Hillary and her BlackBerry routed through UK and Saudi Arabia....

Ok, so I started a thread a while back because I was digging through some of the timeline with Hillaary and her BlackBerry emails that were released. I had asked for some expert advice because I had not worked on a BES in years and wanted to see if what I was thinking was correct.

I am going to copy and paste it here, the relevant parts that is.

I keep feeling like I am missing something here in regards to the timing or something.

What I find highly unusual is the fact Hillary's BlackBerry was routing through a server owned by Saudi Arabi which would have been able to search and see whatever they wanted to.

originally posted by: Vasa Croe
I used to run a BES for an old client years ago but never had anything come up that I am trying to now find an answer for.

Basically I am wondering if there is any reason that a Blackberry sending a message from the US would have an X--originating-iP : [176.239.82.32] in the source? That IP links back to a RIM BES in the UK.

Any help would be great...thanks!

originally posted by: lordcomac
It's been years (thankfully) since I had to deal with BES... but from memory, the phones send outbound mail through the RIM network and not the BES box, then the BES box syncs back to them. It was incredibly terrible design.

That being said, the message will have an IP of wherever RIM routes it to from the phone.
Now, it does seem very odd that a message would route halfway across the world before hitting an smtp server- but cell carrier BGP routes are a bit more interesting than ours. It's entirely possible that if the local carriers links were mostly saturated at the time that it would have a lower 'cost' to bounce the data over the long wire- BGP routers can change paths very frequently for cost based routing, and they have no forethought as to where that datas final destination might be.

originally posted by: Vasa Croe

originally posted by: lordcomac
It's been years (thankfully) since I had to deal with BES... but from memory, the phones send outbound mail through the RIM network and not the BES box, then the BES box syncs back to them. It was incredibly terrible design.

That being said, the message will have an IP of wherever RIM routes it to from the phone.
Now, it does seem very odd that a message would route halfway across the world before hitting an smtp server- but cell carrier BGP routes are a bit more interesting than ours. It's entirely possible that if the local carriers links were mostly saturated at the time that it would have a lower 'cost' to bounce the data over the long wire- BGP routers can change paths very frequently for cost based routing, and they have no forethought as to where that datas final destination might be.

I appreciate the answer. Still have a question on it though.

Based of of your thought on it, that would suggest intelligence built into the message routing I think, such as a shortest path algorithm when certain "traffic" flags are thrown.

What if the Blackberry device sending the message is a secure device? I would think that this would prevent it from hitting any BES outside of a hard coded BES for security reasons?

I have also read, I believe, that a secure BB has a specific PIN that only allows it to connect to a certain BES for security purposes. This seems like a plausible reason, but why connect to one in the EU/UK if your physical location is in the US 90% of the time? Do you know if there would be any benefit to that at all?

originally posted by: OEE84
The process is overly complex given the necessity for security. The BlackBerry Enterprise Service and BlackBerry's NOC are virtually dependent on each other.

If you are seeing a foreign IP in relation to the BlackBerry handheld, it's quite possible that said device is associated with a BES back in the UK.

So while the User is in the US, that BES user account was originally set up in the UK and I assume that User has found their way stateside?

I haven't taught BlackBerry in forever but if I can help, shoot me a PM and I'll get back late this afternoon.

originally posted by: Arbitrageur

originally posted by: Vasa Croe
This seems like a plausible reason, but why connect to one in the EU/UK if your physical location is in the US 90% of the time? Do you know if there would be any benefit to that at all?

There would be a benefit to intelligence agencies. There are laws in the US against spying on US citizens (not that those laws are followed that closely), but they allow spying outside the US. Major players like AT&T, Verizon, etc cooperated with spies in setting up mass surveillance, so if they can cooperate, why not RIM? The one man who refused to play ball with them at Qwest was punished severely. I don't know if that is the reason for routing to the UK but until you find another reason, I would have it on a list of possibilities.

originally posted by: raymundoko
a reply to: Vasa Croe

This indicates they were probably using RIM as their BES host directly (cloud) instead of on prem. A foreign IP would have showed up if she was in Europe at the time and her email was routed through the UK RIM BES servers.

If RIM was their actual host, then the messages would be stored by RIM and under whatever retention policy RIM has for it's customers, usually 60 days. Even on prem will only store the BES messages for whatever you set the rention to, by default it is "space available", so it starts overwriting the oldest mails as you hit whatever your disk threshold is (10% by default I think). This does not affect your device, and messages will stay on your device as long as you have room, however if your device were to get wiped you could only restore as far back as your BES server has retained.

We've had to use exchange to resend old emails we recovered just so VIP's could get ALL their email back on their blackberry.

originally posted by: Vasa Croe

originally posted by: raymundoko
a reply to: Vasa Croe

This indicates they were probably using RIM as their BES host directly (cloud) instead of on prem. A foreign IP would have showed up if she was in Europe at the time and her email was routed through the UK RIM BES servers.

If RIM was their actual host, then the messages would be stored by RIM and under whatever retention policy RIM has for it's customers, usually 60 days. Even on prem will only store the BES messages for whatever you set the rention to, by default it is "space available", so it starts overwriting the oldest mails as you hit whatever your disk threshold is (10% by default I think). This does not affect your device, and messages will stay on your device as long as you have room, however if your device were to get wiped you could only restore as far back as your BES server has retained.

We've had to use exchange to resend old emails we recovered just so VIP's could get ALL their email back on their blackberry.

So would it be unusual if a person's email did originate from a UK BES server if they were in the US at the time it was sent?

Perfect timing for another Hillary thread!! But but but ... HILLARY!

originally posted by: raymundoko
a reply to: Vasa Croe

That would be highly unusual. If the pager service is flagged it means the device is on cell service which means the device was most probably in the U.K. or Europe.

originally posted by: Vasa Croe

originally posted by: raymundoko
a reply to: Vasa Croe

That would be highly unusual. If the pager service is flagged it means the device is on cell service which means the device was most probably in the U.K. or Europe.

Ok....here is my reasoning for this question and I can't really figure out any good reason for this to have happened.

So this snip from a hrcoffice.com email shows it originated from Hillary and from an IP of 178.239.82.32

Now that IP traces back to a RIM server in the UK

And one of the naming servers has an IP of 193.109.81.21 which traces to Saudi Arabia

Now the reverse DNS address of the Saudi server is 21.81.109.193 which traces back to a DoD server in Washington

Now my reasoning for all this questioning and pics is this....if you look at the original source for the email and the email itself in the Podesta files under email ID 45447 you can see it was sent on May 20, 2015 by [email protected]. Now on May 19, 2015 Hillary was in Independence, Iowa:

Source

And on the 20th she was in Chicago:

Souce

And in that last article it makes it clear she is headed back to New Hampshire the next day and was doing fundraisers all night in Chicago:

Tonight, Clinton is expected to appear at two campaign fundraisers. Clinton heads back to New Hampshire tomorrow and Friday. Follow all the updates from New Hampshire on Clinton’s Twitter and Facebook accounts as well as the Hillary for New Hampshire Twitter account. And don’t forget to donate to the campaign.

So...how can she have sent an email from her BB that originated in the UK while in the US?

originally posted by: raymundoko
a reply to: Vasa Croe

My employee pointed out that this is a SEPARATE email domain from clintonemail.com and appears to be using Office 365 via Cloud BES. The registrant information for the domain is:

Domain Name: HRCOFFICE.COM
Registrar URL: www.godaddy.com...
Registrant Name: Nick Merrill.

Here is Nick Merrill

It could be that this domain is hosted out of the UK for office via something like RackSpace, which means all messages would be routed through and stored in the UK, however the NS are all located in the USA and appear to be part of the google hosting network. This in and of itself means little, as the google platform then allows you to internally route mail, which is ALL hrcoffice.com is used for.

Considering who it was who ran this, I would not be surprised if Nick was routing messages through the UK to avoid US laws on retention and surveillance. In fact, I would wager that he was sought out specifically because of who he was when this domain was created.

originally posted by: jadedANDcynical
a reply to: Vasa Croe

Interesting, very interesting.

Random poking aroudn finds the following:

Network information
IP address 193.109.81.21
Reverse DNS (PTR record) xns01lhr.rim.net
DNS server (NS record) xns01lhr.rim.net (193.109.81.21)
xns01ykf.rim.net (206.51.26.10)
ASN number 18705
ASN name (ISP) BlackBerry Limited
IP-range/subnet 193.109.81.0/24
193.109.81.0 - 193.109.81.255

...

inetnum: 193.109.81.0 - 193.109.81.255
netname: UK-RIM-20010815
country: SA
org: ORG-RIMU1-RIPE
admin-c: IA918-RIPE
tech-c: IA918-RIPE
remarks: rev-srv: xns01ykf.rim.net
remarks: rev-srv: xns01lhr.rim.net
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: MNT-RIM-UK
mnt-routes: MNT-RIM-UK
mnt-domains: MNT-RIM-UK
created: 2015-01-15T15:50:16Z
last-modified: 2016-04-14T08:11:56Z
source: RIPE # Filtered

organisation: ORG-RIMU1-RIPE
org-name: BlackBerry UK Limited
org-type: LIR
address: 176 Columbia St. W.
address: N2L 3W8
address: Waterloo, ON
address: CANADA
phone: +15198887465
fax-no: +15198886906
abuse-c: AR17878-RIPE
mnt-ref: MNT-RIM-UK
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
admin-c: PW1218-RIPE
admin-c: BH3943-RIPE
admin-c: MJL-RIPE
abuse-mailbox: removed email address
tech-c: IA918-RIPE
created: 2008-06-09T12:47:41Z
last-modified: 2016-03-09T17:13:02Z
source: RIPE # Filtered

TCPIPUTILS

Using this site, we are able to see that the server location is inside the Royal airport:

Address type IPv4
Hostname xns01lhr.rim.net
ASN 18705 - RIMBLACKBERRY - BlackBerry Limited
ISP BlackBerry UK Limited
Timezone Asia/Riyadh (UTC+3)
Local time 03:57:24
Country Saudi Arabia Saudi Arabia
State / Region Ar Riyāḑ
City Riyadh
Coordinates 24.7117, 46.7242

db-ip

Maybe this is pertinent, maybe it's not. Is there any way that the emails could be routed through this server and copied as it passes through?

Google Maps

originally posted by: raymundoko
a reply to: Vasa Croe

Yes, in 2010 they came to an agreement to put a RIM network there so they could route their own traffic. However, no outside mail gets routed there. You have to be in the UAE to use that network. The reason for this was because the UAE wants to be able to monitor ALL encrypted data leaving it's networks. They couldn't do that when it was routing through the UK and eventually Canada (the final stopping point for all RIM traffic).

And the original thread is here...

www.abovetopsecret.com...

a reply to: Vasa Croe

Intersting and perhaps relevant here:

BlackBerry data is immediately exported off-shore, where it Is managed by a foreign, commercial organization. BlackBerry data services are currently the only data services operating in the UAE where this is the case.
...
Countries have two basic technical methods of controlling the flow of information over the intemet. First, they claim legal jurisdiction over Information stored on servers within their own borders. Second, they can read or block traffic moving through the choke-points where Internet cables cross the border.
...
According to the Open Net Initiative, the emirates' authorities passively read internet traffic and actively block access to sites that feature Von', pornography, gambling, terrorism, hacking skills, social networking, unorthodox views on Islam, posts critical to the UAE and anything under Israel's top domain.
...
Also the article failed to mention that there was an attempt by the nations mobile carriers last year to try to get people to inadvertently Install spyware on their blackberry which allowed Its content to be viewed.

The United Arab Emirates and BlackBerry?
Cherchez la server



[snipped]

I am actually wondering if this particular find indicates her BlackBerry was hacked already at the time of sending. If she was indeed in Iowa and Chicago during the time this was sent as the media reported, then her BB should not have rerouted through the UK or Saudi Arabia. This was in 2015. If it had been hacked then this would indicate the Saudis did it? Or does it indicate she wasn't really in the US when this was sent, which brings up a lot more questions....

There is something in here I can't quite put my finger on.

originally posted by: mzinga
Perfect timing for another Hillary thread!! But but but ... HILLARY!

Yea, but most of the OP's here tend to lean towards kneejerk, Don't you think ?

Vasa Croe has dug up a lot of information here, and is not shoving it, rather in search...... again, don't you think?

SO............ why would you travel through these mazes to communicate unless there was something fishy or you were releasing or hiding information that had various clearances...... Some no doubt Top Secret.

At any rate I wouldn't dismiss this OP offhand.....

I used to track my web traffic routing for the sake of curiosity.

It traveled all over the world.

Consistently, it traveled through Seoul. If we were all aware the places our data travels globally to get where it ultimately does would surprise people.

Nice post Vasa. Some of that all looks like algebra to me basically, but I can sense what it is you are trying to get at. I'm going to keep following and hope you get your answer. Glad there are still some sane members around here

originally posted by: Plotus

originally posted by: mzinga
Perfect timing for another Hillary thread!! But but but ... HILLARY!

Yea, but most of the OP's here tend to lean towards kneejerk, Don't you think ?

Vasa Croe has dug up a lot of information here, and is not shoving it, rather in search...... again, don't you think?

SO............ why would you travel through these mazes to communicate unless there was something fishy or you were releasing or hiding information that had various clearances...... Some no doubt Top Secret.

At any rate I wouldn't dismiss this OP offhand.....

Much appreciated. I don't always dig this much with threads, but this was one that kept nagging me when I made it a couple years ago and for some reason has begun nagging me again.

Took a while to find all of it and even more to find where Hillary supposedly was when it was sent.

Anywho...the forum I originally posted in doesn't get much traffic and I need more eyes on this to help figure out what's bugging me because I can't...

originally posted by: Liquesence
I used to track my web traffic routing for the sake of curiosity.

It traveled all over the world.

Consistently, it traveled through Seoul. If we were all aware the places our data travels globally to get where it ultimately does would surprise people.

This isn't web traffic. It's an email and RIM doesn't route from the US to other countries then back like this.

I wish I had your skill posting with all the links and such...

But carry on, this seems to be going places as the puzzle comes together

a reply to: jadedANDcynical

According to the Open Net Initiative, the emirates' authorities passively read internet traffic and actively block access to sites that feature Von', pornography, gambling, terrorism, hacking skills, social networking, unorthodox views on Islam, posts critical to the UAE and anything under Israel's top domain.

"Passively" eavesdropping, lol.

The UAE says it will block BlackBerry's email, messaging and web services from October 11 unless authorities can gain access to the encrypted data traffic — the same warning and demand raised by other countries including India.
...
Saudi Arabia last month allowed BlackBerry services to continue, citing "positive developments" in talks with the company. It remains unclear if the Saudi reprieve is permanent.

'UAE suspects BlackBerry to be a spy tool'

So the UAE did not want to allow any Blackberry traffic unless it could gain access to said traffic (encrypted) and then it is stated that services would be allowed to continue but no details were provided as to what the "positive developments" were in relation to this arrangement.



Related:

This allows for little conclusions to be drawn, but I believe the Emirates has been granted similar access to monitor BlackBerry traffic as India.
...
No comment on whether the UAE has been granted access to monitor BlackBerry traffic, though.

UAE and RIM to live happily ever after; BlackBerry owners can continue to use their devices

Perhaps RIM gave in to the UAE and allowed access to their network traffic which is routed through the UAE?

Great job Vasa. I don't understand a lot but will await that one clue that someone may have and helps you pull it all together.

originally posted by: jadedANDcynical

The UAE says it will block BlackBerry's email, messaging and web services from October 11 unless authorities can gain access to the encrypted data traffic — the same warning and demand raised by other countries including India.
...
Saudi Arabia last month allowed BlackBerry services to continue, citing "positive developments" in talks with the company. It remains unclear if the Saudi reprieve is permanent.

'UAE suspects BlackBerry to be a spy tool'

So the UAE did not want to allow any Blackberry traffic unless it could gain access to said traffic (encrypted) and then it is stated that services would be allowed to continue but no details were provided as to what the "positive developments" were in relation to this arrangement.

This has me wondering if international airports have a different jurisdiction than other facilities in a country.

I can understand the reason for routing through another country to avoid having to deal with the laws of your own.

Hillary has already shown she has no issue using a private server. This particular anomaly seems to point to her definitive knowledge of the benefits of using outside state department resources to communicate.

It begs the question of if she thought she was just using a UK server to avoid the US laws and didn't realize the Saudis saw these comms as well, or if she had knowledge the Saudis were able to see them and didn't care? It actually brings up a lot of questions.

a reply to: Vasa Croe

Very interesting, thoroughly researched OP.

I remember having a conversation with friends about HRC vs Trump back in early 2016. They were very pro HRC and anti Trump. During the conversation I said that I could not in good conscience vote for HRC because I believed her to be corrupt to the core (I believe I actually used the word criminal which I sort of regretted considering I had no actual proof). They asked me why/how I could think such a thing. There were several reasons I gave (none of which were satisfying to them) but the one most important to me was the handling of the email situation. I mean the entire thing with the emails. The fact that she was using a private server, the physical placement of the server, the (what seemed like to me at the time) novice way it was all set up, everything. Having been in the IT/Networking industry for over 25 years, it was hard for me to comprehend how it was all allowed to be set up in the first place. It made me very uncomfortable that people with such high accountability for our national security could be so sloppy. Now maybe it seems that it wasn't "sloppy" but intentional. That's the conclusion I have come to anyway.

This just adds fuel to the fire in my opinion. Great work!

BTW for anyone who is wondering (or cares for that matter) I could not vote for Trump either. I did have hopes that after he won he would make me regret not voting for him. So far I have not. Here's hoping it changes.

a reply to: HummaKavula

My background is security and virtualization for large corps and government....degree is in CS. I know exactly what you mean as far as the email situation. It's almost as if they knew most of their base was dumb enough to believe their story.....