owner-sievx-news
Sat, 19 Jul 2003 23:11:40 -0700
SUBVERSIVES.COM? by Marg Hutton 20 July 2003 [a hyperlinked version of this article is available at: http://sievx.com/archives/2003_07-08/20030720.shtml ] '90East helps ASIO ferret out spies and subversive elements. "There's a process established by which we inform our highly protected customers of what's going on and give them as much information as possible."' Brian Denehy, quoted by Paul Ham in 'The Men who hold off Canberra's cyber siege', SMH, 3 December 2002 Last December we were proud to announce that sievx.com is now being archived twice a year by the National Library of Australia which downloads our entire site to preserve it for future scholarship. More recently we have discovered that a significant proportion of sievx.com is being downloaded every night by government watchdogs - either an as yet unknown government department or the outsourced private company that handles its internet security (90East.com). It is one thing to surmise that sievx.com is probably being regularly monitored by one or more of Australia's national security agencies - it is another thing to now be sure that this is actually happening, to learn how comprehensive and frequent it is, and to read about the somewhat disturbing company in which we have apparently been categorised. We explain below (with some unavoidable technical detail) what we recently discovered and how. How we found out we were being swept by 90East.com or one of its government clients Over the last few months we have noticed a sharp increase in traffic to sievx.com from computers identified by two IP numbers - 152.91.9.13, also known as coopers.sge.net and 152.91.9.43, also known as limonite.sge.net. (IP stands for Internet protocol - an IP number or address is the unique number of each computer connected to the Internet) The increase was so dramatic - upwards of 600 hits per day from the first IP number - that we decided to investigate further. On examining our logs we discovered an interesting pattern - every morning in the wee small hours, at exactly 1.42 or 1.43am, sievx.com is visited by the first IP number which stays for around three hours and sweeps the website, downloading and/or scanning a significant proportion of our files - about 600 every visit. Later in the morning on weekdays it returns and examines about half a dozen pages - the ones that have been added, edited or linked during the previous day. We can see how this could be useful for government agencies interested in our work - to get a daily update on any new material we put up. Essentially it is the same job that Media Monitors, a press clipping service, does. The difference is that Media Monitors acts in a transparent manner and declares which newspapers and journals it monitors. Here is a list of some of the activity on sievx.com by coopers.sge.net (152.91.9.13) during the last week: 14 July - 631 pages swept (starts at 1.42am and ends at 4.42am) 15 July - 665 pages swept (starts at 1.42am and ends at 4.42am - then on again at 10.13am and views about five pages) 16 July - 617 pages swept (starts at 1.43am and ends at 4.43am) 17 July - 651 pages swept (starts at 1.43am and ends at 4.43am - then on again at 9.43am and views one page) 18 July - 666 pages swept (starts at 1.43am and ends at 4.43am - then on again at 9.24am and views five pages and off at 9.36am) Over the last year sievx.com has received an astonishing 50,000 hits in total from these two IP numbers. Not surprisingly we began to wonder about who 152.91.9.13 and 152.91.9.43 might be and why they are so interested in sievx.com. Using Google we were able to establish an incidental link between the second IP number and the Australian Federal Police from a message posted by someone using an AFP email address on a message board which was posted from a computer with the same IP address. Using the web detection tools publicly available at samspade.org we were also able to discover that both IP numbers supposedly originate from the Department of Primary Industries and Energy. (see screensaves 1 and 2) But the Department of Primary Industries and Energy no longer exists - it is now the Department of Agriculture, Fisheries and Forestry Australia. When we did a 'who is' on the IP numbers (found doing a reverse DNS check) of government departments that might be interested in surveillance of sievx.com, such as ASIO, the Attorney Generals and the AFP, they all showed up as the 'Department of Primary Industries and Energy'. (see screensaves 1 and 2) So ASIO or AFP computers may well show up on web logs as being from the Department of Primary Industries and Energy, just like our regular visitors to sievx.com. And these government departments have another characteristic in common. The technical contact for the internet domains of all these departments is listed as Brian V. Denehy of 90East.com, a private internet security company. 90East.com 'handles web security for ASIO, the cabinet office and most government departments.' 'ASIO... is one of several "highly protected clients who are grouped together in a single cluster"' 'Former Defence Signals Directorate and Australian Defence Force Academy experts manage the little private company'. (Ham , op. Cit) 90East.com hosts a wide range of government departments. Most departments hosted by them appear to have their mail servers on www.sge.net (which appears to be an alternative for or an earlier incarnation of 90East.com). The home link of www.sge.net does not explain what SGE is, but instead shows two pretentious quotes about war and intelligence gathering: "Thus it is said that one who knows the enemy and knows himself will not be endangered in a hundred engagements. One who does not know the enemy but knows himself will sometimes be victorious, sometimes meet with defeat. One who knows neither the enemy nor himself will invariably be defeated in every engagement." -Sun Tzu, Chou Dynasty: Warring States period of China (circa 403 BC) "Where it is possible to guard against a foreseeable risk which, though perhaps not great, nevertheless cannot be called remote or fanciful, by adopting means which involves little difficulty or expense, the failure to adopt such means will in general be negligent." -Chief Justice Gibbs of the High Court: Turner v The State of South Australia (1982). Why all this assiduous intellingence gathering on sievx.com? Government ministers have consistently played down the concerns raised about the SIEVX affair implying that there is no genuine cause for alarm about the sinking of SIEVX and that those who do have concerns have overly fertile imaginations. Yet the government or its security advisers are closely and expensively monitoring this website. Perhaps the reason for this is the high profile work of SIEVX advocate Tony Kevin. As a former senior Australian Diplomat, Tony Kevin is a highly credible spokesperson, attracting regular attention in the mainstream media, keeping the issue and questions about possible government complicity in the public eye. While the website sievx.com and Tony Kevin are quite separate, our work is complementary. So perhaps the government is keeping a close eye on sievx.com in order to keep up with what Tony Kevin and this website may reveal next. When Tony Kevin heard of this scrutiny of sievx.com, he said: "We are neither spies nor subversive elements. We are seeking to help uphold in Australia well-accepted principles of the rule of law, equal justice for all, and respect for the Senate's powers of independent review and scrutiny of government. There is nothing remotely subversive about these goals. Our pursuit of the truth of how SIEVX sank and how Australian national security agencies are helping to cover up aspects of the SIEVX history is entirely consistent with these principles." Once again, we must ask the question - if the Australian Government has nothing to hide in relation to its handling of the SIEVX tragedy, why is it so worried that it has to keep daily tabs on what we are doing? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This list is hosted by http://sievx.com SIEVX-NEWS is a low-traffic list for disseminating news about the SIEVX Affair. To unsubscribe: send a message to [EMAIL PROTECTED] with 'unsubscribe sievx-news' in the body. All other requests/comments to [EMAIL PROTECTED] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~