Jonny, the WTB&TS, and hacking

by MeanMrMustard 32 Replies latest jw friends

  • MeanMrMustard

    Hello all,

    This is my first thread at JWN. :). I have posted only a few times on other threads. I am a third generation JW turned ex-JW, inactive for six years. I am not disfellowshipped and I am not disassocated, but I do not consider myself a JW any longer.

    I was facinated by the first Jonney call, and I have to admit that I have my doubts. Some of what he says seems plausible (like the mental health issues), and some claims do not seem very plausible. I wanted to start this thread to talk specifically about the "hacking" claims made by Jonny the Bethalite (JTB for the rest of the post).

    I am a computer programmer by trade, and while I do most of my development on large enterprise applications, I know a little bit about the possibilites. Perhaps if there are other programmers here, it can be exaneded upon. I don't claim to know everything about this topic (hacking forums). I spend most of my time programming apps (and teaching programming), and not a lot of time figuring out how gather IP addresses from forums or break into websites. The programs I build and maintain are normally executable applications, not websites.

    First of all, JTB claims there's a group of about 20 IT-savvy witnesses at headquarters commissioned to monitor various hostile websites and forums. I would assume that JWN is one of those sites. We know that JWN is monitored because when the new elder's manual was coming out, the links on sendspace (or any other file sharing site) we taken down rather quickly. Other copyrighted content is taken down from YouTube all the time. Even the pro-Witness morning text website was taken down. I could list others, and I'm sure some of the long-time members here know of more. So the idea that the WTB&TS is monitoring the web is not a big revelation. And if the WTB&TS was to monitor the web for copyrighted content, I would also assume they have assigned people to do so, maybe even 20 people. What seems to be new (at least to me), is the claim that the monitoring of the web goes beyond searching for copyrighted information, and moves into the domain of uncovering personal information of some who post on forums and even facebook.

    Claim #1: WTB&TS will actively try to retrieve the IP address of forum posters

    When this topic came up, JTB was questioned. Somebody *did* ask how he would be able to gather the IP address of forum posters. I was listening with great interest at his answer, but was disappointed. I was hoping for a more technical answer. He claimed that it was possible to respond with a trojan post, if you will, that would use to gather the IP address of the poster.

    (and here is where someone else might be able to enlighten me)

    How in the world do you make a "trojan" post to a forum? I understand what a "trojan" is: its a program that runs on the computer that you wish to hack into, and it let's the hacker in or gathers info to send out. The program is called a "trojan" because the only reason its running on the target machine is because the target user got fooled into thinking the program was harmless (or something desirable) and executed it. But how do you do that with a forum post? The "hacker" would have to get some code to run on the target machine, and the only program running on the target marchine is the browser itself - so it would have to be getting the target browser to run some specific script embeded in the HTML. Script from where? Well, the broswer is reading the forum HTML sent to it by the forum internet server. So how is it that a potential forum hacker can get the forum internet server to send out scripts to the browser to execute? I don't think it could be in the forum post itself, this is just the text displayed to the forum. I suppose that a hacker could embed a script into his/her signature IF and ONLY IF the furum allowed HTML signatures with <script> tags. Do forums allow this?

    And let's suppose that, for example, JWN (or any other apostate forum) did allow this? What would that do? Sure, it would mean that users would go to the site and view the forum posts. And yes, it would mean that the browser would download the signature HTML with the embeded script. And yes, the browser may run it (if the browser security is tuned down). And let's assume that the script could successfully go to and get the IP address, and transmit that to WTB&TS headquarters. If all of this were true, it would give the WTB&TS a barrage of IP addresses coming from everywhere... hundreds... thousands of them, flooding in as viewers went to the forum. If all of this worked, it would return the IP addresses of each person as they loaded the forum page and their browser ran the script, not of any specific user.

    A thought that just occured to me - I guess the script could also traverse through the DOM and try to extract the username from the HTML. For example, on JWN the user name is displayed in the upper-right.... I would assume if the script has access to connect to and gather the ip address, it would also have access to the DOM.. correct? This, of course would work if the user wasn't signed in, not if it were just some lurker.

    I was thinking there could be another way specific IP addresses can be harvested from forums - If the forum encodes the poster's IP address within the page in some way. I believe JWN does this for each user. For example, if you look to the right each each poster's name on each individual post, there is a graphic displayed. This is an idenitcon. Its a way of displaying the IP adddress of the user in a graphical way. It's like a graphical hash function. Now, I'm sure there is no reasonable way to take the identicon and calculate backwards to the IP address. After all, its supposed to be a hash function. But I don't think you have to. Why not crack it like other hashed passwords? For example, Windows passwords are stored within the registry as a hashed value. You can dump these password hashes from the registry easily. (see here to get pwdump Once you get them, there's no way to calcuate the password from the hash, but since the algorithm used to produce the hash is public knowledge, why not generate a table of all permutations of passwords of a certain length and then compare? There are programs that do this (see: Sure the table might take up alot of space, and sure it might take a while to calcuate, but after you are done, you can take any hash, find it in your table and know exactly what the password is. ophcrack, given a hash from pwdump, will usually give you the password in about 30 seconds, if you have the right tables.

    The question is: is the identicon algorithm public? I found a few free .NET versions when googling it. The algorithm works fast, so assuming you wanted to go through all permutations of ip addresses (32-bit IP addresses at this point), you would have 2^32-1 combos (and I don't think you would need to do all of these - some IP address ranges are not going to be valid), and assuming you could do 1 per millisecond, then you are looking at gathering all the combos in about 40 days... combos/1000/60/60/24. Of course, if you had a few computers to divide the work (this computer will take this IP-range, that computer another, then it cuts down the time more).

    Of course, the identicon way could be thwarted if more than the ip address went into the creation of the identicon. BUT - Usually its only the IP address, because the identicon is used as a way of showing if a user is posting under multiple usernames - different users, but equivalent idenitcons...

    So what would the WTB&TS do with the IP address? They can get the geographical location from the IP. will do it for your IP if you go there. I found several free code downloads too. iplocationtools has free API, for example.

    So technically, if they get your IP address, they can get its location and find out what congregation the apostate is in, not a specific name, though.


    Claim: WTB&TS is hacking Facebook

    At first this made me laugh. No doubt Facebook is running intrusion detection software, and if the WTB&TS were caught actively hacking Facebook, there would some serious legal trouble. I've seen a couple other posters say the same thing. But then I thought - that's not what hacking usually is. "Hacking" is a very loose term. If I wanted to "hack" your facebook account, and do it legally, I would just create a user with a name you trust and send you a friend request. Heck, I might even put a profile picture of the person you know. When you accept the request, I'm in. Nothing illegal about it.



    I think its logically possible that the WTB&TS could be doing this. Do I think its probable? I would have to say it is more probable that the WTB&TS is monitoring sites for copyrighted content only. It's far less probable that they are doing an active "hacking" campaign. Again, what Jonny says could be *possible*, and this post was exploring the technical side of his claim. But its still an extraordinary claim. And extraordinary claims call for extraordinary evidence. I could be be convinced to believe Jonny... but I would need some hard evidence.

    To Jonny or Rick: How about some evidence? I think he is now claiming that if he leaves Bethel he will be DFed, along with his entire family. Why? I would think he would be dragged into some back room with ten lawyers and explained just how DFed he is. I picture a dark room with a single light. They would take out a graph and say, "This line all the way to the left of the paper is a JW in good standing. The line in the middle is a DFed JW. You're not even on the paper, you're over by the wall. Don't even think of applying for reinstatement."

    Unless, of course, that briefcase he claims he has is stocked full of juicy evidence... Soooo, let's have it. JTB - you wanted to leave JWs and Bethel anyway, and if they DFed your family, you wouldn't lose them either - sounds like a win/win. Let's have it...


  • trevorbv

    Surelly WTBTS monitors the web for copyright infrigment, but there's no way they are trying to hunt the infiltrated "apostates". First you really need to be a real guru in hacking and the most you can obtain are IPs, member e-mails and passwords. Then you need a database to compare them to, but besides the name and the monthly reports I don't think they keep private info about members. Even if they would manage to identify someone, how can they use the information? Send it to the elders? What is the proof? The Society will never admit into hacking forums, since it is a criminal act. I guess some of the members of this forum have a lot of imagination and don't know much about computers. Surelly anything can be cracked on the internet, but WTBTS lacks the skills to do it and the motivation. I think they are sincere people captives of the concept the God somehow speaks to them and would not turn to such low practices.

    Anyway the greatest trap is your browser history, if you are an undercover witness. I would suggest setting your browser to delete its history upon exiting.

    Speaking of hacking, of greater interest will be the hacking of the website. If not the site maybe an elder account or an account that allows you to upload stuff like magazines.

  • baltar447

    All you would need to do is take a 1x1 pixel image hosted on your server externally somewhere, imbed it into a post that you make, on the back end you can setup logging to see what ip addresses hit your image.

  • baltar447

    At least that's an easy way to gather IPs from a site, you could probably use javascript creatively to further isolate users to IPs.

  • dssynergy

    Even if an IP address is logged, most people don't have static IPs. So, I believe you can detect the general neighborhood of an IP address, but it doesn't tell you specifically who it belongs to. My IP address for example shows my neighborhood, but since I'm with Comcast it could be anyone in the area. When I look it up, it cannot even pinpoint my house.

    Now, if it was being done by police or law enforcement, I think they have to summon the IP provider to have them reveal the exact person's IP address and any activity logged. but I can't see the WTBS doing that unless there was good reason. I don't think a difference of opinion qualifies.


  • baltar447

    True Bots, and there's no way to know whether they pass information on down the chain to watch out, there are actives on 'postate boards, etc. I've never heard of it.

  • koolaid-man

    The Jan 15,2011 call is now up and the good news is we did have Johnny recorded. Johnny comes on 10 hours in............ You have got to hear this. He talks about The new Flock book,The lost boys of NY., the untouchable sisters and things you have never heard before......

    Link to recording....

  • Palimpsest

    Yeah, his technical "wisdom" did not impress me in any way. And I hate the misuse of the term "hacking."

    My IP address for example shows my neighborhood

    My primary IP address isn't even in my area code. Hell, it's not even in my state. And I tend to post on boards from home, work, and my phone, so I'm all over the place. I really don't think most people understand how IPs work. The whole "We've got your IP and we're gonna git you!" thing just doesn't work in the real world. Everyone can relax. ;)

    More importantly: I could give a **** if the WTBTS were to ever watch what I do on-line. I watch what they do in public, so I feel like I still have the upperhand.

  • MeanMrMustard


    I agree that its not very probable that the WTB&TS is doing this. Like I said, we know for sure that they monitor websites for copyrighted information. And I bet they monitor websites for any reason to file a lawsuit (like libel). But what's the payoff for 20 guys trying to get IP addresses? I'm sure they would love to know the identities of the active elders posting letters and manuals. My focus was on whether they could even get the IP address *attached to the specific username*. It's tough just to do that, it seems. But once you have it, what next? I tried to get my location from my IP, and it comes pretty close to my actual address. However, looking at the other posts, its not always so close.

    You wrote:

    "Even if they would manage to identify someone, how can they use the information?"

    Well, I can think of a few things. If they got the identity of a few of the active elders posting on JWN, I'm sure the velvet glove would come off, so-to-speak. If they knew who was leaking the new elder's manual, those individuals would be DFed.

    You wrote:

    "First you really need to be a real guru in hacking...<snip>... but WTBTS lacks the skills to do it and the motivation."

    I don't think you need to be a real "guru". The WT has produced the MEPS system. They produce the WT-Library app, and even though its not a huge application, it shows there are programmers working for the WTB&TS. At the very least, I think the WTB&TS does have the skills and resources to try some of this stuff. But the motivation... well, that's the question isn't it? - whether or not there are 20 or so guys in Bethel commissioned to this kind of stuff.

    About - yes, I have thought the same thing. I've wanted to take a look at the this site too. But I think it would be a mistake to try to hack it while sitting at home. Your best bet is to befriend an older elder, and while visiting his home, see if he has a sticky note with his username/password attached to his monitor.



  • dssynergy

    @Koolaid-Man: If you want people to access the information, you have to make it easier. Most of us don't have 12 hours to hang out on the phone. I tried to listen to Johnny's part, but the player wouldn't let me fast forward. Break it down man, break it down. If you could isolate just his part of the call, that would be excellent.


Share this