[iwar] [fc:Internet.Domain.Names.May.Have.Warned.of.Attacks]

• Next message: Fred Cohen: "[iwar] [fc:Investigators.rush.to.round.up.nearly.200.for.questioning]"
• Previous message: Fred Cohen: "[iwar] [fc:Weekend.alert.as.FBI.warns.of.new.attack]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Return-Path: <sentto-279987-2108-1000984517-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Thu, 20 Sep 2001 04:17:09 -0700 (PDT)
Received: (qmail 9333 invoked by uid 510); 20 Sep 2001 11:15:41 -0000
Received: from n4.groups.yahoo.com (216.115.96.54) by 204.181.12.215 with SMTP; 20 Sep 2001 11:15:41 -0000
X-eGroups-Return: sentto-279987-2108-1000984517-fc=all.net@returns.onelist.com
Received: from [10.1.4.54] by hk.egroups.com with NNFMP; 20 Sep 2001 11:15:18 -0000
X-Sender: fc@big.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-7_3_2_2); 20 Sep 2001 11:15:17 -0000
Received: (qmail 76302 invoked from network); 20 Sep 2001 11:14:49 -0000
Received: from unknown (10.1.10.26) by l8.egroups.com with QMQP; 20 Sep 2001 11:14:49 -0000
Received: from unknown (HELO big.all.net) (65.0.156.78) by mta1 with SMTP; 20 Sep 2001 11:14:49 -0000
Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id EAA19935 for iwar@onelist.com; Thu, 20 Sep 2001 04:14:49 -0700
Message-Id: <200109201114.EAA19935@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Thu, 20 Sep 2001 04:14:49 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:Internet.Domain.Names.May.Have.Warned.of.Attacks]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

<a href="http://www.cnsnews.com/ViewNation.asp?Page=/Nation/archive/200109/NAT2001091">http://www.cnsnews.com/ViewNation.asp?Page=/Nation/archive/200109/NAT2001091>
9d.html
-
Internet Domain Names May Have Warned of Attacks
By Jeff Johnson
CNSNews.com Congressional Bureau Chief
September 19, 2001

(CNSNews.com) - The terrorists who planned and executed the September 11
attack on America may have registered as many as 20 Internet domain
names, or web addresses, that experts believe should have warned
authorities of a possible assault on the World Trade Center in New York
City. 

Internet domain names like 'attackontwintowers.com' and
'worldtradetowerattack.com' were registered more than a year ago.  It's
not known at this time who registered the suspicious names or what their
purpose was. 

"It's unbelievable that they (the registration company) would register
these domain names, probably without any comment to the FBI," according
to Neil Livingstone, head of Global Options LLC, a Washington,
D.C.-based counter-terrorism and investigation company. 

"If they did make a comment to the FBI, it's unbelievable that the FBI
didn't react to it," he added. 

A spokeswoman in the FBI press office would only say that the agency
will not comment on its investigation into the attacks. 

According to Livingstone, at least 17 domain names, including
'pearlharborinmanhattan.com' and 'worldtradetowerstrike.com,' were
registered as early as June 2000, 15 months prior to the attacks. 

Two of the domain names contained the dates August 11 and September 29,
which Livingstone said may have indicated the window of opportunity
during which the attackers planned to strike. 

He also dismissed speculation that the domain names were a reference to
the bombing of the World Trade Center eight years ago.  "You have two
other names containing 2001, so there's no confusion over the 1993 World
Trade Center attack."

To protect his sources, Livingstone would not say with which company the
domain names in question were registered.  He had no information about
the identity of the person or people who registered the names. 

A domain name search Tuesday indicated that hundreds of web addresses
containing references to the terrorist attacks were registered in the
past week, and four of the older domain names provided by Livingstone
have already been re-registered. 

Domain name registrants are required to use a credit card for payment,
and must provide administrative, technical, and billing contact
information. 

That information, except the credit card data, is available to the
public as long as the registration is kept current. 

Livingstone indicated that the required use of a credit card should mean
that authorities would at least have a starting point to investigate the
registrant. 

"This is something that someone should have noticed," he said, "but
privacy issues probably kept it from being noticed."

Telephone calls to several domain name registration companies Tuesday
were not returned. 

The website for Network Solutions, the world's largest domain name
registrar, included a privacy statement indicative of industry standards
regarding confidentiality: "We will not share such information with
other third parties, except in response to formal requests (e.g.,
subpoena or court order) made in connection with litigation or
arbitration proceedings directly relating to a domain name registration
or other services we provide."

Former CIA Director James Woolsey said current laws make it difficult
for the FBI to get a warrant for electronic surveillance and wiretaps,
or to recruit informants based on actions such as registering
threatening domain names. 

"There would not be enough material that is close enough to a specific
crime for an investigation to be opened," Woolsey said. 

But Livingstone believes authorities should have the right to
investigate inflammatory rhetoric, even something as simple as the
registration of a web address that might indicate criminal intent. 

"Something like this ought to come to our attention, and we ought to
investigate whether you do intend to act on it, or whether you're just a
nut case out there who's just venting," he said. 

The attackers might have been planning a propaganda campaign following
the attacks, according to Livingstone.  "Maybe their success was so
overwhelming that they didn't need to use this," he said.  "Or they may
have decided it was too dangerous to do."

Domain names on the list provided to Livingstone by an industry insider
included:

"attackamerica.com,"
"attackonamerica.com,"
"attackontwintowers.com,"
"august11horror.com,"
"august11terror.com"
"horrorinamerica.com,"
"horrorinnewyork.com,"
"nycterroriststrike.com,"
"pearlharborinmanhattan.com,"
"terrorattack2001.com,"
"towerofhorror.com,"
"tradetowerstrike.com,"
"worldtradecenter929.com,"
"worldtradecenterbombs.com,"
"worldtradetowerattack.com,"
"worldtradetowerstrike.com,"
"wterroristattack2001.com."

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more!
http://us.click.yahoo.com/XrFcOC/m5_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 

• Next message: Fred Cohen: "[iwar] [fc:Investigators.rush.to.round.up.nearly.200.for.questioning]"
• Previous message: Fred Cohen: "[iwar] [fc:Weekend.alert.as.FBI.warns.of.new.attack]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:46 PDT