Better late than never

Comment

Comment by Laurence A. Lee on November 11, 2008 at 2:38am

I'm very curious to see HPD's capabilities in investigating this case, and would be pleasantly surprised if enough evidence is revealed to bring this to trial.

As a Techie, I've never been a big fan of "Harassment by Impersonation" as a Cyber Crime, and I'm a bit surprised that you believe it's a crime that can be investigated and prosecuted. I'll give the HPD the benefit of the doubt, but I'm not holding my breath.

IMHO, there are too many open holes available to feasibly make the charges stick: An adept criminal can jump on an open Wireless network, sniff/crack keys of a secured Wireless network, or use many of the available Phishing Tools and RootKits to compromise a victim's machine and turn it into a Proxy. It's the same for server logs -- a Rooted server's logs can be cleansed of any incriminating evidence; and Stealth-Rooted Windows Servers are a real PITA to detect without specialized tools and procedures.

The only thing in the investigators' favor is the fact that (on the surface) the responsible party didn't know how to employ such sophisticated techniques.

Let's hope Justice can be served, and charges are brought up against the correctly-identified parties involved.

Comment by Keith Rollman on November 9, 2008 at 4:03pm

I agree with you that the rail issue got people excited, and in the world of political gamesmanship got them, in more than just this case, to act a little reckless.

In order to get the full picture you need to know that none of the individuals invovled in this scenario where set up for covert internet operations. What you mentioned earlier as a mistake on my part not to cloak the identity of a domain registration suprised me a little because there was no intention to hide anything. The GoRailGo was a legal 501c Corp. that decided NOT to use the domain I set aside for them for a lot of reasons, including a desire to maintain complete separation from the mayors campaign organization. but secrecy was never a consideration.

I think the same goes for Ryan and Carroll who did not employ any sophisticated or elusive web strategies. They were not with Stop Rail Now at the time of this email fracus, but operating their own version called Rail Truth Now, and Anybody But Mufi. Their Queen St. office is the location that Gordon Bruce, my boss, who took the day, off traced the phoney email to. I have to add at this point that he also did it from his home and own equipment, NOT city and county hardware. If you don't know Gordo, he is one of the top IT guys in Honolulu. They really didn't make much of an attempt to hide their identity and the IP address is publicly registered to John Carroll. They pretty much just set up a phony email account (mufihannemann@gmail.com) and let her rip. Also this wasn't the first time that fake email and blogs with forged identities invovled have originated from the same IP address so we already had a pretty good fix on them.

Their "press releases" seem to come out a couple of days before major elections, so you can surmise the intent. They obviously didn't like the FirePanos.Wordpress.com web site and have been trying to pin it on me for months so as to disparage the Hannemann campaign. I don't have anything to do with it, and don't know who runs it. The fake email where I supposedly brag about how stupid and sneaky I am is obviously a fraud. intended to "prove" I was involved.

Anyway, within 24 hours of this thing surfacing I fiiled criminal charges with the HPD and stop talking about it. We turned over all our records and files to them and backed away. There is a new law (went into affect just this year) for precisely this kind of malevolent spoofing. It's called harassment by impersonasion and judging by all the questions I've had to answer about a fake email sent in my name I am 100% behind it.

I hope this answers some of your concerns, if the case goes to trial we'll both know a lot more.

Best,

Keith

Comment by Laurence A. Lee on November 9, 2008 at 12:33pm

Hi Keith,

Thanks for jumping on-site and taking the time to answer some questions. The Rail has been one of the most frustrating (and exhausting) issues to keep track of, with both sides passionately flinging bullets to tear down the other side.

In my previous blog post (now "closed" to avoid making this site too Toxic), I was frustrated with a story run by the local media, about a mass-email, apparently with a forged sender, and a forged email-routing trail. KHON reported that you had traced the origin to a physical address within an hour; and (if I recall), KGMB reported that their technicians had done so.

Without knowing the email-tracing methodologies or having a copy of the server log data used, I had to question how a SRN machine was determined to be involved, and who made the determination. When I went through KHON's coverage, it was "too convenient" that you (as someone implicated in the matter) could claim technical authority and point the origin to a server operated by one of your opponents. When KGMB covered the same story, they claimed an internal IT member came to that conclusion.

What really set me off (and got me blogging) was that there was no effort to get an independent Technician involved to audit and validate the claims. So when I first got wind of this email blast, the local media (KHON anyway) took your word and ran with it -- laying the blame and suspicion on SRN.

Had the media obtained an Expert Opinion from an independent, Uninvolved Technician (say, a Senior email administrator from a local ISP) to make the claim, or back up your original claim, I'd have been satisfied that "Due Dilligence" was used in investigating the data on hand, and concluding the SRN HQ machine was involved. That was really all I wanted: a credible "on-the-record" opinion from an uninvolved skilled Technician.


From where I sit, the credibility of all sides (FirePanos, SRN, etc) is questionable. I will submit, the SRN/Anti-Mufi people put out almost as much propaganda and use as much dirty-tactics as the FirePanos people. This was why I was very interested finding out who got caught "red handed" with this bulk-email, to determine "once and for all" which side deserves some credibility. Sadly, without the server-log data preserved or published, the trail got cold and the issue was pretty much forgotten, except for the HPD investigation.


More recently, a press release on October 31 (now the front-page of the anybodybutmufi.com website) throws out even more accusations. Particularly alarming is an email response from James Burke touted on that website, which appears to be an email response to the "Keith Rollman" as the sender of the bulk email campaign in question. As this is only a PDF copy with no verifiable origin, I can only ask "WTF?" and question whether or not that email really is part of the HPD investigation as the press release claims.

It's been dirty tactics all throughout the weeks leading up to the election. My head is still spinning, trying to sort out truth from deception, in an attempt to nail the Jello to the Wall.


To satisfy my curiosity, though.. I'd be very interested to know what steps were taken to identify the IP Address of the machine involved, and how the IP was mapped to a physical address in under an hour. Thanks!