Archive for the ‘The Hun’ Category

I Speak The Truth

June 12, 2007

You can always tell when you speak the truth when people try to shut you up.  I have reached the point where my feed stats exceed my blog stats which means my regular readers exceed my total readers.

It seems I’m suffering a denial of access attack.

I would have never noticed except I dropped from 300 viwers to 20 overnight and my feed stats were still above 40 per day. 

 When the Feds want to fuck with you, they will.

Oh well, I was always writing to document the crap said at trial so I will write until the appeal is over. 

The question is why stop me if I’m wrong. At least you know the basis of appeal if I stay on line.

Are Honeypots Legal?

May 23, 2007

Maybe – It sort of depends on the type of honeypot, who owns it, The Judge, The Jury, and The Lawyers and who tells the truth and who believes in the truth or lies. In the case of a kiddie porn trial, legality plays a minor role as emotions rule the day.

So let’s take a look at clearly illegal activity. I click on a link to a “free pzzle Inlay Game” and am automatically redirected to a pornsite which may contain kiddie porn which they probably stole from the National Archive of Kiddie Porn. They then offer a security program which will remove the 600 porn pictures on the machine. If you are part of the 86% who occasionally visit porn of any kind, there will be other pictures on your machine and no one will believe you. If you pay the extortion you lose, if you don’t you lose. Clearly you are a victim of fraud and extortion and you have no way to prove it or any place to turn for help. It’s not a honeypot, it’s illegal and no one cares.

The classic honeypot is a marvelous piece of work and very legal. The portal seemed to be Americanthumbs.com which as I said before barely had any really nasty pictures. Some were young and all of them had rating and age data associated with them. Now you never had to click a link and even though 60 images were loaded onto your machine, you simply did not have to play the game. You could have clicked on the older full figured woman and left.

However, if you stayed, and clicked on the young but fully clothed schoolgirls, they were probably starting to mine your information and create a file on you. Probably each time you returned or went to a sister site the pictures got a little worse. Corinnas.com and Sugarthumbs.com were also part of the game as were other sites from the UCJ Traffic Trading game.  Just by staying with the UCJ family of porn sites you could develop a hell of a collection of kiddie porn from the National Archie of Hashed Kiddie Porn Pictures which would be remarkably easy for a Data Miner to find and associate it with a list of all the sites visited on your machine.

So what happens now???

They have full knowledge of your machine and they have to wait for you to do something clearly wrong, like distribute (email a file) or publish on your own site or to self incriminate in some way but what if you do nothing????

Well now it gets a little greyish and very messy and here’s where the stinkpots comes in.

When you go to a site like young-models.org, you don’t get many elegant chances to self incriminate youself. It just keeps loading you up with nastier and nastier porn and you get hundreds of images per session and then they shut you down with a Trojan which seals your machine. You don get a chance to click a link as the spawned pages keep coming with more and more images and the only way to stop it is to pull the plug.

You have entered the wrong neighborhood so a law enforcement officer damages your machine so you self incriminate at a repair shop so they catch you. This sounds like just a little more than entrapment it sounds a whole like aiding and abetting in the process and speeding it along. I mean if Jack Kavorikean was guilty of accelerating the death of people that were dying, these cops are accelerating the apparent moral decline of a person with bad taste.

I can’t even believe that in the day and age of the Patriot Act that this process is truly legal which is why at trial the Federal Agents deny knowing about the use of honeypots even though it’s common knowledge to the rest of the world. .

Cops and Honeypots?

May 22, 2007

 Does Law Enforcement Use Honeypots?

Oh Hell yeah! And there use is almost a no “brainer”.

As soon as the military had created an Internet for secure redundant communications, they started to develop defenses for it. And just like the defense of any secret installation, the first protective devices were retaliatory in nature. If their information seeking honeypots could not track you or identify you and the attack persisted, they had to take you out with a shutdown command or a virus or Trojan command on your computer. In the world of Spy verses Spy verses Spy, there are not many rules or for that matter not many complains of unfair practices.

Now in the area of Domestic use by the FBI, there is a rich body of literature and you can Google Law Enforcement honeypots and FBI’s honeypot to start exploring the area. Seems that every time the FBI works with an outside contractor, there’s another article published about the success and an offer to do the same for your business. Because of the large blocks of IP’s in use worldwide by Military, Governments and Financial Institutions there could be Billions of honeypots in use globally. The problem of stumbling on a honeypot for spammers is so big, that there is a program offered for sale called Honeypot Hunter ($495) which identifies which sites are protected by honeypots and lists of Honeypots and their owners are also online.

So everybody who uses the net probably has daily exposure to honeypots. The most commonly cited use of Government Honeypots is the Military and government protecting their secrets, the FBI defending big business, especially Financial Institutions, and gathering information on citizens who have kiddie porn on their machines. Since all of the images that were ever on a page that your machine went to are still on your machine, and since 86% of all men who are on line occasionally surf porn, I’d have to guess that half the machines in America have at least one illegal picture of kiddie porn.

Read the Article in Wikipedia on Child Pornography which discusses the use of Honeypots to track users and also, a claim at a Law Enforcement Conference that all Child Porn Distribution was Owned by Law Enforcement.

They said it – I believe it and that settles it.

Do You Yahoo at My Web???

May 16, 2007

Most of us use the msn.com default homepage and get zapped with more than a dozen cookies as we turn the machine on and check our Hotmail account. It really is informative to check the visible information to check what is passed in the cookies. Where a line is unknown, I’ll just use “line unknown” instead of a bunch of encrypted stuff that I don’t understand. Where I do have an idea, I’ll put it in the second column.

I’ll be skipping a lot of cookies that are meaningless to me so as only to get to the essentials.

CULTURE                 What Culture?
EN-US                        United States English speaking
msn.com                     Company Address
1024                            User Class maybe big business
Line Unknown
Line Unknown
Line Unknown
29854330                 Cookie ID

MUID                        Microsoft User Identification?
753AB7F41(etc.)      My Encrypted ID
msn.com                    Company Address
1024                           User Class maybe big business
Line Unknown
Line Unknown
Line Unknown
29854330                 Cookie ID

MSPPre                     Not sure
mr_fat@hotmail.com    My Email Account in plain English (an example)
login.live.com            Company Address
1024                           User Class maybe big business
Line Unknown
Line Unknown
Line Unknown
29854330                  Cookie ID

MSPCID                     Microsoft PC Identification Number
7cfde65372a37c3a    My Machine’s Encrypted ID
login.live.com             Company Address
1024                            User Class maybe big business
Line Unknown
Line Unknown
Line Unknown
29854330                   Cookie ID

Now that we have checked the email and the cookies are carrying my Microsoft identity, my Hotmail name and my machine ID, how about surfing a little porn over at hotteens.com


__utm(a b or z)         Three cookies are set. One for a, b & z.
Mess of numbers       Line used for Google Analytics.
hotteens.com/            Company Name
1600                            User Class probably porn.
Line Unknown
Line Unknown
Line Unknown
29854330                  Cookie ID

So our porn habits are measured by Google Analytics and tracked to my microsoft identity, my hotmail name, and my machine ID through my Cookie ID. Now lets see what happens when we click the My Web Button for Yahoo.

Line Unknown
Line Unknown
yahoo.com                 Company ID
1024                           User Class Probably big business
342532096               Ties Yahoo button to hotteens account
32065574                  Ties Yahoo button to hotteens account
29854330                  Cookie ID

Yahoo then asks you to sign in with your yahoo account to put the page in your My Web Folder.


Can anybody deny who they are, what machine was used, and where they went? Unfortunately, anybody that read my first post on this subject knows that I never asked to go to hotteens.com, I was automatically redirected there.

Stalking the Carnivore.

May 13, 2007

Never believe that the FBI’s Carnivore is extinct. Like any other animal it actually leaves tracks while stalking you. This program is done in cooperation with your local ISP and for some reason contact is made through them. This is like a lion using a gazelle as a front to stalk a human.

It seems if you are using Norton Internet Security, your very first on line update is controlled through a contact with your local ISP. If you’re using Pccillin, you have incessant messages that your local ISP is attempting to make contact with your machine through a wireless connection – even when your using a LAN

The real proof comes when you check your Virtual Server Setup on your Internet router and all of a sudden the epiphany hits and you want to puke – not out of fear but disgust at what your government is doing to its citizens in the name of security.

A virtual server is a method of partitioning your hard drive such that every partition can operate as an independent machine. Each server will have it’s own full fledged operating system and each server can be independently rebooted. Remember when I complained about sneak a peak warrants and someone turning on my machines. Remember when I complained about by rapidly shrinking hard drive. Seems all those other independently operating servers take space and can be rebooted by their controller without being present. No shit this explains it all.

Right now my machines are set up by someone other than me to allow traffic from Virtual Servers through a private IP of 0.0.0.0 which you may recall is the IP on the router which bypasses the firewall. I have virtual servers to handle FTP (Ports 20/21), HTTP (port 80), HTTPS (port 443), DNS (port 53), SMTP (port 25), POP3 (port 110), and Telnet (port 23). Hey those are all pretty normal servers and the Russian mafia might want to use them.

How about i2eye (port 1720?) This is patent pending technology from D-link which happened to manufacture my router which is designed originally for enhanced streaming video technology to Televisions so I’m not sure why its on my machine as I have never knowingly downloaded a audio or video, and don’t have a TV card. Also, I reset the router to factory defaults three times in the past week so none of this crap should be on it.

Of course PPTP was enabled through port 1723 which allowed the virtual machine to operate on point to point contact basis through a secure channel using IPSec on port 500. No wonder I can’t figure out how to find out whats stored on my machines or how to remove it. The machines have their own operating systems, have encrypted content, unique encoded keys and are immune from programs which can snoop on them.

How do I know it’s Carnivore. Easy.

DCS 1000 is also on my machine operating through port 80. This is the new user friendly name for the FBI’s Carnivore which sounded too much like a predator.

With all this shit on my machine, it’s hard to tell what is real and what’s not. Have I been getting valid research and making actual posts or just looking at the results from virtual servers on my own machine?

And I thought The Truman Show was a fucked up movie.

Post script. So in order to get the post on line I wiped out all of that shit and reset the router while it was off line. In spite, it added NetMeeting at port 1720 and DSC-2000 to the virtual server list – Cool Technology??????

One of Dem Dayz!

May 12, 2007

Today is one of those days  where I’m gettin my ass beat.  Seems my last post on who’s copping a piece of young models must have pissed off a few people.  My network went down at work. The last time it happened, it was a fried antenna and it took a couple of days to fix it which means it’s not likely to happen tomorrow.

On my other access network, my so called “counterfit” windows (If they can fuck with me I can use a small w in windows) is giving me a case of the ass.  It started by saying my hardware had changed and I had to update the system.  Then it said my addition was counterfit and I needed to contact them. The last time it said , I had used the number too many times and it was no longer valid.

Each time it gathered more information(enough for another post) and finally it said for $99 they would issue a new product key and I could keep using my bogus addition.

Funny thing, I think it really was Microsoft on a phishing trip for Uncle Sam. So much for their privacy promises.

I’m typing this on a laptop so I apoligize for the errors.  I’ll get it into it’s docking station tomorrow so I can jerk their tools somemore.

Stalking Young Models!

May 11, 2007

One of the excuses for not taking down Kiddie porn sites is that it’s hard to track this illegal activity. When I started this blog, American Thumbs was up and running and operating out of a host in Sayerville, NJ. It was relatively easy to track because a big business needs a fat pipe to serve their constituency.

The easiest way to track kiddie porn is to get an understanding of the needs of big business. If this crap were being served from hijacked machines it would be too slow. IP numbers would be changing by the second and most servers would be on very slow connections. This concept worked for email for a while because the file size was so small. But kiddie porn is downloading pictures and in some cases hundreds of them. That means a real big time connection to a real fat fiber optic backbone which is connected nationally and to the world from multiple locations.

Banks and other big businesses are the same, they need multiple co-locations across the nation to avoid the impact of hacker attacks or natural disasters. The only other requirement is a host so sleazy that they have no concern where there money comes from. This host is also a facilitator in the distribution of Kiddie porn so is probably a criminal also. For that matter, the group that owns the equipment in the kiddie porn co-locations probably is in possession of kiddie porn to the extent that if young-models.org fails to pay their huge bill, they own the machines and the material stored on it.

For those that want to learn how to stalk the distributors of kiddie porn, there’s an excellent book called “Internet Forensics” by Robert Jones. This book is written in a style that it is easy to use and understand. Maybe it seemed that way to me because I was familiar with most of the techniques before I bought the book. Still, as a desktop companion, it’s been invaluable.

Essentially, we use a tool called trace route which tracks the request for a website along a path to a specific location. The problem is that if the IP is variable the results will change. Also, if the site is being hosted from different locations, the routes will be different and could make it appear as if it’s moving. The second concept is looking glass sites which are hosts around the world that let you track a website from their location in their country as if you were one of their customers. The final set of tools is a whois search and a Google search of all the players along the route to determine when it was passed from a “responsible” big business serving corporate America to a sleazy host serving kiddie porn.

The easiest people to squeeze are not the sleaze doing business with the owners of sites serving pictures from The National Archive of Hashed Kiddie Porn Pictures but the Big Business that is using public right of ways and benefiting from government subsidies to distribute that crap. They are the ones collecting checks from the porn host and they are guilty of kiddie porn distribution.

The problem is if the government owns the kiddie porn sites, no one will go after the distributor.

The Next post Names the Names behind Young Models ability to distribute Trojans and Kiddie Porn Pics to the world.

Is the Russian Mafia Paying royalty?

May 11, 2007

The security industry is buzzing with news of a new Russian Trojans which has some almost unbelievable powers. Instead of just hijacking your machine and sending the information back to one master, it can hijack your machine and send the results to several IP’s in a group meeting. Glad to see that the security industry is catching up with the claims I made here and here. On top of that the Trojan is stealing the user certificates associated with the machine and transmitting the number with the other information.

Now I hadn’t really dwelt on the use of the user certificate as a national identity for a user and a machine but thats exactly what it is. It is more private and dangerous to share that a social security number and everyone is aware of those dangers. In a previous post I discussed the concept of people self- incriminating when their national identity number of their machine has been altered.

I expect in the future we will see phishing sites that warn of an altered user certificate and offering to correct this situation for a fee. In bundled software, they will also offer to include a free check for kiddie porn and removal of that for an additional fee.

Now this may be why it was so easy during the trial for me to have shut down two machines instantly, just by researching the terms mentioned in the newspaper and so hard to shutdown machines that were on the same network. They have been letting me fuck with them because my national identity has been established which links the machine and operating system to me in a fairly indisputable manner.

Now remember every picture in this trial is from the National Archive of Hashed Kiddie Porn and search as I might I had not been ale to find a single one on line until I reached young-models.org. All of a sudden I am seeing really nasty shit like shown at the trial and getting hit with Military Strength Trojan.

I think two things have changed. Many sites like hot teens and young babes have suggestive names which are used by the government to establish a pattern and then a second site like young-models.org is used to take you out once the old babe sites with young names have set cookies related to your unique machine identity number, placed excessive numbers of nudes on your machine and created a pattern of use with similar young names from the spawned sites.

I wounder if the Russian Mafia is paying Royalty to the US Government for all of the nasty Trojans and Worms developed for the war on Kiddie Porn. Rember every site discussed in detail was “Born in the USA”. If you really want to know the next security threat, you shouldn’t be reading newsrooms and websites, you should be searching for Hashed photos of Kiddie Porn from the National Archive. When you find them, you’ll find a stinkpot delivering both kiddie porn and Military Strength, State of the Art Trojans.

Counterfeit Windows?

May 10, 2007

After my code grabbing foray to young-models.org, and the damage assessment, I restarted the machine which told me I had substantial changes in my hardware and had to reactivate my Windows Operating system within 3 days or my machine would crash. Of course there were no changes to hardware.

I did what every kid would do, I ignored it and started surfing the web. I had so many pop-ups from Microsoft asking me to reactivate my operating system that I finally decided to do it. I went on line and was told that it’s not an equipment problem but that I was using a Counterfeit copy of Windows XP and that I should either purchase a legal copy or work with them to resolve the issue. They even have an 800 number. This machine was updated and activated in the states and had been used online for 3 months.

Can’t you just imagine the call:

Hi Bill, this is the Fat Savage who is publishing a site about Trojans, and Kiddie Porn and being attacked by the Russian Mafia and the US Government with Military Strength Trojans that attack both Linux and Windows XP and while I was at this nasty site called young-models.org, they fucked my machine and changed my registry number so I’d like to straighten this mess out.

My Name Oh Yeah I’m the Fat Savage.
My Address – What’s the difference
My Phone – You already tracked it but it’s one of those drug dealer phones you buy at K-mart and pay a kid Ten Bucks to figure out how to activate it. It was purchased for cash.

Hey do you even care about the original product key number on the package or do you just want my mothers maiden name and the Internet account number.

Oh – Those were the next two questions

Bye, I’ll figure this out myself.

Young-models.org is Deceitful!

May 9, 2007

I really hate to go to this site because it is so aggressive. Everything about it is just plane nasty, the code is written in hexadecimal to obscure the meaning, in Javascript which few people use at all and php because whatever active shit they want to serve is done at the server before it hits your machine.

In this case the hidden code is used to detect your operating system, browser and cookies and deliver pop-ups and Trojans according to your machines likely weakness. When I went to rip the code on a Windows machine, (It turns out to be the same on the Linux machine) it ran its little Javascript and called up a very interestingly named site which was used to deliver the spawned serving of more nasty kiddie porn sites. I think I got 800 pictures and it only took me 6 minutes to rip the code, print a copy and save the code to work with it. I had to do it all for fear the machine would be shut down. I also got my anti virus trashed, the time changed, it ruined my ability to update, destroyed my index.dat analyzer and more.

The loss of the index.dat Analyzer was most serious. I don’t mind shit on my machine but I like to be able to find where its hidden, print a record and remove it. Oh well, I guess I will have to take this attack serious. It’s a brand new machine and I hate to have to replace it before it’s 3 months old.

The name of the interesting site was “The-Hun.ws”. I always thought thehun.net was a “reputable porn site” (oxymoron) but now I’ll have to look at them closer. Oh lord how the angles are lining up to switch sides but who can tell the good from the bad???

Oh yeah, the other thing the Trojan did was invalidate my Windows Registry Number, but that’s a whole new blog.

Will the stories never end???