Thursday, March 29, 2007

GWB43/Smartech follow-up

I'm working on a follow-up to my piece on the secret White House communication system. Seems to me that if Smartech receives a subpoena from Waxman, they have to account for the GWB43 emails that have already been made public. So now I have three technical questions for anyone who knows how such businesses operate:

1. Is it possible to wipe the servers?

2. If an ISP gets a subpoena, what constitutes compliance? For example, do they have to turn over the actual machines for forensic analysis?

3. Are there any legitimate "oops" arguments? As in: Oops, we accidentally deleted the mail on that day....

7 comments:

Anonymous said...

aren't there tia and other systems around, so that even wiping the disks wouldn't help.....

Anonymous said...

1. Yes, but it's also possible for the data to have left footprints in multiple places. We have no way to know how diligent they were about keeping communication with those servers secure and/or semi-anonymous. I don't know anything about systems they have in place in the WH to log and/or regulate communications with the outside internet.

2. Don't know about this one, but I would assume it all depends on the wording of the subpoena.

3. Sure, at least to the point of plausible deniability. It might sound like an obvious cover-up, but how likely would it be that anyone could disprove anything they'd like to say short of a whistleblower.

I would think that if there's any data on those GWB43 servers that they don't want getting out, they would have already cleared it out by now. More likely their challenges will be limited to justifying the existence and use of those servers, but they're not going to get caught with anything incriminating in respect to the data or content of those servers.

ViViDVeW said...

So first, the 2 mail servers that DNS servers point to are mailscan1.smartechcorp.net and mailscan2.smartechcorp.net.

These are both Unix servers and appear to only be mail-gateways. They just scan for virus, spam, and the like and then forward the mail on to other internal servers or out to its destination. Without knowing what type of server "houses" the mail for gwb3.com it’s hard to say anything about how easily emails could be wiped without a trace.

My specialty not being email I can only make a few "tech type" assertions.

1) Email from only a certain small number of dates and accounts would be very hard to 'loose' via data loss.
2) Entire groups of accounts or huge swathes of email would be more likely due to data corruption or hardware failure.
3) Any purposeful deletion would leave at least some traces, but a slash and burn approach could make it almost impossible for anyone but a highly skilled computer forensic to recover the delete data. And only then if a raw image of the servers hard drives we're provided in a timely manor. Timely being very key.
4) Email is near the top of backup priorities for most providers, ISP's, ect, so explaining a lack of backup for select accounts or dates would take some fancy footwork.
5) If the other domains listed on Kos that are handled by the same server or server cluster it would be hard to loose data from only one of the domains via anything other purposeful deletion.

I can speak in more detail about some parts of this if anyone cares.

If I could see a FULL raw email, headers and all, coming from one of these email accounts I could tell much more.

ViViDVeW said...

A little bit of Googling and here’s what I got on SMARTech.

Looks like it entire business is built on providing e-services to the GOP. Considering the number of domain names that SMARTech controls for he GOP this could even be a rather important front hub for GOP e-$ to flow through. SMARTech got 3.3 million from the GOP for the 2006 elections.

Owned by Airnet. Only two partners are listed. Stream to You which is also owned by Airnet. Tubatomic Studio also connected to AirNet as well but I’m not sure exactly how. Tubatomic is based in the same town as AirNet, Stream to You, and SMARTech Corp. My guess is that SmarTech is a hollow shell that doesn’t do anything but take the money.


The site news lists
posted: 08-03-2004
We are pleased to annouce the launch of our newly redesigned web site!
But the domain name was only registered 2 months prior, so my guess is it was never there before its “redesign”. The site design is professional but the content looks like it was thrown together overnight. Notice the word “announe” is misspelled in the top news post. All the SMARTech services I’ve found are hosted on IP addresses that belong to AirNet. SMARTech data center is listed as in the “basement of the former Pioneer Bank building”. Guess where AirNet Group’s Data Collocation Center in Chattanooga TN is located? Yup, in the former Pioneer Bank building. AirNet probably owns all the servers. Web Design is handled by Tubatomic and rich media server applications are provided by Stream to You. SMARTech could even be a one man show. No names are listed on their web site and emails addresses are all of the sales@blal.blah and info@blah.blah variety.
The mnemonic naming of SMARTech, AirNet, and Tubatomic all even sound like they came from the same mind or group of minds.

If my picture of SMARTech business model is correct then it would mean that much most of the charges (or at least a lot of the big ones) to the GOP for 2006 where basically made up numbers.
http://www.opensecrets.org/parties/expenddetail.asp?txtName=SMARTECH+CORPORATION&Cmte=RPC&cycle=2006

$200,000 for equipment. My guess is a monthly or quarterly fee is paid to AirNet for hosting servers and internet access (AirNet owns the only direct internet connection in the area according to a news posting on SMARTech’s site). So a large single capital outlay for equipment would be BS. Over $250,000 for “email programming”. Trust me that doesn’t even mean anything.

Whoever runs this SMARTech is an e-moron if this place is a front because almost all this stuff was found out in about an hour by a tech savvy person and a lot of it from SMARTech’s own web site.


Here how I think a subpoena to SMARTtech could look like if the GOP REALLY wanted to hide what’s in SMARTech’s vault.

Congress to SMARTtech: Give us the emails.
SMARTech to Congress: Well you’d have to talk to AirNet about that. It’s all on their servers.
Congress to AirNet: Give us the emails.
AirNet to Congress: We don’t have them anymore.
Congress to AirNet: What do you mean you don’t have them?
AirNet to Congress: Some of SMARTech’s accounts are delinquent. We do not guaranty data retention for accounts that are not up to date.

ViViDVeW said...

Oops. I miss-spoke. The domain was not registered two months prior. The IP address was registered TO that domain two months prior.

Joseph Cannon said...

Extraordinarily helpful, ViV... I can't thank you enough.

ViViDVeW said...

happy to help.