our Government to shut these hosts down and stop embarrassing the child, do you really believe he would still testify on the government side?

I kind of feel sorry for good old Matthew, – he appears to be just a good old country boy trying to do the right thing for his country and the child. He would never believe that the government is the one exploiting these pictures in the name of child protection even if I taught him enough Internet Forensics to track them to the host and distributor.

PS,, and are shown to be located in Houston Texas and offered to take me to their pages offering “Sexual Child Abuse”. Enough to do a Texas Ranger proud.

PPS. Actually, I think they are really located outside of Washington DC and the feds are just fucking with Texas in placing the host in that state.

AmericanThumbs and

May 19, 2007

Shitting in the Swimming Pool- A Metaphor for life.

One of the most important concepts I ever learned, I learned at 16. It is the story of a group of people who will destroy something valuable for everyone, if they cannot use it themselves. Unfortunately, there seems to be logic to their perverse activity of wanton destruction, so if you search for the logic and find it you get a deeper understanding of the problem.

While I was lifeguard at a pool, somebody would shit in the swimming pool almost every day at exactly 12 Noon. Since there were hundreds of kids in the pool, we couldn’t initially isolate a source. The result of finding the turds in the pool was to shock the pool with chlorine and keep everybody out of the pool for an hour. We probably would have never solved the problem if it weren’t for an observant kid who notice his friend take a dump and screamed that Johnny had shit in the pool.

It seemed that the kid’s mother strictly enforced regular mealtimes and that the kid must remain out of the pool for exactly one hour after eating. Since other parents were more lax, Johnny’s friends were all in the pool ignoring him. His solution was sort of elegant and definitely simple. Shit in the pool and force everybody out of the pool for one hour so all his friends could play with him.

Now what brings this to mind is had remarkably primitive code. The code starts by setting a cookie with the following Javascript code.

document.cookie = ‘ucjc=xucjcxnorefxucjcxnorefxucjcx1xucjcx0xucjcx0xucjcxxucjcx; path=/;’

Even to the casual observer, that’s an awful lot of ucj’s and it would appear that xucjx is being used to pass 6 different pieces of information. The next interesting aspect (to a geek) is that the small thumbnail pictures have various values associated with them including values for rating, votes, use and age. The values appear to be passed along with your unique cookie to the server by way of a php script if you click on the picture for a larger version.

Links to other sites are called from a cgi-file named ucj which is also an executable script.

Now when I Googled “ucj”, two results of relevance came up. The first was UCJ is a Traffic Trading Script for the porn industry, sort of like a link exchange. The unique aspect is that Keeve from americanthumbs has two other sites listed and there are 22 sites with Lolita as part of the name so your chance of getting a link to a dangerous sounding URL to be presented at trial are pretty good. As a matter of fact porn site operators can get a discounted service if the limit their customer’s choice to only or . Seems like if you click a link you are purchasing your one way ticket to jail.

The final interesting code was a referral to which was an analytic tool for pornsite owners. You find out incoming traffic from typed URL’s, domain referral, search engine and more. You see the IP addresses of old and new visitors and you find out the browsers they use and which plug-in services they have. from their 2004 site, ” statistics are much too comprehensive to list everything here.”

Adult webmasters loved this service even though it was pretty obvious they were tracking there customers. Unfortunately, it was highly visible and dangerous for law enforcement trackers to use because it could be easily identified and the type of information collected explored at trial. So someone shit in the swimming pool and destroyed the product. Pornmasters bemoaned the loss and all that is left is a blank page when you go to

Oh yeah the other reference to ucj is from a blog.

“Greetings… I suppose the most noteworthy thing to point out is that I have a week and a half to master UCJ before Diane goes on vacation. I’m getting there… I just hope I’m “there” then. UCJ, of course, is the Uniform Criminal Judgment, the program that allows us to print orders the judge signs that effectively outlines the sentence people who are convicted get. I’ve got most of it, but I know I don’t have all the little bells and whistles I need to know.”

Your choice UCJ is the name for a link exchange program or a law enforcement protocol.

Who’s in Bed With Young Models?

May 12, 2007

When I first started tracking I burst out laughing. The server was within 25 miles of the fuzzy headed thinkers of Foggy Bottom in the town of Ashburn, VA. For those who don’t know, Foggy Bottom is the Nation’s capital in Washington, DC

It was pretty clear cut that the host was and the fiber optic service came from Nlayer. A trace route from Pakistan also ended up following the same path. Nlayer is a high technology firm that links to the world at strategically placed locations to offer the fastest speeds and the least delayed transmissions. The offer co-location services on their own, to hosts like Intercage and to other smaller regional carriers. You can see a map of their Network on line. Take note they are in major Internet crossroads like Chicago, Ashburn, and San Jose, along with Atlantis, Dallas, Phoenix, and Los Angeles.

When I did a trace route from Indonesia, Turkey, Ukraine, The United Kingdom, and Denmark, there was some smoke and mirrors to suggested that the server was in Florida. However, the closest physical connection was to in San Jose and was being serviced by Level 3 in San Jose. The host was once again A check of Server Central shows they are another big business serving the Fortune 500 offering data centers in Chicago, Ashburn and San Jose or right along the Nlayer routes.

A trace route from the Czech Republic, Singapore, Portugal and Kyrgyzstan ended up passing through Washington DC on the way Ashburn and connected to the host Intercage. They connected through another carrier XEEX who also services the Fortune 500.

Shutting down Intercage is a dream. They have changed corporate names a few times and an estimate from a ZDnet Editor suggests that half their revenues are from Criminal Activities. Seems, they have friends in high places. When SANS Security Institute recommended isolating a huge block of their IP’s SANS was forced by “someone” to rescind that decision.

However, if anyone in Big Business really cared about kiddie porn, they could easily refuse to do business with Nlayer, Server Central and XEEX until they bar access to Intercage. They probably won’t because the loss of Kiddie Porn Profits would mean rising costs for everyone else.

So whose in bed with young models?

It looks like all of the Fortune 500 is copping a little piece of the action!.

Is a Pigeon Drop?

May 6, 2007 Unabridged (v 1.1)

pigeon drop
a confidence game or sleight-of-hand swindle whereby cash is extracted from the victim as collateral for a supposed share in a large sum of discovered money, dishonest profits, or gambling winnings, which in fact are nonexistent.

It always worries me when something is too good to be true. In this case if you allow sexcounter to track your porn site visitors for free they will give the porn site owners far more valuable information than they aquire. Right!

Paraphrasing their site gives the following idea of what they collect and how they use it.

Porn site owners want good stats and want them free. SexCounter is perfect for them! It is based on new technology [spyware] with the most advanced statistics available on the market. Imagine Choopa is publically bragging that their spyware is so advanced that no users will detect it, and people keep viewing sites hosted by them. Good God, Big brother truly has invaded the bedroom but you have nothing to fear if you’re “normal” whatever that means.

Their wonderful stats include the number of hits for the kiddie porn site, the number of different visitors that produced the hits, whether they are first time or regular visitors. They give the porn site owner a detailed listing of pages visited and  the IP address of the visitor and the day and time which is enough to identify th actual user.

Of course tracking is performed to see where the visitor came from and where they went when they left. Everything is done with invisible counters [honeypots] so there is no traffic loss. Since it’s their hosting service they can do it without setting cookies or obvious code. If you own the host, you got it all.

SexCounter is a value added service for webmasters provided by of Sayerville, NJ. It is alledegly paid for by advertising inside the member area. The revenue they earn will be from banners inside the site targeted at webmasters.

Both Choopa and the porn site owner own the data regarding visitors to the website hosted by Choopa and sexcounter. The site owner can use the data they provide for any legal purposes. Choopa will use the data in compliance with there privacy policy[They don’t publish it so it’s secret, but you can trust them if you like.] They will probaby also use it for legal purposes.

The  sad point if this were an e-commerce site for anything other that porn, no one would trust them. The home page was last updated in 2005, the “about page” in 2004, and many links are dead [Resources and Privacy Policy are two obvious ones.]

Imagine how much trust you would have in if they hadn’t updated in 2 years and said they would do everything for you for free. Cut me a break!

There is no free lunch!

PS Choopa hosts about 2600 porn sites so you are bound to reach them once in awhile.  Have fun exposing yourself to them.  HAHAHAHHA! Get it? Exposing yourself! HA-HA-HA!

Steganography &

March 22, 2007

Steganography (stego) is the art of hiding in plain sight. Most of us are so conditioned to urban legends and myths that if we started looking for the home of a kiddie porn sight so nasty, that a just looking at if for a few minutes is enough to get a warrant to confiscate the machine and search the owners house we’d start in the third world. So it’s expected that the search for would focus on the nether lands of Elbonia, Dilber’s mythical country. Of course nothing could be further from the truth. is a world class website. Among the 100 million websites in the world, it is ranked in the top 200 thousand or it has more traffic than 99.8% of all web sites. Not bad for an outlaw web site on the dark side of the force. Darth Vader would be proud.

Now the problem with that is big sites need big backbone access and that means that Elbonia would never work for Kevin Allen, AKA Keev. Now, I haven’t figured out a revenue model for this nasty site, There is no advertising, no pay per view or pay per entry and the average visitor clicks less than one additional page after entering, still that’s a lot of traffic to get which must be handled even if there is no profit motive to the site as previously mentioned.