Former Club Newsletter Editor & Club President Gets Busted!
Famous Last Word: "ABSCOND" (5/30/2017 - QRZ.COM Forum)
A Ham Radio operator located in the South Hills of Pittsburgh was reprimanded for using his employer's computer network to make bogus entries into ''South Hills Amateur Radio Club's'' online guestbook.
The identified individual didn't realize that his IP address was being captured when he made the entry using a bogus user name and email address.
The following text is from the captured guestbook entry:
Received: (qmail 2741 invoked from network); 21 Dec 1998 17:49:21 -0000
Received: from unknown (HELO pdi.worldcruiser.net) (220.127.116.11)
by uranium.nb.net with SMTP; 21 Dec 1998 17:49:21 -0000
Received: from diamond.nb.net (diamond.nb.net[18.104.22.168])by PDI(MailMax 2.941) with ESMTP id 0 for email@example.com; Mon, 21 Dec 1998 12:52:35 -0500 EST
Received: by diamond.nb.net (SMI-8.6/SMI-SVR4)
id MAA13927; Mon, 21 Dec 1998 12:49:40 -0500
Date: Mon, 21 Dec 1998 12:49:40 -0500
From: firstname.lastname@example.org (Nobody)
Reply-to: EBott@compuserve.com (Ernie Bott)
From: EBott@compuserve.com (Ernie Bott)
Subject: New Entry to SHARC-NET Guestbook
There is a new entry in the SHARC-NET guestbook:
"Nice web page! Hey, how come you show KB3CHF as you club call but QRZ lists N3SH as your club call?"
Boston, MA USA - Monday, December 21, 1998 at 12:49:37 (EST)
22.214.171.124 - [12/21/98 12:49:38 EST]
The webmaster for South Hills Amateur Radio Club tried to reply to the above email but the email bounced because the return email address was bogus. The webmaster therefore deleted the entry.
The following day, having seen his guestbook entry deleted, the individual sent the following email to SHARC's webmaster:
Received: (qmail 17234 invoked from network); 22 Dec 1998 12:40:49 -0000
Received: from unknown (HELO pdi.worldcruiser.net) (126.96.36.199)
by uranium.nb.net with SMTP; 22 Dec 1998 12:40:49 -0000
Received: from ccgateway.chester-engineers.com
(ccgateway.chester-engineers.com[188.8.131.52])by PDI(MailMax 2.941) with
ESMTP id 0 for email@example.com; Tue, 22 Dec 1998 07:43:59 -0500 EST
Received: from ccMail by ccgateway.chester-engineers.com
(IMA Internet Exchange 2.12 Enterprise) id 0001EC63; Tue, 22 Dec 1998 07:36:47 -0500
Date: Tue, 22 Dec 1998 07:38:24 -0500
From: EBott@compuserve.com (TEST)
To: firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com
Content-Type: text/plain; charset=US-ASCII
Content-Description: cc:Mail note part
"Hey! How come you edited my Guestbook entry! You could have answered the question! What's wrong with you people anyway!"
Despite the fact that the individual attempted to use a bogus user name and return address, their employer's name was captured in the email header. The IP address (184.108.40.206) captured in the guestbook entry was verified at www.arin.net to belong to the individual's employer, thereby validating the fact that both the guestbook entry and subsequent email came from the same source.
SHARC contacted the employer's MIS (Management Information Systems) Manager who issued this statement:
"Our current e-mail policy clearly states that e-mail is for business use only and any violation of the policy will lead to disciplinary action taken against the employee. Therefore I will forward your e-mail to our Human Resource Department for review. In the mean time if you could please supply me with the following information I will pursue this matter further."
SHARC forwarded a copy of all captured records and logs to the MIS Manager and to the ARRL in Newington, CT. SHARC had previously installed surveillance software on it's website and logged the following "hits" (during work hours) by the individual. A record of these "hits" were also turned over to the individual's employer and the ARRL.
Jan 12, 2000 13:06:31 220.127.116.11 Win 95 Netscape 4.x
Jan 26, 2000 11:54:40 18.104.22.168 Win 95 Netscape 4.x
Jan 26, 2000 11:47:37 22.214.171.124 Win 95 Netscape 4.x
Jan 27, 2000 07:34:21 126.96.36.199 Win 95 Netscape 4.x
Jan 28, 2000 12:00:19 188.8.131.52 Win 95 Netscape 4.x
Feb 09, 2000 15:48:52 184.108.40.206 Win 95 MSIE 5.x
Feb 16, 2000 13:03:29 220.127.116.11 Win 95 Netscape 4.x
The individual's guestbook entry and subsequent email were in reference to SHARC's club call sign, for which the individual had co-participated in an obsessed complaint against SHARC to the FCC and ARRL. The FCC however, returned the club's ''1st'', ''original'' and ''historic'' call sign, ''KB3BRF'' to SHARC. The individual also performed a mass emailing to SHARC members asking them to join his club (WASH), using his employer's server and Yahoo Groups, during company time. The email (sent on February 18th, 2000) which occurred (2) days after the individual's last recorded hit (February 16th, 2000) to SHARC's website, identified his home email ISP as "fyi.net%quot;. Apparently the individual visited SHARC's website numerous times to gain the email addresses of SHARC's members. The following email is a sample of one of the many emails the individual sent out to SHARC's members:
Received: from b05.egroups.com [18.104.22.168] by mx04 via mtad (2.6) with ESMTP id 660eBRmz61335M04; Fri, 18 Feb 2000 12:51:57 GMT
Received: from [10.1.2.123] by b05.egroups.com with NNFMP; 18 Feb 2000 12:51:56 -0000
Date: Fri, 18 Feb 2000 12:51:51 -0000
Subject: Invitation to join wa3sh
firstname.lastname@example.org has invited you to join the wa3sh group
at eGroups.com, a free email service. By joining this group,
you can share information, store photographs and files, coordinate
events and more!
Here is a welcome statement provided by the group moderator:
The WASHRag is the monthly newsletter of the Wireless Association of South Hills, Inc., FCC callsigns N3SH and WA3SH. This group is intended for electronic newsletter distribution. You are receiving this welcome message because you have just been added to the list. You may have been added because you requested it; you may have been added by the list owner, Ron WN3VAW, because he felt that you were interested in receiving the WASHRag via email. If that is incorrect, please inform him immediately at email@example.com. This is a closed list. Only WN3VAW, and in his absence W3SRL, are permitted to send to this list. So you should receive no SPAM by being here. If you are looking for back copies of the WASHRag (and before it the Original SHARC Mariner), you can find them at www.washarc.org. The WASHRag is distributed monthly. Snail mail is usually sent the first week of the month (we try to time it so that the newsletter arrives about a week or so before the meeting night); the electronic edition will be sent as soon as it is completed, so you will be getting the ''early'' edition.
Hope you enjoy the newsletter!
73, ron wn3vaw firstname.lastname@example.org
Contrary to what the above individual indicated, no SHARC members ever requested to be put on his "list". This was clearly a tactic to intimidate SHARC's officers and members. A complaint however was filed by SHARC to Egroups and all SHARC members were removed from the individual's list. The individual, a former SHARC member allegedly claims to be an expert on SHARC's history, however SHARC's records (his application) shows he joined the group on May 25th, 1995. SHARC was founded August 23, 1993. He also refers to ''original'' issues of ''The Mariner'', which was actually created by SHARC's co-founder, KA3EBX and the first issue of ''The Mariner'' was issued in January of 1994, long before the individual joined SHARC.
Subsequent to the reports turned over to the individual's employer, no further hits from his employer's server have been observed. Since then however, SHARC has reported receiving several suspicious emails from alias ''fyi.net'' email addresses, using the personal names of various SHARC members. Further investigations are pending.
"To think this individual is actually a club president of a local South Hills Ham Radio club and Network Administrator for his employer just blows us away.'' said one SHARC official. ''A real embarrassment to both organizations we would say. What is also unfortunate, is knowing the ARRL Atlantic Division and Western PA officials supported this individual. A prime example of the blind leading the blind".
** Update 12/17/01 **
We have been informed that the above individual's employment was terminated by his employer. No further details are available.
** Update 08/20/04 **
We have been informed that the above individual is now working in the hardware department at Home Depot.