Under The Radar Media

4chan Honeypot

In early 2008, the owner/administrator of 4chan was approached by representatives af the Arizona ICAC in cooperation with the U.S. Department of Justice and federal Immigration and Customs Enforcement.

• The agents approached 4chan’s administrator following a year-long investigation into the site. Of concern to the Doj, ICE, and AZ-ICAC representatives was the routine trafficking of Child Sexual Abuse (CSA) images and links on 4chan.org’s /b/ board among others.

• Conventional procedure in CSA trafficking investigations calls for the unannounced seizure of the offending web site’s server(s) and forensic examination of its HTTP daemon’s and forum software’s log files. After (or while) suspect IP addresses and corresponding time stamps are isolated. subpoenas are sent to the appropriate isps. compelling them to divulge account holder identification Information

• It was explained to 4chan’s administrator that law enforcement was initially prepared to move against him with the seizure of his servers but that its rapid content purging system and enormous user population (14 000 unique tisitors per hour 10.000.000+ per month) would have rendered conventional CSA investigation techniques difficult CSA postings were “drive-by” in nature and quick to expire If seized 4chan’s servers would yield only trivial criminal evidence those particular CSA postings which were active (or forensically recoverable) at the time of the seizure itself.

• 4chan’s administrator was presented an ultimatum seizure of his servers anyway (and the possibility of charges being brought against him for his having never reported the CSA posters on his site to NCMEC) or cooperation. (The way the information came down, two agents were actively standing by in the data center ready to haul 4chan’s servers away the moment he refused the refused )

• Needless to say. 4chan’s administrator decided that cooperation was in his best Interest.

With me so far? The result of this cooperation bloomed into the following changes quietly made to 4chan’s servers which here now been in place for some time:

• 4chan threads no longer truly “expire.” Instead, they are “archived” by virtue of becoming web browser-accessible only through alternate Apache.

• Beginning shortly after the cooperation between 4chan’s administrator and law enforcement began, the administrator of 4chan was advised by the law enforcement agencies working the case to stay off of /b/ completely. Later he was ordered to remote all “civilian’ moderators/janitors from /b/ and to hand the /b/ moderation accounts exclusively to the law enforcement agents working 4chan – so they could more quickly trap and take down CSA materials.

• Finally. and also earlier this year 4chan’s servers WERE effectively “seized.” They were moved out of the old data center in Los Angeles and placed into a nearby facility directly controlled by an unnamed federal law enforcement agency. There’s now just plain gigabit Ethernet fiber between the web site’s current tier 1 transit provider and the 4chan servers inside that factlity with no commercial hosting provider involved to speak of. This I have no further information on or what the implications are.

• So there you have it. Because conventional approaches to combating CSA trafficking were thought fruitless against 4chan, the administrator was “convinced” to cooperate with a sting operation that has now been ongorng for 2 years.

• My heart sank at the thought of how many innocent lives would be mined by criminal charges lodged against those guilty of nothing other than unwitting exploration of a forum whose nature they had no forewarning of. The “sting” operation that has been ongoing here was justified only under this web site’s former circumstances. Now it goes too far. and so I am speaking out.

Claim: Giga News Is Another FBI Honeypot Operation
Cryptome
September 15, 2014

Cryptome,

Let me explain my history at Giganews in Austin, Texas and how I learned about the FBI connection. I used to be a huge fan of Usenet and a customer of different newsgroup providers for several years, and I started working at Giganews in 2009. I rose through the company, being promoted to a system technician after 6 months, and became a Giganews system engineer less than two years after that.

A huge pirate at the time, I loved the idea of helping people download all the “rich multimedia content” they could. The porn content is not safe on Usenet, and the groups with children being abused I find abhorrent. Customers would write in about it all the time, so its no secret to a Usenet employee where it is.

Data Foundry is a data center company which is interconnected to Giganews with the same admins, nocs, etc. Their main office headquarters is at 1044 Liberty Park Dr in Austin. But, they host most of the Usenet content in other data centers around the world. While talking to the CEO of the entire operation, Ron Yokubaitis, I heard what I interpreted as his request to remove the child pornography groups when he asked, “Would you delete child porn?” I honestly loved the thought of removing that junk off of Usenet, and removed three cp newsgroups soon afterwards. This happened December 11th, 2011. I didn’t remove anything related to the normal and more socially acceptable content Usenet downloaders know about.

It turned out that that wasn’t what the CEO really wanted, who then claimed he forgot what he said. The Giganews/Data Foundry admins Philip Molter and Mike Smith disciplined me for removing the child porn groups and didn’t trust me to keep working there afterwards. They made subtle references to jeopardizing criminal investigations IN PROGRESS then threatened me with a bad reference for removing the child abuse junk. No big deal, a bad reference from them after doing that is good, but Philip restored the cp content from a backup I didn’t have access to.

Fast forward several months, I turned into a traitor in an effort to remove the abhorrent junk off Usenet – I broke the first and second rules not to talk about it, and told the FBI the truth about the child abuse groups deletion in an email. This probably wont go over well with internet freedom lovers, but sharing what I learned in the experience will, I promise. My seemingly traitorous act exposed the real traitor, the biggest one, to the Usenet network.

The FBI invited me to their unlisted Austin office in a nondescript office building at 12515 Research Blvd, Building 7, Suite 400 in late October 2012. Two agents took notes on what I told them, then something unexpected happened. Special Agent Scott Kibbey told me he personally knew the Giganews / Data Foundry CEO, bragged to me about working there, then invited me back to Giganews! I had also helped them with a separate crime venue in Austin that Data Foundry was going to compete with, so I had earned their trust. In addition, Kibbey offered me a new name and identity, with a new drivers license and everything, if I were to go back to work at Giganews.

It was then that I realized that the fed I was talking to had been my coworker at Giganews since I started in 2009! The other agent was actually an Austin police detective named Charles Riley helping the FBI whom worked alternate shifts to me at the Datafoundry NOC under alias. Riley even bragged about being a detective once at a shift change! The thought of my fellow Usenet systech in crime being a police detective was unthinkable at the time. I’ve included some of the emails from these feds (with email headers and IP addresses) in the link at end.

Special Agent Scott Kibbey is central to the whole Giganews operation, including Data Foundry, but with different names. This agent is a top exec for Data Foundry, a top admin for Giganews, the Golden Frog front company run from the same Usenet servers for VyprVPN, and the other Usenet fronts Usenet.net, Supernews, Rhino Newsgroups, and Powerusenet. Another business front name they used when I was there is Powerhouse Management. Kibbey rolled out the OS images, kernels, patches, setup the entire VyprVPN service including the detailed logging which is easily accessible to him and the other government agents working there.

There were also rumors agents from other governments worked there The Hong Kong Giganews servers were brought down in early June 2009 by a Chinese employee, the day of the Tiananmen Square anniversary when the Chinese government was blocking everything online. This means the VyprVPN connecting IP addresses are accessible to the Chinese government indirectly through this employee. Anyone using the VyprVPN service that governments are targeting is in danger, honestly.

This is my warning – that all of the content being downloaded and shared on the Usenet network is going through the authorities! Giganews customers are being logged! The log file is called the “gigauth” on their “cruncher” servers which logs every connection by every customer, which are then archived. This means Usenet uploaders are helping the feds monitor the distribution of Usenet content if their newsgroup provider peers with Giganews!

I swear to you that Giganews is an operation that employs federal agents who run most of the operation. I suggest demanding from your newsgroup provider that they stop the peering of binary groups to FBI’s Giganews. Please understand how risky this is for me to explain as Agent Kibbey subtly threatened my family on behalf of Data Foundry the second time I met both agents at the Austin FBI office. The traitors saw me as a threat and said I did not cooperate. Even with this threat, please warn Giganews customers and other Usenet users, and use the evidence I’ve linked. If the google drive link dies, email me for a new one. Agents Kibbey and Riley did not let me photograph them, but I did include a scan of their business cards. Riley didn’t have an FBI badge or card, but he had an fbi.gov email address, ip, and Austin Police Department badge.

I’ve linked pictures of my Giganews badge and the shirts with their red armor logo I was forced to wear when working there. I’ve also linked to the Giganews/Data Foundry employee list with in-office mug shots, phone numbers and emails they gave me. I did not agree to return this on their employee paperwork, so it is not illegal to share. They thought I did, though. I doubt the names and phone numbers they used internally are all real, as many are likely aliases and fed-routed voip proxies. Most of the emails changed to goldenfrog.com before I left from the ones listed in the 2011 employee pdf. Some of the mugshots are photoshopped by them, as the pictures did not match the physical appearance of some, likely to hide in case of someone like me exposing these traitors.

Feel free to upload this to any newsgroup that Giganews carries – Their customers need to know.

-Nick Caputo

xxxxxxx@gmail.com

Files:

This file and files below: http://cryptome.org/2014/09/giganews-fbi.zip (18.4MB) (3.9MB)

https://archive.org/details/giganews-fbi (now redacted on Archive.org) (The item is not available due to issues with the item’s content. If you would like to report this problem as an error report, you may do so here.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s