This is my first thread at JWN. :). I have posted only a few times on other threads. I am a third generation JW turned ex-JW, inactive for six years. I am not disfellowshipped and I am not disassocated, but I do not consider myself a JW any longer.
I was facinated by the first Jonney call, and I have to admit that I have my doubts. Some of what he says seems plausible (like the mental health issues), and some claims do not seem very plausible. I wanted to start this thread to talk specifically about the "hacking" claims made by Jonny the Bethalite (JTB for the rest of the post).
I am a computer programmer by trade, and while I do most of my development on large enterprise applications, I know a little bit about the possibilites. Perhaps if there are other programmers here, it can be exaneded upon. I don't claim to know everything about this topic (hacking forums). I spend most of my time programming apps (and teaching programming), and not a lot of time figuring out how gather IP addresses from forums or break into websites. The programs I build and maintain are normally executable applications, not websites.
First of all, JTB claims there's a group of about 20 IT-savvy witnesses at headquarters commissioned to monitor various hostile websites and forums. I would assume that JWN is one of those sites. We know that JWN is monitored because when the new elder's manual was coming out, the links on sendspace (or any other file sharing site) we taken down rather quickly. Other copyrighted content is taken down from YouTube all the time. Even the pro-Witness morning text website was taken down. I could list others, and I'm sure some of the long-time members here know of more. So the idea that the WTB&TS is monitoring the web is not a big revelation. And if the WTB&TS was to monitor the web for copyrighted content, I would also assume they have assigned people to do so, maybe even 20 people. What seems to be new (at least to me), is the claim that the monitoring of the web goes beyond searching for copyrighted information, and moves into the domain of uncovering personal information of some who post on forums and even facebook.
Claim #1: WTB&TS will actively try to retrieve the IP address of forum posters
When this topic came up, JTB was questioned. Somebody *did* ask how he would be able to gather the IP address of forum posters. I was listening with great interest at his answer, but was disappointed. I was hoping for a more technical answer. He claimed that it was possible to respond with a trojan post, if you will, that would use whatismyip.com to gather the IP address of the poster.
(and here is where someone else might be able to enlighten me)
How in the world do you make a "trojan" post to a forum? I understand what a "trojan" is: its a program that runs on the computer that you wish to hack into, and it let's the hacker in or gathers info to send out. The program is called a "trojan" because the only reason its running on the target machine is because the target user got fooled into thinking the program was harmless (or something desirable) and executed it. But how do you do that with a forum post? The "hacker" would have to get some code to run on the target machine, and the only program running on the target marchine is the browser itself - so it would have to be getting the target browser to run some specific script embeded in the HTML. Script from where? Well, the broswer is reading the forum HTML sent to it by the forum internet server. So how is it that a potential forum hacker can get the forum internet server to send out scripts to the browser to execute? I don't think it could be in the forum post itself, this is just the text displayed to the forum. I suppose that a hacker could embed a script into his/her signature IF and ONLY IF the furum allowed HTML signatures with <script> tags. Do forums allow this?
And let's suppose that, for example, JWN (or any other apostate forum) did allow this? What would that do? Sure, it would mean that users would go to the site and view the forum posts. And yes, it would mean that the browser would download the signature HTML with the embeded script. And yes, the browser may run it (if the browser security is tuned down). And let's assume that the script could successfully go to whatismyip.com and get the IP address, and transmit that to WTB&TS headquarters. If all of this were true, it would give the WTB&TS a barrage of IP addresses coming from everywhere... hundreds... thousands of them, flooding in as viewers went to the forum. If all of this worked, it would return the IP addresses of each person as they loaded the forum page and their browser ran the script, not of any specific user.
A thought that just occured to me - I guess the script could also traverse through the DOM and try to extract the username from the HTML. For example, on JWN the user name is displayed in the upper-right.... I would assume if the script has access to connect to whatismyip.com and gather the ip address, it would also have access to the DOM.. correct? This, of course would work if the user wasn't signed in, not if it were just some lurker.
I was thinking there could be another way specific IP addresses can be harvested from forums - If the forum encodes the poster's IP address within the page in some way. I believe JWN does this for each user. For example, if you look to the right each each poster's name on each individual post, there is a graphic displayed. This is an idenitcon. Its a way of displaying the IP adddress of the user in a graphical way. It's like a graphical hash function. Now, I'm sure there is no reasonable way to take the identicon and calculate backwards to the IP address. After all, its supposed to be a hash function. But I don't think you have to. Why not crack it like other hashed passwords? For example, Windows passwords are stored within the registry as a hashed value. You can dump these password hashes from the registry easily. (see here to get pwdump http://www.foofus.net/~fizzgig/pwdump/downloads.htm). Once you get them, there's no way to calcuate the password from the hash, but since the algorithm used to produce the hash is public knowledge, why not generate a table of all permutations of passwords of a certain length and then compare? There are programs that do this (see: http://ophcrack.sourceforge.net/). Sure the table might take up alot of space, and sure it might take a while to calcuate, but after you are done, you can take any hash, find it in your table and know exactly what the password is. ophcrack, given a hash from pwdump, will usually give you the password in about 30 seconds, if you have the right tables.
The question is: is the identicon algorithm public? I found a few free .NET versions when googling it. The algorithm works fast, so assuming you wanted to go through all permutations of ip addresses (32-bit IP addresses at this point), you would have 2^32-1 combos (and I don't think you would need to do all of these - some IP address ranges are not going to be valid), and assuming you could do 1 per millisecond, then you are looking at gathering all the combos in about 40 days... combos/1000/60/60/24. Of course, if you had a few computers to divide the work (this computer will take this IP-range, that computer another, then it cuts down the time more).
Of course, the identicon way could be thwarted if more than the ip address went into the creation of the identicon. BUT - Usually its only the IP address, because the identicon is used as a way of showing if a user is posting under multiple usernames - different users, but equivalent idenitcons...
So what would the WTB&TS do with the IP address? They can get the geographical location from the IP. http://www.iplocationtools.com/ will do it for your IP if you go there. I found several free code downloads too. iplocationtools has free API, for example.
So technically, if they get your IP address, they can get its location and find out what congregation the apostate is in, not a specific name, though.
Claim: WTB&TS is hacking Facebook
At first this made me laugh. No doubt Facebook is running intrusion detection software, and if the WTB&TS were caught actively hacking Facebook, there would some serious legal trouble. I've seen a couple other posters say the same thing. But then I thought - that's not what hacking usually is. "Hacking" is a very loose term. If I wanted to "hack" your facebook account, and do it legally, I would just create a user with a name you trust and send you a friend request. Heck, I might even put a profile picture of the person you know. When you accept the request, I'm in. Nothing illegal about it.
I think its logically possible that the WTB&TS could be doing this. Do I think its probable? I would have to say it is more probable that the WTB&TS is monitoring sites for copyrighted content only. It's far less probable that they are doing an active "hacking" campaign. Again, what Jonny says could be *possible*, and this post was exploring the technical side of his claim. But its still an extraordinary claim. And extraordinary claims call for extraordinary evidence. I could be be convinced to believe Jonny... but I would need some hard evidence.
To Jonny or Rick: How about some evidence? I think he is now claiming that if he leaves Bethel he will be DFed, along with his entire family. Why? I would think he would be dragged into some back room with ten lawyers and explained just how DFed he is. I picture a dark room with a single light. They would take out a graph and say, "This line all the way to the left of the paper is a JW in good standing. The line in the middle is a DFed JW. You're not even on the paper, you're over by the wall. Don't even think of applying for reinstatement."
Unless, of course, that briefcase he claims he has is stocked full of juicy evidence... Soooo, let's have it. JTB - you wanted to leave JWs and Bethel anyway, and if they DFed your family, you wouldn't lose them either - sounds like a win/win. Let's have it...