It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
originally posted by: lordcomac
It's been years (thankfully) since I had to deal with BES... but from memory, the phones send outbound mail through the RIM network and not the BES box, then the BES box syncs back to them. It was incredibly terrible design.
That being said, the message will have an IP of wherever RIM routes it to from the phone.
Now, it does seem very odd that a message would route halfway across the world before hitting an smtp server- but cell carrier BGP routes are a bit more interesting than ours. It's entirely possible that if the local carriers links were mostly saturated at the time that it would have a lower 'cost' to bounce the data over the long wire- BGP routers can change paths very frequently for cost based routing, and they have no forethought as to where that datas final destination might be.
There would be a benefit to intelligence agencies. There are laws in the US against spying on US citizens (not that those laws are followed that closely), but they allow spying outside the US. Major players like AT&T, Verizon, etc cooperated with spies in setting up mass surveillance, so if they can cooperate, why not RIM? The one man who refused to play ball with them at Qwest was punished severely. I don't know if that is the reason for routing to the UK but until you find another reason, I would have it on a list of possibilities.
originally posted by: Vasa Croe
This seems like a plausible reason, but why connect to one in the EU/UK if your physical location is in the US 90% of the time? Do you know if there would be any benefit to that at all?
originally posted by: OEE84
The process is overly complex given the necessity for security. The BlackBerry Enterprise Service and BlackBerry's NOC are virtually dependent on each other.
If you are seeing a foreign IP in relation to the BlackBerry handheld, it's quite possible that said device is associated with a BES back in the UK.
So while the User is in the US, that BES user account was originally set up in the UK and I assume that User has found their way stateside?
I haven't taught BlackBerry in forever but if I can help, shoot me a PM and I'll get back late this afternoon.
originally posted by: Arbitrageur
There would be a benefit to intelligence agencies. There are laws in the US against spying on US citizens (not that those laws are followed that closely), but they allow spying outside the US. Major players like AT&T, Verizon, etc cooperated with spies in setting up mass surveillance, so if they can cooperate, why not RIM? The one man who refused to play ball with them at Qwest was punished severely. I don't know if that is the reason for routing to the UK but until you find another reason, I would have it on a list of possibilities.
originally posted by: Vasa Croe
This seems like a plausible reason, but why connect to one in the EU/UK if your physical location is in the US 90% of the time? Do you know if there would be any benefit to that at all?
originally posted by: raymundoko
a reply to: Vasa Croe
This indicates they were probably using RIM as their BES host directly (cloud) instead of on prem. A foreign IP would have showed up if she was in Europe at the time and her email was routed through the UK RIM BES servers.
If RIM was their actual host, then the messages would be stored by RIM and under whatever retention policy RIM has for it's customers, usually 60 days. Even on prem will only store the BES messages for whatever you set the rention to, by default it is "space available", so it starts overwriting the oldest mails as you hit whatever your disk threshold is (10% by default I think). This does not affect your device, and messages will stay on your device as long as you have room, however if your device were to get wiped you could only restore as far back as your BES server has retained.
We've had to use exchange to resend old emails we recovered just so VIP's could get ALL their email back on their blackberry.
originally posted by: raymundoko
a reply to: Vasa Croe
That would be highly unusual. If the pager service is flagged it means the device is on cell service which means the device was most probably in the U.K. or Europe.
Tonight, Clinton is expected to appear at two campaign fundraisers. Clinton heads back to New Hampshire tomorrow and Friday. Follow all the updates from New Hampshire on Clinton’s Twitter and Facebook accounts as well as the Hillary for New Hampshire Twitter account. And don’t forget to donate to the campaign.
originally posted by: raymundoko
a reply to: Vasa Croe
I don't know how to explain that...let me ask one of my employees who knows BES better than me on Monday.
originally posted by: raymundoko
a reply to: Vasa Croe
I don't know how to explain that...let me ask one of my employees who knows BES better than me on Monday.
Domain Name: HRCOFFICE.COM
Registrar URL: www.godaddy.com...
Registrant Name: Nick Merrill.
originally posted by: raymundoko
a reply to: Vasa Croe
My employee pointed out that this is a SEPARATE email domain from clintonemail.com and appears to be using Office 365 via Cloud BES. The registrant information for the domain is:
Domain Name: HRCOFFICE.COM
Registrar URL: www.godaddy.com...
Registrant Name: Nick Merrill.
Here is Nick Merrill
It could be that this domain is hosted out of the UK for office via something like RackSpace, which means all messages would be routed through and stored in the UK, however the NS are all located in the USA and appear to be part of the google hosting network. This in and of itself means little, as the google platform then allows you to internally route mail, which is ALL hrcoffice.com is used for.
Considering who it was who ran this, I would not be surprised if Nick was routing messages through the UK to avoid US laws on retention and surveillance. In fact, I would wager that he was sought out specifically because of who he was when this domain was created.
Network information
IP address 193.109.81.21
Reverse DNS (PTR record) xns01lhr.rim.net
DNS server (NS record) xns01lhr.rim.net (193.109.81.21)
xns01ykf.rim.net (206.51.26.10)
ASN number 18705
ASN name (ISP) BlackBerry Limited
IP-range/subnet 193.109.81.0/24
193.109.81.0 - 193.109.81.255
...
inetnum: 193.109.81.0 - 193.109.81.255
netname: UK-RIM-20010815
country: SA
org: ORG-RIMU1-RIPE
admin-c: IA918-RIPE
tech-c: IA918-RIPE
remarks: rev-srv: xns01ykf.rim.net
remarks: rev-srv: xns01lhr.rim.net
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: MNT-RIM-UK
mnt-routes: MNT-RIM-UK
mnt-domains: MNT-RIM-UK
created: 2015-01-15T15:50:16Z
last-modified: 2016-04-14T08:11:56Z
source: RIPE # Filtered
organisation: ORG-RIMU1-RIPE
org-name: BlackBerry UK Limited
org-type: LIR
address: 176 Columbia St. W.
address: N2L 3W8
address: Waterloo, ON
address: CANADA
phone: +15198887465
fax-no: +15198886906
abuse-c: AR17878-RIPE
mnt-ref: MNT-RIM-UK
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
admin-c: PW1218-RIPE
admin-c: BH3943-RIPE
admin-c: MJL-RIPE
abuse-mailbox: removed email address
tech-c: IA918-RIPE
created: 2008-06-09T12:47:41Z
last-modified: 2016-03-09T17:13:02Z
source: RIPE # Filtered
Address type IPv4
Hostname xns01lhr.rim.net
ASN 18705 - RIMBLACKBERRY - BlackBerry Limited
ISP BlackBerry UK Limited
Timezone Asia/Riyadh (UTC+3)
Local time 03:57:24
Country Saudi Arabia Saudi Arabia
State / Region Ar Riyāḑ
City Riyadh
Coordinates 24.7117, 46.7242
originally posted by: jadedANDcynical
a reply to: Vasa Croe
Interesting, very interesting.
Random poking aroudn finds the following:
Network information
IP address 193.109.81.21
Reverse DNS (PTR record) xns01lhr.rim.net
DNS server (NS record) xns01lhr.rim.net (193.109.81.21)
xns01ykf.rim.net (206.51.26.10)
ASN number 18705
ASN name (ISP) BlackBerry Limited
IP-range/subnet 193.109.81.0/24
193.109.81.0 - 193.109.81.255
...
inetnum: 193.109.81.0 - 193.109.81.255
netname: UK-RIM-20010815
country: SA
org: ORG-RIMU1-RIPE
admin-c: IA918-RIPE
tech-c: IA918-RIPE
remarks: rev-srv: xns01ykf.rim.net
remarks: rev-srv: xns01lhr.rim.net
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: MNT-RIM-UK
mnt-routes: MNT-RIM-UK
mnt-domains: MNT-RIM-UK
created: 2015-01-15T15:50:16Z
last-modified: 2016-04-14T08:11:56Z
source: RIPE # Filtered
organisation: ORG-RIMU1-RIPE
org-name: BlackBerry UK Limited
org-type: LIR
address: 176 Columbia St. W.
address: N2L 3W8
address: Waterloo, ON
address: CANADA
phone: +15198887465
fax-no: +15198886906
abuse-c: AR17878-RIPE
mnt-ref: MNT-RIM-UK
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
admin-c: PW1218-RIPE
admin-c: BH3943-RIPE
admin-c: MJL-RIPE
abuse-mailbox: removed email address
tech-c: IA918-RIPE
created: 2008-06-09T12:47:41Z
last-modified: 2016-03-09T17:13:02Z
source: RIPE # Filtered
TCPIPUTILS
Using this site, we are able to see that the server location is inside the Royal airport:
Address type IPv4
Hostname xns01lhr.rim.net
ASN 18705 - RIMBLACKBERRY - BlackBerry Limited
ISP BlackBerry UK Limited
Timezone Asia/Riyadh (UTC+3)
Local time 03:57:24
Country Saudi Arabia Saudi Arabia
State / Region Ar Riyāḑ
City Riyadh
Coordinates 24.7117, 46.7242
db-ip
Maybe this is pertinent, maybe it's not. Is there any way that the emails could be routed through this server and copied as it passes through?
Google Maps