dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
3807
share rss forum feed


milnoc

join:2001-03-05
H3B
kudos:2

Trail of Pierre Poutine leads to open Wi-Fi connection

Well this is an interesting turn of events!

»www.ottawacitizen.com/life/Trail···ory.html

Guess they might never find the culprit unless they start tracking down the credit card used to pay for the RoboCalls, assuming Mr. Poutine didn't use one of those untraceable "Gift" cards.
--
Watch my future television channel's public test broadcast!
»thecanadianpublic.com/live


hm

@videotron.ca
What makes them think it was via WiFi? What caused them to come to that conclusion?

Has no one here never used a rooted machine with an open socks proxy before?


ChuckcZar

@teksavvy.com
reply to milnoc
I see the snow has finally melted in Ottawa. By September it'll be back to winter again.

funny0

join:2010-12-22
reply to hm
said by hm :

What makes them think it was via WiFi? What caused them to come to that conclusion?

Has no one here never used a rooted machine with an open socks proxy before?

also known as a wingate


milnoc

join:2001-03-05
H3B
kudos:2
reply to hm
said by hm :

What makes them think it was via WiFi? What caused them to come to that conclusion?

*Sigh* Doesn't anyone READ anymore?

quote:
Investigators had hoped the Internet Protocol (IP) address 99.225.28.34 would help point them to a suspect responsible for the more than 6,000 calls to non-Conservatives on election day.

...

They found the residents had no apparent connection to the campaign of Conservative candidate Marty Burke and did not appear to know their wireless Internet connection was being misused, according new court documents unsealed in Ottawa on Friday.
--
Watch my future television channel's public test broadcast!
»thecanadianpublic.com/live


correct me

@videotron.ca
said by milnoc:

said by hm :

What makes them think it was via WiFi? What caused them to come to that conclusion?

*Sigh* Doesn't anyone READ anymore?

quote:
Investigators had hoped the Internet Protocol (IP) address 99.225.28.34 would help point them to a suspect responsible for the more than 6,000 calls to non-Conservatives on election day.

...

They found the residents had no apparent connection to the campaign of Conservative candidate Marty Burke and did not appear to know their wireless Internet connection was being misused, according new court documents unsealed in Ottawa on Friday.



Since you seem very well versed on this, care to show me how they determined Pierre Poutine was on wireless since you read it and comprehended how this was determined? Just because the guy had a wireless router means dick all.

All it says is that they didn't know their wireless was being misused. Seems to me they wouldn't know if they were a sock proxy for a few people either.


Tell Me

@videotron.ca
reply to funny0
said by funny0:

said by hm :

What makes them think it was via WiFi? What caused them to come to that conclusion?

Has no one here never used a rooted machine with an open socks proxy before?

also known as a wingate

eh... that's just one. there are dozens.

»en.wikipedia.org/wiki/SOCKS

This whole article by the Ottawa Citizen is either garbage, or the investigators checking all this out are not worthy to be investigators.

It's one or the other the way I see it and read it.

So could these Pierre Poutine(s) have been half way across town? Of course they could have. The Ottawa Citizen says, no. They could have even been in another country.

So tell me, what is his conclusive evidence that requires the Pierre Poutine to be parked outside their front door just because they have a wireless? There is none. Or none that the Ottawa Citizen bothered to reference. The article is BS.
Expand your moderator at work


BliZZardX
Premium
join:2002-08-18
Toronto, ON
reply to milnoc

Re: Trail of Pierre Poutine leads to open Wi-Fi connection

Looks like that Prescott guy is the closest match, either him or someone he knows

Based on that the offender and Prescott both used the same hosting provider (who else has heard of RackNine in Edmonton?), they both had access to the voter database and his job history as a sysadmin

The wifi trace looks like a dead lead, but on the other hand he could have logged in from there to make it look like someone outside the campaign compromised the voter database.


milnoc

join:2001-03-05
H3B
kudos:2
The only thing the investigators can do at this time is locate the computer that was used to connect to the router, and check its list of saved connections with the hope that the router was NOT left with its default name of "linksys".
--
Watch my future television channel's public test broadcast!
»thecanadianpublic.com/live


mlerner
Premium
join:2000-11-25
Nepean, ON
kudos:5
reply to Tell Me
said by Tell Me :

said by funny0:

said by hm :

What makes them think it was via WiFi? What caused them to come to that conclusion?

Has no one here never used a rooted machine with an open socks proxy before?

also known as a wingate

eh... that's just one. there are dozens.

»en.wikipedia.org/wiki/SOCKS

This whole article by the Ottawa Citizen is either garbage, or the investigators checking all this out are not worthy to be investigators.

It's not hard to fool or evade law enforcement. Just like the article says he used others wifi routers so unless he shows up 5 feet away from the residence, how are they going to catch him?

funny0

join:2010-12-22
said by mlerner:

It's not hard to fool or evade law enforcement. Just like the article says he used others wifi routers so unless he shows up 5 feet away from the residence, how are they going to catch him?

yes it is if you setup a honey pot , the fbi alone has 65 MILLION of them and they move ips like the wind. SO unless you know what your doing , DONT DO IT.


hm

@videotron.ca
Funny, don't scare people off. It's not illegal (depending on how you get it).

Mlerner, the article is full of it. He didn't need wifi or be within 99-milies of that open wifi signal. Red herring. The article and the investigator are tossing BS out there.

What we know:

1. 99.225.28.34 Rogers IP, in a house with 4 occupants, w/ an open wifi, residents claim the wireless signal was weak.

If they are clueless about wireless and think the signal was weak, what makes you so sure they weren't rooted and being used as a proxy which slowed down their browsing?

2. It seems unlikely anyone in the Burke campaign head-quarters, which was located northeast of Guelph's down-town, could have connected to a Wi-Fi signal on the opposite side of the city.

They sure could have if this residence had an open proxy! So yes, it's very likely they could have connected. Matter of fact. This is the only way it could have occurred with 5 diff people across town. Unless Rogers wants to state they someone gave the same 2 IP's ...

3. But in court documents, Mathews (an Elections Canada investigator) offers no possible explanation for how or why five campaign workers all signed on from the same IP address used by Poutine - and over a Wi-Fi signal nowhere close to their office.

A) The Investigator who has no clue how this is done: That is because this investigator is A) Playing dumb B) Is dumb C) just wants this all swept under a rug. Many people know how to do this (except Milnoc who wants to hide from Anon and not learn something).

B) (How did 5 workers do this): 5 campaign workers DID NOT have to be parked at this residence's front door to get a wifi signal and that IP. All 5 of them would have proxied in. Heck of a lot more efficient than 6 people total all driving to the other side of town where only one single open wifi signal exists in all of Guelph, eh? This is the only way 5 people who we will assume are very clueless could have done this. There is no other way. Yet the investigator ignores this.

4. Other records obtained by Elections Canada show that five members of the Burke campaign team used that same IP address in the final weeks of the campaign to access CIMS, the Conservative party's central database of voter information.

That is because they had the following:
A) software running on their computer to redirect to the 99.225.28.34 proxy (ie a wingate software like what "Funny" stated, a type of firewall software)
B) Or their browser(s) were setup to use the proxy and they forgot about it.
C) Keep in mind, it's 5 people in the election camaign, not 5 different computers (they never state 5 diff computers).

So, to me the easiest thing that occurred is someone shared a computer that was set-up to connect to the proxy, others used it while the proxy was enabled. Easy as that.

5. Indeed, Mathews (an Elections Canada investigator) suggests that the subscriber information behind the IP address looks to be a dead lead, calling it "so far inconclusive."

The investigator needs to learn what a proxy is. Someone should file a complaint and have this guy removed from the investigation.

The wireless thing reported in the media is a red herring. It's not even required that they be near the signal with a rooted machine. Total BS.

So 5 or 6 people on the same IP across town, Could it be anything else aside from a proxy? No. Unless Rogers wants to come out and say maybe they have wrong records, or some possibility exists where 2 diff Rogers' modems will have the same IP.

Milnoc, I know this is hard for you, so just ignore me.


hm

@videotron.ca
Just to add clarification:

Above I stated it's either a proxy, or Rogers has some explaining to do with their IP's.

I state this because the Election Campaign HQ where the 5 or 6 people connected to that Rogers IP ("supposedly" via wireless, but that's a crux) on the other side of town also used Rogers internet services.

Vomio

join:2008-04-01
Reviews:
·odynet
How about something simple like a cloned / hacked modem and a fixed/forced IP and MAC.

Rogers seems to be very cautious about their modems and stifling tales of hacks and I know that this is not the place to discuss such things.

So, I won't discuss it further other than to say that insecure connection and drive-by sniffing might possibly give you all the information you need for use later.
Expand your moderator at work


mlerner
Premium
join:2000-11-25
Nepean, ON
kudos:5
reply to Vomio

Re: Trail of Pierre Poutine leads to open Wi-Fi connection

said by Vomio:

How about something simple like a cloned / hacked modem and a fixed/forced IP and MAC.

That is no longer possible with DOCSIS and the encryption methods that Rogers now uses. Cloning alone also does nothing.


Ott_Cable

@teksavvy.com
reply to Vomio
Would a cloned modem would ended up having the same IP address at all at different segments of the cable network? Looking at non-aggregated TPIA, there seems to be IP pools for each POI. Not sure how Rogers does it for their subscribers, but likely IP addresses are regional.

If both modem get the same IP, then something will be broken and get noticed. So cloning likely only works on different network segments.


mlerner
Premium
join:2000-11-25
Nepean, ON
kudos:5
said by Ott_Cable :

Would a cloned modem would ended up having the same IP address at all at different segments of the cable network? Looking at non-aggregated TPIA, there seems to be IP pools for each POI. Not sure how Rogers does it for their subscribers, but likely IP addresses are regional.

If both modem get the same IP, then something will be broken and get noticed. So cloning likely only works on different network segments.

The MAC address and serial number is tagged. The pools are still split but on the CTMS for each area. Even if you somehow fooled the CMTS it will know there is a duplicate modem on the network and disallow the access.


hm

@videotron.ca
said by mlerner:

The MAC address and serial number is tagged. The pools are still split but on the CTMS for each area. Even if you somehow fooled the CMTS it will know there is a duplicate modem on the network and disallow the access.

Rogers has had issues with dupe MAC's, as opposed to Videotron. I don't know Rogers network at all aside from what people tell me, but when it comes to dupe MAC's, Rogers is/was known to have issues.

So no clue if they fixed this up or what they do/did to address this problem. But we're not talking a long time ago either...


milnoc

join:2001-03-05
H3B
kudos:2
reply to hm
said by hm :

1. 99.225.28.34 Rogers IP, in a house with 4 occupants, w/ an open wifi, residents claim the wireless signal was weak.

If they are clueless about wireless and think the signal was weak, what makes you so sure they weren't rooted and being used as a proxy which slowed down their browsing?

Probably because the signal was NOT weak from the street, and they simply didn't understand how the technology works. They might have had the router behind a cement or metal wall, giving them the impression the signal was weak when it was just being shielded.

As for the hackers using a rooted system, does anyone here REALLY believe that the aides of a political candidate would actually be smart enough to orchestrate something like that?

Really!

It is MUCH easier to find an open Wi-Fi router in a residential area with a laptop or a phone than it is to orchestrate an elaborate hacking scheme.
--
Watch my future television channel's public test broadcast!
»thecanadianpublic.com/live


Ott_Cable

@teksavvy.com
reply to hm
Why can't it be as simple as a drive-by with a high gain wifi antenna (e.g. pringles can one) or even someone living in the same building stealing WiFi for accessing/uploading to the robocaller service?

Vomio

join:2008-04-01
Reviews:
·odynet
reply to hm
I wonder what versions of Docsis were running on the system? The weakest link and all that.

An approach to deal with problem duplicates is to take the legitimate insecure modem out of the equation temporarily. Even if the owner had changed their name/pass on the box, the CableCo's admin. is probably available.

On restart _it_ would be seem to be the clone on the system and might effectively get DoSed or not.

I'd guess with the right timing one would gain enough of a window to upload one's bulk email to the service for distribution.

Who knows what way this was all done, there are definitely more than a couple of ways to play the game.

The effect is pretty much the same.

The fox left the hen house long ago, I imagine all the windows at the crime scenes have nose marks all over them.

If somebody was going to blow the whistle on a participant they'd have probably done it long ago.

My guess is that what you are seeing is money being spent to appear to do something. "Better late than never." for political reasons.

"We exhausted all avenues, we even got Google out of bed to answer the phone."

--Vomio

The toybox Backtrack5 r3 is officially out today, check out what's new.


hm

@videotron.ca
reply to milnoc
I'm not sure what it is you're saying Milnoc.

5 confirmed people from the same office used the IP.

Are you saying 5 people who were confirmed to be in the election office when they had that IP used electron transmorgifying deathcon magnetic field arrays to warp over to the other side of town to log into the Conservative Election HQ portal?

So there were a total of 5 (or 6) people in on the electoral scam that decided to drive to the other end of Guelph for that one and only open wifi?

I'm not sure if you're saying this, but you seem to be.

The thing is Milnoc, this isn't elaborate. Not at all. It's one of the easiest things to do. Anyone who knows proxies knows this.

You pump an IP into your browser (or your software re-directer, like ProxyCap) and it's done. End of story.

It's very possible there were multiple people involved on the scam. It's not very likely that 5 people in total are so stupid as to forget to remove the proxy. Chances are they didn't know they were being redirected to a proxy when logging in.

So in all likelyhood these 5 people (or some of the 5) were clueless to a proxy on whatever machine they used.

There was never a need to leave the office to go to the other end of town to get on someone's open wifi. Also, this explains what the so called investigator couldn't understand, or refused to answer to the court.

This is the easiest thing in the world to do. Not even near elaborate. I would have even done it this way myself instead of getting 5 or 6 people to go across town.

For someone who never did these things it would/could seem like a learning curve & elaborate. But, trust me, it's the easiest thing in the world. Once you grasp it (which is a piece of cake for anyone) you will realize this is the easiest thing to do, and the most practical. Easier than finding an open wifi the other side of town and transporting 5 (or 6) people to it.

Those who play with proxies here will confirm it's a piece of cake with a 1-hr learning curve.


hm

@videotron.ca
reply to Ott_Cable
said by Ott_Cable :

Why can't it be as simple as a drive-by with a high gain wifi antenna (e.g. pringles can one) or even someone living in the same building stealing WiFi for accessing/uploading to the robocaller service?

Because it was confirmed 5 people from the office on the other end of town. Or rather, 5 logins (assumed to be people since this wasn't denied).


Eight Ball

@videotron.ca
Someone should notify Karl about this topic and he should write about this one. It will make Elections Canada and these investigators look stupid.

But in court documents, Mathews (an Elections Canada investigator) offers no possible explanation for how or why five campaign workers all signed on from the same IP address used by Poutine - and over a Wi-Fi signal nowhere close to their office.

Voodoo.

funny0

join:2010-12-22
reply to hm
said by hm :

Funny, don't scare people off. It's not illegal (depending on how you get it).

Mlerner, the article is full of it. He didn't need wifi or be within 99-milies of that open wifi signal. Red herring. The article and the investigator are tossing BS out there.

What we know:

1. 99.225.28.34 Rogers IP, in a house with 4 occupants, w/ an open wifi, residents claim the wireless signal was weak.

If they are clueless about wireless and think the signal was weak, what makes you so sure they weren't rooted and being used as a proxy which slowed down their browsing?

2. It seems unlikely anyone in the Burke campaign head-quarters, which was located northeast of Guelph's down-town, could have connected to a Wi-Fi signal on the opposite side of the city.

They sure could have if this residence had an open proxy! So yes, it's very likely they could have connected. Matter of fact. This is the only way it could have occurred with 5 diff people across town. Unless Rogers wants to state they someone gave the same 2 IP's ...

3. But in court documents, Mathews (an Elections Canada investigator) offers no possible explanation for how or why five campaign workers all signed on from the same IP address used by Poutine - and over a Wi-Fi signal nowhere close to their office.

A) The Investigator who has no clue how this is done: That is because this investigator is A) Playing dumb B) Is dumb C) just wants this all swept under a rug. Many people know how to do this (except Milnoc who wants to hide from Anon and not learn something).

B) (How did 5 workers do this): 5 campaign workers DID NOT have to be parked at this residence's front door to get a wifi signal and that IP. All 5 of them would have proxied in. Heck of a lot more efficient than 6 people total all driving to the other side of town where only one single open wifi signal exists in all of Guelph, eh? This is the only way 5 people who we will assume are very clueless could have done this. There is no other way. Yet the investigator ignores this.

4. Other records obtained by Elections Canada show that five members of the Burke campaign team used that same IP address in the final weeks of the campaign to access CIMS, the Conservative party's central database of voter information.

That is because they had the following:
A) software running on their computer to redirect to the 99.225.28.34 proxy (ie a wingate software like what "Funny" stated, a type of firewall software)
B) Or their browser(s) were setup to use the proxy and they forgot about it.
C) Keep in mind, it's 5 people in the election camaign, not 5 different computers (they never state 5 diff computers).

So, to me the easiest thing that occurred is someone shared a computer that was set-up to connect to the proxy, others used it while the proxy was enabled. Easy as that.

5. Indeed, Mathews (an Elections Canada investigator) suggests that the subscriber information behind the IP address looks to be a dead lead, calling it "so far inconclusive."

The investigator needs to learn what a proxy is. Someone should file a complaint and have this guy removed from the investigation.

The wireless thing reported in the media is a red herring. It's not even required that they be near the signal with a rooted machine. Total BS.

So 5 or 6 people on the same IP across town, Could it be anything else aside from a proxy? No. Unless Rogers wants to come out and say maybe they have wrong records, or some possibility exists where 2 diff Rogers' modems will have the same IP.

Milnoc, I know this is hard for you, so just ignore me.

legal who sai danyhtng about illegal , its what you do with it that the fbi wants to know and when you do they got you and scare people off that was info leaked ot me that a russian proxy site made me a premium member to get access to all the "elite" proxies....when russians dont know.....

p.s. 10 years ago so what ya bet they acquired more ips....

funny0

join:2010-12-22
reply to mlerner
said by mlerner:

said by Ott_Cable :

Would a cloned modem would ended up having the same IP address at all at different segments of the cable network? Looking at non-aggregated TPIA, there seems to be IP pools for each POI. Not sure how Rogers does it for their subscribers, but likely IP addresses are regional.

If both modem get the same IP, then something will be broken and get noticed. So cloning likely only works on different network segments.

The MAC address and serial number is tagged. The pools are still split but on the CTMS for each area. Even if you somehow fooled the CMTS it will know there is a duplicate modem on the network and disallow the access.

so what if you temproarily disable the non clone and do your deed then walk off .....ya i can see that

funny0

join:2010-12-22
reply to hm
said by hm :

said by mlerner:

The MAC address and serial number is tagged. The pools are still split but on the CTMS for each area. Even if you somehow fooled the CMTS it will know there is a duplicate modem on the network and disallow the access.

Rogers has had issues with dupe MAC's, as opposed to Videotron. I don't know Rogers network at all aside from what people tell me, but when it comes to dupe MAC's, Rogers is/was known to have issues.

So no clue if they fixed this up or what they do/did to address this problem. But we're not talking a long time ago either...

think cogeco and you got more issues