It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Under Surveillance by General Electric?

page: 1
6
<<   2 >>

log in

join
share:

posted on Jul, 14 2009 @ 03:19 PM
link   
Here's an odd one that I can't figure out...

I'm not particularly a paranoid person, but having been a System Administrator for over 25 years I take security of my computer systems very seriously, even at home. I have all my drives triple-encrypted at boot, I have large IP Ranges rerouted to a loopback address for outgoing and incoming communication, I keep strong firewalls, both hardware and software based, constantly search for malware, spyware and rootkits, and even monitor all incoming and outgoing connections to my computer.

I get the usual odd hits against my computers at home from the usual government agencies every once in a while. However, I've never had any of them try for very long before stopping their port scan.

On the other hand, for the past 2 months I have had non-stop traffic coming in from an IP Range at General Electric to a specific NAT address on my network, even when that computer is idle or turned off. No outgoing communication has ever been established to that IP Range, but 24/7 those inbound attempts to communicate have been non-stop.

I've sniffed the packets that are incoming and some look like a typical port scan, however, some of them are clearly encrypted. The ones that are encrypted are attempting communication on a very specific port.

None of my other computers, or even the 4 Datacenters I manage have similar problems. It's just my main home computer that I use for nothing other than using VPN to connect to servers from home when there is an emergency, and playing one particular MMORPG. To be on the safe side, I've done a low-level format of those drives and did a clean install of my OS, even though I already know nothing is phoning home...but just to eliminate every possibility.

Has anyone seen this before or experienced the same coming from a Contractor for the DoD or from General Electric specifically? Anyone know what this non-stop encrypted traffic is or why?




posted on Jul, 14 2009 @ 04:05 PM
link   
Wow. I find that very interesting. Care to tell us the port? Do you think it could just be a worm on one of their computers?



posted on Jul, 14 2009 @ 04:08 PM
link   
which company do you work for?



posted on Jul, 14 2009 @ 04:15 PM
link   
GE- the largest corporation on the planet. Chances are there are all kinds of weird ties to various intelligence agencies. Great post! S/F



posted on Jul, 14 2009 @ 04:19 PM
link   
I had NASA - ARC IP doing the same thing. It would actually corrupt my software firewall rules within about 3-5 minutes and establish a connection. It turned out an app I had on the PC had a time stamp component and for some reason the programmer put NASA ARC (Ames Research Center) in as a time server. It took a while to figure out which app was doing it, and no clue to why he added that server as one of the time servers.

You sound like you're way ahead of me though and you probably have been through all of that stuff already.

Edit to add: I have no idea why the NASA ARC would ping or attempt to reconnect every time I was on the NET. I used to think they were working on security software and that is what was going on, until I discovered that in NetLab there was the NASA ARC Server.

[edit on 14/7/09 by spirit_horse]



posted on Jul, 14 2009 @ 04:40 PM
link   

Originally posted by KSPigpen
Wow. I find that very interesting. Care to tell us the port? Do you think it could just be a worm on one of their computers?


It's always a high-end port in the dynamic range of 32768 to 61000. The port will stay the same for a day or two and then it will switch to another random port in that range. The originating IP Address, according to the Packet's Header Information (I say this because this can be forged if the packets have been intercepted and their headers either spoofed or scrubbed), changes every day or so too, at the same time when the port number changes. Some ports & originating IP Addresses will be used multiple times, but most of the time it seems to be different.

The problem is that these higher end ports aren't defined ports. I considered the possibility that my computer's address might be broadcast as a host for P2P, but a friend of mine who works as a RouterAdmin for a large ISP who is far more familiar with Packet Shaping, took a look at the encrypted packets and determined they definitely weren't P2P. It's normally easy to distinguish the type of traffic a packet is for by it's footprint, even when they are encrypted. It wasn't a type of common traffic that he was familiar with.

There is a definite possibility that it could be a worm on General Electric's computers. However, most worms that are attempting to spread generally give up on an IP after a while, or will attempt to scan the ports on an entire IP Range at the same time. If this were a worm then this one is very particular and single minded. A possibility that has occurred to me is that a worm that is trying to send it's payload of stolen data home may have been scripted with the wrong IP Address (I don't have a dynamic IP address at home. It's been the same Static IP for almost a decade now, so it couldn't have been intentionally scripted to send to my IP Address).



posted on Jul, 14 2009 @ 04:44 PM
link   

Originally posted by ModernAcademia
which company do you work for?


Nothing sensitive or anything that G.E. would be interested in. I work for a cutting-edge Web Design & Hosting firm with many high profile clients for accounts (mainly in the entertainment and fashion industries. We do have almost every smaller municipality in the U.S. as one of our clients though.) Just to make sure that it wasn't work related I started sniffing inbound and outbound traffic from each of our four Datacenters and didn't find the same traffic from G.E. So, in my mind at least, it isn't something relating to my work, but if it is directed at me then it would have to do with what I do in my private life.

The funny thing is that I only use ATS at work and never at home. So, ATS isn't the cause of it either.


[edit on 14-7-2009 by fraterormus]



posted on Jul, 14 2009 @ 05:27 PM
link   
Interesting thread - I am far from a computer expert, but GE is just a creepy company in general. Big-time ties to the government and military, and definitely what one would consider an insider's "Brotherhood" company. I personally think that they should simply become an arm of the government, as the facade of being a "public company" is just that: a facade.

I do resonate with the idea that someone may have stolen info from GE and is trying to send to your computer/IP address. That story seems plausible, as I am sure that GE would have proprietary information - even patents - related to military technology that would be very valuable to a foreign entity.

With the recent attacks on government computers originating from North Korea, it's possible that these attacks are now heading downstream to the general public - Wouldn't be surprising.

Personally, if I saw that someone or some "thing" was originating from GE, I would also tend to equate this to the government spying or trying to hack my computer for some reason. My 2 cents.



posted on Jul, 14 2009 @ 05:51 PM
link   
One thing that the open discussion here made me think about is this:

When I first moved into my house and started using that IP Address, my daughter (who was 9 at the time) was doing some research on High Powered Rocketry. She did a Google Search and found a couple of links and ended up getting a bunch of Classified US Air Force documents on current Rocket Programs in the past 20 years, including some very technical schematics. In a panic I asked her where she got these and she showed me the links. Turns out they were on the Brazilian DoD website, and although they were in a password protected directory, apparently direct links on Google to specific files in that directory were not (that's what happens when you run a protected website on IIS and lock down only the directory level and not the file level). The Brazilian DoD apparently bought these documents from the Chinese who stole them from the US.

(Can you get in trouble for hacking government computers by doing nothing wrong other than following a link that showed up in the first page of a Google Search?)

Now most of these documents are detailing the Classified work of other US DoD Contractors such as Lockheed Martin Corp., Boeing, McDonnell Douglas, etc. However, there is a possibility that G.E. may be responsible for the manufacturing of one of the systems that these Classified Rocket Programs might use. I didn't leave them on my computer or read them long enough to ascertain what they were and that I probably shouldn't have them.

The only problem with such a theory is the timeline...this happened 3, almost 4 years ago, and these non-stop connection attempts from GE just started 2 months ago. (However, if they have a backlog like I have at my work, that might explain a several year delay. LOL!)

[edit on 14-7-2009 by fraterormus]



posted on Jul, 14 2009 @ 06:04 PM
link   
Stupid question? But have you considered contacting their IT dept?



posted on Jul, 14 2009 @ 06:12 PM
link   

Originally posted by jokei
Stupid question? But have you considered contacting their IT dept?


And I think we have a winner!

Not a stupid question at all, and honestly something that I haven't considered. However, now that you mention it, I think I will first thing tomorrow morning! Thank you.

Worst case scenario from doing such is that if they are intentionally trying to do something nefarious, then they will know I'm on to them and they'll back off a little. In a best case scenario I'll help out a fellow SysAdmin clean up something amiss on their network and score a future contact.

Although figuring out how to get a hold of the proper IT Dept for that is responsible for that IP Range is going to take some skills.



posted on Jul, 14 2009 @ 06:17 PM
link   
Yay...

Good luck with that, let us know how you get on, I think any answers you get could be very interesting. I hope you have better luck than when I was trying to contact my broadband provider.



posted on Jul, 14 2009 @ 06:21 PM
link   
reply to post by fraterormus
 


I would not contact them, this might just get you in trouble if there is a weakness in their network. Best to leave this alone in my opinion especially given the timeline. If this was any other government and they thought you had evidence of them sabotaging classified documents I dont think they would really give two hoots about if you read it or not.

Also if you did indeed come across a classified document of any kind and it was through google there is also a massive chance that they know absolutely nothing about you looking. Calling is just going to highlight this to them and effectively give you more hassle than its worth.

Just my two cents.



[edit on 14-7-2009 by XXXN3O]



posted on Jul, 14 2009 @ 06:25 PM
link   
After reading this thread and your knowledge etc. I am personally shocked that you don't have a dynamic IP address. Is you nuts? Or do you run servers and such from home etc?



posted on Jul, 14 2009 @ 06:46 PM
link   
How about letting it through and seeing what it wants. Print the outgoing packets but don't send them back.



posted on Jul, 14 2009 @ 06:57 PM
link   

Originally posted by badmedia
After reading this thread and your knowledge etc. I am personally shocked that you don't have a dynamic IP address. Is you nuts? Or do you run servers and such from home etc?


No, but I do manage hundreds of secure servers from home. When Certificates, Public Key encrypted VPN connections, and Security Token Logins is not enough security, the next best way to keep people out is to restrict access to 2 or 3 specific IP Addresses. If you attempt to access from any other IP Address your connection is automatically refused. For all the other security on the Internet, IP Resticted Services is one of the best (and most under-appreciated) methods. Unless one of those IP Addresses that are allowed is compromised, script-bots can try all day to hack in to no avail, without affecting the performance of your servers.

Besides managing my work's servers, the only thing I do on the Internet at home is game with my daughter. There is nothing that I do on the Internet that I would need to hide while at home.

Besides, as far as my ISP is concerned, my dedicated IP Address is not assigned and I'm not in their database as a customer either. (My ISPs SysAdmin gives me my IP Address & DSL Line under the table in exchange for me personally providing him free consulting for issues pertaining to his job there.)



posted on Jul, 14 2009 @ 07:03 PM
link   

Originally posted by mumblyjoe
How about letting it through and seeing what it wants. Print the outgoing packets but don't send them back.


Well, that's the thing...a service on my computer would have to respond on the corresponding port. If I don't have a service running on that port, then it's like knocking on someone's door and them not answering. You just try again later. If someone answers the door but it's not who you were expecting you just try again later. So, I would need to know what services it's expecting to connect to on those ports so that it will hand off the packets. But yes, it would be curious to see what would be transmitted back in a response packet going back out to G.E. if they were allowed in and got the right kind of response they are looking for on that port.



posted on Jul, 14 2009 @ 07:20 PM
link   
reply to post by fraterormus
 


I see, so you grant access based on IP address. I have a sys admin, but I've managed servers and such in the past(I hate it). I use that kind of stuff when working with other servers/companies, and have written code that does exactly that with clients. Like servers I communicate with through like XML or something, I'll validate them based on user/pass/ipaddress, and if they change IP addresses, it has to be changed etc.

I get you, I just never done it for home use before, as I would rather have a dynamic IP address for surfing around the net and such. I don't really care about "bigger" sources, as they would just snoop my line etc. But I like it for things like hackers or people who might only be able to attack and do things based on knowing my ip address.










[edit on 7/14/2009 by badmedia]



posted on Jul, 14 2009 @ 08:09 PM
link   
Could GE be using other peoples computers around the US for cheap backup storage or computation overflow.

Something like SETI does with permission with there BOINC program.
setiathome.ssl.berkeley.edu...

If you put 10 MB of info on 100 million computers/servers that is a lot of storage or computation power.

Done in small random packets that are encrypted there is no danger of others knowing what is really going on or using/stealing the data.

I have a 500 GB hard drive and if someone put 100 MB on my computer i would never know or if they use it for 100 MB of computation power when i am not using it.

It would make one heck of a super computer.

Or could it be foreign spies using a program to store GE industrial secrets till they can download them to someplace like china.


[edit on 14-7-2009 by ANNED]



posted on Jul, 14 2009 @ 08:43 PM
link   
Are you playing Warcraft? Have you got a Broadsword +50 that Jeff Immelt wants? People have been killed over such things.




top topics



 
6
<<   2 >>

log in

join