FW: [DNS] Internet Domain Names May Have Warned of Attacks

FW: [DNS] Internet Domain Names May Have Warned of Attacks

From: Rowe, Joshua <Joshua.Rowe§auspost.com.au>
Date: Fri, 21 Sep 2001 15:46:35 +1000
forwarding on behalf of Tony Cooke ...


Josh

-----Original Message-----
From: Cooke, Tony [mailto:tony.cooke&#167;deacons.com.au]
Sent: Friday, 21 September 2001 15:36
To: 'Rowe, Joshua'
Subject: RE: [DNS] Internet Domain Names May Have Warned of Attacks


I sent this this to the list this morning, but it didn't make it for some
reason or another.

Josh

Interesting article, but I can't seem to verify it.  none of the names
suggested in it give any results like those suggested.  Some are registered,
but at times that don't match what is being said, and they were registered
after the Attack.

1.

[whois.crsnic.net]Whois Server Version 1.3Domain names in the .com, .net,
and .org domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.   Domain Name: ATTACKONTWINTOWERS.COM
   Registrar: BULKREGISTER.COM, INC.
   Whois Server: whois.bulkregister.com
   Referral URL: http://www.bulkregister.com
   Name Server: DNS3.PIXELGATE.NET
   Name Server: DNS1.PIXELGATE.NET
   Updated Date: 11-sep-2001
The Registry database contains ONLY .COM, .NET, .ORG, .EDU domains and
Registrars.
   
[whois.bulkregister.com]
Evolution R 
   2591 Fallon Circle
   Simi Valley, Ca 93065
   US

   Domain Name: ATTACKONTWINTOWERS.COM

   Administrative Contact:
        Keith Ramirez    sales&#167;evolutionr.net
        Evolution R
        2591 Fallon Circle
        Simi Valley, Ca 93065
        US
        Phone- 805-520-7787 
        Fax- 
   Technical Contact:
        Keith Ramirez  sales&#167;evolutionr.net
        Evolution R
        2591 Fallon Circle
        Simi Valley, Ca 93065
        US
        Phone- 805-520-7787 
        Fax- 

   Record updated on 2001-09-11 13:23:53.
   Record created on 2001-09-11.
   Record expires on 2002-09-11.
   Database last updated on 2001-09-20 16:52:07 EST.

   Domain servers in listed order:

   DNS1.PIXELGATE.NET            209.239.252.99                
   DNS3.PIXELGATE.NET            209.239.240.99                

2.


[whois.crsnic.net]Whois Server Version 1.3Domain names in the .com, .net,
and .org domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.   Domain Name: WORLDTRADECENTERBOMBS.COM
   Registrar: INTERCOSMOS MEDIA GROUP,INC
   Whois Server: whois.directnic.com
   Referral URL: http://www.directnic.com
   Name Server: NS0.DIRECTNIC.COM
   Name Server: NS1.DIRECTNIC.COM
   Updated Date: 13-sep-2001
The Registry database contains ONLY .COM, .NET, .ORG, .EDU domains and
Registrars.
   
[whois.directnic.com]
Registrant:
 Prime Item Promotions
 3552 Promontory Street
 San Diego, Ca 92109
 US    

 Domain Name: WORLDTRADECENTERBOMBS.COM
 
 Administrative Contact:
    Zugel, Duane  primeitem&#167;hotmail.com
    3552 Promontory Street
    San Diego, Ca 92109
    US    
    619-379-2559

 Technical Contact:
    Zugel, Duane  primeitem&#167;hotmail.com
    3552 Promontory Street
    San Diego, Ca 92109
    US    
    619-379-2559

 Billing Contact:
    Zugel, Duane  primeitem&#167;hotmail.com
    3552 Promontory Street
    San Diego, Ca 92109
    US    
    619-379-2559


 Record last updated on 13-Sep-2001.
 Record expires on 13-Sep-2002.
 Record Created on 13-Sep-2001.

 Domain servers in listed order:
    NS0.DIRECTNIC.COM   66.79.10.199
    NS1.DIRECTNIC.COM   64.38.245.203

-----Original Message-----
From: Rowe, Joshua [mailto:Joshua.Rowe&#167;auspost.com.au]
Sent: Friday, 21 September 2001 10:01 AM
To: Dns List (E-mail 2)
Subject: [DNS] Internet Domain Names May Have Warned of Attacks


Internet Domain Names May Have Warned of Attacks 
By Jeff Johnson 
CNSNews.com Congressional Bureau Chief 
September 19, 2001 

http://www.cnsnews.com/ViewNation.asp?Page=/Nation/archive/200109/NAT2001091
9d.html 

(CNSNews.com) - The terrorists who planned and executed the September 11
attack on America may have registered as many as 20 Internet domain names,
or web addresses, that experts believe should have warned authorities of a
possible assault on the World Trade Center in New York City. 

Internet domain names like 'attackontwintowers.com' and
'worldtradetowerattack.com' were registered more than a year ago. It's not
known at this time who registered the suspicious names or what their purpose
was. 

"It's unbelievable that they (the registration company) would register these
domain names, probably without any comment to the FBI," according to Neil
Livingstone, head of Global Options LLC, a Washington, D.C.-based
counter-terrorism and investigation company. 

"If they did make a comment to the FBI, it's unbelievable that the FBI
didn't react to it," he added. 

A spokeswoman in the FBI press office would only say that the agency will
not comment on its investigation into the attacks. 

According to Livingstone, at least 17 domain names, including
'pearlharborinmanhattan.com' and 'worldtradetowerstrike.com,' were
registered as early as June 2000, 15 months prior to the attacks. 

Two of the domain names contained the dates August 11 and September 29,
which Livingstone said may have indicated the window of opportunity during
which the attackers planned to strike. 

He also dismissed speculation that the domain names were a reference to the
bombing of the World Trade Center eight years ago. "You have two other names
containing 2001, so there's no confusion over the 1993 World Trade Center
attack." 

To protect his sources, Livingstone would not say with which company the
domain names in question were registered. He had no information about the
identity of the person or people who registered the names. 

A domain name search Tuesday indicated that hundreds of web addresses
containing references to the terrorist attacks were registered in the past
week, and four of the older domain names provided by Livingstone have
already been re-registered. 

Domain name registrants are required to use a credit card for payment, and
must provide administrative, technical, and billing contact information. 

That information, except the credit card data, is available to the public as
long as the registration is kept current. 

Livingstone indicated that the required use of a credit card should mean
that authorities would at least have a starting point to investigate the
registrant. 

"This is something that someone should have noticed," he said, "but privacy
issues probably kept it from being noticed." 

Telephone calls to several domain name registration companies Tuesday were
not returned. 

The website for Network Solutions, the world's largest domain name
registrar, included a privacy statement indicative of industry standards
regarding confidentiality: "We will not share such information with other
third parties, except in response to formal requests (e.g., subpoena or
court order) made in connection with litigation or arbitration proceedings
directly relating to a domain name registration or other services we
provide." 

Former CIA Director James Woolsey said current laws make it difficult for
the FBI to get a warrant for electronic surveillance and wiretaps, or to
recruit informants based on actions such as registering threatening domain
names.

"There would not be enough material that is close enough to a specific crime
for an investigation to be opened," Woolsey said. 

But Livingstone believes authorities should have the right to investigate
inflammatory rhetoric, even something as simple as the registration of a web
address that might indicate criminal intent. 

"Something like this ought to come to our attention, and we ought to
investigate whether you do intend to act on it, or whether you're just a nut
case out there who's just venting," he said. 

The attackers might have been planning a propaganda campaign following the
attacks, according to Livingstone. "Maybe their success was so overwhelming
that they didn't need to use this," he said. "Or they may have decided it
was too dangerous to do." 

Domain names on the list provided to Livingstone by an industry insider
included: 

"attackamerica.com," 
"attackonamerica.com," 
"attackontwintowers.com," 
"august11horror.com," 
"august11terror.com" 
"horrorinamerica.com," 
"horrorinnewyork.com," 
"nycterroriststrike.com," 
"pearlharborinmanhattan.com," 
"terrorattack2001.com," 
"towerofhorror.com," 
"tradetowerstrike.com," 
"worldtradecenter929.com," 
"worldtradecenterbombs.com," 
"worldtradetowerattack.com," 
"worldtradetowerstrike.com," 
"wterroristattack2001.com." 


CAUTION

This e-mail and any files transmitted with it are privileged and
confidential information intended for the use of the addressee. The
confidentiality and/or privilege in this e-mail is not waived, lost or
destroyed if it has been transmitted to you in error. If you have received
this e-mail in error you must (a) not disseminate, copy or take any action
in reliance on it; (b) please notify Australia Post immediately by return
e-mail to the sender; and (c) please delete the original e-mail.

--
This article is not to be reproduced or quoted beyond this forum without
express permission of the author. 334 subscribers. 
Archived at http://listmaster.iinet.net.au/list/dns (user: dns, pass: dns)
Email "unsubscribe" to dns-request&#167;auda.org.au to be removed.
CAUTION

This e-mail and any files transmitted with it are privileged and confidential information intended for the use of the addressee. The confidentiality and/or privilege in this e-mail is not waived, lost or destroyed if it has been transmitted to you in error. If you have received this e-mail in error you must (a) not disseminate, copy or take any action in reliance on it; (b) please notify Australia Post immediately by return e-mail to the sender; and (c) please delete the original e-mail.

--
This article is not to be reproduced or quoted beyond this forum without
express permission of the author. 334 subscribers. 
Archived at http://listmaster.iinet.net.au/list/dns (user: dns, pass: dns)
Email "unsubscribe" to dns-request&#167;auda.org.au to be removed.
Received on Sun Sep 23 2001 - 15:02:04 UTC

This archive was generated by hypermail 2.3.0 : Fri Aug 29 2014 - 12:00:08 UTC