forgery allegation forgery allegation

Post by CloughR » Mon, 26 Jun 1995 04:00:00

This is a long message, partly because it is a complex question and partly
because I can never explain things succinctly.

I need some advice about a troublesome USENET forgery allegation.

  I got an e-mail through channels where a woman (A) who has nothing to do
with my agency was claiming that someone forged several posts to one of
those unmentionable groups using her e-mail address.

She says her Internet provider traced the post to an IP address.  This IP
address belongs to an employee in my group (B).  Our newsreader does not
allow posts to any alt groups.  I do not want to confont B (or his direct
supervisor) until I know more about the situation.

There are lots of possibilities here, but I want some indication as to
which ones are likely or unlikely, and if there are other possibilities I
should consider.

1.  A is making the whole thing up, either to embarrass B or to embarrass
our agency.

2. B made an amateurish attempt to forge a post.

3.  C (an unknown person who knows A and B) created a double forgery,
listing the e-mail address of A and leaving an easily traced path to B.

4.  C (an unknown person who does not know A and B) wants to embarrass our

5. C (an unknown person who knows A but not B) uses a random IP address to
cover his/her tracks. (Is this really necessary?)

6.  D (a coworker of B) is up to no good and uses the computer of B to
cover his/her tracks.

Are there other possibilities I should consider?  What is a good way to
investigate this?  This is a minefield, and I want to tread carefully.

My apologies if this is the wrong newsgroup.  Please direct me to the
right spot if I am off topic.  I never expected to be handling situations
like this.  <sigh>

Standard disclaimer applies. forgery allegation

Post by TMetzing » Tue, 27 Jun 1995 04:00:00


Does your system have any sort of audit trail, or temp file
that you can look at to see if the message was actually sent
by your user?  That's one option.

Have the alleged victim and her internet provider show you
the message she received and the trail it took through
the internet.  It's REAL easy to set an IP address to
someone else's.

If you can prove that your maillist software does not allow
posts to the alt. groups, that may be sufficient.
At the very least, you can use this incident to check the
security of your system

If you cannot find any proof that your user did not send
this message, you should ask him or her.  

Finally, the best protection a person can have against
these claims is to use PGP to digitally sign their
messages, as I am doing with this one.

Please keep me posted.  If we don't police ourselves,
Congress (the opposite of progress) will.

Tim Metzinger

Version: 2.6.2

-----END PGP SIGNATURE----- forgery allegation

Post by Neil Readw » Wed, 28 Jun 1995 04:00:00

>Finally, the best protection a person can have against
>these claims is to use PGP to digitally sign their messages

Actually this provides very little protection. The fact that you
routinely use PGP to sign messages does not prove that an unsigned
message did not come from you. forgery allegation

Post by Nick Sha » Thu, 29 Jun 1995 04:00:00

Unless you have sufficient hard information to prove that B committed the
offense other than just an IP address, forget it.  Anything you do will not
likely stand up in court should B decide to sue you.

I would recommend that you bring all your employees together along with someone
from security.  Then brief everyone on the policies of your organization to
include the possibility of dismissal for violation of the policies.  Make sure
that you have conferred with your human resources department and legal
department before proceeding.  Both HR and legal may suggest that everyone in
attendance sign a statement that they have been briefed and that they
understand what they were briefed on.

One particular problem is one of control -- how does your organization control
the use of computer resources? Does anyone have access after hours to anothers
resources? What about during the day -- does anyone care if someone else is
sitting behind another's terminal? If any of these are possible and if they do,
in fact, occur, proving anything is extremely difficult and will certainly
require close consultation with the legal and HR representatives.

Nick. forgery allegation

Post by CloughR » Thu, 29 Jun 1995 04:00:00

Thanks to all who responded (I got 7 private responses).  I will
investigate further, and if I come up with a definitive answer, I will
share it with this group. forgery allegation

Post by Kari E. Hurt » Wed, 05 Jul 1995 04:00:00

?If you can prove that your maillist software does not allow
?posts to the alt. groups, that may be sufficient.
?At the very least, you can use this incident to check the
?security of your system

But how to prove that NNTP -connections to some news server was disabled.

I was impression that author of news server was confirmed from what IP
-address that connection come. And questioner said that that IP address
belong to (B).

Was that IP -address confirmed agaist logs of that news server?
If it was, then it is difficult to claim to be wrong.


1. Cancelbot urgently needed - alt.gothic and under assault


To confirm, J.D.Falk's account at has been cancelled due
to repeated abuses (forged cancels, attempts to kidnap my
domain, posting private e-mail to Usenet).  He won't be getting another
job at any ISP in North America.

I am the only true <A HREF="">Kibo</A>.
Finger me for my PGP public key. Check out my home page for the coolest
way to vote on new newsgroup proposals or to issue Usenet cancels.

Version: 2.6.2



3. keeping my children away from unwanted sites and e-mails [sex]

4. WANTED! PowerBuilder 4.0 Programmer

5. Sex Trojans


7. email forgery issues/questions

8. Interested in Oracle

9. mail forgery from outlook2000 client

10. E-Mail Forgery in Netscape

11. FAQ: Better living through forgery (Updated!)

12. CERT forgery