<< Internet Forensics
Analysis of Abusive Usenet Postings
|
Abusive messages are a common problem on many Usenet groups. These can range from childish insults to outright threats of violence. They represent a nuisance comparable to spam and, like spam, there is not a lot that can be done about them as the original senders often disguise their identities. But in some cases one can uncover information about the origin of a message from the IP address of the NNTP posting host. Reverse DNS and WHOIS lookups can identify a user's ISP and sometimes provide their approximate geographic location. If a particular individual is suspected of being the source of messages then one can correlate the IP addresses of abusive postings with other activities of that user such as email or visits to a web site. That can prove or disprove the linkage between the user and the abusive messages. Here is one example of this type of analysis. In 2007 Brian Mottershead, a systems administrator with the United States Chess Federation (USCF) performed this type of analysis on a series of abusive Usenet posts in which the sender impersonated other individuals. These messages were suspected as trying to discredit certain candidates in the run-up to an election to the USCF Executive Board.
In October 2007 Mottershead produced a report on his analysis,
concluding that a specific individual was responsible for
the posts and through correlating the Usenet posts with
other server logs he was able to identify and name that person.
The strong personalities and opinions of some of the USCF
members involved in this issue have led to a storm of accusations,
a lawsuit and a great deal of name calling. The brouhaha
has been such that it has been reported in the New York Times:
In November 2007 I was asked by a USCF member to review the data used by
Mottershead and provide an independent assessment of
his report. My review is presented below as a PDF document.
|
Buy 'Internet Forensics' from amazon.com |
