It looks like you're using an Ad Blocker.

Please white-list or disable in your ad-blocking tool.

Thank you.


Some features of ATS will be disabled while you continue to use an ad-blocker.


Under Surveillance by General Electric?

page: 2
<< 1   >>

log in


posted on Jul, 14 2009 @ 08:48 PM

Originally posted by XXXN3O
...especially given the timeline. If this was any other government and they thought you had evidence of them sabotaging classified documents I dont think they would really give two hoots about if you read it or not.

I think I understand what you mean...

When Law Enforcement wants to track the flow of drugs to find the peddlers and who supplies them, and who the manufacturers are, and who the runners of the raw materials are, they tag someone and watch how it passes hands until they've figured out all the players and who the big fish are.

When the CIA has 50 Stinger Missile Launchers go missing they release 100 Stinger Missiles into the wild and track them, watching the food-chain to see who sells them to whom and where they flow until they end up in the hands of the end-user terrorist. Then, they know who is in bed with whom and how those Stinger Missiles got into the hands of terrorists to begin with, as well as having cataloged where those 50 missing Launchers went.

Maybe Defense Contractors do the same thing with Industrial Espionage. You let a foreign agency walk off with some Classified Documents that are tagged and watch where they go. Who does that agency share that information with? Who do they in turn share that information with? Ultimately, who ends up with those documents?

In a 68-180MB PDF file, would someone notice 282kb of padding? The moment the file is opened that 282kb script registers a hook in an existing service running on the computer. It then opens a port on the internet and sends a predesignated address at G.E. your IP Address and a Serial Number of the file. From that point onward, that service is listening passively on a port. Periodically, G.E. calls the file to audit if the file has been active. After so many years in the wild, if it ends up in a dead-end, a kill command is sent that uninstalls the hook in the background service, and deletes the file so that it can't be recovered, and no evidence exists of espionage.

So, my daughter downloads the file and opens it, installing their hook in a background service. After discovering the files I delete them, removing any way the script would have of reinstalling itself. Then, in a fit of paranoia, I wipe my computer and do a clean install. I no longer have anything listening passively to respond to G.E. when they check up on the status of the Classified Document. However, by the time I deleted everything it was too late as it already contacted G.E. with my IP Address the moment the file was opened. In the beginning I probably didn't notice one attempt a month or one attempt a week to connect. However, as more time went by without bi-communication, G.E. tried with more and more frequently to connect to the service on my end to send the kill command to the file.

Okay, that all sounds plausible to me. Nothing personal between G.E. and I, it's just that they knew I had something at some point that I shouldn't have and they are trying to automatically do what I already did for them.

posted on Jul, 14 2009 @ 08:50 PM
reply to post by fraterormus

If I didn't have anything to hide, I would probably contact the admis there as well.

I would think if you had compromised the secrecy of any documents, a backlog wouldn't necessarily apply. Seems to me like they would get right on that.

You have to admit that it would be really interesting to set up a box and see what it is they are trying to do. Hell, just open all the ports.

I would also think that if it were a valid threat, you wouldn't know it. Sounds like you're up on things, but we ARE talkin' about GE here. They got some bucks.

posted on Jul, 14 2009 @ 09:01 PM

Originally posted by jokei
Are you playing Warcraft? Have you got a Broadsword +50 that Jeff Immelt wants? People have been killed over such things.

Nah, my daughter likes playing Lord of the Rings Online. And with that game people get killed over Prized Pies and the Jeweled Bell that goes *JINGLE**JANGLE*.

Seriously though, I didn't start off paranoid but the more this gets discussed the more paranoid I'm becoming.

I was followed by a police car tonight. Now before you think I'm just paranoid, I walk home from work and it's a 45 minute walk. It becomes pretty obvious when a police car is tailing someone who is on foot for 45 minutes! (Especially when you keep doubling back and going in circles like you forgot to go to the store first, and then you forgot something on your list and have to go back a second time!)

I live in a small town without much crime. Our police here don't really have much to do, especially during the day, except maybe rescue cats in trees. So, I've been followed before for wearing black while walking with my daughter during the day. They said they were concerned that I had abducted my daughter because it was suspicious that I had black slacks and a black silk dress shirt on! I was followed once because I was late for work and jogged to work. They said it was suspicious that I was running while I had wet hair so early in the morning?!?!

However, the cincher for me was when the last stretch to my house after doubling back on my route a third time. The Police bailed, and I was followed by a State Trooper. Because of budget cuts in our State, we only have 5 State Troopers on patrol at any given shift for the entire State. Almost every single one of those is routinely on patrol 350 miles away from where I live. So that part raised some unusual flags for me.

So, it could be coincidence, it could be synchronicity, and it could be paranoia. It sure has me wondering though.

Still, they won't get my Prized Pie and Jeweled Bell unless they pull it from my cold, dead fingers! (The Broadsword +50 they can have if they ask nicely. LOL!)

posted on Jul, 14 2009 @ 09:26 PM
Here are a list of the last several attempts from General Electric to connect:

The first attempt is always UDP and is a port scan. All subsequent attempts are encrypted TCP packets and happen 3-60 minutes apart. Every 40-70 hours the originating IP address changes to another IP address in the General Electric IP Range.

A WHOIS lookup of the above IP Addresses gives the following information:

3.XXX.XXX.XXX is from United States(US) in region North America

Whois query for 3.XXX.XXX.XXX...

Results returned from

OrgName: General Electric Company
Address: Internet Registrations
Address: 3135 Easton Turnpike
City: Fairfield
StateProv: CT
PostalCode: 06828-0001
Country: US

NetRange: -
NetHandle: NET-3-0-0-0-1
NetType: Direct Assignment
NameServer: NS1.NETBCP.COM
NameServer: NS2.NETBCP.NET
RegDate: 1988-02-23
Updated: 2008-03-28

RTechHandle: GET2-ORG-ARIN
RTechName: General Electric Company
RTechPhone: +1-203-373-2962

OrgTechHandle: GET2-ORG-ARIN
OrgTechName: General Electric Company
OrgTechPhone: +1-203-373-2962

# ARIN WHOIS database, last updated 2009-07-14 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.

For any of the above IP Addresses, the name will resolve to and a Tracert to the address will go very strange routes on the Internet, but eventually result in "Destination Host Unreachable" long before it reaches GE.

[edit on 14-7-2009 by fraterormus]

posted on Jul, 14 2009 @ 09:34 PM
I wouldn't worry too much, people get followed by the police now and again and if your neighbourhood is that quite maybe the police were just looking for something to do "Practice their surveillance techniques" (badly).

I'd contact the techs at GE - if you're a techy too, you'll be speaking the same language and they won't treat you (like they would me) as an idiot customer. To be honest, they'll probably be just as surprised as you - could it be a glitch at their end? You've done nothing wrong, so I'd give it a go.

posted on Jul, 14 2009 @ 09:48 PM

Originally posted by mumblyjoe
How about letting it through and seeing what it wants. Print the outgoing packets but don't send them back.

This might not be a bad idea. If you have a "clean" computer to use for the port scan attack then you might find out what is going on. Just do not let the attacked computer mess up your other computers and when you are done format the harddrive on the computer that was attacked. You sound like some one who may have an old out dated computer layng around just for this.

I did a little checking and those IP addresses you posted are running thought China. Maybe someone has hacked there network. You may need to do as some else said and just ask GE about it.

[edit on 7/14/2009 by fixer1967]

posted on Jul, 16 2009 @ 09:50 AM

Did you contact GE, any luck?

posted on Jul, 16 2009 @ 12:41 PM

Originally posted by jokei
Bump. Did you contact GE, any luck?

I was going to but decided to delay it for a couple of weeks.

My daughter and I are going to be visiting the Air Force Rocket and Astronautics Research Lab, NASA Dryden Flight Research Center, and the Air Force Flight Test Center Museum next month. I forgot that after 9/11 admittance to high security areas by the public requires a 3-week Background Check and Clearance from the Department of Homeland Security, even though they do give tours to the public (who have passed the Security Check).

I decided that lest we jeopardize our vacation that has three planned stops at Edwards Air Force Base, I better put contacting G.E. to inquire about this on the back-burner until we've gotten to tour these facilities. My 12 year old daughter would hate me if we weren't able to go. Only getting to see places that don't require DHS Clearance, like the Mojave Spaceport, Colonel Vernon P. Saxon Jr. Aerospace Museum, and Area 51/Groom Lake from a far, wouldn't quite be the same for her (although we are doing all of those too).

posted on Jul, 16 2009 @ 01:22 PM
Well, keep us posted when you get back.

Have a nice trip and don't forget your camera!

posted on Jul, 16 2009 @ 02:05 PM
reply to post by fraterormus

Hi fraterormus,

It sounds to me like someone has a shell on the GE computers and is using them for random portscans, service detection and maybe bruteforce attacks.

Try setting up a virtual machine with some services like ssh, apache, dns, the usual, and create a firewall rule that only allows incoming connections to this VM from this attacking IP. Then watch what it does and how it interacts with these services. If it's just a bot, you should see on the log files it trying different user/password combinations on ssh, that kind of stuff.

Would it be possible to have a pcap dump file of this traffic ?

posted on Jul, 16 2009 @ 06:39 PM
reply to post by fraterormus

That's a broad range! Perhaps they sublocate some of those classes to other people/agencies ?

Again, could you send us a tcpdump file with this traffic for us to take a look ?

top topics

<< 1   >>

log in