Sponsored by..

Showing posts with label Porn. Show all posts
Showing posts with label Porn. Show all posts

Monday, 4 December 2017

Some random thoughts on Damian Green and those porn allegations

If you live in the UK then you might have noticed the somewhat bizarre furore over Damian Green MP and his alleged viewing of pornography on house his Parliament computer. Now, I don't know for certain if he did or didn't, but to put it in context his private email address also allegedly turned up in the Ashley Madison leak and on top of that there are sexual harassment allegations too. But let's stick to the porn for now.

Anybody who has been involved in forensic investigations of computers may well understand these comments:

Mr Lewis, who retired from the Metropolitan Police in 2014, said although "you can't put fingers on a keyboard", a number of factors meant that he was sure it was Mr Green, the MP for Ashford, Kent, who was accessing the pornographic material.

His analysis of the way the computer had been used left the former detective constable in "no doubt whatsoever" that it was Mr Green, who was then an opposition immigration spokesman but is now the first secretary of state.

"The computer was in Mr Green's office, on his desk, logged in, his account, his name," said Mr Lewis, who at the time was working as a computer forensics examiner for SO15, the counter-terrorism command.

"In between browsing pornography, he was sending emails from his account, his personal account, reading documents... it was ridiculous to suggest anybody else could have done it."  
To put this into context - the computer was seized in 2008 when Green was arrested over the suspected leaking of confidential material. Any investigation such as that will look at web browsing history, recently accessed or saved documents, cookies, bookmarks and stored documents and images. So, it is utterly credibly that the investigation would have found this type of activity if it had occurred.

Indeed, there seems to be no denial that this material had been accessed on the computer, but that Mr Green had not done so. But Mr Lewis's statement also says that things such as private email were accessed concurrently. If you were carrying out an investigation on behalf of a business, then this would indeed be enough to "place fingers on a keyboard".

But here is the surprise - why would this material be accessible at all? Nobody has claimed that it was not accessed, just that Mr Green himself did not access it. But any reasonably-sized business would usually have some sort of filter to stop this happening.

The House of Commons by itself employs over 2000 people. Add to that the staff of the House of Lords, the Lords themselves, MPs and other staff who are not directly employed by either House then you are looking at thousands of employees. That's quite a large organisation, and if there is no effective web filtering for any of them, then that introduces a serious security risk.

Anybody who works in IT in a relatively large organisation such as this will know that at least some of them will try to access pornography. My experience is that people who do this on their work computers are exclusively male, and there are 453 male MPs in the House of Commons. This is certainly a large enough group for some of them to be accessing porn, at least some of the time/


So we can surmise a couple of things - it certainly seems to be possible to access porn from a Parliament computer, and given the number of people working there it seems likely that somebody would try. The number of male MPs certainly seems enough for one of those to try to access porn. Given that it is likely that some of them try, there's no particular reason why it shouldn't be Damian Green. And if one MP is fired from his job because of porn, then you can bet there are other MPs who have done the same thing.

But why not implement some sort of filtering? The problem is that MPs are not employees - Parliament is the primary legislative body in the UK and it is essentially sovereign (despite there being a Queen). Imagine that you worked in an organisation where there were hundreds of C-level executives, and then try to police them from an IT point of view. MPs are probably amongst the worst users in the world to support.

As I said, most organisation of any size filter porn from corporate computers. Strategically, the main reason to do that is not to track down and fire errant employees, but to prevent embarrassment to that organisation. It's all very well to fire a low-level employee for viewing smut, but when it comes to the top of the food chain such terminations can also be damaging to the reputation of the organisation itself. If Parliament isn't filtering this sort of material then it is always likely to end up with this sort of scenario from time-to-time.

Mr Lewis's comments indicate that the material was found on the computer itself, not a proxy log or other external system. It's quite possible that whoever was accessing the material on Mr Green's computer could have saved themselves a lot of grief if they'd used private browsing (although a deep forensic investigation can often find artifacts even when this has happened).

Also, Nadine Dorries MP did state that she shared her password with staff who worked for her. This is terrible practice, and certainly in my organisation if you share your password and somebody abuses it, then you are liable for anything that they did.

Don't forget as well, the habit of porn sites infecting visitors with malware though malicious advertisements, and the habit of more "specialist" sites having been created specifically to infect visitor's computers. MPs might not think themselves to be important enough to hack, but they will have private correspondence with constituents and other parties that should remain private.. and not be leaked out.

Whatever the truth of Damian Green's surfing habits, it looks like Parliament is badly in need of proper regulation of its computer systems. But you really do have the nightmare users from hell in that job. I suspect it is going to take something more that one embarrassed MP to force a change.

Image credits:

Tuesday, 31 October 2017

Monday, 20 October 2014

beeg.com hacked (again)

This summary is not available. Please click here to view the post.

Wednesday, 19 February 2014

Somnath Bharti - porn site operator?

I seem to have written a lot about Somnath Bharti lately, and he's certainly a topic of interest in Indian politics. I'm not going to go on about his links to TopSites LLC (watch the video if you are interested), but I wanted to look at these persistent comments that Somnath Bharti was some sort of porn site operator.

If you want the really short version it's this - I've never seen any evidence that Mr Bharti has owned or operated a porn site. That's it.

But what are the links to porn, and where is there confusion?

allwebhunt.com links to porn and pro-pedophilia sites

It is beyond all reasonable doubt that allwebhunt.com is connected to Somnath Bharti. This was a directory of sites that was rapidly taken offline when the Times of India exposed the connection. Some of the more unsavoury contents of that site include a set links to pro-pedophilia sites which had been copied from the Open Directory Project (which had deleted them years ago). That's a pretty poor sense of judgement in this case, but it is really down to sloppiness rather than actual malice in my opinion.

But allwebhunt.com also linked to more regular porn sites, including the examples pictured below.

These entries appeared to be paid or sponsored ones, but the sites themselves are not Mr Bharti's and it does amuse me that some of the India news outlets criticising Mr Bharti for this do exactly the same things themselves.

Ultimately, allwebhut.com (and its predecessor topsites.us) directories are simply a catalogue of available sites, some of those links may be questionable but they do not imply ownership or mean that anything illegal is happening.

Ownership of teens-boy.net

One of the sites that Mr Bharti owned was teens-boy.net, according to historical WHOS records from 2005:

Domain:        teens-boy.net
Record Date:     2005-01-08
Registrar:     GOTNAMES.CA INC.
Server:     whois.gotnames.ca
Created:     2004-11-26
Updated:    
Expires:     2005-11-26

Domain teens-boy.net

  Date Registered: 2004-11-26
    Date Modified: 2004-11-30
      Expiry Date: 2005-11-26
             DNS1: ns1.www--search.com
             DNS2: ns2.www--search.com

  Registrant

                   My Directory LLC
                   PO Box 7334 - 101591
                   San Francisco, CA (US)
                   94120-73

  Administrative Contact

                   My Directory LLC
                   Somnath Bharti
                   PO Box 7334 - 101591
                   San Francisco
                   CA
                   US
                   94120-73
                   415-462-3044
                   530-504-8433
                   listings@mydir.org

  Technical Contact

                   My Directory LLC
                   Somnath Bharti
                   PO Box 7334 - 101591
                   San Francisco
                   CA
                   US
                   94120-73
                   415-462-3044
                   530-504-8433
                   listings@mydir.org

        Registrar: GotNames.ca
teens-boy.net had been a gay porn site until late 2004 as it appears in the Internet Archive [link is probably not safe for work]. The Internet Archive does not have any pictures on it in this case, but it is clear what the site is about by looking at the text.


It's an odd site for Mr Bharti to have in his name. But what did it actually look like after he bought it? The Internet Archive gives the answer again [this link is OK]. We can see that it just acts as a redirector to dirs.org which is yet another clone of the TopSites directory.




I guess this might have been an attempt at SEO, the domain was bought with a lot of other non-porn domains which also forwarded in this way. As far as I can tell, when the domain registration was up the domain simply expired at the end of 2005, it was re-registered by an unrelated party in 2007.

DVLPMNT MARKETING, INC and www-goto.com confusion

Webnewswire.com ran a story looking at the WHOIS details of www-goto.com, a site that had been registered to Mr Bharti in 2005:

Domain:        www-goto.com
Record Date:     2005-05-18
Registrar:     INTERCOSMOS MEDIA GROUP, INC. D/B/A DIRECTNIC.COM
Server:     whois.directnic.com
Created:     2004-12-08
Updated:    
Expires:     2005-12-08

Registrant:
 Media  LLC
 1158 26th Street #528
 Santa Monica, CA 90403
 US
 310-857-6666
Fax:530-504-8433

Domain Name: WWW-GOTO.COM

Administrative Contact:
 Bharti, Somnath sales@dirs.org
 1158 26th Street #528
 Santa Monica, CA 90403
 US
 310-857-6666
Fax:530-504-8433

Technical Contact:
 Bharti, Somnath sales@dirs.org
 1158 26th Street #528
 Santa Monica, CA 90403
 US
 310-857-6666
Fax:530-504-8433

Record last updated 05-17-2005 03:09:40 PM
Record expires on 12-08-2005
Record created on 12-08-2004

Domain servers in listed order:
    NS1.WWW-GOTO.COM    202.14.69.2
    NS2.WWW-GOTO.COM    202.14.69.117
They then looked at the current WHOIS details which are:
Domain:        www-goto.com
Record Date:     2014-02-06
Registrar:     DNC HOLDINGS, INC.
Server:     whois.directnic.com
Created:     2004-12-08
Updated:     2013-06-12
Expires:     2014-12-08 

Domain Name: WWW-GOTO.COM
Registry Domain ID:
Registrar WHOIS Server: whois.directnic.com
Registrar URL: http://www.directnic.com
Updated Date: -001-11-30T00:00:00-06:00
Creation Date: 2004-12-08T11:03:22-06:00
Registrar Registration Expiration Date: 2014-12-08T17:03:22-06:00
Registrar: DNC Holdings, Inc.
Registrar IANA ID: 291
Registrar Abuse Contact Email: abuse@directnic.com
Registrar Abuse Contact Phone: +1.8668569598
Domain Status: ok
Registrant Name: Domain Administrator
Registrant Organization: DVLPMNT MARKETING, INC.
Registrant Street: Hunkins Plaza
Registrant City: Charlestown
Registrant State/Province: Nevis
Registrant Postal Code: NA
Registrant Country: KN
Registrant Phone: 011-869-765-4496
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: dvlpmntltd@gmail.com
Admin Name: Domain Administrator
Admin Organization: DVLPMNT MARKETING, INC.
Admin Street: Hunkins Plaza
Admin City: Charlestown
Admin State/Province: Nevis
Admin Postal Code: NA
Admin Country: KN
Admin Phone: 011-869-765-4496
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: dvlpmntltd@gmail.com
Tech Name: Domain Administrator
Tech Organization: DVLPMNT MARKETING, INC.
Tech Street: Hunkins Plaza
Tech City: Charlestown
Tech State/Province: Nevis
Tech Postal Code: NA
Tech Country: KN
Tech Phone: 011-869-765-4496
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: dvlpmntltd@gmail.com
Name Server: NS1.VOODOO.COM
Name Server: NS2.VOODOO.COM
URL of the ICANN WHOIS Data Problem Reporting System
http://wdprs.internic.net
The creation date for the domain is still 2004, so the domain has never dropped and been reregistered, it has been in continual existence since that date. The rather mysterious DVLPMNT MARKETING, INC certainly does seem to be connected with porn domains, but is this company controlled by Mr Bharti? No.


A look at the historical WHOIS details again yield some clues. The domain expired in 2008 and ended up being controlled by the registrar DirectNIC..
Domain:        www-goto.com
Record Date:     2008-12-19
Registrar:     INTERCOSMOS MEDIA GROUP, INC. D/B/A DIRECTNIC.COM
Server:     whois.directnic.com
Created:     2004-12-08
Updated:     2008-12-09
Expires:     2009-12-08
Previous Screenshots
2008-12-18 screenshot
Reverse Whois:

Registrant:
 directNIC.com
 Expired Domain Name
 650 Poydras Street
 Suite 1150
 New Orleans, LA 70130
 US
 504-679-5170

Domain Name: WWW-GOTO.COM

Administrative Contact:
 Domain, Expired expireddomain@directnic.com
 Expired Domain Name
 650 Poydras Street
 Suite 1150
 New Orleans, LA 70130
 US
 504-679-5170

Technical Contact:
 Domain, Expired expireddomain@directnic.com
 Expired Domain Name
 650 Poydras Street
 Suite 1150
 New Orleans, LA 70130
 US
 504-679-5170

Record last updated 12-09-2008 06:13:27 PM
Record expires on 12-08-2008
Record created on 12-08-2004

Domain servers in listed order:
    NS0.EXPIREDDOMAINSERVICES.COM    69.46.228.236
    NS1.EXPIREDDOMAINSERVICES.COM    69.46.228.237

DirectNIC reserve the right to auction off expired domains and the next WHOIS entry sees the domain being controlled by a domain parking company. It is unlikely that Mr Bharti or any of his associates received anything for this domain, it was essentially scrapped.

Is there any other evidence linking Somnath Bharti to porn?

Over the past couple of weeks I have re-examined the TopSites LLC business plus Mr Bharti's own Madgen Solutions from my own records and other public sources. These revealed all sort of interesting facts and allegations about Mr Bharti's activities.. but absolutely nothing that suggest that he owned or operated porn sites.

Of course, perhaps there is evidence that I am not aware of, but I would be very surprised if there is.. you can always send me an email if you have anything that will prove me wrong.


Tuesday, 10 September 2013