Sunday, March 6, 2011

Man In The Middle

Over the last twelve years, my children and I have been the victims of constant and unrelenting attacks on our home computers: severe hacking; poor to non-existent connections; constant sudden disconnects; disappearing or altered files, icons, programs, and more; human voices and bizarre sounds of various types emanating from our fax machine; strange emails such as the one posted earlier on this blog and titled "A Reporter Said"; and much more. I've taken our home computer and my children's student laptops to many different computer repair shops and professionals in several different cities over the years and paid them a great deal of money to receive their assurances that our problems were fixed, only to discover that our computer troubles were actually worse, not better.

Recently, I've finally been able to find a few computer and security experts with honesty and integrity who were kind enough to look into some of our computer woes. Among many other things, I've learned that I am the victim of what's known as a "Man In The Middle" (MITM) attack. As it was explained to me, every time I sent anything from my email account, a mirror copy was also being sent to someone else through a hack on the server. The "someone else" would remove any legitimate replies I might receive and substitute their own bogus replies instead.

Let's look at some different examples of this. I'll start with the headers from an email I received in 2004 from a group of San Antonio lawyers (Ex. 1). An examination of the path this email took shows it came directly to me rather than being routed through the loopback. (This legal group sent me to an attorney with ties to my ex-husband who tried to con me.)

Now let's move on to a different kind of example. The second email posted here (Ex. 2) is one of a great many harassing ones I've received over the years. This email came through the loopback and has ridiculous addresses that were clearly fabricated, even though they look superficially real.

The third example posted here (Ex. 3) is of what appears to be a death threat sent to me by a friend of my father's. This email is odd because it seems to have come from the Earthlink server instead of the Yahoo one, although it came from Yahoo originally.

My final MITM example is actually a double one (Exs. 4 and 5). In March of 2006, I attempted to file a formal written complaint with the U.S. Department of Justice (DOJ) by email as well as by regular mail, since so much of our regular mail was being tampered with or stolen. (I have a stack of tracking receipts for mail that comes up as "No Record" over an inch thick!)

Immediately after I emailed my complaint, I received the two emailed responses shown here as Exs. 4 and 5. The one titled "Re: Serious Complaints" (Ex. 4) is similar in appearance to others I've received as automated replies from the DOJ over the years, and an examination of the headers from it shows it did come from the DOJ's server.

However, the email titled "Out of Office AutoReply: Serious Complaints" (Ex. 5) does not look like anything I've received before from the DOJ. An examination of the headers shows this email came from the loopback. It looks as if my original email was also diverted to an account outside the DOJ, where it generated an automatic reply that came back along the same false route. This means that when I sent my original email to the DOJ, I received two automated replies, one from the DOJ that was authentic, and a second one that was a fake from the path I'd sent my original email on.

These duplicate automated responses show that whoever is behind the MITM attacks on my computer gets immediate copies of everything I send and has software already set up to send an immediate automatic response back to me that looks just like whatever path I sent my email on--but is actually fake. This means that whoever has been attacking my computer has software specifically designed to enable them to impersonate federal agencies and officials.

As you've no doubt guessed by now, these examples document a number of very serious federal offenses. Although these are examples of past crimes, my computer continues to be attacked in this way, making it nearly impossible for me to accurately communicate with people or agencies that are trying to help us. Furthermore, I have documented evidence of additional federal offenses committed against me through my computer that I choose not to post at this time, although I may well post these at a later date.

As a wise friend recently commented, "No wonder so many people think that stalking is a government plot."


candy said...

Thank you for sharing this. My computer is always attacked by viruses and spyware.
I also have perps that are able to erase the letters I have typed if I go back and try to fix some of my words. I have found it successful to save what I type by copying or saving as draft, getting off of the email or sight I was on, then getting right back on and finiishing my letter or whatever it was I was typing.
For some reason getting off the sight and getting back on, messes up whatever softwhere they are using to erase the word after the one I am typing, when I go back to correct things.
I also have received emails from people I know, where the words were retyped to make me suspicious of who was sending me the emails.
They especially do this when I communicate by email with another online victim by private email.
I am sure they are able to mirror sights we go on too.
Wishing you a great day,

Medawar said...

There's something called a "DNS Attack" whereby your internet access gets diverted to a dummy DNS server (which finds the IP address for a site's internet name) and fools your ISP into connecting you to a copy of the site you want, but with crucial changes. This can then access the real site for information third hand, so you don't necessarily notice the difference.

Used by fraudsters as well as stalkers.
The better ISPs protect you against this, and if you use Ubuntu rather than Windows, a firewall called "Firestarter" will generally cut you off from the internet before you get into trouble. Though I find it necessary to reboot my ADSL router as well as my computer somethings, (thus making sure you get reconnected to a real DNS server) the bother is better than being thoroughly shafted.

Anonymous said...

Even with all the stalker tac-tics(which really are the evil of Hitlers Natzi OSS/Stazi(which is our CIA reborn)spin-offs being used on us TI's and I'm sure any/all victims at times before we named it all... God's will shall be done on Earth as it is in Heaven Fear not be not dismayed at evil, but over come evil with Good.

God bless us all

Anonymous said...

Well, the government IS in on it. You can't believe they're not given your experience at the hands of the "FBI or NOT FBI" agent and his cohorts. They just pass you around until it's confusing who is who. The government is only people like you and me of course their hands are dirty.

scott said...

In re "exhibit 4" and "exhibit 5".

The email paths are absolutely the same both ways. The initial reply to you is an auto-responder on These auto-responders are generated by the email server itself whenever a mailbox receives something new.

The second email is a vacation auto responder. By the looks of it, it is created by an outlook client connected to a Microsoft Exchange server.

The difference between the two is that exhibit #5 was created by a client PC, therefore the email return path will include additional "hops" as the email traverses the internal network before being delivered. This can be seen in the email header.

The key to determining whether these two emails are genuine is that they both go through the same DOJ gateway server before being delivered to your earthlink account. That is the case here.

Anonymous said...

The thought occurs that a man in the middle attack could employ a PC that happened to be in a government office, or a an extra profile on a well-used PC in the government office, to run an auto-responder setup that prevented e-mails from ever actually being read by anyone capable of acting on them.

It is a very common experience of a great number of people that information can be transmitted to police and Federal authorities by a variety of means, only for no action to be taken and, when this results in tragedy and scandal, for it to be claimed that no such information or complaint was ever logged and received.

The overall thrust of this entire blog, rather than the two examples above, is that there are people within government offices who stop certain complaints being logged and acted upon.

All Scott is really doing is identifying another, largely effortless, way in which they could achieve this without exposing themselves to much, if any, risk of detection.

Thomas Bean said...

I had lots of problems trying to communicate with a reporter in Austin, Texas.....about stuff that had nothing to do with any National Security or classified program.

So...everyday I got a new yahoo account, and sent an email...finally, I got the reporter before emails were misdirected.

They will stop at make sure your side of the story is not heard at any point in time by anyone who has oversight.

You have to talk to people face to face, and hand deliver documents: try not to tip them by addressing the letter using your keyboard, leave that blank, so they don't know "who you are delivering documents-complaints" to.

They will break any law to avoid exposure: OBSTRUCTING JUSTICE by TAMPERING WITH US MAIL-EMAIL.