Debunked: Markmonitor.com - The Internet Kill Switch; Wiretapping

Mick West

Administrator
Staff member
From:
http://www.abovetopsecret.com/forum/thread837847/pg1
and the original
http://www.pastie.org/3867284


Recently run any whois queries on Google? No? How about Facebook? MSN, or Hotmail? Yahoo? You might be surprised, comparing the results. Nice, innit? See the "Last Updated" part also.The brand-protecting, anti-piracy company MarkMonitor Inc. has had all these DNS names under its control for several months now. [...]

This company has acquired complete access to monitor, eavesdrop, censor and fake any user of these popular Internet services in about one year (2011). In almost complete silence.
Content from External Source
This claim reflects a misunderstanding of how the internet works, and what MarkMonitor does.

Markmonitor is an internet registrar, that means that they manage the registration of the domain names. While they have the power to change the registration they cannot do this in a non-obvious way. None of the traffic that goes to those sites goes through MarkMonitor.

When you connect to google.com your request is looked up on what is called a "nameserver". Nameservers translate domain names like "www.google.com" into the actual addresses, which look like 121.43.11.92. There are 13 "root nameservers", and they will then redirect you to another nameserver that handles all the .COM addresses (called a TLD nameserver), which redirects you to a third nameserver that handles all the .google.com addresses, which will return the actual address of www.google.com.

If someone had control of the nameserver, then they could re-route your traffic into their own sites, and potentially eavesdrop on it. They could not do this secretly though, as you could still easily see where the traffic was going.

But MarkMonitor DO NOT CONTROL THE NAMESERVERS for google.com. The root nameservers (which are run by large telecom companies, and bodies like NASA or the University of Maryland) are entirely independent of MarkMonitor. The secondary nameservers for .COM are run by Verisign, also independent of MarkMonitor, The nameservers that Verisign's nameservers point to for google.com are owned by Google.

You can see Google's DNS info here:
http://www.intodns.com/google.com
ns2.google.com. ['216.239.34.10'] [TTL=172800]
ns1.google.com. ['216.239.32.10'] [TTL=172800]
ns3.google.com. ['216.239.36.10'] [TTL=172800]
ns4.google.com. ['216.239.38.10'] [TTL=172800]
Content from External Source
And prove that those nameservers are owned directly by Google here:
http://www.networksolutions.com/whois/results.jsp?ip=216.239.34.10
NetRange: 216.239.32.0 - 216.239.63.255
CIDR: 216.239.32.0/19
OriginAS:
NetName: GOOGLE
Content from External Source
So MarkMonitor is totally out of the picture when it comes to Google's traffic. When you go to google.com or gmail.com, it's going directly to Google. Similarly Facebook, MSN, Yahoo, Hotmail - they all manage their own nameservers. MarkMonitor is out of the loop.

Technically, MarkMonitor does have the power to request that Verisign's nameservers be change to point to a different nameserver, one that they control, and then they could listen to the traffic. However this is a very cumbersome process. It's not like flipping a switch. They have to put in a change request, and then it takes up to several hours to fully propagate across the globe. And when it's done, it would be blatantly obvious that they had done it, as there is no way of hiding where the nameservers are pointing to. Plus, this type of hijacking is exactly the type of thing that Google are paying MarkMonitor to prevent. Google would be extraordinarily upset if MarkMonitor decided to suddenly redirect all of Google's traffic.

Google is actually a better candidate for this particular conspiracy theory, as they have set up their own DNS system on two IP addresses (8.8.8.8 and 8.8.4.4) which could in theory be used to redirect all internet traffic for millions of users. Of course that too would be blatantly obvious if they did. So they don't.
 
My DNS traffic was redirected to 204.194.232.200, a machine under level3.net domain...registered by Markmonitor.
--
 
My DNS traffic was redirected to 204.194.232.200, a machine under level3.net domain...registered by Markmonitor.
--

204.194.232.200 is owned by 302directmedia.com, not level3.net. Level3.net is just what they use to connect to the internet. 302directmedia.com is just what your ISP is using for DNS. It's part of OpenDNS.

Markmonitor is simply the domain registrar for level3.net, that's all.

[Edit] Actually, 204.194.232.200 is used by D-Link (with service provided by OpenDNS) for their "Advanced DNS" option, which does some DNS filtering and auto-correction. It's probably used by several ISP companies. You can switch it off. Still nothing to do with MarkMonitor
 
Please debunk this part:

"For several of the sites, it also provides “firewall proxy” services, which means it is actually paid to intercept all communications. In and out."

Oh wait, you can't. Nice try. Please change the title of this post to "Partially debunked, but the Internet is still controlled by your overlords..."
 
Please debunk this part:

"For several of the sites, it also provides “firewall proxy” services, which means it is actually paid to intercept all communications. In and out."

Oh wait, you can't. Nice try. Please change the title of this post to "Partially debunked, but the Internet is still controlled by your overlords..."

Easily done: if MarkMonitor were providing a firewall service, then the nameservers and site IP addresses would direct to MarkMonitor. They do not, they go to IP addresses owned by the individual companies. Hence MarkMonitor is not in the loop at all.

Of course it provides that service for some small companies, but not the big ones, like Google, MSN, Facebook, Yahoo, etc. They all do their own firewalls.
 
From:
http://www.abovetopsecret.com/forum/thread837847/pg1
and the original
http://www.pastie.org/3867284


Recently run any whois queries on Google? No? How about Facebook? MSN, or Hotmail? Yahoo? You might be surprised, comparing the results. Nice, innit? See the "Last Updated" part also.The brand-protecting, anti-piracy company MarkMonitor Inc. has had all these DNS names under its control for several months now. [...]

This company has acquired complete access to monitor, eavesdrop, censor and fake any user of these popular Internet services in about one year (2011). In almost complete silence.
Content from External Source
This claim reflects a misunderstanding of how the internet works, and what MarkMonitor does.

Markmonitor is an internet registrar, that means that they manage the registration of the domain names. While they have the power to change the registration they cannot do this in a non-obvious way. None of the traffic that goes to those sites goes through MarkMonitor.

When you connect to google.com your request is looked up on what is called a "nameserver". Nameservers translate domain names like "www.google.com" into the actual addresses, which look like 121.43.11.92. There are 13 "root nameservers", and they will then redirect you to another nameserver that handles all the .COM addresses (called a TLD nameserver), which redirects you to a third nameserver that handles all the .google.com addresses, which will return the actual address of www.google.com.

If someone had control of the nameserver, then they could re-route your traffic into their own sites, and potentially eavesdrop on it. They could not do this secretly though, as you could still easily see where the traffic was going.

But MarkMonitor DO NOT CONTROL THE NAMESERVERS for google.com. The root nameservers (which are run by large telecom companies, and bodies like NASA or the University of Maryland) are entirely independent of MarkMonitor. The secondary nameservers for .COM are run by Verisign, also independent of MarkMonitor, The nameservers that Verisign's nameservers point to for google.com are owned by Google.

You can see Google's DNS info here:
http://www.intodns.com/google.com
ns2.google.com. ['216.239.34.10'] [TTL=172800]
ns1.google.com. ['216.239.32.10'] [TTL=172800]
ns3.google.com. ['216.239.36.10'] [TTL=172800]
ns4.google.com. ['216.239.38.10'] [TTL=172800]
Content from External Source
And prove that those nameservers are owned directly by Google here:
http://www.networksolutions.com/whois/results.jsp?ip=216.239.34.10
NetRange: 216.239.32.0 - 216.239.63.255
CIDR: 216.239.32.0/19
OriginAS:
NetName: GOOGLE
Content from External Source
So MarkMonitor is totally out of the picture when it comes to Google's traffic. When you go to google.com or gmail.com, it's going directly to Google. Similarly Facebook, MSN, Yahoo, Hotmail - they all manage their own nameservers. MarkMonitor is out of the loop.

Technically, MarkMonitor does have the power to request that Verisign's nameservers be change to point to a different nameserver, one that they control, and then they could listen to the traffic. However this is a very cumbersome process. It's not like flipping a switch. They have to put in a change request, and then it takes up to several hours to fully propagate across the globe. And when it's done, it would be blatantly obvious that they had done it, as there is no way of hiding where the nameservers are pointing to. Plus, this type of hijacking is exactly the type of thing that Google are paying MarkMonitor to prevent. Google would be extraordinarily upset if MarkMonitor decided to suddenly redirect all of Google's traffic.

Google is actually a better candidate for this particular conspiracy theory, as they have set up their own DNS system on two IP addresses (8.8.8.8 and 8.8.4.4) which could in theory be used to redirect all internet traffic for millions of users. Of course that too would be blatantly obvious if they did. So they don't.



I believe you've been DEBUNKED: According to the MarkMonitor website: https://www.markmonitor.com/services/antipiracy.php under item #1 they will
"Monitor movies, music, games, and e-books and software,
pre- and post-release
Monitor all major P2P networks
Monitor video linking sites, blogs, cyberlockers, newsgroups
Monitor auction sites, B2B exchanges, websites
Monitor email (especially for software)"

Yes, they will not only be watching what you're looking at, searching, downloand, uploading .. .they're also reading your emails. Welcome to the Goebel's Media Gestapo enterprises, Inc.
 
I believe you've been DEBUNKED: According to the MarkMonitor website: https://www.markmonitor.com/services/antipiracy.php under item #1 they will
"Monitor movies, music, games, and e-books and software,
pre- and post-release
Monitor all major P2P networks
Monitor video linking sites, blogs, cyberlockers, newsgroups
Monitor auction sites, B2B exchanges, websites
Monitor email (especially for software)"

Yes, they will not only be watching what you're looking at, searching, downloand, uploading .. .they're also reading your emails. Welcome to the Goebel's Media Gestapo enterprises, Inc.

I think you misunderstand what is being debunked. The theory was that they could intecept your private communications on sites like Facebook and Gmail. As explained above, they cannot, because they do not host the domain name servers, and so the traffic does not go through their sites.

MarkMonitor basically logs for trademark and copyright infringements. They do this mostly by scanning the PUBLICLY AVAILABLE information, such as your youtube videos, or torrent sites like Pirate Bay. Tehy have no more access to these sites than your or I do.
 
http://www.computerworld.com/s/article/9234159/Kill_switch_thrown_on_Internet_in_Syria

Renesys Corp., a global Internet monitoring firm, earlier today reported a "major outage" in Syria, and added that a kill switch had been thrown within the country.
Renesys also reported that the Middle eastern country's primary Syrian Telecommunications Establishment and all of its customer networks are unreachable.
"Syria's international Internet connectivity shut down," said Renesys in a blog post. "In the global routing table, all 84 of Syria's IP address blocks have become unreachable, effectively removing the country from the Internet."

http://www.informationweek.com/security/attacks/syria-hits-internet-kill-switch-blackout/240142977

"Starting at 10:26 UTC on Thursday, 29 November (12:26pm in Damascus), Syria's international Internet connectivity shut down," according to a report published by Internet intelligence firm Renesys. "In the global routing table, all 84 of Syria's IP address blocks have become unreachable, effectively removing the country from the Internet."

http://en.wikipedia.org/wiki/Operation_Orchard

Israeli intelligence may have used technology similar to the Suter airborne network attack system to neutralize Syrian radars. This would make it possible to feed enemy radar emitters with false targets, and even directly manipulate enemy sensors.[37][38] In May 2008, a report in IEEE Spectrum cited European sources claiming that the Syrian air defense network had been deactivated by a secret built-in kill switch activated by the Israelis.[39][40
]
 
http://www.wbur.org/npr/166286596/shutdowns-raise-issue-of-who-controls-the-internet

First, it was Egypt. At the height of the protest against the Mubarak regime in 2011, authorities shut the Internet down.
This week, it was Syria. Just as rebel forces there were making big gains, someone pulled the plug on the Internet, and Syria went dark.
Service was restored on Saturday, but Andrew McLaughlin, former White House adviser on technology policy, expects we'll see more of this.
"The pattern seems to be that governments that fear mass movements on the street have realized that they might want to be able to shut off all Internet communications in the country, and have started building the infrastructure that enables them to do that," McLaughlin says.



http://www.informationweek.com/security/attacks/anonymous-hands-wikileaks-24-million-syr/240003443

"Anonymous Op Syria" began on February 5, 2012, when a team "succeeded in creating a massive breach of multiple domains and dozens of servers inside Syria." The team's participants hailed from Anonymous Syria, AntiSec--"now known as the reformed LulzSec"--and the Peoples Liberation Front. According to Anonymous, downloading all of the data it ultimately acquired took several weeks.
 
That does not change anything in the OP. Yes other countries have kill switches. Yes we can't prove that the US does not. But there's no evidence they do (in fact you keep seeing the subject come up). But the OP was about a specific suggestion that MarkMonitor had control over these large companies. It does not. Hence that is debunked.
 
http://news.cnet.com/8301-1023_3-57469950-93/obama-signs-order-outlining-emergency-internet-control/

President Barack Obama signed an executive order last week that could give the U.S. government control over the Internet.

With the wordy title "Assignment of National Security and Emergency Preparedness Communications Functions," this order was designed to empower certain governmental agencies with control over telecommunications and the Web during natural disasters and security emergencies.
Here's the rationale behind the order:

According to The Verge, critics of the order are concerned with Section 5.2, which is a lengthy part outlining how telecommunications and the Internet are controlled. It states that the Secretary of Homeland Security will "oversee the development, testing, implementation, and sustainment" of national security and emergency preparedness measures on all systems, including private "non-military communications networks." According to The Verge, critics say this gives Obama the on/off switch to the Web.
 
[h=1]US will refuse bid to give United Nations control over the internet[/h]http://www.wired.co.uk/news/archive/2012-08/03/us-rejects-un-internet-control

In December 2012, the United Nations will hold the World Conference on International Telecommunications (WCIT), where it will review and potentially revise the International Telecommunications Regulations (ITRs) treaty.



Had to put the pic in even though unrelated to thread. Just thought they were amazing the way they still stood.
 
Last edited by a moderator:
Back
Top