Its about time I wrote about something that never set right with me... For those that don't know the Whispersinthedark story over at ATS, take some time with google and read up... its worth it.

To make a long story short, WITD was supposed to have insider info about a bombing that was going to take place in Jakarta, posted about it on ATS... and then, of course it DID take place...

The FBI got involved, and the official story became that Whispersinthedark was a hacker, who was able to modify their posts without leaving an "edit" notation... Long, fascinating story, especially what they did to Dragonrider... study up if you haven't heard of it before.

There is one aspect of this story that has been bothering me and just doesn't seem "right".

Springer and S.O. call the hacker a "script kiddie" like a broken record... This might seem trivial to some... but here is why this bugs me..

1) ATS uses proprietary software... Therefore, someone would have to have found an exploit on their own, there wouldn't be pre-made programs designed to exploit like there is with more popular forum software...

2) Script kiddie is a term used by hackers to make fun of other hackers... its a derrogatory term. Much like calling someone a poser, or a bitch... However, the term "script kiddie" was replaced by the term "skiddie" years and years ago... To a hacker, lingo is everything... If you don't use the proper language, than other hackers know you're not legit... This seems like a "cargo ship broadcasting and old access code" sort of speak.

3) S.O. and springer would have absolutely no idea the skill level of the hacker they were dealing with. The only thing they would have known, is that they were hacked... it is impossible to know if the hacker was a n00b who stumbled on an exploit... or if they were seasoned pros.

4) The Broken record approach to the term "script kiddie" used in the explanations of what happened to the ATS membership...

5) To this date... the particular exploit they mentioned as to how the site was hacked... doesn't exist... no one else has found it on old versions of their forum software.
------------------------

Those 5 things added together, leads me to a few conclusions...

1) WITD was an insider, and the FBI cover story was hackers

2) WITD was an ATS staffer creating a hoax... using "hacker" as a cover story when the FBI got involved.


I do not think it is remotely possible that the scenario went down the way S.O. and Springer claim...

I know most in here won't care, or already reached this conclusion for different reasons... But, I just wanted to publish to the web one of the many reasons this story doesn't sit right in my mind...

Thoughts/opinions?

I looked into this and much doesn't make sense.

At one point it was a special php form that could do this action. Other times it was XSS. But the logs couldn't yield an entry for the form being executed?

Sound pretty fishy and wish washy.

ed:sp

Didn't they already decide it was staff? Isn't that what net-chicken got thrown out for?

I never really dug into witd much when I was over there, all I know about it is what I've read on amkon and Sucu.

well, I know there was speculation that it was staff... and someone had some U2U messages that allegedly came from S.O.... but I'm hesitant to accept those U2U's as real... at least thus far...

Anyone know where I can get those again? they might be gone off our site here since the crash.

Here's some interesting stuff about it:

http://xmb.stuffucanuse.com/xmb/viewthread.php?tid=3039&page=1

FUCK

ATS FBI CIA DARPA PETA NASA ISS ISA DEA etc...

Oh yea...and their inter involvements.

Eye...easy there.

Alphabet Agencies covers
them all, in two words.

:D

Regards,
Lex

Anyone have any idea how the hell to research everything surrounding WITD?

Its all over the net... but very little "real" information...

I'm thinking about re-opening this line of research :P

(Actually, never closed it... just got bored and moved on lol)

Many seem to think bill and bob did it to draw users. Given the mixed up explanation by bill I tend to side with that idea. Bet he shit a brick when people thought the FBI should be involved.

If this is the case it is another display of his ethics. Doing many things that are not allowed of members in the T&C. Typical management.

If the FBI got involved... think a FOIA request could free up some info?

is the FBI subject to FOIA?

No idea. I wouldn't be surprised if their stuff is all secret.

But if it was a hoax, it would have never happened....

Or am I reading into it wrong?

It does interest me, very much.

Any op you give me to either shit on them, or learn more stuff bout hacking, is a good op to me.

FBI FOIA Request page (http://foia.fbi.gov/foia_request.htm)

Regards,
Lex

Wouldn't it be a hoot if you asked and got about a 1000 pages a crap about them.

Or 1000 pages of crap on ats.

I looked into this and much doesn't make sense.

At one point it was a special php form that could do this action. Other times it was XSS. But the logs couldn't yield an entry for the form being executed?

Sound pretty fishy and wish washy.

ed:sp
Google for "SQL injection".

It's a script kiddie trick. Yes, I said "script kiddie" and not "skiddie" because I was around 10 years ago when the phrase was coined by some egotistical fucktard with a broadband connection and more time then brains. I guess that is one more point in the "Old" column. I digress.

Before web developers became aware of the trick, you could login to websites by putting

'OR''='
into the login box, and anything for the password. Bingo, instant entry.

With some experimentation you could completely manipulate the database layer and inject anything you wanted into the tables. The problem is that there is no mechanism for viewing the results.

Calling the guy a "script kiddie" is meant to piss the guy off. He's a tad bit better than that.

If the FBI called in some computer forensics I'm sure that deep inside the tables there's probably a few orphaned records that were created while the hacker was working out the logic of the database layer.

ATS is a fully customized code branch of vBulletin 2.6.1.
90. vBulletin 'admincp/image.php' SQL Injection Vulnerability
91. vBulletin 'admincp/attachmentpermission.php' SQL Injection Vulnerability
92. vBulletin 'admincp/verify.php' SQL Injection Vulnerability
93. vBulletin 'admincalendar.php' SQL Injection Vulnerability

It took the vBulletin crew years to fix it. Given that ATS has a limited number of input fields, I'm sure they had a much easier time tightening things down.

My take was some members were concerned and wanted to involve the FBI. It wasn't overload.

But Bill never alluded to injection. He used many other buzz words but not that. This is why I think it wasn't real. But as you mention, his ego showed even in his false explanation.

Just filter the HTML in form and the quotes for the DB. That is what allows that stuff to happen. Plus lack of proper entry field checking for valid data. Allow only what is determined to be a valid entry item.

SQL injections used to be easy... but now there are sooo many ways to inject... Java seems to work the most these days...

The really easy ones are the stupid developers who don't block remote users from executing SSI.

Anyway, points for cog! He speaks the truth... old school hacker he is!

Hey cog: remember back in the day when people didn't make passwords so complex... any any average joe with a bruteforcer and a few hours of time could gain access to anything? LOL

fuck... hacking back in the day was soooo much more fun...

Telnet... nuff said :P

Here's some interesting stuff about it:

http://xmb.stuffucanuse.com/xmb/viewthread.php?tid=3039&page=1

I haven't read that site in a very long time... thanks for sending me back there...

Resparked my interest in researching this topic :P

But did it happen?

And if it did, did someone really have knowledge of it, and if so, would that be a hoax?

Im kinda lost here....

Yah, when the board owner does it, it is a hoax.

This might help GF...

the official ATS version of events...

/forum/thread230887/pg1

Just copy/past that after the URL for the other site... (Dun wanna give them more links)

Im reading their crap version, cartoon and all...

It just took a few minutes to register, ya know?

I remember hearing about it back a while ago, just didnt get much info on it.

Me thinks youre right, bro... somethin seems to be getting easily dismissed by captain fatass, and maybe to "clean his own closet"

Lex...

Do you suppose we fall under the "Affiliated with an educational or noncommercial institution, and this request is made for a scholarly purpose" statement on the FOIA paperwork? or just individual/personal...

/forum/thread230887/pg1

Just copy/past that after the URL for the other site... (Dun wanna give them more links)
This should be the M.O. for all Amkon.

Lex...

Do you suppose we fall under the "Affiliated with an educational or noncommercial institution, and this request is made for a scholarly purpose" statement on the FOIA paperwork? or just individual/personal...


I've always put "personal".

Haven't really gotten much,
though.

Meh,
Lex

I better put personal too lol

I dun need the FBI calling up Jasn... especially if he doesn't know what we're doing lol

theshadowknows



Registered: 21-6-2003
Location: banned

Mood: banned
Member is offline.


ATS Points: 81548
BTS Points: -651



Ignore this user (info)
ignore



give this post a star
posted on 31-8-2003 @ 07:27 PM single this post "quote"REPLY TO:

the only way it is possible to edit a post without anybody knowing it is if the person was an ADMIN...and we know that simon,william,or bob88 would never
have made up somthing like that.


signature

************************************************** *********************

HHAHAHAHAHAHAAHA

William

Member

Registered: 3-7-2002
Location: Manhattan

Mood: eh
Member is offline.


ATS Points: 9487
BTS Points: 4962



Ignore this user (info)
ignore



give this post a star
posted on 30-8-2003 @ 03:27 PM single this post "quote"REPLY TO:


Originally posted by MrEisenhower
It has occured to me though, perhaps William did do the WITD thing,


I can assure you with all honesty that I was not involved.

Bob88 and Simon could confirm that the event very nearly caused me to quit hosting ATS as I couldn't justify the expense and stress without any hope of potentential income. A few days later, and we were confirmed for the Google ads... which quite possibly has saved ATS as we know it.

No... if you can trust me... you can trust I had nothing to do with the WITD person... and would have wished it never happened.
************************************************** ********************
Now its clear what exactly they were after with their lil hoax, huh?

Lets spice the place up a bit for our advertisers!!!

If you can trust me = false

therefore

you can trust I had nothing to do with the WITD person = false

Exactly.

I think it was made up to get fires going, and some "new" conspiracy to talk about.

Also seems just about anyone that talked about it is now banned..... strange....

I don't know if S.O. was WITD himself...

But i'm pretty damn sure if he wasn't, he knew who the hell was!

Springer, William(whoever the hell he was) Crackhead, or any of the suck-puppets there coulda done it, right?

Or maybe it was real, some spook was drunk and spilled the beans..... most terror is hosted, right?

Ehh, whatever happened, im sure freakin cash was behind it!

Well, if in the extreme remote chance that it WAS a gov't insider... than ATS showed its true colors by dropping on their knees and sucking off the Government agents, cause they sure as hell stuck to the "official story".

I'm hoping an FOIA request can get us the results of the investigation... it shouldn't be tough cause its against a business, and not an individual...

At least then we'd know what happened between ATS and the FBI

very true... and we'll also know how they treat information.

If it was an insider, maybe it was shot down so they didnt look guilty for not phoning the gov. immediately, but i think it was a ploy to spice things up.

My understanding is that william was the original moniker for overload.

I thought William was William One Sac.

GF... have you read the SOTT stuff yet?

The little pissing contest they had with ATS? lol

just wanted to get your thoughts.

actually I think if you read the Serpo.info stuff, I think it does say that Williamonesac is S.O...

I can't remember, so don't quote me... but www.serpo.info (http://www.serpo.info) was chocked full of information on the hoax last time I was there...

Notice the discussion in the post....
[offsite=http://75.176.76.151/forum/thread16312/pg1#pid178340:11sdu3xh][quote]From Thread: Whispers in the Dark--The real deal
Posted by William, on August 30, 2003 at 21:35 GMT


>Originally posted by MrEisenhower
>Could you tell us whether the Database was definately hacked? There has been, IMO, a bit of confusion there


By it's very nature, PHP is an insecure programming language. Variable names, like $post can be:
1. a cookie named $post
2. A URL string variable named $post
3. An internal variable named $post
and so on

So if a given piece of PHP programming relies on the variable "$post" it can be passed to the programming as a URL variable... and if the programming has no safeguards... you're screwed.

The database was modified with this type of exploit.

My fix has been to change the name of important PHP files, as well as critical variable names.


Since the Apache logs were GIGANTIC that day... I can't tell for certain when or how the spoof occured. I found some lines that look like exploit attempts... but it's not absolute proof.[/offsite:11sdu3xh]

The reg dates are the same for both.

Then I ran across this thread - http://75.176.76.151/forum/thread24709/pg1

Gold HP...

that is a really nice find... I didn't have those threads in my research list yet...

torbjon has done some excellent research on how on numerous occasions they have maybe not instigated hoaxe's but have used certain hoaxes with high volume traffic for their own benefit.

i'll see if i can find the particular posts he made on RU, very insightful.

http://www.realityuncovered.net/forum/viewtopic.php?f=47&t=1411&st=0&sk=t&sd=a

torbs OP.

[offsite:2eb8ka33]The primary reason that I became involved in this endeavor has nothing to do with how the owners of ATS treated me. Rather, it has to do with the impact ATS has on world wide media, in general. People who have never heard of ATS are affected by their content. If it were simply a matter of ATS members alone, as much as I care for them and their safety - honestly? To 'ell with 'em. They go there willingly; they know what they are doing; it's their choice.

In the Beginning...

My first real suspicion that the owners of ATS were less than ethical happened after my banning. Indeed, it was that final banning, and subsequent cold shoulder, that caused me to start thinking along those lines.

The events shortly before, during, and directly after my final banning, led to the formulation of the following scenario - a scenario which I personally find quite frightening.

I joined ATS shortly before SERPO hit the scene. Some of you lived through that, while for others it's just ancient history. Something that may not be readily apparent now is that the SERPO saga was a nice shot in the arm for ATS. They received a lot of new members, and some incredible site traffic, during that 'story'. Something that may not be remembered, or readily known, is that there was an increase of google ads on ATS during the unfolding of that story.

I believe that this was probably the first time, since ATS began, that the owners of that site started to see anything that could resemble "real money" from their website.

It was shortly after SERPO that the LLP came into being, and ATS was overhauled - including new servers, more 'bells and whistles', extra features for the membership, etc.

Time passed; life went on.

Money Talks

Unbeknownst to the membership, there were some 'private investors' looking to invest money into ATS. We still don't know who they are, but I've been led to believe (by the owners of ATS) that these private investors were 'friends' with the owners. This leads me to believe that the investment was not an out-of-the-blue surprise to the owners. Rather, owners and 'friends' chit-chatted, probably quite often, prior to the signing of the check.

In more recent times, the owners of ATS implied that the investors did not fork over money as a tax write-off. Rather, the investors were (and are) seeking to make a Profit from their investment.

I feel that prior to the signing of the check, during the chit chat phase between owners and investors, the investors made that point crystal clear to the owners: We'll give you the money, but we want to see a return. How can you guarantee us a return?

How do you go about 'guaranteeing' a specific number of targeted pageviews during an allotted amount of time? The most recent example of incredible page views in a short period of time, on ATS, was SERPO. Gig is, SERPO was a hoax! On top of that it was a 100%, internet generated, internet contained, hoax.

Fabricating a hoax themselves runs the risk of getting caught, and losing everything (or worse). Hiring someone to generate and perpetuate a hoax for you runs the same risks. Something else was needed.

In steps the Chicago O'Hare UFO story.

O'Hare - The Golden Egg

This was a real life event. SOMETHING happened in the real world, and non-internet documentation by real agencies was generated. No one could cry 100% hoax over it.

The problem (or perhaps blessing) with that story was that Nobody Cared. The story had been around for a while and nobody had really picked it up. Bill Irvine tried a few times, both in open forum, and in the private Fair Skeptics forum, to spark interest in the story, to no avail.

Nobody really Cared.

And then The Picture appeared. Magically, mysteriously, the much-needed Picture appeared on ATS, and only ATS, from a mysterious stranger, who didn't take the picture themself, but rather got it from someone else who "claims they shot this at the airport".

The person who created The Picture has never come forward.

The mysterious person who posted the picture on ATS (and only ATS) has never come forward.

The Picture itself was product branded with an "abovetopsecret.com" watermark within four hours of being posted on ATS. The practice of product branding fuzzy pictures of UFOs by ATS was unheard of then. And, from what I can see, now as well.

The "Fair Skeptic" Discussions

According to Bill Irvine, posted in private Fair Skeptics forum (Feb. 7, 2007, 6:27 PM (post id: 2935963):

"I labeled images that were sent directly to ATS that I deemed headed toward massive online attention... and they were, and now the source is preserved."

I find it interesting that within four hours of seeing yet another fuzzy picture of a UFO, that Bill Irvine 'knew' that THAT picture would be headed toward MASSIVE online attention.

On Jan. 21, 2007 4:54 PM (post id: 2893993)
Jeff Ritzmann made the following statement in the private Fair Skeptics forum:

"Turning over to Cheepnis

If it's ok with him. For the next 6 months I'm going to be heavily involved in co-authoring a book, and having to do a fair amount of traveling. This was a completely unexpected turn for me, and sadly I'm not going to have alot of online time to track down or get info on cases.

I still think this is a worthy endeavor, but I wont be able to participate like I had previously thought. I'll still check in, and if anyone needs help I'm just an email away jeff.ritzmann@xxxxxxxxxxxxxx.ext

My apologies for bowing out, it's truly unavoidable, and unexpected."

The Picture appeared in open forum on Jan. 23, 2007, 7:29 PM. (post id: 2898150)

Less than twelve hours later, the same Jeff Ritzmann who was going to be heavily involved in co-authoring a book, and doing a fair amount of traveling, began an in depth analysis of The Picture in open forum, starting on Jan 24, 2007 (post id: 2899674) and continuing for quite sometime thereafter.

The Photo "Analysis"

Jeff Ritzmann, as talented and skilled as he is, isn't much of a 'name' though. However, he has a personal friend who IS a name in the industry, David Biedny.

Jeff and David quickly became the "be all and end all" of photo analysis, when it came to The Picture.
Any contrary opinions of the validity of The Picture were played down by the management of ATS, no matter how talented, skilled or well known the individual making the contrary opinion was. Jeff and David were IT.

ALL Jeff and David had to do to 'keep the story going' was to repeatedly state: 'we can't prove that The Picture is a fake'

That's an incredibly SAFE statement to make, even if the picture is 100% falsified. ("Oh, it IS fake? Well, what do you know, learn something knew everyday. At least we tried")

During the two weeks following the arrival of The Picture, Bill and Mark played down the opinions of other photoshop users (and at least one specialist, ATS member "photochopz"), and also came down hard on any ATS member who made comparisons between the O'Hare story and SERPO. At the same time, Jeff and David continued saying things like "we can't prove that it is a fake, here are reasons why we think it Might be genuine". While all of this was going on, the O'Hare thread on ATS grew by 68 pages, and only Bill and Mark know how many page views they received.

Shortly after this, The Above Network receives funding from private investors and becomes an LLC.

A Real Hoax - Is it an Oxymoron?

The O'Hare thread was left to die out on it's own.

Hoax?

Of course not. It was a real event.

Utilization of a real event to target specific page views, over a specific time frame, by manipulating the natural flow of the thread?

You tell me.

Prior to ATS involvement with the O'Hare UFO story, nobody cared about it. It was a non-event, not worth the internet or the media's time.

After ATS involvement with the O'Hare UFO story, it was a major event - discussed widely across the internet and covered by all branches of media across the globe.

Why does this disturb me?

It's a little thing I call the William Randolph Hearst scenario.

I feel that the WRH event is happening again, right before our eyes - and we're letting it.

Prior to common access to the internet, the WRH thing happened within other media outlets... the Time/Warner/HBO/ etc. conglomerate being a good example. However, in those days it happened without us really knowing, and without us having an inexpensive and effective means for communicating our concerns about it...

But not now, not today.

User-Generated Content

Bill and Mark have stated repeatedly, here at RU, that it is the ATS Membership which determines what's a story and what's not; what's worth talking about, promoting, and being aware of, and what's not.

I want assurances of that.

I want the ATS membership to have complete and total control over what they wish to discuss, and what they wish to ignore. I do not want to see statements like this from ATS CEO Bill Irvine, posted in private Fair Skeptic forum on 14-1-2007 at 03:40 PM (post id: 2878313)

"Not to influence you guys or anything but...

Someone just jumped into the O'Hare UFO thread who claims to be an eye witness.

(hint hint nudge nudge)"

Owners and Moderators of ATS should not be attempting to steer, or influence, the content generated by their membership. Especially if the purpose of such guidence is to generate revenue for themselves, with little or no concern for global consequences.

YES. Maybe raising public awareness about UFOs (or any other topic) is a 'good' thing. Maybe it isn't. The choice should be Yours.

In closing, I am NOT the only person on the face of this planet who suspects something fishy about the O'Hare story, and how it unfolded on ATS. One person who publicly expressed a great deal of concern over that story, as it was unfolding, can still be found on ATS today, in a respected position of power and authority.

So before some of you ATS folks go ripping me a new one, or start stalking my kid or something, perhaps you should chat with that person, and see what they think about all of this today.

http://www.abovetopsecret.com/forum/single/2899267.html
http://www.abovetopsecret.com/forum/single/2899592.html
http://www.abovetopsecret.com/forum/single/2902812.html
http://www.abovetopsecret.com/forum/single/2902895.html
http://www.abovetopsecret.com/forum/single/2904621.html
http://www.abovetopsecret.com/forum/single/2904848.html
http://www.abovetopsecret.com/forum/single/2905148.html
http://www.abovetopsecret.com/forum/single/2907164.html
http://www.abovetopsecret.com/forum/single/2916858.html

Good night, good luck, and have a pleasant tomorrow.

twj[/offsite:2eb8ka33]

and a follow up post by torbs.

[offsite:2eb8ka33]You know I love it when you 'keep me honest'. Usually when you and I 'bump heads' we end up with positive results. So let's see, out of Alla that crap I wrote you're choosing to pick nits with this concept:



Prior to ATS involvement with the O'Hare UFO story, nobody cared about it. It was a non-event, not worth the internet or the media's time.

After ATS involvement with the O'Hare UFO story, it was a major event - discussed widely across the internet and covered by all branches of media across the globe.


yes?

Okay, let's chat that. As I recall, YOU were there at the time, as was I and many other people. NONE of us were aware of the story. We had to Hunt for news clips. Reading the thread you can see it... things like "I just found this, I just found that" etc.

Here's what Eyewitness said about the media coverage back then:

http://www.abovetopsecret.com/forum/single/2933628.html



Even I, who live in the Chicago area and watch Chicago TV news, didn't realize that the O'Hare sighting had gotten any media attention whatsoever until after the Tribune article, when I saw mention of the article listed among the stories on MSNBC or some similar site. In other words, if I didn't at least spend a little time online and get some or most of my news from online sites, even I wouldn't have known that others saw and reported this object. I really do suspect that some witnesses --- even local ones --- simply haven't been exposed to the publicity. This is a big deal here, and it's a big deal to me, but even locally many people haven't seen a single story or heard a single word about the sighting.


Nobody Knew About It.

Query:
When The Towers got hit, did you have to hunt for news about it?
When O.J. ran, did you have to hunt for news about it?
When Exxon Valdez went aground, did you have to hunt for news about?
When Brittany does Anything do you have to hunt for news about it?

YES, there was mention of the story prior to ATS involvement. A little. Here and there. Not a lot though.

I think trying to claim "already major event" is stretching it comrade... "major" implies "hit upside the head" not "I have to hunt for it", ya know? Yes, in Hindsight and After The Fact, looking at all the little bits that the media released prior to ATS involvement it does add up to some "okay" media coverage... but MAJOR coverage?? If THAT was "major" coverage how do you classify 9/11 coverage? Seriously.

Ponder that and get back to me.

In the meantime, I'll tell you what Really turned me on about your post. It was this line:



lost_shaman wrote:
There were 35 posts made on Jan. 1st, 2007 between 6:16 pm and midnight!


Ya Baby! A Tally!! I never thought about doing a tally.

So let's do a tally, shall we? But why stop at just one day?? Let's do the whole freeking thing and see what we can see...
===
A Tally of the O'Hare thread on ATS

8-12-2006 two posts
9-12-2006 six posts
10-12-2006 two posts

That's it for 2006 on ATS.

New Years Day, 2007 (national holiday and a Monday)

1-1-2007

cyberdude78 1 post
snafu7700 4 posts
classified_material 4 posts
Mechanic_32 6 posts
niteboy82 1post
SkyWay 4 posts
whatukno 1 post
Atomic 2 post
Reptilianseerrr 2 posts
Graystar 1 post
dOmeshoT 1 post
surfinguru 1 post
Palasheea 1 post
Nightowl 1 post
homeskillet 1 post
Megadeth 1 post
Semiazas 2 posts
TrappedSoul 1 posts

Total 35 posts, 18 people.
===

2-1-2007 (technically not a holiday but many folks had or took the day off, also the first FULL day of posting since the story 'started up' again)

Zarniwoop 1
Echtelion 1
Chicagoist 1
lOrdsOfChaOs 2
amongus 1
funky_monk 1
Nicotine1982 1
DeepSecrets 1
netron 1
HaveSeen4Myself 1
VoXiSo 2
ThichHeaded 1
Matyas 1
semperfortis 1
Cybernative 3
Huria86 1
Imzadi 1
snafu7700 10
classified_material 7
surrender_dorothy 1
Wig 2
Nightowl 1
super70 2
jtma508 2
spines 1
c3hamby 1
ferretman2 2
dgtempe 1
DimensionalDetective 1
Mushroom_Fields_Forever 1
WickedStar 1
subz 1
Nemithesis 1
Fiverz 4
infinite 1
c3hamby 1
Funkydung 3
knows_but_doesnt 1
SkyWay 1
Palasheea 1
Scramjet76 1
annestacey 1
Shadowbear 1
fooffstarr 1
homeskillet 1
Xeven 1
kleverone 1

total 75 posts, 47 people

===

3-1-2007

Saviour_Of_The_Real 3
lost_shaman 2
knows_but_doesnt 2
Scramjet76 2
The_Parallelogram 1
mbkennel 2
Essan 2
snafu7700 7
crowpruitt 3
SkyWay 5
whos_out_there 2
Gazrok 1
Reptilianseerrr 1
Fiverz 1
xEphon 1
masterp 1
Eternal_Question 1
eaglewingz 2
Twiggie 1
Palasheea 1
Ekilo 2
Siren 1
annestacey 2
Nightowl 2
ZoooMer 1

total 49 posts, 25 people.

===

4-1-2007

amongus 1
Savior_Of_The_Real 1
funky_monk 1
Schaden 2
badwOlf 1
jtma508 1
codylawyer99 1
snafu7700 1
Lost_Mind 1
Realtruth 1
Atomic 1
Fiverz 2
chiS2000 3
pompano 2
Mechanic_32 1
homeskillet 1

total 21 posts, 16 people.

===

5-1-2007 (Friday)

amongus 3
Scramjet76 1
snafu7700 3
Realtruth 2
Ectoterrestrial 2
Cybernative 2
Order_Out_Of_Chaos 1
Fiverz 4
Cybernative 1
Gazrok 1
DarkSide 1
fooffstarr 1
SkyWay 1
Esoteric_Teacher 1
homeskillet 1
jra 1

Total 26 posts, 16 people.

===

6-1-2007 (Saturday)

violet 1
Agent47 1
TrentReznor 2
Saviour_Of_The_Real 1
Palasheea 2
Drexon 1
antmax23 2
Cybernative 1
Realtruth 1
Flatwoods 1

Total 13 posts, 10 people.

===

7-1-2007 (Sunday)

violet 4
homeskillet 1
antmax23 1
lost_shaman 3
Great_White_Cheney 1
Flatwoods 1
Alien_Gamer 1
Drexon 1
Palasheea 1
pompano 1

total 15 posts, 10 people.

===

8-1-2007

violet 1
Sr_Wing_Commander 1
Palasheea 1
lost_shaman 2
Saviour_Of_The_Real 1

total 6 posts, 5 people.

9-1-2007

Saviour_Of_The_Real 2
lost_shaman 2
snafu7700 1
selfless 1

total 6 posts, 4 people.

10-1-2007

snafu7700 1
Damocles 1
Order_Out_Of_Chaos 1
violet 1
Realtruth 1
amongus 1
leira7 1
Palasheea 1

total 8 posts, 8 people

===

11-1-2007

Miah 4
Atomic 1
lost_shaman 1
Hamking 1
ferretman2 1
phanton 1
selfless 1
DarkAlex 1
Realtruth 1
fooffstarr 1

total 13 posts, 10 people.

===

12-1-2007 (Friday)

Hamking 1
Miah 1
Drexon 1
Nicotine1982 1
phantom702 1
Gazrok 1
funky_monk 1

total 7 posts, 7 people.

13-1-2007 (Saturday)

Drexon 1
SkyWay 1
Miah 1
Nicotine1982 1

total 4 posts, 4 people.

===
Note: Notice the rather steady decline of interest, posts, and people involved, summary of the above follows:
===

01-1 35 posts by 18 people (half day) (Monday)
02-1 75 posts by 47 people (first full day)
03-1 49 posts by 25 people
04-1 21 posts by 16 people
05-1 26 posts by 16 people (Friday)
06-1 13 posts by 10 people (Saturday)
07-1 15 posts by 10 people (Sunday)
08-1 6 posts by 5 people
09-1 6 posts by 4 people
10-1 8 posts by 8 people
11-1 13 posts by 10 people
12-1 7 posts by 7 people (Friday)
13-1 4 posts by 4 people (Saturday)

People Are Losing Interest!

Which brings us up to the day that rampagentX entered the forum.

rampagentX claims to have been referred to ATS by "a friend" but expresses concern for his/her safety "Can they trace me here?"

The "friend" is obviously aware of ATS enough to suggest to rampagentX to share his/her story with ATS, but not aware enough to suggest that rampagentX bypass open forum and go straight to the Amigos with private and confidential data.

Mod Majic comes in and offers the ability to share data privately and securely but rampagentX seems to decline that offer of safety and security and continues to post in open forum despite original concerns for personal safety.

===========
interlude:

AND THE BEAT GOES ON!!
Teeny Bopper is our New Born King!

http://www.youtube.com/watch?v=RGc9comHypk

end interlude.

===========

Continuing from the 14th

14-1-2007 22 posts (Sunday) (rampagentX joins the discussion)

15-1-2007 60 posts

16-1-2007 54 posts

17-1-2007 40 posts

18-1-2007 38 posts (Note: This is the day of rampagentx last post. He/She concludes their post with this line: "I'll shut up and watch for now."

19-1-2007 9 posts (Friday) (Note: According to their user profile, this is the last day that rampagentX visited ATS. They did not post on this day or Ever Again. rampagentX is now done with ATS.)

20-1-2007 4 posts (Saturday)

21-1-2007 2 posts (Sunday)

22-1-2007 1 post (Monday)

===
Note: This thread seems to be Dying without the continued support of rampagentX.
===

23-1-2007 39 posts (The Picture Arrives!)

24-1-2007 280 posts

25-1-2007 212 posts

26-1-2007 156 posts (Friday) ("Eyewitness" Arrives!)

27-1-2007 131 posts (Saturday) + 1 (SkepticOverlord inserts new summary post at begining of thread)

28-1-2007 159 posts (Sunday)

29-1-2007 89 posts

30-1-2007 83 posts

31-1-2007 74 posts

=====

1-2-2007 31 posts

2-2-2007 54 posts (Friday)

3-2-2007 23 posts (Saturday)

====
Note: the thread seems to more or less DIE right here, on Saturday, February 3rd, 2007.
====

4-2-2007 7 posts (Sunday)

5-2-2007 5 posts

6-2-2007 20 posts

7-2-2007 8 posts (This is the Last post by Eyewitness on ATS)

8-2-2007 1 post

10-2-2007 4 posts (Saturday)

11-2-2007 1 post (Sunday)

12-2-2007 2 posts

13-2-2007 1 post

17-2-2007 17 posts (Saturday)

18-2-2007 1 post (Sunday)

19-2-2007 11 posts (This is Eyewitness's last visit to ATS. It has been implied that Eyewitness died of natural causes. Despite being 'vetted' by Springer and Jeff Ritzmann there is no confirmation of the death claim via obituary checks and Eyewitness's details are never released for peer review. Also note that this is 12 days after her last post.)

20-2-2007 1 post

21-2-2007 8 posts

22-2-2007 4 posts

23-2-2007 12 posts

24-2-2007 19 posts

25-2-2007 6 posts

26-2-2007 7 posts

=====

2-3-2007 1 post

8-3-2007 8 posts

9-3-2007 1 post

12-3-2007 1 post

15-3-2007 3 posts

17-3-2007 3 posts

20-3-2007 1 post

24-3-2007 1 post

25-3-2007 1 post

27-3-2007 4 posts

28-3-2007 1 post

31-3-2007 4 posts

=====

3-4-2007 1 post

4-4-2007 1 post

6-4-2007 3 posts

13-4-2007 2 posts

22-4-2007 1 post (also SkepticOverlord Edits opening summary post)

23-4-2007 1 post

24-4-2007 7 posts

======

6-5-2007 2 posts

9-5-2007 4 posts

10-5-2007 1 post

12-5-2007 2 posts

13-5-2007 1 post

26-5-2007 2 posts

27-5-2007 1 post

29-5-2007 1 post

===

There are NO entries for June of 2007

===

11-7-2007 1 post

12-7-2007 5 posts

13-7-2007 4 posts

===

13-8-2007 1 post

14-8-2007 11 posts

15-8-2007 4 posts

16-8-2007 2 posts

17-8-2007 6 posts

18-8-2007 4 posts

19-8-2007 1 post

20-8-2007 1 post

24-8-2007 2 posts

25-8-2007 3 posts

===

28-9-2007 2 posts

30-9-2007 1 post

===

12-10-2007 4 posts

26-10-2007 6 posts

===

25-11-2007 1 post

26-11-2007 1 post

27-11-2007 1 post

===

30-12-2007 5 posts

31-12-2007 3 posts

===

3-1-2008 1 post

8-1-2008 1 post

9-1-2008 3 posts

10-1-2008 1 post

13-1-2008 1 post

19-1-2008 2 posts

20-1-2008 2 posts

===

2-2-2008 3 posts

3-2-2008 4 posts

5-2-2008 2 posts

6-2-2008 3 posts

7-2-2008 4 posts

8-2-2008 1 post

12-2-2008 1 post

16-2-2008 1 post

===

3-3-2008 1 post

21-3-2008 2 posts

23-3-2008 1 post

24-3-2008 4 posts

===

1-4-2008 1 post

===

1-5-2008 2 posts

15-5-2008 1 post

16-5-2008 2 posts

===

5-6-2008 1 post

13-6-2008 2 posts

===

19-7-2008 3 posts

28-7-2008 2 posts

===

and that brings us up to Now, 3-8-2008.

Tallies are Fun, huh? Let's play with the numbers a bit...

Prior to rampagentX we have a total of 288 posts. Number of those posts made by (Springer+SkepticOverlord+Jritzmann) = 0. "Involvement / Guidance" factor = 0%)


The rampagentX section: 14-1-2007 through 18-1-2007 = 214 posts. Number of those posts made by
(Springer(2 posts)+SkepticOverlord+Jritzmann) = 2. "Involvement / Guidance" factor is nominal (2 / 214 = 0.009 or 0.9%)


The Picture and Eyewitness coincide. Between 26-1-2007 and 31-1-2007 Eyewitness made 80 posts, all in the O'Hare thread. From 1-2-2007 to 7-2-2007 Eyewitness made 7 posts, 5 in the O'Hare thread, one in More Anonymous Chicago UFO images, and one in ATS Dark Matter Revisited. I feel that the 'experiment / demonstration' in the hypothetical scenario we are discussing came to a conclusion on 31-1-2007 so I'll use that range of numbers.

From 19-1-2007 to 31-1-2007 we have 1239 posts. Number of posts made by
(Springer (26 posts)+SkepticOverlord(14 posts)+Jritzman(57posts)) = 97 "Involvement / Guidance" factor is now measurable ( 97 / 1239 = 0.0782 or 7.82%. Almost 8% of that section of the thread was generated by those three people, 4.60% of that section was generated by Jeff Ritzmann, 2.09% by Springer, and 1.12% by SkepticOverlord.)

The entire rest of the thread:

From 1-2-2007 to 28-7-2008 = 423 posts. Number of posts made by
(Springer(20)+SkepticOverlord(8)+Jeff Ritzmann(11)) = 39 (39 / 423 = 0.092 or 9.21% They are really staying on top of it, even now)


Okay, fine, SO WHAT?, right? Out of context that tally doesn't really mean alla that much, so let's compare it to some other UFO threads:


"Another NASA employee comes forward 8-9 FOOT ALIEN SIGHTED"
502 posts, 0% "Involvement / Guidance" by an amigo

"Celebrity stargazing"
338 posts, 0% "Involvement / Guidance" by an amigo

"Starlike objects that move strangely in the sky"
(multiple witnesses, lots of video footage)
434 posts, 0% "Involvement / Guidance" by an amigo

(this one is from way back, started in 2004, still getting posts in 2007)
"Landed flying saucers from earlier today"
(many fuzzy pictures, very chatty and open witness who provides even More pictures upon request, also some chit chat about smoking grass, shame shame)
356 posts, 0% "Involvement / Guidance" by an amigo

O'Hare though... O'Hare they had their finger in, and they still keep a close eye on it.

During the course of that discussion on ATS S.O. had this to say about The Picture:

http://www.abovetopsecret.com/forum/single/2932148.html


So if this image is faked (I think it is), it's perhaps the most unusual fake we've ever seen... which leads to an interesting question... why?


why indeed...

WHO benefited the Most from that picture? Was it GLP? MSN? CNN? ABC? CBS? HBO? Or was it some other three letter group we can't link to from here anymore?

Shaman, I love you man, you know I do. Not trying to cross you or dis you. Get back to me about the 'major' thing and let me know what You think of the tally... does it tell anything or is it just a big waste o' time? Thanks dude.

To everyone else,
Good night, good luck, and have a pleasant tomorrow.
twj[/offsite:2eb8ka33]

perhaps a breakdown of the posting behaviour within the WITD thread might shed some more light on your research. ;)

btw, well worth reading that entire thread at RU, some very helpful information.

I participated in the O'Hare thread. One thing I found odd was that the Eyewitness stated many people were taking pictures of the object. None surfaced.

stuffucanuse (http://xmb.stuffucanuse.com/xmb/viewthread.php?tid=3039&page=2)

[offsite:3grow8ek]OK.....I got the mystery solved! After several margaritas and some arm bending.....I managed to get my husband to confess that it was William and Bob88 that created WITD. DragonRider didnt want to believe it and kept trippin on it...so they banned him.

Does that ring any bells with you guys?[/offsite:3grow8ek]

[offsite:3grow8ek]Venus thats probably closer to the truth then what SkepticOverlord says[/offsite:3grow8ek]

[offsite:3grow8ek]Actually it really does fit the bill for the true answer.

Look at this!!!!

Moderators Only » Updated List of Websites To Monitor for ATS Member Postings (add your suggestions)

SUCU has the honour of being on the watch list of bad websites. East Germany here we come, welcome to the Glorious Peoples Republic Of Abovetopsecret.com!!

Name me one other board with a system like this?

Fear, plain ordinary cold fear, drives the site.

Understand what this is about. Abovetopsecret.com moderators are monitoring other websites for negative posts that its own members make. So if you are a member of Abovetopsecret.com you are not free to post on another website with your Abovetopsecret.com nick.

YOU ARE BEING MONITORED AND PUNISHED if you post here.

Does that make you afraid?

Does that open your eyes yet?[/offsite:3grow8ek]

Yah, I've heard the Bill/bob88 thing brought up before (probably from SUCU)... there was someone at some point in time with U2U messages that S.O. sent that were pretty damning...

But, given the sensationalism SOTT brought into the whole picture, I'm not 100% what to believe of the info anymore...

i tend to believe netchicken, he doessn't seem to me to have a reason to bullshit, and he was in a position to know.

Yah lol but he did also become a suspect eventually...

whether that was bill wanting to take heat off him... or if there was a legit reason...

Fuck... I should try and get ahold of Netchicken....

Anyone know if Ycon still around?

im pretty sure ycon is still around.

netchicken at least owned up to the pranks and hoaxes he pulled, its why i tend to believe him above the constant denials elsewhere.
i remember when i first joined ats both netchicken and thomas crowne were held in the highest regard, at least from the general membership.
and TC called out valhall and got canned, talk about fucking childish, i love his comment about the "two from oklahoma". lol.

I would be really interesting to know if the FBI talked to ATS over the incident. I thought that was still up in the air - has any one knowledge on that point.

I would think that type of hoax would not sit well with the agency. Good opening to force the board into cooperation if they so desired.

well according to everyone the FBI did talk to em...

But, since ATS is an LLC... that means an FOIA request should get us the statements and the like from the investigation...

that was before or after they were an llc though?

what does LLC have to do with FOIA? short answer- nothing.

well the LLC makes them a company, instead of individuals... therefore, I can get information with the FOIA, and not get shut down because of the Privacy Act stuff....

Its actually pretty important in the grand scheme of things... they'll give information on a company... but the Privacy Act forbids them from giving much out about individuals.

that was before or after they were an llc though?

I don't know if it matters... since the website is now owned by the LLC... I'm asking for information about a website... so the pre LLC might not really matter...

we'll see though...

without further ado (adeau? adeaux? who the fuck knows...) here are the WITD posts that SkepticOverlord doesn't want you to see...

they've been erased off the ATS servers...

----------------------------
rumors from inside the beltway -- August may be hell

Whispers --

Chaos on Capital Hill.
The football has been replaced by a dummy for the dummy.
Doves are fighting but hawks are regrouping.
The commander-in-chief takes a little time off. A trip. Out-of-the-hill. Just like before 9-11.
Who has the football? Why?

Rumors. Whispers. Fears.

Watch Jakarta.

------------------------------------------------------------
Hello again ATS. An old friend returns in time of need.

Whispers. Distractions. Misdirections.

Who was distracted on 9-10?
Who is distracted now?

What would happen if California tipped conservative? What is then controlled by hawks?

Follow the money. Always follow the money. Nothing else matters.

-------------------------------------------------------------------------------

Hello my Matrix fiend.

You knew me. But only for a short while until I had to leave.
Computers being hard to come by at the time.

Much has changed. Very little I can say outright.
Which is why I hope to lead many to their own conclusions.
Epiphanies are best experienced through self-discovery. Not through the lectures of others.

I was here not long after the beginning. Think hard about a friend who skirtted the edges of politics, movements, and whispers.
Back then, my name was something else. If you knew it now, you may understand and may not. But you would know, and that may cause problems. And if you knew, you would realize I hear the whispers.
Sorry for the cryptic guise old friend. Hopefully, some will understand soon enough.


I came here out of a feeling of nostalgia. For a time enjoyed.
Other sites of your topic have lost their minds. ATS has remained sane. Perhaps when you need it the most. You are to be commended.

-----------------------------------------------------------------------------

The whispers tell us stories.
They tell us what to watch.
They tell us what to ignore.
Watch the movements.
Ignore the distractions.
Fear for the football. Perhaps. Perhaps not. The whispers don't understand this rumor. There was no fumble. An exchange. Those that listen to the whispers are unable to fathom why.

I am to go-to for those that need someone to go to.

Some time ago, you knew another who had this attribute.


Very recent concern this morning. This week will see increased stress as those with agendas see this as an opportunity for action.
This time has parallels. You see. We have an odd period of 1- quiet news, 2- increased buzz/rumor, 3- officials away from office.


Always. Always. Always watch the movements of people. Even the most secure communications is never desired over in-person contact amongst those with agendas.

Where are the people?

Whispers about the football are unconfirmed.
But the event matches other events.

It is either in anticipation of something critical.
Or for the prevention of something more ciritcal.

Whispers.

They told us long ago that the election was predefined.
Not too many were listening then.
Too bad.

Where is the number two man?
Why have we seen little of him recently?

Whispers. I hear them.
I've been trying to piece them together.
A story emerges. But with blanks yet to be filled.

World War III has long since begun. A slow build.
The whisperers know this.
Pay attention to the locations of your leaders.
Where are they? Why are they spread about?
This is concern.

The sky is falling (again).

here's a whisper: Follow The Money

Whispers of global strife are misdirections.


The intent of the plans for the future one-state world are in reality financially based.
Watch the maneuvers of those with significant funding.
Old money matters little anymore. Watch the people with new money.

The balance is shifting from old/banking to new/technology.

Why?

Because technology controls the flow of money. And banks are now the slave to technology.


More whispers.

Trusted Computing is not a slave of the NWO.

Trusted Computing is from the new structure of the power brokers who are moving toward a one-state world. OSW is the buzz word amongst the new technorati.

Trusted Computing is the first steps of controling all attributes of information delivery.

Palladium has been renamed as the "Trused Computing Initiative".

We are discussing the same thing.

The most effective lies are the truth.

Whispers.

Consider the reverse-disinformation nature of the information presented to initiate this topic.

Why would the Saudi's want it this way? You can be certain the story occured with their permission.
They are but nomads who settled on a very valuable graveyard. The psychology of their culture plays an important role in this chapter.


Follow the money.

The first skirmish in the most recent battle of hawks against doves has been lost by the doves.

Watch closely the movements of Powell. He is no longer trusted.

Blue Alert

There are several alert code names throughout the whispers.

Blue.

This is the alert given to the security details of top Washinton officials. It has just been issued.

Sorry for the confusion.

It is not a "whisper code".

"Whisper" is a term I use for the hushed rumors of Washington.

here's a whisper: Follow The Money

Whispers of global strife are misdirections.


The intent of the plans for the future one-state world are in reality financially based.
Watch the maneuvers of those with significant funding.
Old money matters little anymore. Watch the people with new money.

The balance is shifting from old/banking to new/technology.

Why?

Because technology controls the flow of money. And banks are now the slave to technology.


More whispers.

You have only begun.

ATS is more important than you can possibly imagine.

Do not let the detractors win. Their ruse of quality is not as it seems, it is a plan of disruption.

This site has been noticed. It is not a bad omen.

The whispers...

I apologize for my cryptic style. It is a necessary attribute of promises I have made. And the promises enable access.

I may have more to impart soon. And my style may not change, but I will try to be succinct and as direct as possible.

My intent is to point out the signposts and show the path and guide you to find your own conclusions. This is after all the path to wisdom in all efforts. Not though pure acceptance of information, but the seeking of discovery.


Peace.

movements - collaborations - deals

GWB and administration hawks are beginning to feel overwhelming behind-the-scenes international pressure for the Iraq fiasco. The "fiasco" is twofold; 1- Suspect data used to justify the action, 2- Lack of post-war Iraq planning/effort.

Rumors indicate the release of information about Saudi Arabia's potential complicity in the WTC 9-11 attack are part of a complex deal to sooth international pressure.

The hastily planned vacation is suspect. Several groups are surprised. Several are concerned about the potential reasons.

Over the coming days please pay attention to:
Movements of the GWB cabinet.
Announcements from senior Downing Street officials
Saudi Royal Family (here and abroad)

Tension is as high as it was, if not higher, on 9-9-2001.

Jakarta may be next in a ramp-up.

--------------------------------------------
--------------------------------------------

working on getting more... w/timestamps... but its tedious work.

If we know the guy was a fake, what's the interest in his word salad?

info is info... even if its useless... bill doesn't want these seen... so I post them on the internet lol

another interesting post coming soon...

reply posted on 12-8-2003 @ 12:06 AM by MaskedAvatar

http://75.126.76.151/forum/single/156346.html

OIMD

I think you mean wary, not weary, although they might go hand in hand.

To me, as the first member to start interacting significantly with WITD, I can assure you there were post edits (but I can't say by whom). Also, the whole premise of his arguments about 1931, and pre-9/11 HAARP readings, and their analogies with last week, came to nothing. Jakarta was not his reference point when I was conversing with him, at all. Not at all. It appeared in a series of edits hours later, and the same phrase 'Watch Jakarta" was inserted into one of jagd's posts.

You need to review approx, 7-8 topics in full to see this.

I don't think you are dangerously paranoid.

But I wonder how it is that people can let something like this get to them, and yet sign on to the whole official conspiracy of 9/11, the worst terrorist attack and security lapse in the history of the US, without massive pressure and demand for full investigation and accountability for all the facts, the negligent omissions and the crimes.

anyone know if Maskedavatar an ATS "yes-man?"

He's been gone for 4 years. Guess that says something.

what about the user thirty3. Any chance you can pull up the posts by that guy?

<---grasping at straws... hoping something sticks...

thirtythree 10/16/03 4 posts
leaves mar 2004

thirty3 11/30/05 20 Still around, no board discussion

yah, I pull up a total of 5 posts... their post history says 20 posts...

Looks like we have a sock...

Funny how this "sock" is the first time serpo is mentioned on ATS

He's got 20...

another interesting oddity...

forum/thread178951/pg31

Ressurected after several years... after S.O. supposedly banned him?

Did ya go through and count them all? they're duplicates

He came in asking after a thread was already running. His thread was closed.

Looks legit to me.

hrm... my searching skillz are failing I guess lol I thought he had the earliest timestamp and such...

anyway... since that was fruitless, back to WITD...

It is sitll possible to see his posts through "quotes"... which means... it is confirmed... whoever changed his OP, would have had to have changed all the posts that quoted him...

smells like Admin bullshit to me!

Any thoughts on the sudden ressurrection after a few years? just for one character... "."

Think its Bill fuckin' with his members?

... or a member fucking with Bill.

We're not the only ones that dislike that place.

LOL fuckin' spot on!!! MaskedAvatar speaks the truth lol




http://75.126.76.151/forum/single/149152.html

William

A wise decision.

I had some whispers with WITD 12 hours ago. I found his sources, analytical ability and historical frame of reference to be valid, although I did mention that his manner reminded me of another whisperer I once knew in a mental institution.

Suspenseful writing. Oblique frightening references. Coded instructions. Fun (except if you are in the wrong place at the wrong time).

A useful strategy: release dozens of paranoiacs into the wild with tidbits of information about an impending devastating non-specific event and get them to watch what their chiefs are doing; breeds conspiracy theories and more discussion at ATS.

The forth post in 2005 is long. I'll get it.

From Thread: Bizarre Thing in Post
Posted by WhispersInTheDark, on October 25, 2005 at 15:09 GMT

a rage of pain a curse of pain and fear upon this place that cast out the brother of brothers of a sentinel of hope in time of chaos and agony is upon you and all of whom read these words and look back to the day the whispers sought to teach and lend aid to those who seek in hallways of fear and doubt upon which this day and this hour of your life shall now exist in fear of lost sentinels of the ages from templarian origins ancient and distant to protect all who seek and guide those who question from doubt and chaos amid the tyranny of elysium imposed on all in vain of deception from the hour of origin through now this hour of your most feared pain cradled in the bosom of abaddon the fire of your torment and the lies of your past bring this end upon thee and all thine cohorts of tyranny a rage of pain a curse of pain and fear upon this place that cast out the brother of brothers of a sentinel of hope in time of chaos and agony is upon you and all of whom read these words and look back to the day the whispers sought to teach and lend aid to those who seek in hallways of fear and doubt upon which this day and this hour of your life shall now exist in fear of lost sentinels of the ages from templarian origins ancient and distant to protect all who seek and guide those who question from doubt and chaos amid the tyranny of elysium imposed on all in vain of deception from the hour of origin through now this hour of your most feared pain cradled in the bosom of abaddon the fire of your torment and the lies of your past bring this end upon thee and all thine cohorts of tyranny a rage of pain a curse of pain and fear upon this place that cast out the brother of brothers of a sentinel of hope in time of chaos and agony is upon you and all of whom read these words and look back to the day the whispers sought to teach and lend aid to those who seek in hallways of fear and doubt upon which this day and this hour of your life shall now exist in fear of lost sentinels of the ages from templarian origins ancient and distant to protect all who seek and guide those who question from doubt and chaos amid the tyranny of elysium imposed on all in vain of deception from the hour of origin through now this hour of your most feared pain cradled in the bosom of abaddon the fire of your torment and the lies of your past bring this end upon thee and all thine cohorts of tyranny a rage of pain a curse of pain and fear upon this place that cast out the brother of brothers of a sentinel of hope in time of chaos and agony is upon you and all of whom read these words and look back to the day the whispers sought to teach and lend aid to those who seek in hallways of fear and doubt upon which this day and this hour of your life shall now exist in fear of lost sentinels of the ages from templarian origins ancient and distant to protect all who seek and guide those who question from doubt and chaos amid the tyranny of elysium imposed on all in vain of deception from the hour of origin through now this hour of your most feared pain cradled in the bosom of abaddon the fire of your torment and the lies of your past bring this end upon thee and all thine cohorts of tyranny

http://75.126.76.151/forum/single/1788298.html

whoa, you find that in archive?

I dunno about a member messing with bill...

Remember... Bill said he "banned" the guy...

That whispers post HAS to be an admin... they'd have had to unban him, and re-set his password...

either that, or bill lied... which has been known to happen too

Live copy

They used it in a game that got refered to as WITD.

[offsite:3aobkd4g]thread - ATS History: COINTELPRO and "WhispersInTheDark"
posted on 10/23/2006 @ 21:23 single this post

This is damn crazy stuff! Interesting like hell!

Anybody aware of this thread?
Bizarre Thing in Post
Starts like this:

Originally posted by Relentless on 24/10/05

I just posted to a thread and noticed in the bottom of my post the following in faint gray letters.

faLinG

That by the way is a copy and paste of it from the post. I didn&#39;t put it there. I hit the edit button to see it in the post, but it wasn&#39;t there. That did however make it vanish from the post.

What does it mean?

Excactly one year ago on this date the above thread started and ran over an amazingly 39 pages, 763 posts and almost 20.000 views.
Except for he last two pages all the comments where placed within 72 hours. It was in the forum of "ATS Sponsored Games & Events", and the subject was figuring out strange messages appearing in posts.
The agenda of the thread soon became to solve the riddle, as litterally hundreds of members have had the same experience of strange messages appearing.

What is most amazing is this WitD showed up four times on the thread to post complete black blocks, that only when highlighted would reveal a sequence of numbers. Hence his name, I guess.

On page 37 of the thread, pid: 1790757, kenshiro2012 compiled them all, i.e. all that was reported to the thread, beside the four ones. A most extensive compilation.

Whatever message, if any, nobody figured out. Only goes to show WitD is still around.

Anybody noticed anything similar, faint grey letters coming and disappearing in their posts?
Or blocks of black, where the hidden text only come whispering when highlighted?
http://75.126.76.151/forum/thread230887/pg1#pid2570680[/offsite:3aobkd4g]

My bad... I totally missed the context of what that meant until I saw it in the thread.

You missed a couple...

Web Archive to the rescue! And in context! You might want to PDF these.
http://75.126.76.151/forum/viewthread.php?tid=4925
http://75.126.76.151/forum/viewthread.php?tid=13920
http://75.126.76.151/forum/viewthread.php?tid=14349&page=2
http://75.126.76.151/forum/viewthread.php?tid=14137
http://75.126.76.151/forum/viewthread.php?tid=14174
http://75.126.76.151/forum/viewthread.php?tid=14076
http://75.126.76.151/forum/viewthread.php?tid=14202
http://75.126.76.151/forum/viewthread.php?tid=14203
http://75.126.76.151/forum/viewthread.php?tid=14238
http://75.126.76.151/forum/viewthread.php?tid=14258
[offsite=http://web.archive.org/web/20030820205912/http://www.abovetopsecret.com/forum/viewthread.php?tid=4925:18e3m18p]posted on 4-8-2003 at 12:50 PM Post Number: 133748
Whispers and rumors.

PNAC is a smokescreen. A misdirection for paranoids.
It&#39;s not false information. But remember that the best lies are the truth.

Look deeper. Listen to the whispers. Watch California. August will be hell for many.


An old friend returns in time of need.[/offsite:18e3m18p]
[offsite=http://web.archive.org/web/20030820211453/http://www.abovetopsecret.com/forum/viewthread.php?tid=13920:18e3m18p]posted on 4-8-2003 at 12:56 PM Post Number: 133752
Whispers.


How often do we forget the simple notion: "Follow the money"?
The money. The money. The money.
Not power. Money. Money is power.


The trilateral is a public face of groups only heard in whispers. Everyone needs a public face.
Listen to history. Look to 1931. Find your answers.

For now, and the Trilateral. Watch Jakarta for a sign of their games very soon. It will look like terrorism.


An old friend returns in time of need.[/offsite:18e3m18p]
[offsite=http://web.archive.org/web/20030820225913/www.abovetopsecret.com/forum/viewthread.php?tid=14349&page=2:18e3m18p]posted on 4-8-2003 at 01:09 PM Post Number: 133760
The whispers tell us there are not enough agents for tasks of importance, much less watching websites.

The powers that be are stressed at this time. There are not enough who stalk in the shadows. This is bad.

It can be argued that too many secret agents keeping track of the populace would be a bad thing. I stress that not enough is even worse.

We don&#39;t have enough. The whispers are frantic.




The best lies are the truth.
An old friend returns in time of need.[/offsite:18e3m18p]
[offsite=http://web.archive.org/web/20030820213020/http://www.abovetopsecret.com/forum/viewthread.php?tid=14137:18e3m18p]posted on 4-8-2003 at 01:24 PM Post Number: 133775
Whispers.

They told us long ago that the election was predefined.
Not too many were listening then.
Too bad.

Where is the number two man?
Why have we seen little of him recently?

Whispers. I hear them.
I&#39;ve been trying to piece them together.
A story emerges. But with blanks yet to be filled.

World War III has long since begun. A slow build.
The whisperers know this.
Pay attention to the locations of your leaders.
Where are they? Why are they spread about?
This is concern.

The sky is falling (again).[/offsite:18e3m18p]
[offsite=http://web.archive.org/web/20030820213332/http://www.abovetopsecret.com/forum/viewthread.php?tid=14174:18e3m18p]posted on 4-8-2003 at 04:16 PM Post Number: 133890
Trusted Computing is not a slave of the NWO.

Trusted Computing is from the new structure of the power brokers who are moving toward a one-state world. OSW is the buzz word amongst the new technorati.

Trusted Computing is the first steps of controling all attributes of information delivery.[/offsite:18e3m18p]
[offsite=http://web.archive.org/web/20030820213332/http://www.abovetopsecret.com/forum/viewthread.php?tid=14174:18e3m18p]posted on 4-8-2003 at 04:39 PM Post Number: 133910
Palladium has been renamed as the "Trused Computing Initiative".

We are discussing the same thing.




The best lies are the truth.
An old friend returns in time of need.[/offsite:18e3m18p]
[offsite=http://web.archive.org/web/20030820212258/www.abovetopsecret.com/forum/viewthread.php?tid=14076:18e3m18p]posted on 4-8-2003 at 04:49 PM Post Number: 133921
The most effective lies are the truth.

Whispers.

Consider the reverse-disinformation nature of the information presented to initiate this topic.

Why would the Saudi&#39;s want it this way? You can be certain the story occured with their permission.
They are but nomads who settled on a very valuable graveyard. The psychology of their culture plays an important role in this chapter.


Follow the money.




The best lies are the truth.
An old friend returns in time of need.[/offsite:18e3m18p]
[offsite=http://web.archive.org/web/20030820213820/http://www.abovetopsecret.com/forum/viewthread.php?tid=14202:18e3m18p]posted on 4-8-2003 at 04:58 PM Post Number: 133930
The first skirmish in the most recent battle of hawks against doves has been lost by the doves.

Watch closely the movements of Powell. He is no longer trusted.[/offsite:18e3m18p]
[offsite=http://web.archive.org/web/20030820093925/http://www.abovetopsecret.com/forum/viewthread.php?tid=14203:18e3m18p]posted on 4-8-2003 at 05:02 PM Post Number: 133932
Blue Alert

There are several alert code names throughout the whispers.

Blue.

This is the alert given to the security details of top Washinton officials. It has just been issued.[/offsite:18e3m18p]
[offsite=http://web.archive.org/web/*/http://www.abovetopsecret.com/forum/viewthread.php?tid=14238:18e3m18p]posted on 5-8-2003 at 04:24 AM Post Number: 134425
The whispers...

I apologize for my cryptic style. It is a necessary attribute of promises I have made. And the promises enable access.

I may have more to impart soon. And my style may not change, but I will try to be succinct and as direct as possible.

My intent is to point out the signposts and show the path and guide you to find your own conclusions. This is after all the path to wisdom in all efforts. Not though pure acceptance of information, but the seeking of discovery.


Peace.[/offsite:18e3m18p]
[offsite=http://web.archive.org/web/20030902160731/http://www.abovetopsecret.com/forum/viewthread.php?tid=14258:18e3m18p]posted on 5-8-2003 at 12:13 PM Post Number: 134614
movements - collaborations - deals

GWB and administration hawks are beginning to feel overwhelming behind-the-scenes international pressure for the Iraq fiasco. The "fiasco" is twofold; 1- Suspect data used to justify the action, 2- Lack of post-war Iraq planning/effort.

Rumors indicate the release of information about Saudi Arabia&#39;s potential complicity in the WTC 9-11 attack are part of a complex deal to sooth international pressure.

The hastily planned vacation is suspect. Several groups are surprised. Several are concerned about the potential reasons.

Over the coming days please pay attention to:
Movements of the GWB cabinet.
Announcements from senior Downing Street officials
Saudi Royal Family (here and abroad)

Tension is as high as it was, if not higher, on 9-9-2001.

Jakarta may be next in a ramp-up.


signature
The best lies are the truth.
An old friend returns in time of need.[/offsite:18e3m18p]

Hmmmm.... I'll see if I can find some more.

EDIT: I've reordered the messages in date/time order. Added a couple more.

LOL Browsing ATS from 2003 via web archive is hysterical...

Found this
http://75.126.76.151/forum/viewthread.php?tid=15132
[offsite=http://web.archive.org/web/20030828004745/www.abovetopsecret.com/forum/viewthread.php?tid=15132:3slts6ck]Subject: Whispers IN THE DARK - aptness?
MaskedAvatar
Eternity




Registered 29-4-2003
Location H&#39;siffaen Shield
Member Is Online
Mood: !?cognizant?!

ATS Points: 15231



posted on 16-8-2003 at 03:14 AM Post Number: 146942
Whispers IN THE DARK - aptness?

Opinion piece from www.whatreallyhappened.com (http://www.whatreallyhappened.com)

The blacked-out blackout.

Burning transformer on 14th street, lightning strike in Niagara, failed power plant in Pennsylvania, failed power plant in Ohio, problems west of Ontario; we are into day two of the great northeastern blackout of 2003 and nobody knows exactly what went wrong. But two things are clear.

First: Despite the lessons learned in 1965 and 1977, the power infrastructure of the United States is a delicate and fragile system that can be taken down by a single point failure. It is hard to claim to be a world leader when one cannot keep the lights on. We are a first world nation with a third world power supply.

Second: Our much vaunted Homeland Security Department is as much in the dark about what happened as anyone else, if you&#39;ll pardon the pun. Had the blackout actually been a terrorist attack, the HS boys would still be scratching their heads, unable to locate the problem, let alone decide how to fix it. And this means that with all their spy cameras on we the people, the "peek-a-boo" scanners that see through our clothes at the airports, the covert searches of our computers and homes, the Homeland Security people are looking in the wrong places, because today we know the homeland ISN&#39;T secure, and that fact caught the Homeland Security people completely by surprise. Just think about it. For all their peeking into our mail, banking transactions, and posing with guns and uniforms at airports, the Homeland Security people were caught off guard by the blackout. Which means that if it HAD been a terrorist event, Homeland Security would have failed their primary mission, indeed HAVE failed their primary mission, which is to identify ALL points of vulnerability in the nation and secure them against attack, not just spy on the citizens to make sure they are not unhappy with the current leadership.

The blackout has taught us all a lesson. We are not secure. We may have shiny new locks on the front doors but the foundations of the nation are cracked and rotted. The roads are falling into disrepair, the power grid has become unreliable, mail service has slowed down, schools do not teach, emergency rooms close, the internet is clogged with viruses and worms; each and every one of these problematic infrastructures is a threat to Homeland Security, and all are being ignored by the people who take our tax money and use it to watch us, while claiming to be concerned for the security of the nation.

Well, the nation is NOT secure. This blackout may not have been an act of terrorism, but it proves that such an act was not only possible but capable of producing a wide area result. and yet the department of Homeland Security has never once taken steps to make the power system more able to survive single-point failures. Nor for that matter have we seen the Homeland security people give more than a passing glance at the MSBlast worm ripping through the internet as I type this. Homeland Security hasn&#39;t made the homeland more secure. It just spies on the citizens. Which proves the Department of Homeland Security is really not about protecting the people, but merely keeping an eye on them.



PARDON THE PUN, indeed....

It may be a common expression, but why would someone whisper IN THE DARK exactly?

And how important was Detroit in the murmurings, and why has it been observed to be particularly quiet there still?

(Just rambling about coincidences.)


signature
I think all foreigners should stop interfering in the internal affairs of Iraq
(Wolfowitz, on tour to meet US troops and Iraqi officials, July 2003)[/offsite:3slts6ck]

[offsite=http://75.126.76.151/forum/thread14238/pg1:2u2bwslj]Umbrax

thread - The whispers...
posted on 10/23/2005 @ 21:59 single this post "quote"REPLY TO:

What happens when Whispers rise from the dead?



[edit on 23/10/2005 by Umbrax][/offsite:2u2bwslj]

WITD member shows 290 post count by history shows 23 posts. He made no post between 8-5-2003 and 10-24-2005, yet that above post was on 10-23-2005. Looks like a someone was fixing to use that account as a sock.

and Umbrax isn't a mod...

how would he know?

stumped.

This might be all old news to you guys, but here's my two cents.

The 2005 and 2003 incidents are not the same person. 2003 was the "real deal". 2005 was the SQL injection hacker.

Before he was gonna start his fun, he had to test his methods. To do this, he picked random posts from the forum and chose those as targets. He then whipped up some BBCode for "faLling", etc. and used those to test his SQL injection technique for accuracy.

/forum/viewthread.php?fid=91&tid=178951 -> In this thread, someone noticed.

The next day... WITD posts a cryptic ".".... This is "his" first post in two years. /forum/single/1786594.html -> This post was his first attempt at injecting a complete message. When he did the injection, he had to provide a user ID for the poster, so he picked WhispersInTheDark. I'm even gonna guess he picked it because he used the same technique WITD#1 used. ATS probably closed the specific hole, but didn't fix the overall problem throughout the site.

I posted a link somewhere that documented that there was an SQL injection vulnerability in vBulletin 2.6.1... in the Admin control panel. That means for the attack to work you had to have access to the panel in the first place, or the code would never have a chance to execute. That means a moderator or higher. The guy was not only an ATS regular for years, but I'm betting was someone that's still there and probably posted in that thread.

The word salad that pack found was the last post by WITD#2... and the most complete amount of text.

Ok... this is fun.

EDIT: Fixed a factual fuckup.

http://75.126.76.151/forum/single/1788415.html
[offsite:3atcqyfl]From Thread: Bizarre Thing in Post

Posted by drlau, on October 25, 2005 at 16:57 GMT

Gotta go, but here&#39;s what I have gathered:

witd post numbers so far:


172609 255615 366378 611737 525939 480599 201494/

908857 829058 185317 352259 813348 656251 803806/

610667 388397 369195 647516 998380 246786 993592/

743029 855635 881899 682154 570041 343414 901188/

717938 933968 857139 961147 273154 240559 562524/

896184 950346 441254 368585 187781 368069 803451/

696637 832962 533193 557447 786785 476188 445033/

448911 817567 314721 614080 203770 906627 457426/

559517 235984 200448 259753 261765 928701 511247/

286217 504776 184135 823704 275467 825713 601527/

665332 154300 502963 707624 912943 979150 192563/

588581 499981 726302 777335 451034 231785 361308/

599763 564795 417400 645643 955173 115005 283932/

798230 638617 891596 866188 162852 454768 171679/

372346 242216 820185 733037 707375 958567 586036/

935982 833727 439188 330906 684130 160475 379593/

703200 368861 846649 877214 909139 585633 370492/

122909 925467 486374 161978 345844 133903 820607/

727403 858349 957449 826210 519605 310943 225933/

572553 470572 709489 702437 926708 205188 833544/

125205 862172 379283 177560 788365 711892 387431/

652805 417160 550183 561486 347497 795496 631025/

765589 748195 956210 968417 271967 857132 314877/

831583 178131 618548 407990 465677 596766 938269/

761123 209807 545946 789591 874968 741890 236414/

349688 117848 587044 310608 578834 840188 788278/

955832 566756 306959 498074 790619 896250 414564/

574845 211155 684755 468166 750147 243353 562577/

559359 594514 908793 544166 416795 238201 530870/

809438 703286 877078 725388 146694 953382 142360/

903209 861377 821606 319447 582660 373893 185884/

487807 844395 241893 565015 461892 491394 429572/

609416 122268 113022 597326 704670 622904 725260/

508111 544245 978045 617384 287599 389622 837424/

649953 619422 732612 516570 916793 967763 727046/

866507 371728 774429 485535 971992 214295 524721/

183010 834081 727177 265107 749749 517034 979279/

456494 761565 750106 886486 219704 889585 621582/

170765 510601 969866 466227 426053 281091 948150/

418002 984046 875702 492662 870462 386742 674235/

259041 663208 864518 586181 272161 843481 943057/

446553 482690 203563 443880 615465 651807 586625/

343794 900381 853481 766525 840177 257470 118831/

600403 865414 261614 350880 942377 220931 678803/

437717 213840 551842 739432 524260 604074 717935/

781911 532122 478286 260186 920361 672681 498300/

972794 976481 234202 844076 171707 845091 648559/

940803 336726 595300 703874 327431 198094 922296/

118150 125725 642563 291727 722102 339911 446817/

522296 698196 943679 355159 652664 503717 368915/

330756 877375 266068 488758 585664 130830 787790/

277019 767252 672170 785556 193743 422145 635296/

880117 338348 249913 590339 507356 135423 572488/

297451 352849 607200 245072 115579 761522 604685/

914804 663026 586246 320909 857852 226782 288247/



grey numbers:


164} - 659658-208730|
300} - 204756-919976|
408} - 190823-180277|
412} - 856011-629030|
474) - 131172-706168|
489} - 184810-683722|
504) - 547563-771219|
508} - 623796-125384|
598) - 652097-496289|
599} - 948907-809301|
607) - 498127-984776|
616} - 725397-638562|
699} - 671226-250445|
766} - 876193-212656|
848) - 363512-475302|
856} - 992812-535077|
963} - 942146-396008|
993} - 756034-501078|





Thread numbers? Post numbers? Swiss bank account?

--Doc[/offsite:3atcqyfl]

He's reading PMs... those are user IDs... part of his attack requires the insertion of text... he's using his own posts to display the output of his queries.


PMID FROM TO
993} - 756034-501078|


Next he uses that info to read PMs....

http://75.126.76.151/forum/single/1789565.html

Whats the story behind drlau?

Interesting post history.

http://75.126.76.151/forum/profile.php?member=drlau&display=posts

More technical info about a possible attack vectors for WITD#1

http://www.waraxe.us/content-12.html

EDIT: ATS 3.0 marked the adoption of vBulletin. The link below is the earliest Web Archive record of the 3.0 format.

http://web.archive.org/web/20030930124210/http://abovetopsecret.com/

They have always maintained that they use XMB, 1.6 to 1.8. Look at the current version of XMB. It looks similar.

Check this old post
[offsite:96u6xoec]http://75.126.76.151/forum/single/280697.html

From Thread: how dare you
Posted by William, on November 21, 2003 at 21:58 GMT

Ah... an honest question... how refreshing.

First, since first installing XMB I disabled the easy-to-use U2U browser available to admin, and this server does not have the easy-to-use phpMyAdmin installed.

On three occasions, we have reviewed U2U&#39;s. Two of them during the cleanup of hacking attacks, and one during investigation of terms of service abuse. But it&#39;s not easy given the purposeful lack of database management tools on this server (higher security).[/offsite:96u6xoec]

The explanation....

[offsite=http://75.176.76.151/forum/thread16312/pg1#pid178340:96u6xoec]From Thread: Whispers in the Dark--The real deal
Posted by William, on August 29, 2003 at 21:12 GMT

Trust me... he did indeed make changes to the database using an exploit which has since been blocked.

---

From Thread: Whispers in the Dark--The real deal
Posted by William, on August 30, 2003 at 21:35 GMT


Originally posted by MrEisenhower
Could you tell us whether the Database was definately hacked? There has been, IMO, a bit of confusion there


By it&#39;s very nature, PHP is an insecure programming language. Variable names, like $post can be:
1. a cookie named $post
2. A URL string variable named $post
3. An internal variable named $post
and so on

So if a given piece of PHP programming relies on the variable "$post" it can be passed to the programming as a URL variable... and if the programming has no safeguards... you&#39;re screwed.

The database was modified with this type of exploit.

My fix has been to change the name of important PHP files, as well as critical variable names.


Since the Apache logs were GIGANTIC that day... I can&#39;t tell for certain when or how the spoof occured. I found some lines that look like exploit attempts... but it&#39;s not absolute proof.[/offsite:96u6xoec]

[offsite=http://75.176.76.151/forum/thread16312/pg1#pid181531:96u6xoec]From Thread: Whispers in the Dark--The real deal
Posted by William, on September 2, 2003 at 21:27 GMT


Originally posted by MaskedAvatar
There are no edit marks because of the ability to exploit code in the XMB forum to prevent the edit marks appearing, such ability within ATS restricted to only three individuals.


There is a direct database edit function within the XMB control panel (cp.php) called "upgrade". The function allows specific SQL queries to be entered and run. The exploit (not confirmed) seemed to take advantage of poor security on the XMB folk&#39;s part... and PHP&#39;s default methods for treating URL variables the same as FORM field variables. This will edit the database directly without leaving [edited by] indications (which are added by the XMB code when you modify a post).

I&#39;ve since changed the filename of the control panel, variable names, variable content, and have validated the difference between form and URL variables.


Discussion board exploits are common, popular, and all too often easy.[/offsite:96u6xoec]

[offsite=http://75.176.76.151/forum/thread230887/pg1:96u6xoec]From Thread: ATS History: COINTELPRO and "WhispersInTheDark"
Posted by SkepticOverlord, on October 23, 2006 at 16:15 GMT


Originally posted by Nygdan
I think that the big questions are &#39;who is witd&#39;

"Who" is still unkown. It&#39;s clear that "he" was well-versed in all things ATS, as well as one or two obscure intel details that helped his "credibility". But in the end, he was nothing more than a script kidding taking advantage of exploits in an old version of XMB 1.6 still on the server at the time.



did the DoD IPs ever pop up again on the website?

Since WITD was able to INSERT anything he liked into the database, we can assume he inserted interesting IP&#39;s with his posts. As we dug as deep as we could, it was clear that each of his posts had a unique IP address. I doubt any of them were his actual IP.



Why would the DoD send someone to pretend to have prophesized/leaked information such as that?

They didn&#39;t... he was just a hoaxer.



And also, while everyone knows that SO is a whizkid when it comes to computers, why was it so easy to stop the DoD&#39;s attempt to stir up problems here?

I just fake it real well.

Since "he" wasn&#39;t from the DOD, then all is moot. We blocked all the associated IP&#39;s, including his registration IP which was from a proxy server in the northeast. In addition, we altered one key database attribute which put a halt to simple XSS exploits that he seemed to be using.


Also, did DR leave the site because of WITD, as is implied in the cartoon? If so, why?

Indirectly. He went "sour" because he never accepted our explanations for the event. It seems as though he made contact with WITD and was somehow convinced of his story, and that we (ATS admin) had a level of involvement. We tried (over and over and over) to explain how the database exploits were done, how WITD was able to read U2U&#39;s, how WITD was able to read posts in the moderator forum, and use all that information to really mess with people.

It&#39;s sad really. He was a productive poster and made some excellent contributions. In the end, he didn&#39;t believe us and it went bad from there.[/offsite:96u6xoec]

[offsite=http://75.176.76.151/forum/thread230887/pg1#pid2570215:96u6xoec]From Thread: ATS History: COINTELPRO and "WhispersInTheDark"
Posted by SkepticOverlord, on October 23, 2006 at 17:55 GMT

Originally posted by Willard856
My question is, how long did it take for you to realise that it probably was a hoax? Did you sit around for a while going "Wow, this is so cool!", or did you immediately smell a rat?



It actually took a while to figure it all out... but many of us noticed a strong rat smell right off.

Several members believe they saw the infamous Jakarta post before the event, and it contained no warning. I didn&#39;t see it, but a few moderators agreed... so somehow WITD was modifying the database.

Here&#39;s the part that had my brain in a twist for a while...

The traffic logs didn&#39;t show any activity to pages that a script kiddie would use to insert or modify database entries. In fact, they didn&#39;t show any traffic data from WITD on his posts. I was trying to find his actual IP in the traffic logs, since it became clear no data in his posts was reliable.

So, for a short-term fix, I simply altered one key attribute in the posts database table, making it nearly impossible for an XSS exploit to work. That stopped the madness.

Some weeks later, when I was doing some server housekeeping, I noticed an old directory... abovetopsecret.com/xmb ... It contained all the old, super-sloppy XMB 1.6 code from the previous server that I put in place when we moved to the new server, and XMB 1.8! I forgot about it... but some members where using it during our first move to a dedicated server. It was still functioning. That&#39;s where he accessed the exploitable scripts.[/offsite:96u6xoec]

[offsite=http://75.176.76.151/forum/thread230887/pg1#pid2571426:96u6xoec]From Thread: ATS History: COINTELPRO and "WhispersInTheDark"
Posted by SkepticOverlord, on October 24, 2006 at 10:28 GMT


Originally posted by ConspiracyNut23
1. In your opinions (SO/Springer) was WITD a script kiddie or an accomplished hacker? Is it easy to tell the difference? Wouldn’t an accomplished hacker want to appear amateurish?

My money is on an experienced ATS member or former member with moderate "script kiddie" skills. Someone with more advanced skills would have been able to do much more with XSS access.



2. Did WITD really know about the FBI’s involvement before you guys? (Is that part of the reading u2u’s exploit? How would he know which one to read)

I think he did in fact see this in a U2U. Given that he could execute simple SQL queries, and the XMB database structure is well publicized... it would have been very simple to dump all U2U&#39;s within a specific time frame.

3. Did the motto.. watch this space… begin in the aftermaths of the WITD affair?

"Watch this space?" I don&#39;t know what you mean? :puz:



4. I also read posts suggestion NetChicken’s involvement in the WITD affair. Was Netchicken involved? Is he a contender for the identity of Whispers?

Given his prankish history, and knack for causing us problems because of his pranks, I have to admit he could certainly be on the list. However, we never considered him at the time... and I doubt he&#39;d have the one or two bits of arcane intel knowledge that WITD seemed to have.[/offsite:96u6xoec]

[offsite=http://75.176.76.151/forum/thread230887/pg1#pid2579377:96u6xoec]From Thread: ATS History: COINTELPRO and "WhispersInTheDark"
Posted by SkepticOverlord, on October 27, 2006 at 21:57 GMT


Originally posted by Ycon
SkepticOverlord, if these script kiddies were able to change the date stamps on their own posts as WITD, using the old, super-sloppy XMB 1.6 and 1.8 code. Would it also give them the ability to change other members date stamps when quoting WITD posts?

All he would need to do is a mySQL UPDATE an entire new post into the database record corresponding to the member&#39;s post with all the edits. From what I recall gleeding off the XMB forums regarding 1.6, this type XSS attack was possible through three different PHP templates.

Another question, do script kiddies use the term beltway in their hacks? or is that a term used mostly by experienced and pro hackers?

Beltway? No, it has nothing do with hacking. Anyone who reads politcal news knows what the "beltway" is.

As I remember that group defaced the site on that day.

Different days. I don&#39;t recall the specific cronology, but the defacing was a much lower-order attack than what the WITD person did... and I recall it being several weeks apart.

It was a difficult time back then. I was just getting up to speed with the need to learn serious server and application security, we were going through significant changes, we had break-neck growth, and a handful of mischievous members and former members hell-bent on causing problems (we also had a serious DDoS attack from a few of the malcontents). And this was all well before the real "Deny Ignorance" spirit of ATS was beginning to form... the board spirit that eventually made every second of the effort, stress, and anxiety well worth it.[/offsite:96u6xoec]

[offsite=http://75.176.76.151/forum/thread230887/pg1#pid2601953:96u6xoec]From Thread: ATS History: COINTELPRO and "WhispersInTheDark"
Posted by SkepticOverlord, on November 6, 2006 at 21:27 GMT

I think this is the fourth banning for Ycon (at least in total, maybe not for that specific pseudonym of hers)... I&#39;ve lost count over the years.

It&#39;s simply amazing the level of doubt and ill-will that continues to this day over this subject. While I&#39;m not sorry we restarted this topic, I am really amazed that this important event in ATS history still causes these feelings to surface.

As many have pointed out, it was an interesting time of us... we were just beginning to grow (in our 4th month on our first dedicated server) with new traffic and increased features... but the growth was leaving some "die hard" members in a lurch. The increased activity, new members, and the beginnings of what some saw as the commercialization of ATS caused a "clash of cultures" on the board.. leading to distrust and knee-jerk finger pointing.

I suppose we&#39;ll never escape this. No matter how hard we try to show that we were pranked (by someone skilled in ATS topics using "script kiddie" tricks), those who still cling to distrust and doubt will pick at old wounds looking for... for... well... I don&#39;t know what they&#39;re looking for.

In the end I think this was an important event for us to experience and retain in our collective history/memory. On one hand it shows the frailty of the "old ATS" of that day, and on the other it shows a hint of the promise that ATS was to become. Some would say it very nearly brought us down... even accuse some "ATS insiders" of a prank gone wrong... I say no...

I think it was our tipping point... an event that was the catalyst for what ATS is now, and will evolve to in the future. After this event, our staff began to gel into the kind of forum staff that is the envy of the Internet. After this event, our membership demanded a new level of quality governance and decorum that is unrivaled anywhere in open online discussion now or before. After this event our membership responded exceedingly enthusiastically to a wealth of new services including free uploads, blogs, new boards, and free podcasting (among others).

This is the event that sparked the cohesiveness of this amazing online community. Without it, we may not be here right now.

It&#39;s sad that some valued members were driven away by it (sadder still that one seems gone from this existence)... we&#39;ll never know how much better we might be even now if their contributions continued. But such is the difficult price of change... it can often hurt.

I&#39;m not happy the "whispers" event happened as it caused me lots of direct stress... but I&#39;m proud that our community reacted the way it did... it changed us permanently for the better.[/offsite:96u6xoec]

423 W 55th Street
NY, NY 10019


something about that address rings a bell?

crakeur maybe works around there somewhere?

wouldnt that be classic!

Yah, Ive seen that before.

Pretty sure 55th st is where someone tracked his ip down.

BUMPING THREAD FOR EPIC LOLZ

I wonder how we can disseminate this information and make ATS run around like morons w/ DCMA notifications...

HMMMMMMMMMMMMMMMM.........

we could post what we got on every conspiracy forum we can think of :P

thats what would make em run around like crazy :P

If I put the old form of XMB on a site... anyone care to try and exploit?

Lets see if we can re-create the WITD incident using the information Bill gave us... and see if its even possible!

If the WITD incident was actually due to the site being compromised then this, from a few months later, might give a bit of insight.

[offsite:2hu5bu7k].... ......... aka teck7

cl41m t0 f4me:
APF (Advanced Policy Firewall) - 0.9.3
Copyright (C) 1999-2003, R-fx Networks
Copyright (C) 2003, .... .........

He almost makes people think he knows what he is doing, and that he deserves
money for his time. We have determined that Mr. .... ......... of ...........
has not only defrauded his customers, but also exploited their lack of intelligence
through over-charging for his services, while also leaving the integrity of his
client&#39;s servers open to the whole world. To demonstrate this lack of care,
integrity, and intelligence by Mr. .... ......... we will display the
information for a number of his clientele. All below server information is valid as of 3pm
Eastern Time Zone February 3, 2004. Got Root?


Dumping all this tards email....
No encryption picked up....
Passwords detected....
Begin dump!


name

William


company

DenyIgnorance


email

.......@denyignorance.com


url

http://www.abovetopsecret.com


Request ID

390

Priority

3

Logged

30-1-2004-11:25

Status

CLOSED

Ownership

....

Department

Hosting - General/Other

Purchased APF installation

Your e-mail response said---
We thank you for purchasing ............com services. To complete the
service as ordered we require the following information from you:

1) Server hostname/IP
66.98.176.42

2) Server login information
admin: di9ijn0okm
su: @f8uhb7ygv

3) Any special requirements or requests
Currently experiencing SYN floods and am particularly interested in the
better anti-dos of the current APF.
I have an older version of APF running.

please confirm via e-mail to .......@denyignorance.com when the install is
complete.
Thank you.[/offsite:2hu5bu7k]

I still don't think that had anything to do with the whispers incident... the email with the pass that was dumped wasn't even sent until jan 30th or something like that...

But, it might give some insight... if we can find stuff earlier than that from the same guys...

I mean... if Bill got the information wrong that doesn't mean that it still didn't happen... just that the way he explained it was poor.

I've got little doubt WITD#1 was an exploit in XMB.

We could mess around with it... but XMB < 1.8 has holes like swiss cheese.

Not to mention it wasn't 120 days later that ATS 3.0 was rolled out.

.... and not to mention I won't hear a word further about posting confidential information on the internet in response to a complaint.

Hypocrisy is intolerable.

I have my doubts about WITD being a hacker at all though...

all of his IP's were different... does that mean he was logging in and exploiting every single time?

I dunno... something smells fishy...

.... and not to mention I won't hear a word further about posting confidential information on the internet in response to a complaint.


I might be slow tonight, but watcha mean by that mate?

I have my doubts about WITD being a hacker at all though...

all of his IP's were different... does that mean he was logging in and exploiting every single time?

I dunno... something smells fishy...
Don't forget that was 2003.

Unfortunately a reverse DNS lookup 6 years later may not yield usable results....

But I can't help but wonder if he was employing a variety of dial-up ISPs to produce the rotating IP addresses.

Want to look like you moved locations? Switch from your San Francisco AOL dial-up to a NetZero dial-up in Philadelphia....


.... and not to mention I won't hear a word further about posting confidential information on the internet in response to a complaint.


I might be slow tonight, but watcha mean by that mate?
The message HP posted... is that not a complaint from Bill regarding the service of his servers and threatening to display such on the internet until he's satisfied?

I could be reading it wrong...

Just because that was later doesn't mean the same person(s) couldn't have done both, doesn't mean they did either. I might point to a security problem though.

is that not a complaint from Bill regarding the service of his servers and threatening to display such on the internet until he's satisfied?

Not as I see it. Just wants improved software.

Remember the logs didn't reveal much if any at all. So IPs in a post could be false. If the DB is compromised then any data there is questionable.

nope... thats the hacker newsletter entry HP found...

Its hackers hacking his security guy's server... and dumping emails sent into the hacker forum...

Just because that was later doesn't mean the same person(s) couldn't have done both, doesn't mean they did either. I might point to a security problem though.
You could be absolutely correct.

The two just feel different.

I'm pretty confident in my estimation of the "hidden" text and what the numbers meant.

WITD#1 didn't experiment like that, and if he did he cleaned it up afterwards or no one noticed until the ATS crew could remove it.
WITD#2 posts didn't have the same cadence or style. WITD#2's post here (http://www.amkon.net/phpBB3/viewtopic.php?p=95775#p95775) is a good example. For as cryptic as WITD#1 could be, he didn't talk about nonsense and used complete sentences.

WITD#1, legit or not, wanted to say something.

I can't help but think that WITD#2 only posted to divert attention away from what he was really doing, which was exploring ATS's database structure.


nope... thats the hacker newsletter entry HP found...

Its hackers hacking his security guy's server... and dumping emails sent into the hacker forum...

LOL don't be so cryptic then....

I think the second time whispers came about was completely 100% staff...

even to this day... WITD is not "banned" even though bill says he banned him... SOMEONE unbanned that user

the first WITD could have been a hacker... but if it was a hacker, i think bill knew who it was...

My take on the whole thing is that staff knew of the hoax, or started the hoax themselves... and when FBI got involved... did a whole lot of backpedaling and damage control...

Thus, why I am so interested in getting the FBI investigation papers through the FOIA... whatever bill told the FBI is probably the truth... and I'm willing to bet that it doesn't match what was told to the membership.

I don't agree with the number speculation.

How so?

You don't think it's PM and user ID's or you don't think it's related to WITD#2?

I don't think they are UIDs unless they have been changed since the incident.

Some of the number were most likely post ids for the game. Maybe sequence/tracking numbers also.

WITD #2 was a staff related ARG game... as demonstrated by this thread :
http://75.126.76.151/forum/thread179551/pg1

it was an ARG... not a hax...

Slightly dangerous considering the history with that username...

Was WITD always a sock? or did it just become a sock?

Was WITD always a sock? or did it just become a sock?

That's a question I have been pondering.

I also don't think they would admit an intrusion after the original incident.

Are you sure?

http://75.126.76.151/forum/single/1789565.html

I wonder if the staff didn't get the wrong idea... they were being hacked but played it like a continuation of [RINGS]

Notice that it's drlau that starts that thread.

Previously I posted drlau's post history.

http://75.126.76.151/forum/profile.php?member=drlau&display=posts

Did the staff not tell the mods that there was going to be another game?

If it was just some game... then yeah... WITD turned into a sock to help the game along.

After a visit from the FBI was triggered by that user the last time, I find it hard to believe that it would be allowed to be used in some game.

If anything I think drlau is a sock....

hrm... I can't see Drlau's post history...

Isn't that the "all the conspiracies" game?

[offsite=http://75.126.76.151/forum/profile.php?member=drlau&display=posts:2hgq4psi]Last Visit: March 8, 2006 Threads Started: 7 Total Replies: 127 Post Count: 41 Applause: 0

Recent posts in last 180 days Of activity from drlau (250 Max)
Thread Title Replies Post Date Single In-Thread
1 [WITD] Congrats 36 28-10-2005 @ 08:57 1794214 thread posts
2 [WITD] Letter Clues 101 27-10-2005 @ 13:30 1792579 thread posts
3 [WITD] Letter Clues 101 27-10-2005 @ 11:33 1792328 thread posts
4 [WITD] Letter Clues 101 27-10-2005 @ 11:25 1792310 thread posts
5 [WITD] Letter Clues 101 27-10-2005 @ 11:19 1792288 thread posts
6 [WITD] Letter Clues 101 27-10-2005 @ 11:11 1792263 thread posts
7 [WITD] Letter Clues 101 27-10-2005 @ 10:49 1792210 thread posts
8 [WITD] Letter Clues 101 27-10-2005 @ 10:38 1792183 thread posts
9 [WITD] Letter Clues 101 27-10-2005 @ 10:14 1792144 thread posts
10 [WITD] Letter Clues 101 26-10-2005 @ 16:06 1790594 thread posts
11 [WITD] Letter Clues 101 26-10-2005 @ 15:00 1790368 thread posts
12 [WITD] Are Black Box Clues a Red Herring? 5 26-10-2005 @ 12:45 1790082 thread posts
13 [WITD] Are Black Box Clues a Red Herring? 5 26-10-2005 @ 12:20 1790052 thread posts
14 [WITD] 0-9 Clues 3 26-10-2005 @ 07:46 1789591 thread posts
15 [WITD] i, ii, iii, iiii Clues 3 26-10-2005 @ 07:40 1789581 thread posts
16 Bizarre Thing in Post 763 26-10-2005 @ 07:23 1789565 thread posts
17 [WITD] Grey number clues 7 26-10-2005 @ 07:16 1789555 thread posts
18 [WITD] Letter Clues 101 26-10-2005 @ 07:14 1789552 thread posts
19 [WITD] i, ii, iii, iiii Clues 3 26-10-2005 @ 07:09 1789547 thread posts
20 Weird writing in my post. 20 26-10-2005 @ 07:06 1789542 thread posts
21 Bizarre Thing in Post 763 25-10-2005 @ 16:09 1788415 thread posts
22 Bizarre Thing in Post 763 25-10-2005 @ 15:32 1788316 thread posts
23 Bizarre Thing in Post 763 25-10-2005 @ 15:28 1788307 thread posts
24 Bizarre Thing in Post 763 24-10-2005 @ 13:16 1785657 thread posts
25 BL=Gone 1 11-10-2005 @ 10:40 1760511 thread posts
26 [DrJim] The Co-ordinates 69 10-9-2004 @ 15:18 812653 thread posts
27 Lost Books of the Bible 14 23-8-2004 @ 15:50 768100 thread posts
28 [RINGS] FTR Update 08/11 - Red Dot 86 11-8-2004 @ 12:54 741461 thread posts
29 [RINGS] FTR Update 08/11 - Red Dot 86 11-8-2004 @ 08:19 740874 thread posts
30 [RINGS] FTR Update 08/11 - Red Dot 86 11-8-2004 @ 07:10 740770 thread posts
31 [RINGS] Clue solved! New clue from deep. 66 10-8-2004 @ 09:51 738663 thread posts
32 [RINGS] aboriginal creation mythology 14 10-8-2004 @ 09:43 738637 thread posts
33 [RINGS] Clue solved! New clue from deep. 66 9-8-2004 @ 13:47 736877 thread posts
34 [RINGS] Clue solved! New clue from deep. 66 9-8-2004 @ 08:50 736288 thread posts
35 [RINGS] FTR: seven red dots - last clue? 5 30-6-2004 @ 12:52 653407 thread posts
36 [RINGS] 6/29/04 CLUE 22 30-6-2004 @ 12:37 653373 thread posts
37 [RINGS] 6/29/04 CLUE 22 30-6-2004 @ 12:33 653365 thread posts
38 [RINGS] New User HammurabiFive 0 29-6-2004 @ 16:58 651353 thread posts
39 [RINGS] 6/29/04 CLUE 22 29-6-2004 @ 16:42 651319 thread posts
40 [RINGS] Rivers Merge... 6 28-6-2004 @ 15:45 648545 thread posts
41 [RINGS] Keep your mirror for your wallpaper :) 22 23-6-2004 @ 14:29 636773 thread posts[/offsite:2hgq4psi]
A guy who used to be a mod... but isn't a mod... with no threads started that weren't involved in a game or WITD. The guy isn't banned and hasn't logged in since 2006... and only had 127 posts.

A mod w/ 127 posts total? Really?

hrm...

sock 4 sure

As I posted early, WITH shows 23 posts, they look legit, but the profile show 290. Been used for something that isn't visible.

... ROFL

Mod forums.

... or orphaned posts due to the hacking method.

I'm still not convinced #2 wasn't another intrusion.

w/204 replies...

Mod forums you think?

Lets not skip the fact that someone gave WITD an applause. Guess that was before the realization of who he was or a mod had a sense of humor.

I'm gonna venture out on a limb and say it was Dragonrider who gave him applause

The applause is kinda random.

Maybe some mod that didn't comprehend what was going on?

Yeah, applauses are random. I've gotten them for posting jokes or one-liners. Yeah, the one-line post warnings are random, too. I've gotten a one-line post warning for a full paragraph post.

Arbitrary, all of it.

OK, so I heard from someone close to the whole situation last night... and he's willing to answer questions for us :P

I figured I would try to get a little more organized before I started firing away and bugging the piss outta him lol.

I wanted to ask him about Dragonrider, and how he had heard that he had died...

Any other questions you can think of? Its still early, and I'm halfway through my first cup-o-joe... so I'm not thinking yet...


edit: removed identifying info in case he wants to stay anonymous...

Thinking...

I guess S.O. bribed one of their old mods into deleting the WITD research... but he is going to try and piece the thread back together through Google archives and such...

I'll ask him if I can share his PM message he sent to me with you guys... its really fascinating...

edit: Removed identifying information for the time being. Sorry guys! I second guessed myself and its probably better that way... in case he doesn't want to get too involved again...

Do we pm the questions to you or will there be a thread? Would be nice to have it organized at the start for him. Also should the questions be out of view until he has a chance to review them.

I don't want to ask him to visit here... I figured I would take the questions to him... so whatever works...

I wouldn't worry about keeping them out of view though... if you notice I edited my posts... so he can remain anonymous until i'm positive that he wants to get involved again...

I just didn't want to start spewing questions at 4 am last night after several beers and no game plan lol. I can't imagine it would ahve made much sense lol

Do we pm the questions to you or will there be a thread?

ive suggested a thread to pack via pm.

;)

Mojo had a good idea... he suggested we move our "seeking" forum into here... and use the other WITD thread for the posting of our findings...

So... first off... fire away on questions I'm going to ask Netchicken :P

see I can type is name here... we're away from spiders :P

Thread started in super secret uber speshul forums...

mojo, can you make sure all the researchers have access to that place? I'm pretty sure they would... they're all uber regulars...

yah.. "uber regular"... thats right... I make up phrases as I go along...

its always a good idea to keep a little bit back, just post publically what you want them to know you've uncovered, keep the best bits hidden away.
they could drop their guard.
ive got an idea this is more than just about their creative commons or attributable links and quoting.
ats (bill and mark) know that if it came out that they had anything to do with witd that it could really damage ats, maybe permanently, there not going to let that happen easily.

this latest incident suggests to me that their just a little bit scared atm.

yah, it seems like I've rattled them...

I think the re-publication of all of WITD posts got em worried :P

they deleted those for a reason... and we ressurected them...

Mojo, what about your theory of the ex-ATS members and WITD. Does your gut lean for or against.

I'm against... to me, WITD seems like a sock...

I think a close analysis of the WITD postings might yeild clues... thus, why they were deleted...

I think the TBATS movement was a scapegoat.

Mojo, what about your theory of the ex-ATS members and WITD. Does your gut lean for or against.

my gut feeling is that bill was the instigator of witd, however the talk i remember of those ex ats members hacking ats i think was the spark for bill's witd hoax.
if it was before witd, within a short period a case could be made for bill realising how easy it would be to alter date stamps and edit posts for someone in his position to cause a net furore that would increase traffic and membership through the roof, being so closely following a recent hack attempt he would have a perfect excuse if the hoax was ever discovered.

tbats, thats what i was trying to remember, was that before witd?

around the same time... They were blamed for a DOS attack on ATS several weeks before WITD...

anyway, this one factoid that HP brought up is what makes me lean heavily toward Sock:


WITH shows 23 posts, they look legit, but the profile show 290. Been used for something that isn't visible.

around the same time... They were blamed for a DOS attack on ATS several weeks before WITD...



aha...perfect....bill deals with the TBATS attack, then just weeks later the witd hoax begins. coincidence! not.

a perfect scapegoat for bill.

timeline...would be helpful, i'll work on that, once i get a timeline done we can add or edit anything we think is important.

i think the timing could show a lot.

I'm not positive the sock itself was bill...

I am certain that if it was a sock... bill put however it was up to the task.

surely someone checked the posts around the Jakarta post to compare timestamps. If there were no close posts before then changing times would be easy. Archive only now I suppose. 16 or more hours is a lot of time.

well i just caught bill in a big fat lie to his members.
pack has seen part of this u2u i got from bill regarding my TRUSTe research.

so bill u2u's me and say's this, important bits in bold, remember witd was started around 4/8/03?


Back in 2003 I was invited to participate in senior-level management of the N.E. regional IT command of InfraGard. At the time ATS was just a hobby, but it still would have been a difficult association to justify However, in the three meetings I went to, it was populated with CIA, NSA, FBI, and IP professionals all with sincere concerns for national IT security and citizen privacy.

now this post by bill in regard to some "hacking" of ats on the 9/9/03


Looked like DOS.

I just got back from my meeting with the NSA in D.C. (jk... was in DC though ) and found the board down.

We have extremely excessive connections from one high-speed IP that cause some database issues.

All seems well now.

ummm...actually it doesn't look like he was joking, he was telling the truth and passed it off as a joke.

he was in meetings with the nsa!!!

all at around the time of witd or just after!!

This playing into a question I have had. How did he get to be the big man. By 2003 he was the main dude. Was he recruited or just decide he wanted the board. A mod around 2002 then quickly is in charge.

WITD was 8-4 so it was right after if 9-9. When did he go there (DC). Can you tell from the mail.

Second, why would he be invited unless there was interest in the conspiracy forums by the powers.

InfraGard is a Federal Bureau of Investigation (FBI) program (http://www.infragard.net/about.php?mn=1&sm=1-0)

most interesting indeed

At its most basic level, InfraGard is a partnership between the Federal Bureau of Investigation and the private sector. InfraGard is an association of businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States

http://www.infragard.net/

heres a thread with a deleted whispersinthedark post, but its quoted in another reply. :)

http://www.abovetopsecret.com/forum/thread14235/pg1

might be something.


.................................................. .................

[edit]hmmm...weird, link doesnt take you to the thresad, lol, so what is the point of correctly linking and attributing, hey.

anyways heres the quote.


Originally posted by WhispersInTheDark
You have only begun.

ATS is more important than you can possibly imagine.

Do not let the detractors win. Their ruse of quality is not as it seems, it is a plan of disruption.


This site has been noticed. It is not a bad omen.



heres the cached link, ooohhhh...its publically available in google cache...so who do i attribute it to.

http://209.85.173.132/search?q=cache:7LWQsnevyBAJ:www.abovetopsecret.com/forum/thread14235/pg1+morningtoncrescent+tbats&cd=3&hl=en&ct=clnk&gl=au

Looked like DOS.

I just got back from my meeting with the NSA in D.C. (jk... was in DC though ) and found the board down.

We have extremely excessive connections from one high-speed IP that cause some database issues.

All seems well now.



And we are back to this (1-2004) from earlier post...


3) Any special requirements or requests
Currently experiencing SYN floods and am particularly interested in the
better anti-dos of the current APF.
I have an older version of APF running.

So the hack of the firewall guy was real. Doubt if he would publish negative opinion of himself.

good job putting those together HP :P

I'm desperately seeking something in google to link Bill to Infragard...

THAT... will be a major deal... do a quick thread search on ATS for Infragard...

their people don't like em

edit: really bad grammar errors... Coffee isn't cutting it.... fuck mornings.

he only told me he was at the infraguard meeting in 2003, never mentioned which month, but should be able to find out easily enough.

if he was there before witd it it ties in nicely, it could well have been a planned event to guage reactions. im beginning to think bill might be up to his armpits in shit.

What about this Ryan firewall guy,,,
[offsite=http://www.webhostingresourcekit.com/307.html:2c8pxfwq]APF and BFD - Products to avoid

July 26, 2007 - Cheap Web Hosting
Overall Rating No Ratings

APF and BFD – Products to avoid

When securing a web hosting server a Firewall and Brute Force Detection protection are critical pieces a server admin needs to look at. Two products were recommended by us in the past, but we have several reasons to step away from these recommendations. Security is an evolving topic and what is secure today might be at risk tomorrow if security does not grow with the risks out there on the Internet. APF (Firewall) and BFD (Brute Force Detection) are no longer maintained and updated in a way that a business can rely on these products. There are newer threats out on the Internet that require that a firewall and brute force detection tool need to grow with in regards to recognizing the signatures of these threats and to protect a server. That is no longer given with APF and BFD of RFXNetworks.

A second reason is that the owner of RFXNetworks seems to have a financial problem. Several cases have appeared on different web hosting related websites on the Internet where server owners paid for services to be provided by Ryan MacDonald of RFXNetworks. The problem is that Ryan MacDonald (Montreal, Canada) happily accepted the money (paid via PayPal), but never contacted the customers to provide the work. From our understanding several people filed appeals with PayPal, just to lose out due to PayPal’s policies in regards to intangible products which makes it easy for thieves like Ryan MacDonald of RFXNetworks.

We did order services as well (before knowing about the criminal activity of Ryan MacDonald) and are at the edge of losing our money. You might think that this posting is made to make Ryan look bad, but we provide information for web hosting businesses. We consider it important for web hosts or web hosts to be, to be aware of what is going on and eventually to avoid losing good money to a provider gone bad.[/offsite:2c8pxfwq]

In March 2003, NIPC was transferred to the Department of Homeland Security (DHS), which now has responsibility for Critical Infrastructure Protection (CIP) matters. The FBI retained InfraGard as an FBI sponsored program, and will work with DHS in support of its CIP mission, facilitate InfraGard’s continuing role in CIP activities, and further develop InfraGard’s ability to support the FBI’s investigative mission, especially as it pertains to counterterrorism and cyber crimes.

just gets better and better...

FBI...

DHS?

fuck me!

Does it sound like S.O. got scammed? I'm not sure what your intents are with RFX...

interesting reading.

http://www.fbi.gov/congress/congress02/bogner07032002.htm

A key component of the FBI's infrastructure protection efforts is the InfraGard Program which incorporates a variety of entities, all of which have a stake in protecting our national infrastructure against cyber attacks, into a system similar to a Neighborhood Watch. InfraGard is a national, cooperative undertaking between the FBI and non-FBI members which typically include businesses, academic institutions, military installations, state and local law enforcement agencies and other selected participants. InfraGard is dedicated to increasing the security of the critical infrastructure of the United States. InfraGard chapters engage in various training and coordination activities, share intelligence related to computer issues, and operate a self warning system.
The Omaha Division of the FBI has initiated InfraGard chapters in Omaha, Nebraska and Des Moines, Iowa. Members of the Omaha InfraGard chapter include the U.S. Strategic Command at Offutt Air Force Base, which controls the entire nuclear arsenal of the United States; and the Peter Kiewit Institute, a world leader in technology research and development.

aha!

The InfraGard 3rd National Congress (Chapter Representatives and FBI Coordinators only) will meet on June the 23rd. We are welcoming all of the general membership and prospective members to join us at the InfraGard Conference 24th and 25th as we hear from our nations leadership in regard to our theme "Implementing the National Strategy."

june 2003, plenty of time to plan and implement witd before august.

this sounds like the convention SO was talking about.

lol ya did both man... that should suffice... you tried your best...

Notice how WITD speaks so highly of ATS at the time, and passively bashes all other sites?

isn't that a typical ATS staffer strategy?

Notice how WITD speaks so highly of ATS at the time, and passively bashes all other sites?

isn't that a typical ATS staffer strategy?

exactly what i thought.

Here's a Ryan response to his site hacking.

02-10-2004
Ryan

Posts: n/a
Default RFX Networks/ RackAdmin.com ALERT
Some of you might have been affected by this. My website was hacked and the
below was posted to some security websites. If I did security for any of
you, please check below and see if any of the root login/password for your
servers were made public by the hackers. Sorry

So the hack did occur. So it is likely ATS was using this firewall and others are stating it is a poor product. This leads me to believe the the DOS attacks and possibly an ATS hack could be very real.

lol he is a tool...

I'm having problems finding a web connection to the Infragard meeting and bill... kinda sucks... I'd love to link those two...

but I guess we need to take into account that bill may have been fuckin' with mojo... or testing him... to see if it was going public or not...

bill is the master of ulterior motives.

well i just caught bill in a big fat lie to his members.
pack has seen part of this u2u i got from bill regarding my TRUSTe research.

so bill u2u's me and say's this, important bits in bold, remember witd was started around 4/8/03?


Back in 2003 I was invited to participate in senior-level management of the N.E. regional IT command of InfraGard. At the time ATS was just a hobby, but it still would have been a difficult association to justify However, in the three meetings I went to, it was populated with CIA, NSA, FBI, and IP professionals all with sincere concerns for national IT security and citizen privacy.

now this post by bill in regard to some "hacking" of ats on the 9/9/03


Looked like DOS.

I just got back from my meeting with the NSA in D.C. (jk... was in DC though ) and found the board down.

We have extremely excessive connections from one high-speed IP that cause some database issues.

All seems well now.

ummm...actually it doesn't look like he was joking, he was telling the truth and passed it off as a joke.

he was in meetings with the nsa!!!

all at around the time of witd or just after!!

Alternatively, it could be something mundane. It could be that he isn't that creative with jokes and recycles the same shit.

christ mojo lol there is so much information I want to go public with... but I suppose I should cross my i's and dot my T's first, like ya said lol

so far... all roads lead to something that Bill doesn't want public...

I've heard from a reliable source that he's made every attempt to delete this incident off the internet... (I shoudl remember to ask him if I can identify him... it would add weight to the accusations :P)

I dunno BK... Bill mentioning that meeting is pretty damning... Infragard is kind of like a secret society, you can only get invited in by another member... their meetings are closed door and members only... Their communications with the DHS and FBI are classified...

If this is true, than mojo might be on to something with WITD being an "experiment"...

Ok... Hold on a sec.

Infraguard is not what you are making it out to be.

I'm not saying that it wasn't a place where Bill couldn't have done some networking, but in and of itself Infraguard isn't as nefarious as it would seem.

If I remember correctly, having a high enough profile job within the IT sector qualifies you for membership.

Surprised you guys haven't heard of it before with all your IT experience...

LOL hell... some of you might qualify as members. :)

well it might not be as nefarious as one would think, but it would be of great interest to the "CT" wannabes on ATS...

Might also explain why the FBI got involved with WITD... and why ATS bent over backwards to accomodate them...

if it does turn out to be true, it might actually be an important piece of a puzzle...

thats if S.O. isn't trying to fuck with mojo...

I'd be curious to see the minutes of that meeting.

Who else was in attendance...

... is there any correlation between those meetings and the FBI contacts regarding WITD?

If you can link it together by people @ the FBI we might be able to prove that ATS has a much chummier relationship with the FBI that anyone had previously thought.

Were the agents sent to ATS present at Infraguard? How about their boss? Was it a random assignment or was it a referral via an Infraguard contact?

FOIA for meeting minutes?

can't FOIA Infragard :(

They classify all communication as "Trade Secrets"...

Already thought about that... its fuckin' lame...

I guess we'll just have to join then.

:)

Let me know if this has been posted previously.

The WITD Whispers Thread

Posted by ATS member MaskedAvatar

Registered: 4/29/2003

Total posts:10,792
Total points:163,123

posted on 8/12/2003 @ 00:06

OIMD

I think you mean wary, not weary, although they might go hand in hand.

To me, as the first member to start interacting significantly with WITD, I can assure you there were post edits (but I can't say by whom). Also, the whole premise of his arguments about 1931, and pre-9/11 HAARP readings, and their analogies with last week, came to nothing. Jakarta was not his reference point when I was conversing with him, at all. Not at all. It appeared in a series of edits hours later, and the same phrase 'Watch Jakarta" was inserted into one of jagd's posts.

You need to review approx, 7-8 topics in full to see this.

Time to hire a lawyer I think...

Bill intentionally invalidated our IP links... now it just takes you to the main board... but using the domain/URL... gets you to the proper thread...

I'm so fuckin' pissed... fuck bill...

be back later on... gotta go to me mums

Bill intentionally invalidated our IP links... now it just takes you to the main board... but using the domain/URL... gets you to the proper thread...


Don't that mean it's his fault? You've already linked. He's being an ass. Fuck him.

That's not something we can control. We complied, he broke the links.

If he bitches again we'll use TinyURL.

@cog.....the u2u bill sent me was in relation to the time i posted my TRUSTe research on ats and RU. he was pissed but too many people had already seen the thread so he couldnt just delete it, and nor could he ban my sock without questions being asked.
he specifically stated that he was invited as part of the N.E regional senior management of infraguard to participate. not sure if that means he was invited as a keynote speaker, a guest or as part of the managerial structure.
it struck me as odd at the time that he would share something like that with me so ive kept it to myself for a few months now, mulling over his motives i guess.
my first thought was that he wanted me to use and post that information in my TRUSTe thread so that he could have good reason to then delete the thread and ban my sock.
second thought was that he was trying to be the "good cop" and trying to achieve some sort of amiable communication with me to find out if i had anything else.
third thought occured last night.....what if witd wasn't just a hoax perpetrated by ats to increase traffic.....what if it was discussed and planned by bill, along with collegues/partners/collaborators from the fbi through his meetings at the infragard conference.
what reason could they have....it actually seems pretty obvious to me...one of infragard's missions is to discover threats. how a better way to test reaction and responses than an online hoax that sounds and looks real.
i'd imagine they would have been reasonably happy with the response, it didn't take very long for ats members to "dob in" whispers to the fbi, conspiracy theorists dobbing in someone with seemingly important information within a day or two wouldn't have been the response they were expecting i bet.
the more i think about it the more sense it makes.
bill has the position and knowledge to do it.
bill has the contacts to have been either cultivated or an instigator through discussions with the fbi or infragard.
bill had the perfect scapegoats in place to blame the whole thing on, also gave him an opportunity to get rid of what he perceived as troublemakers.
bill has never explained to anyones satisfaction exactly what happened.

Earlier in this thread someone mentioned that ATS was aware of the XMB 1.6/8 security holes prior to the WITD#1 incident. ATS left them open. I'm starting to think WITD#1 was indeed a ploy by Bill to kick the profile of ATS up a notch. Remember... this was back in 2003 and ATS was just starting to become more than a simple forum.

At this point, Bill strikes me as one with more ego than brains. From my limited dealings w/ Bill I'd be more inclined to think that he would falsify such an event to gain profile within Infraguard.

Trying to view this shit from the outside without solid information is only going to lead us down false trails. Before we get all crazy with Bill's relationship w/ Infraguard we need to know what kinds of resources that might put at his disposal.

Looking over the Infraguard materials, I might actually be qualified to join. I'm going to apply on Monday. :)

When you stand back a bit... it almost looks like ATS is trying to be what GLP already is... a place where the gov't stands back and watches the fringe...

Given Bill's propensity for idiotic grand standing (Robbie Williams), I wouldn't be surprised if he just went to an Infraguard luncheon with a buddy and then just blew it out of proportion in a retelling.

Maybe he was in DC to visit an aunt....

oh im certainly keeping all options open, but the infragard angle wasn't one id seen considered before, and in a general way it makes some sense.

and im still uncertain as to his motives for sharing that with me in a u2u, i mean were not exactly golfing buddies.

I believe this series of events... which isn't over from the last I was aware... is going to be an eye-opener for a lot of ATS faithful should they ever be so lucky to lay eyes upon these threads.

I really need to sit and think about this because I think we're starting to get enough of the pieces together.

The one thing Bill (and the rest of the LLC partners) want more than anything else is to be the #1 spot for conspiracy discussion on the net.

Everyone... GLP, RU, ATS, etc... is all waiting for that little tidbit that is unique to them.. the big BREAKING NEWS that will shatter the conspiracy world right open.

With so much power over the discussion, to manufacture such conspiracies to drive ad revenues is a temptation that I am unconvinced any one of the management staff at ATS is capable of resisting.

Remember, remember a year from last November.... (http://en.wikipedia.org/wiki/Chicago_O'Hare_UFO_sighting_2006)

Ummm.. the original WITD thread is GONE?

... or did I just lose it?

Ummm.. the original WITD thread is GONE?

... or did I just lose it?

i think the two were merged into the sf forum so that bill and mark couldnt see it anymore, i'll check the acp.

No... you're right. The threads were merged.

I was hoping that there wasn't a massive vagina around here that I missed on the way in.

There isn't. :)

yup jasn merged both threads into the secret forum.

When we're done w/ the research we should type it all up and submit it to Google Books and Scribd and shit... under Creative Commons.

Ego and status building.

My gut says that if something affected him negatively and it was something out of his control, he would down play and bury it. It seems to be the way he operates. Look at how complaint.criticism is handle there. Now he hasn't explained it all very well (he states he actually doesn't know) and that doesn't make sense. If it was some getting him, he would find out what went on, at least where he could get answers (his board software). Then the user and name was reused later. He could cash in on the name association. It must have out weighed the negative and could it be because it really wasn't a failure. It was just an experiment and/or traffic builder. He was starting to see how a couple of previous things caused a draw to the site.

My gut says that if something affected him negatively and it was something out of his control, he would down play and bury it.I agree completely. Embarrassment is a powerful motivator for irrational and inexplicable behavior.

Let's shuffle the pieces around again... focusing only on the first WITD incident....

Facts:
* WITD's original Jakarta post did not contain the line about Jakarta
* The FBI investigated this incident
* ATS removed all the postings by WITD
* No discussion on this topic outside the framed existing discussion on the topic will be tolerated at ATS
* ATS attempted to run this information into the ground within 24 hours of it appearing on AmKon
* Though a commercial site was alleged to be illegally defaced and compromised, no investigation or subsequent prosecution was ever evident

Inferences:
* WITD is fairly intelligent
* WITD is an ATS regular
* Bill is somehow greater involved than he portrays in public

Assumptions:
* Bill or someone else involved in Above Networks LLC was the original WITD
* The whole hoax was generated to drive traffic to the site, the original Jakarta post was edited in the database to not leave a trail when the line about Jakarta was appended
* "They" did not account for the FBI showing up
* Bill allocuted completely to the FBI as to the nature, execution and reason for the hoax and the FBI let him go with a warning and an agreement to remove all information regarding WITD.
* The official "script kiddie" storyline was always held as a fallback position should the hoax be broken and was utilized at the suggestion of the FBI to make the story "go away"

Thoughts?

Pretty much in agreement.

Staff yes.
I doubt the FBI required the removal of the thread. They accepted the hoax stuff if they even cared. They may have already been well versed at the reality of ATS. No one hurt, no public panic just a few nuts.
Bill did what was needed to cover his butt. FBI suggestion - maybe. The details kept changing so I'm thinking Bill winged it.

The fact that Bill is so apparantly "internet is serious business", and given that his brand new cash machine (ATS 2.0) just got molested by a stranger, AND the distinct lack of any criminal or civil investigation just smells funny.

If you browse back through the Web Archive and check out his posts, this is not a mindset that evolved after the WITD incident. He arrived at ATS with such a mental condition.

Just this weekend ATS harassed this site, shut down their login for 12 hours to stop socks, setup an IP addressing redirect to thwart our avoidance of using the URL...

... you mean to tell me this guy just "let it go" when someone hacked his site, defaced it by editing posts, and as a result had the FBI show up?

Nope... not buying it. WITD#1 was definitely a member of Above Networks, LLC and had access to the database.

... you mean to tell me this guy just "let it go" when someone hacked his site, defaced it by editing posts, and as a result had the FBI show up?

Nope... not buying it. WITD#1 was definitely a member of Above Networks, LLC or otherwise had direct access to the database.

My thinking also. Does not fit his personality.

I'm still wondering how he got the be the main man there.

WITD#1 was definitely a member of Above Networks, LLC and had access to the database.

of that im 100% certain, i still have an underlying gut feeling that it may have had more to do with an experiment than an increase in traffic though.
some of the prelude posts to the jakarta post and the jakarta post itself seems to me to be specifically aimed at eliciting responses that an agency could use in its research.

many agencies, fbi, cia, nsa, dod, etc etc began manically investigating ways to check threats through the internet, 2003 the IAO lost it's funding, hence the birth of In-Q-Tel and infragard and others.

the simplest answer is generally the most reasonable however i still find the fbi's involvement and the subsequent lack of anything substantial happening afterwards to be a bit odd.

the foia stuff pack was chasing could all clear that up pretty quickly however.

Most internet-savvy business folks use LinkedIn. Bill's no exception.

http://www.linkedin.com/pub/william-irvine/8/131/b42

http://www.williamirvine.com/background.html

Yes, that's Bill's personal website. He's an internet marketing huckster. His specialty: building brand loyalty through driving traffic to online communities supporting those brands.

Hahahah... WITD#1 really was his idea.

Dear god...

http://work.williamirvine.com/

ATS is a huge marketing campaign. The simple fact that Bill is the CEO is the absolute, final proof.

I think I feel sick.

oh yeah ive checked out his linkedin profile before, i even considered networking him, haha.

im sure it was his idea but i wonder if it was all his idea.

maybe im seeing things in the clouds that just arent there?

I think I feel sick.

haha, pretty funny hey, and none of those "conspiracy theorists" at ats have an idea they are part of the whole fucking thing, a tool being used by the very people they claim to despise......it really is the epitome of irony!

oh yeah ive checked out his linkedin profile before, i even considered networking him, haha.

im sure it was his idea but i wonder if it was all his idea.

maybe im seeing things in the clouds that just arent there?
Nope... I think it was all his idea. Coming up with new ways to market online communities and drive clicks is his whole business.

What better way to do that with a conspiracy site than to create your own seemingly harmless conspiracy?

The fact that the FBI got involved could be then mitigated as the cost of doing business as long as they were appropriately recalcitrant. Regardless of the events, unique page views skyrocketed.

Hell... we are still going there driving ad revenue to this day in simply doing the research of the event.

What was it that Bill wanted? Complete URL linkages on public forums... to drive more ad revenues...

Perhaps it's time to take a look at WITD#2 now...

People there have always liked the games. Big crowd draw. That's why one is start every so often. Watch for one in the near future.

His new reward and level system, no ads, is just another donate content for my income scheme. People perceive a reward and will work harder. it is already working.

If it was indeed a ATS created game we can verify that with a little effort.

Chew on that for a minute and I think you'll start thinking down the same lines that I am.

:)

His new reward and level system, no ads, is just another donate content for my income scheme. People perceive a reward and will work harder. it is already working.

:lol:

Im a Bronze Contributor. hahahahahahahaha....thats fucking funny.

[attachment=0:4bclu7fb]bronze.jpg[/attachment:4bclu7fb]

must work harder...must work harder...must become silver contributor...then gold...then platinum......muahahahahahehe....and then the world!!

I found the stuff with DragonRiders posts.

Have I missed anything good while i was away, guys?

I had a bowling championship today, and kicked ass!

We all left with over 2k a piece..

So, anything good, cool, evil, or otherwise?

I'm a silver mojo, eat it!

I'm a silver mojo, eat it!
Too bad you cant even login for a screenshot

I'm a silver mojo, eat it!
Too bad you cant even login for a screenshot

:lol: :lol: :lol:



im still post banned, i am sorta surprised they havent completely booted me yet though.
all my socks have been traced and smacked down however.

I have a sock or two for a rainy day, but I can't login on my banned account that's correct.

These posts are from about a month after the WITD incident.

The following posts are from an ATS thread titled

POLL: WITD

This thread appears to have been in RATS in it's early stage for voting in by RATS members.

dragonrider

Registered: 2/4/2003
Location: banned
Mood: banned
Total posts:6,215
Total points:1,381

posted on 9/4/2003 @ 19:41

Well... as they say when the plot is about the thicken.... The plot is about to thicken...

It seems, and through some very interesting investigation through certain members of ATS staff and some non-resident internet security individuals, that our friendly neighborhood Whispers is indeed back among us....

However, rather than just go off halfcocked spouting about "Its Him" I did take the time to do a bit of homework.

The name is questions seems to be -shhh-whispers-... and it seems he has been here for some time... if you look up his posts, they are OBVIOUSLY the same posting style as WITD... Yes, the dates are awful screwy (which certainly raises a lot of questions in themselves)...

Now, this is where it gets interesting...

One of the wonderful ATS mods did a bit of snooping on this individual and came up with this...

DoD Network Information Center
XXXX Science Applications Ct
M/S XX XX
Vienna, VA, XXXXX-XXXX
US

(modified on purpose)

I then contacted a personal friend (who has never visited ATS) who is an internet security professional... and this is what he had to say on the matter....

Hey *****,

I did some nosing around on the IPs you sent me. What's going on?? This isn't your ordinary hacker MO, so I know this isn't really about somebody doing a little defacing. Tell me what you can, because now I'm curious.
I'll be honest. I'm not sure how much information I can/will give you.
Rough traces, these fellas. I don't see any evidence of spoofing, and that concerns me. You could be getting in over your head here.
Alright, I'll say this (and no more!)

Whoever this person is, they're damned good at security and on a protected network. Chased the conn down through a few countries, but they're all resolving to a direct high-level governmental/military backbone connect in the immediate vicinity of Washington.

You owe me one, man. It's a good thing I did this from home.


Now, do we REALLY think this is a hoaxing hacker???

William
Member
Registered: 7/3/2002

posted on 9/4/2003 @ 20:55

As far as the odd things with whispers II...

It's possible for profile post count, and actual number of posts to be different... when posts are deleted, the profile total is not updated.

It's also possible for profile pid numbers to be out of sequence... if user accounts are deleted, the database picks up the next available position for new members.

Also, because of the way the member database was moved from Simon's old server to my server (to preserve encrypted passwords), odd things happened.


That being said... I don't like that several odd things happened with this account. Were these items always there? I think so... since the last WITD episode... the code is locked down... I've changed the name of critical pages to random nonsense, and have done the same for critical variables... I've even altered the security methods for the main server and database server. It's possible this other account was prepped last time he was here... and now we're just noticing... dunno... 'cause it's also possible these are coincidences... or... I'm going crazy....


I pick going crazy... because when you're crazy... everything has an explanation and there are no loose ends.

William

posted on 9/4/2003 @ 21:12

as a side note... I've never seen the variance we see between profile post count and actual posts... and the out-of-sequence pid...

Like I said... it happens... but never this much (at least not yet).

dragonrider

posted on 9/4/2003 @ 21:33

DoD node in Dulles

dragonrider

posted on 9/4/2003 @ 22:07


> Originally posted by William

>> Originally posted by dragonrider
>> DoD node in Dulles


> If he has an IP spoofer/cracker, he can give us whatever IP he likes. I'll need to notice when he's on, and watch the netstat to see if his reported IP is listed.

There are more and more ways to spoof IP's.


But spoofing with an active, functional DoD IP??? Whats the chance of that? How would he even know what it was?

Bob88
Member
Registered: 6/29/2002
Location: Ohio
Total posts:2,635
Total points:25,010

posted on 9/4/2003 @ 22:21

well, IP spoofing is 'hAxOr 101', DR. It's easy.

What's easier is finding out a DoD IP. I just pulled a gazillion myself (all public record)

But, we have to ask: why use a DoD IP.
- An attempt to scare us, make us paranoid? WITD might have mistaken us for a bunch of tin foil hat wearing whackos. It was afterall a nice touch, imho.
OR
- WITD is really using a DoD IP (and what that means, I don't know)

dragonrider

posted on 9/7/2003 @ 22:34

I already voted YES, and it will remain such until my main 2 questions are answered. As yet, no one has so much as taken a stab at them.

I would move that if Admin really wishes to discredit Whispers they should publish (if not in the secret forum, at least in cosmic) the FULL, COMPLETE, and ACCURATE CONTENT of all conversations with the FBI regarding this matter.

On a side note*

MA, why are you not at least purchasing additional U2U capacity? Since your points starting inching upwards, you have more than enough to take care of that need!

Skadi_the_Evil_Elf

Registered: 4/21/2003
Total posts:7,078
Total points:370,460

posted on 9/8/2003 @ 11:23

Yes. And by the way, I read post 169864, didnt see anything there.

I was gone during the whole Whipsers thing, i came back on the board a couple days after the mess. iw asnt here, I dont know what was said, what was done, ect.

I did not recieve the U2U. Hell, i dont even know what was said between the FBI and this forum. All we need is a simple post stating how it was done, what was said, basically debunking what he said, that he was a hoax.

DR traced him to a DoD computer. DR had private convos with him. A couple other members say they have screenshots showing that the posts werent edited.

When debunking anything, you have to give like step by step details on how and why its a hoax. Just syaing, I talked to the govornment, its a hoax, is not enough to really debunk it well.

For those of us gone during the whipsers incident, we really would appreciate it.


Over a year later...

Umbrax

Member
Registered: 1/12/2005
Total posts:11,546
Total points:241,610

posted on 10/24/2005 @ 18:08

Observation:

MODs vote No.

Banned members vote yes.

Another two months later...

This next post is interesting because it sounds like this user's posts are appearing either against the member's Id and also another member ID or just against another.
Sounds like too strange to be happening unless it's by software mod for sock use.

siriuslyone

Registered: 3/17/2005
Total posts:2,382
Total points:14,955

posted on 10/30/2005 @ 20:53

> Originally posted by Umbrax

>> Originally posted by siriuslyone
>> contact has been made, all from me..


> I think the question is more aimed at this comment. You are claiming to of made contact with WITD?

> I believe you have me on ignore so maybe someone else would like to re-ask this question


Yes, and I also found out I have a tagalong on all my postings, when I post it is attached to another member..
This is something I could not dream up in my wildest dreams..
Is it so surprising that contact with this individual is so unique?

I am unable to get any answers, so I quit asking questions..I just let them tagalong as i do not know how to detach it.
When I spent the 5000 points, I never though there would be the same bashing that is on the posts...dis-appointed--thought it was a safe place.

Now, this is where it gets interesting...

One of the wonderful ATS mods did a bit of snooping on this individual and came up with this...

DoD Network Information Center
XXXX Science Applications Ct
M/S XX XX
Vienna, VA, XXXXX-XXXX
US


RED FLAG. The info came from a mod on ATS... which mod? A sock for Bill or a real mod? How do you know this was truth?

Who is this security professional? I'm a pretty savvy IT guy and even I freaked out for a minute when an IP resolved to .IN-ADDR.ARPA.

The modifications to the posts could have been a flawed programming update.

That part of the WITD incident smells like pure tin-foil.

wow, I leave for half a day and you guys find some awesome stuff!

GJ guys!

are we satisfied in our hypothesis about WITD1 to move on to WITD2? or are we still gathering data?

I'd love to find those U2U's S.O. sent to someone with the most damning evidence...

sigh... maybe net chicken will be able to re-create that thread for us..

Netchicken clamed up and won't comment publically now... he deleted my thread of SUCU and sent me a wierd apology...

Got kind of a wierd veiled death threat... The thing I can't get over is the fact that it was said that "Gary is William in real life"

shit's getting wierd from my angle over here...

how about you guys?

i took that gary as william comment as just a wanky post from some dude.

what we really need is to find out what, if anything, the fbi has.

yah... I thought about that too...

can't believe NC killed it though.. think he just saw the incoming posts as inappropriate, or do you think Bill got to him?

fuck another 2.5 weeks till the FOIA comes in lol

The POLL thread displays the typical management position of deflection. They say the WITD wasn't real vs a real insider. Fine. It still doesn't answer whether he a hoax or a hack. The their sheeple truth method. So we can bet it wasn't real.

Old posts seem to show that NC was pretty tight with the crew over there.

. They say the WITD wasn't real vs a real insider. Fine. It still doesn't answer whether he a hoax or a hack. The their sheeple truth method. So we can bet it wasn't real.

This is a well known propaganda/passive control tactic called "Framing the debate". You reduce the scenario down to two diametrically opposing outcomes... keeping people debating about A or B... when in all actuality, it is not really Binary opposition as the controller would like to convince you, and the real answer is C... But, the public will never come to that conclusion, as they'll be debating A and B lol

Which staff member do you think understands the crowd enough to control content passively from the sidelines?

I think that is the Spring's duty. In important policy,etc. threads he usual show up pretty quick. Currently he is a bit less active but over the years he was always there to comment. Got mods 'washed' to do some of that now.

I really don't think springer is that "bright" really...

Bill is a pretty smart guy... and he's in advertising, but I'm not even sure he could pull it off successfully...

I have no idea who it might be thinking this stuff up...

I'm a silver mojo, eat it!

While you're there what's mine?

I'm a silver mojo, eat it!

While you're there what's mine?

Your Null.

OUCH!!

[attachment=0:2v4yk1bz]beachcoma.jpg[/attachment:2v4yk1bz]

:lol:

"this one is no more......hahahahahahahahahaha...thats pretty fucking cruel really when you think about it.

particularly members who put a lot of really good time and effort into posts and threads and helped create excellent content.

wonder how that stands under there CC license.

me too lol

fun fun! bill has been busy... yesterday I was bronze I think...

me too lol

fun fun! bill has been busy... yesterday I was bronze I think...

actually i think bill might have really fucked up by terming banned members as "Null Contributors", that really opens the door for banned members to request their content be removed, it is "Null" after all.

i need to get some screen shots of banned members profiles jic.

back soon.

If anything, it could be taken as a written attempt to discredit the poster... which could be Libel, as a screen name wouldn't qualify as a public figure I imagine...

If anything, it could be taken as a written attempt to discredit the poster... which could be Libel, as a screen name wouldn't qualify as a public figure I imagine...

in which case they are discrediting the content they are claiming as copyrighted. hmmmm.....

door is wide open i think. :)

pack, I got xmb 1.9. Really want to see the XMB 1.6 code or at least the schema, especially the posts table. Any leads?

I can't friggan find it anywhere lol

Haven't checked torrent though... but 1.6 is quite the little mofo to find man...

I'm still lookin though

I'm officially a null and void set. It was fun while it lasted folks, time for me to OD on painkillers. I just can't live without being a silver contributor.

<---trying to come up with a clever retort...

I got nothin...

fuck... I better get another pot of coffee ready... I'm still fuckin' asleep!

From my nosing around I am starting to believe that someone may have been embedding HTML in posts and by doing so was able to do injections into the DB.

XMB does have an HTML in posts feature, a flag to allow/disallow the feature and XMB discourages it's use and no longer supports dealing with it. The feature has been left in the product with a use at your own risk air. This would jive with the change a field and shut down the problem.

so you're starting to think that it really was a hacker attack? and not a ATS hoax?

This would be WITD#2, right?

Holy shit...

That makes a ton of sense HP

Cog raises a good point.. if it was WITDII it would make a lot of sense...

I still think WITD was not a "real" hacker, if you look, the "ringleader" of the game is the same guy who ran other ATS games...

but the HTML injections could explain how stuff was able to be added to people's posts after the fact...

who knows...

Care to explain where your thinking is currently? I'm a little behind I think :P

That way It could be played off as a hack but really be a hoax.

Remember, they are still CT's. They would have had to cover their tracks.

I'm not thinking to cover their tracks or anything...

remember, in that WITD game, the "Secret messeges" were showing up in posts made by random members... not socks...

The HTML injection would be how they could have done that without leaving an "Edited by" stamp.

As much as I hate to say it, I think WITD 1 was some type of hack. It wasn't a government insider but a prankster wanting to screw with a t s. This is if any of what overload said had a bit of truth to it (stretch but...).

WITD 2 was a game, IMO. Someone there used whispers account to add a few posts near the end. The account isn't banned.

Concerning the post count error, I haven't taken the time and I don't know without the old version if this can be determined. I am wondering if there were posts that didn't make it to the DB because the injections caused a fail on insert/update but the code following executed and updated the post count for the use. If there was not error logging for the DB that was monitored he could have worked on his methods for quite a while. Screwed up posts would not been seen.

ahhhhhh....Ok.


I commend you guys for your hard work...This shit is too confusing for me. I kinda get it, but am very lost.

Hrm... any reasons you think it was a hacker? or is it just possible that it was a hacker?

The FOIA will tell us more if we get anything at all...

So either it was an insider who knew of the old software or someone just guessed and found the software and realized it was operational and running against the live database.

Not sure at this point.

gotta digest this a tad... gimme a few :P

The possibility of the HTML injection is something to seriously consider...

If it was a hacker screwing with a conspiracy site with his semi cryptic posting pretending to be an insider then he got really lucky with the bombing. If it was a single person it could be he addressed a wide range of possibilities in his post so that any breaking event might be covered by his info.

I lean toward someone with other plans of screwing around but the bombing fell into his lap. He also could have already tested his technique on an XMB somewhere else.

You notice Bill didn't state the HTML part but from the very first time I read his stuff the HTML came to mind, especially when he stated he changed a setting for posts and it stopped it. It was the only thing that made sense from that angle. An in his true fashion he didn't actually mention that detail. The usual 20,000 ft truth that doesn't really say anything.

What about the IP's?

I know bill said the apache logs were huge that day... but given a narrow time frame, he should have been able to at least narrow the IP list down to a few...

He said the IP logs were modified as well... and thats why they couldn't find him...

Here we go...

The was an unchecked input in the u2u system

XMB Forum U2UID SQL Injection Vulnerability

XMB Forum is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query.

A successful attack could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

This issue affects XMB Forum 1.9.6; earlier versions may also be vulnerable.

Link to the exploit code example (http://downloads.securityfocus.com/vulnerabilities/exploits/19280-sql-inj.php)

actually, I just realized that his stating that the Apache logs were huge, means he inadvertantly admitted to logging IPs

I don't think he said the logs were changed. But if the guy spoofed the IP for the post then that Ip would show up in the logs.

we seem to be taking it for granted that the fbi did get involved.
what evidence is there?
what if the claim of the fbi getting involved was part of the hoax.

That's the old days when logs ran.

I have not made sure of this but I thought some regular members got concerned and contacted the FBI. it wasn't the site itself.

I have not made sure of this but I thought some regular members got concerned and contacted the FBI. it wasn't the site itself.

yeah thats the story.......

related but unrelated question: where can I find these apache logs on my lamp server?

Here is the idea, from the code...


there is a global protection in xmb.php but [*[ totally break the rules, so,
with magic_quotes_gpc=off, we have sql injection in [**], affected query could become

UPDATE xmb_u2u SET folder='Trash' WHERE u2uid='9999999999' or (1=(SELECT(IF((ASCII(SUBSTRING(password,1,1))=48), 1,0)) FROM xmb_members WHERE status='Super Administrator') AND owner='rgod'/*' AND owner='rgod'

because MySQL >= 4.1 allows SELECT subquery.

By sending yourself private messages, trashing them and resend you can
ask true/false questions to the database to extract admin username/password hash pair

you do not need to force the md5 hash, you can set a new cookie like this:

xmbuser=[admin user]; xmbpw=[md5 hash];

to act as admin

BK, i don't have a copy here. Should be a log dir. Pack probably has Apache running.

LOL I do on my server... but I still haven't gotten it all set up yet... sigh...

but... cat access_log | awk '{print $1}' | sort | uniq -c | sort -n should do the trick for you if you're looking for IP logs