Friday, April 13, 2007

MORE computergate!

This story does not stop! All eyes are now on Karl Rove...

Rove's lawyer argues that all of his 2005-and-before emails on RNC servers were deleted by accident. Not deleted from Rove's computers. Deleted from the servers. Presumably, that means the ones in Tennessee. By accident. And Karl Rove's emails were the only ones deleted from those servers -- even though dozens of other people in the White House used those RNC accounts.

That sound very likely to you?

But wait -- there's more: On January 23, 2006, Fitz sent a letter to Scooter Libby's attorneys which included these words:
...we advise you that we have learned that not all email of the Ofice of Vice President and the Executive Office of President for certain time periods in 2003 were preserved through the normal archiving process on the White House computer system.
There's more than one way to interpret those words. The most obvious interpretation: Fitz had learned about the RNC emails but did not possess them at that time.

And that is why CREW is asking Fitz to re-open the case against Karl Rove.
Melanie Sloan, CREW's executive director, said today, "It looks like Karl Rove may well have destroyed evidence that implicated him in the White House's orchestrated efforts to leak Valerie Plame Wilson's covert identity to the press in retaliation against her husband, former Ambassador Joseph Wilson." Sloan continued, "Special Counsel Fitzgerald should immediately reopen his investigation into whether Rove took part in the leak as well as whether he obstructed justice in the ensuing leak investigation."

21 comments:

Anonymous said...

geez, it is happening faster than anyone could possibly keep up with! i'm exhausted just trying.

a couple of things. first, the way i interpret luskin's excuse is that rove deleted his emails 'assuming' his emails were being preserved and archived. but this would assume they would be archived on the server.

and yes, fitz must have been privy to this whole aspect of the story. in fact, emptywheel has an excellent parsing of his role in all this and the implications over on FDL, so check that out. her take is that the CREW call for fitz to reopen the investigation of rove will not make any diff or a number of reasons. first, the investigation remains open 'until any new evidence emerges.' second, if fitz knew about the rnc emails, etc., then he has likely done at least an on-site forensic of those computers and servers. at least at the WH. not sure about the rnc/smartech stuff. in any case, that initial forensic pass must not have yielded much, cuz here we sit.

still, marcy suggests that this might be a great time for conyers and waxman and leahy (OH MY!!) to invite fitz back again for a discussion of evidence to see where they can go with things. i don't know the legal limits and parameters of such an invite; he turned down the first one because he did not feel it 'appropriate;' but perhaps there is a clue in his note as to what would be appropriate so they could craft the invite accordingly.

in any case, i continue to be amused by leahy's obervation a few weeks ago that every tree they've gone up, they've found a cat; just think what things'll look like in six months!!

Anonymous said...

The British government searched the world to get hold of the rifles used by the unit that murdered 13 people in Derry on Bloody Sunday. Some were destroyed by the army so they couldn't be used in evidence, but that's not my point. It can't be too difficult to get hold of most of those supposedly destroyed emails, and records concerning them, even if records have been removed from the Tennessee server. Subpoena Rove's f*cking hard drive.

b

Uncle $cam said...

Your Crew linky no worky...

Anonymous said...

The following domains are mentioned in the headers of the bounce message received when you send an email to
postmaster@gwb43.com:

mailscan1.smartechcorp.net
mailscan2.smartechcorp.net
localhost.smartechcorp.net
rnc-exchange1.rnchq.org
mail2.rnchq.org
rnc-bes.rnchq.org

"BES" probably stands for "BlackBerry Enterprise Server".

A BlackBerry Enterprise Server uses push technology to route emails direct to a user’s BlackBerry handheld, without their needing to request or download it.

So subpoena their f*cking Blackberries too.

I'm no techie, but doesn't this mean the Republican party was given permission to operate a wireless communications network inside the White House?

b

Anonymous said...

Susan Ralston told two Abramoff lobbyists: “I now have an RNC blackberry which you can use to e-mail me at any time. No security issues like my WH email.”

Better not use the government's comms. Best to use the GOP's. Bad for security otherwise.

Anonymous said...

Rove probably routinely "permanently deleted" his emails on his RNC blackberry by pressing the "delete all" on any given date.

So even if you get rove's BB, he's probably already deleted all emails from his BB.

I am sure Rove and company knew that stealing elections, firing US attorneys, using fed military money to pay off their buddies who helped steal the election, blowing the whistle on Valerie Plame, were all illegal activities hence the plan from the beginning to delete all emails.

since they are in control, the RNC, they'll do anything they damn well want, including deliberate destruction of WH emails. No one can make them cough up these emails.

Anonymous said...

IMHO, Congressional Democrats need to get tougher than just issuing subpoenas; they need to get court-ordered search warrants and commandeer the Capitol police force to raid and confiscate the records and computer equipment desired to determine for themselves what is evidentiary to the crimes suspected. These crooked Republicans will not willingly hand over the most devastating of their email and other evidence. It would be like trying to subpoena and get cooperation from a narco trafficker in handing over the evidence that would convict him/her. These GOP in the WH are professional liars and hardened criminals, and must be treated as such.

Anonymous said...

b,

can you please post FULL header. Would be nice to see. (Scrub your own email info off of it first)

thx

Anonymous said...

We all need to keep something in mind...even though Rove deleted all of his emails, his emails were with other people...not to himself, which means if "they" did not delete "theirs," we've got a real shot at nailing the whole fucking bunch of them.

Then try them all for treason, and punish accordingly.

Anonymous said...

Unfortunately, I don't know how to be sure that I've scrubbed out all of my own email info. Can I send it to you privately??

Alternatively, you could email postmaster@gwb43.com and see what bounce you get. I received the bounce in slightly less than an hour. My email simply said "hello".

b

Anonymous said...

I didn't realize it would eventually bounce in an hour. I would think postmaster@ would be valid address..

I'd be interested in the lines
*.rnc.org [127.23.231.2]
and smartechcorp.net lines


(Could you repost your above list with the IP addresses from the header)

Anonymous said...

Joseph,
You seem to be igniting all kinds of sparks!
Computergate is catching on nicely, but have you read Scott Ritter's newest article about AIPAC? Now if that topic catches on like Computergate, we might head off the war with Iran.
XXXXXXXXXX these are all my fingers and toes crossed!

Anonymous said...

IP etc. info as follows:

mailscan1.smartechcorp.net[64.203.97.101]
mailscan2.smartechcorp.net [64.203.98.245]
localhost.smartechcorp.net [127.0.0.1]
rnc-exchange1.rnchq.org (mail2.rnchq.org [65.114.142.14])
mail2.rnchq.org [65.114.142.14]
rnc-bes.rnchq.org [10.1.1.18]
rnc-bes.rnchq.org (SMSSMTP 4.1.0.19)
rnc-exchange1.rnchq.org with Microsoft
SMTPSVC(6.0.3790.1830)



rnc.org - does not appear
[127.23.231.2] - does not appear

The bounce message itself has got 25 lines of headers (counting continued lines as more than one line if they go over to the next line).

The copy of my email, included as 'returned' in the bounce message, itself with full headers, has got a huge wodge of headers, 115 lines, including 30 Received: headers and the following:

X-OriginalArrivalTime:
X-Antispam-Status:
X-Antispam-Details:
X-Antivirus-Status:
X-Mail-Purify:


I have now sent emails to krove@gwb43.com and gbush@gwb43.com, and a string of random characters @gwb43.com. The purpose of the last-mentioned was to find out whether it got bounced as 'recipient unknown', which might imply that the first two recipients WERE known.

Result: they all got bounced the same way as the one to postmaster@gwb43.com:

Diagnostic-Code: smtp; 554 Transaction failed (too many hops)
[...]
Spam detection software has identified this email as possible spam.


For what it's worth, my first email scored 8.6 on the spam scale. The bounce said that 5.0 points was the threshold. The next three, which in the body text contained a sentence rather than just "hello", scored 5.5. You've got to wonder what happens if the score goes below 5.5, i.e. the message gets past the spam detection. I'll send some more and try to find out :-)

So far each email has been bounced after 55 minutes.

b

PS I've looked again, and I don't know how to get a score below 5.5. This is to judge by the following:

Content analysis details: 5.5 points, 5.0 required)

pts rule name description

4.0 RCVD_HELO_IP_MISMATCH Received: HELO and IP do not match, but should

1.5 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO

0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.5541]


But none of my emails were forged. I sent them from a legitimate account, the same way I send my normal emails. Do you have to have some kind of security clearance for your emails to accepted??

I think the line about "five million" emails may be misdirection. Most of the killer dirt was probably sent from about 10 accounts.

The bounce messages had headers saying:

Auto-Submitted: auto-replied

Meaning??

Anonymous said...

The SMTP server does give a warning (mailscan1.smartechcorp.net) that it does not accept mail from IP that have no reverse dns. It is possible you are sending from you home DSL or whatever and you have no reverse DNS.

I cannot corroborate this headers, it probably isn't made up by Rovian operative.. but I cannot get any email to bounce back. Anyone else have headers (scrub your IP and adddress)

Anonymous said...

one more thing.
This could mean that the emails are NOT in fact in TN servers. It is possible the smartech servers forward on intranet to RNCHQ which might be in VA

My guess is c-net 208.241.56 MCI in VA
208.241.56.2(US) exchange.rnchq.org
208.241.56.3(US) exchange2.rnchq.org
208.241.56.6(US) rnc-virusscan2.rnchq.org
208.241.56.7(US) rnc-virusscan.rnchq.org
208.241.56.10(US) rnc1.rnchq.org
208.241.56.20(US) rnc-exchange1.rnchq.org
208.241.56.21(US) rnc-exchange2.rnchq.org
208.241.56.28(US) (gopcontact.org)

Seems to correlate. Now those would be on intranet numbers like 10.0.0.1 and from there it would be "checked" by webmail interface or straight to Blackberry.

You would need an email FROM someone at gwb43.com to really tell. As yet there are none.

Anonymous said...

Hi anon. I am indeed sending from my home DSL.

Is "65.114.142.14" new info? Couldn't find any refs on the web, either in connection to Emailgate or otherwise.

A search at samspade.org gives:

========================

65.114.142.14 = [ mail2.rnchq.org ]


(Asked whois.arin.net:43 about +65.114.142.14

OrgName: Qwest Communications Corporation
OrgID: QCC-18
Address: 1801 California Street
City: Denver
StateProv: CO
PostalCode: 80202
Country: US
NetRange: 65.112.0.0 - 65.127.255.255
CIDR: 65.112.0.0/12
NetName: QWEST-INET-10
NetHandle: NET-65-112-0-0-1
Parent: NET-65-0-0-0-0
NetType: Direct Allocation
NameServer: DCA-ANS-01.INET.QWEST.NET
NameServer: SVL-ANS-01.INET.QWEST.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
Comment: NOTE: For abuse issues please email abuse@qwest.net.
RegDate: 2001-01-04
Updated: 2005-11-15
OrgAbuseHandle: QIA2-ARIN
OrgAbuseName: Qwest Abuse
OrgAbusePhone: 1-877-886-6515
OrgAbuseEmail: abuse@qwest.net
OrgNOCHandle: QIN-ARIN
OrgNOCName: Qwest IP NOC
OrgNOCPhone: 1-877-886-6515
OrgNOCEmail: support@qwestip.net
OrgTechHandle: QIA-ARIN
OrgTechName: Qwest IP Admin
OrgTechPhone: 1-877-886-6515
OrgTechEmail: ipadmin@qwest.com
OrgName: AIRNET GROUP INC
OrgID: AIRNE-62
Address: 310 1ST ST SE
City: WASHINGTON
StateProv: DC
PostalCode: 20003
Country: US
NetRange: 65.114.142.0 - 65.114.142.255
CIDR: 65.114.142.0/24
NetName: Q1208-65-114-142-0
NetHandle: NET-65-114-142-0-1
Parent: NET-65-112-0-0-1
NetType: Reassigned
Comment:
RegDate: 2006-12-08
Updated: 2006-12-08
RAbuseHandle: KCA78-ARIN
RAbuseName: Campbell Keith
RAbusePhone: 1-423-664-7678
RAbuseEmail: kcampbell@airnetgroup.com
OrgTechHandle: KCA78-ARIN
OrgTechName: Campbell Keith
OrgTechPhone: 1-423-664-7678
OrgTechEmail: kcampbell@airnetgroup.com

======================

Thats the same Qwest that Joe Nacchio was CEO of.

b

Anonymous said...

From the info for 65.114.142.14:

===================
OrgName: AIRNET GROUP INC
OrgID: AIRNE-62
Address: 310 1ST ST SE
City: WASHINGTON
===================

So the postal address listed for the Airnet Group isn't their real address in Chattanooga; it's the address of the RNC in Washington.

b

Anonymous said...

Check out 65.114.142.14, it's interesting:

This search yields:

=======================
c-net 65.114.142

AS209(Qwest Qwest Communications)65.114.142.7(US) mail1.rnchq.org
65.114.142.8(US) (virusscan1.rnchq.org) MISSING
65.114.142.11(US) (rncftp.com) MISSING
(rncftp.org) MISSING
65.114.142.14(US) mail2.rnchq.org
65.114.142.15(US) mail3.rnchq.org
65.114.142.19(US) (virusscan2.rnchq.org) MISSING
=======================


Click here for a nice diagram featuring mail3.rnchq.org, a couple of '65' IPs, and how they connect to the '64's and '209's' already talked about.

b

Anonymous said...

I got this interesting bounce message for turdblossom@gwb43.com

From: postmaster@rnchq.org
Subject: Delivery Status Notification (Failure)

Unable to deliver message to the following recipients, because the message was forwarded more than the maximum allowed times. This could indicate a mail loop.

Final-Recipient: rfc822;turdblossom@gwb43.com
Action: failed
Status: 4.4.6

Joseph Cannon said...

Try gwb@gwb43.com...

Couldn't hurt.

Anonymous said...

Good guess! My email to gwb@gwb43.com didn't bounce (yet).