The important point here is the address that sent to Salon's server-- 214.13.200.111 is a server that identifies itself as a DoD computer in GMT +0300, which is the time zone that includes Baghdad, Kuwait and Bahrain. That's consistent with its hostname, which ends in iraq.centcom.mil. Other headers also indicate that it's running Microsoft Exchange 2003 -- that's what "Microsoft SMTPSVC(6.0.3790.3959)" indicates.
The 10.x.x.x range of IPs is reserved for private addresses internal to organizational networks; it's not surprising that you'd not be able to locate it, since there may be millions of networks all using that address scheme. That's a blind alley.
So the question is: did someone else know Col. Boylan's password and use it to authenticate to something like Outlook Web Access for email purposes? Or did someone take advantage of Col. Boylan's unattended (but logged in via domain authentication) computer? I have my doubts on both counts-- the risk would be very high and the reward minimal, but as long as Boylan clings to this story we can't know for sure.
What I posted on dkos:
The IP addresses do not prove anything. All we have a a relay from a mail server INTZEXEVSIZN02 to a mail server INTZEXEVSIZN01 (both on .mil's private network) to an internet gateway 02exbhizn02.iraq.centcom.mil [214.13.200.111].
The mail server/relay INTZEXEVSIZN02 is accessible by many people, I say this because you can search for it, and find it, e.g, here:
http://lists.army.mil/pipermail/...r/2007-
June.txt
i.e., INTZEXEVSIZN02 is **not** Col Boylan's private machine.
Anyone within the centcom.mil domain could have done this spoof.
Secondly, why don't we see any further headers behind INTZEXEVSIZN02?
My surmise is that the internal headers are stripped to avoid revealing internal network information - I think, btw, that that is good security practice.
How seriously should the military take this? I think very seriously. E.g., if you believe Scott Beauchamp was trying to give the military a black eye, then imagine what damage a email spoofer could do. If someone can issue email as though it came from the desk of an official military spokesperson, think of the potential damage that person can do.
Will the military take this seriously? My bet is not, precisely because of the politicization that Glenn Greenwald is writing about. I think they will only gave a token slap on the wrist to whomever was attempting to intimidate and provoke Glenn Greenwald who must be a major pain in the brass's collective butt.
It's in the Message-IDs of the emails coming from Boylan. Here they are, in sequence (which is characteristic of the earlier emails he sent to Glenn):
7EED9730BDFDA64183D4BE1C41F917BB397123
7EED9730BDFDA64183D4BE1C41F917BB39712E
7EED9730BDFDA64183D4BE1C41F917BB397130
7EED9730BDFDA64183D4BE1C41F917BB397132
Note that the Message-IDs on the messages sent by Glenn are NOT sequential. Odd that the messages going through centcom.mil are predictably sequential, isn't it?
PLEASE IDENTIFY YOURSELF.... I HAVE BEEN LINKED AND DIRECTED TO NETWORK. WHAT IS YOUR MISSION
Commenting by HaloScan
