Internet harassment by Palestine Solidarity Movement: evidence sent to Georgetown University

Internet harassment by Palestine Solidarity Movement: evidence sent to Georgetown University

by Bill Levinson

Evidence of Internet harassment by Palestine Solidarity Movement spokesperson Nadeem Muaddi (signing my E-mail address up to various unwanted electronic newsletters). This is the organization that wants to use Georgetown University for its divestment conference in mid-February.

To: Georgetown University Administration, cc: The Hoya
(Also posted to Israpundit as evidence of Internet harassment by the group that is going to be using Georgetown's facilities in mid-February).

Gentlemen,

Last week, you were copied on an E-mail from Palestinian Solidarity Movement spokesperson Nadeem Muaddi, who threatened to sue me over my interpretation of his column, "A Call for Christian Martyrdom." On Friday, someone signed up the same E-mail address he used in his correspondence (wlevinson "at" stentorian.com) to a large number of Internet newsletters from Zondervan, Christianity Today, and Computer World for the apparent purpose of causing my E-mail account to be deluged with unwanted newsletters.

Although I own this address, I use it very rarely if ever and Mr. Muaddi must have located it somewhere on the Internet. On Friday, I considered the association-- Muaddi's correspondence with me at this rarely-used address followed by harassment of the same E-mail address-- a suspicious coincidence. This afternoon, I received evidence that makes him the prime suspect.

This afternoon, [one of the newsletter owners] provided me with the relevant portions of its server logs (shown in the following abuse complaint to Comcast.net). They show that the malicious subscription requests were made Friday afternoon from IP address 68.80.28.111.


-------- Original Message --------
Subject: Malicious subscription request from your user
Date: Tue, 17 Jan 2006 15:16:23 -0500
From: William A. Levinson [address deleted from IsraPundit posting to prevent harvesting by spam software; this is also why @ has been replaced with "at" in relevant E-mail addresses]
To: abuse "at" comcast.net


Comcast.net,

Last Friday, an unknown person subscribed me to E-mail newsletters ...for the purpose of harassing me. ...has found the server logs that show the IP address from which this request originated. The bracketed numbers appear to be the time (Eastern Standard) at which the requests were made, on Friday 13.

68.80.28.111 = [ pcp04018150pcs.walngs01.pa.comcast.net ]

-------- Original Message --------

Date: Tue, 17 Jan 2006 14:03:21 -0600
From: [deleted from IsraPundit posting for confidentiality]
To: William A. Levinson
Mr. Levinson,

I was able to locate the log file entries that submitted your email address, all from 68.80.28.111, a few seconds apart.

68.80.28.111 - - [15:51:40] "POST /subscribe/subscribe.tml HTTP/1.1" 302 -
[Web page given in each case, deleted from IsraPundit posting for confidentiality]
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915
Firefox/1.0.7" -
68.80.28.111 - - [15:51:54] "POST /subscribe/subscribe.tml HTTP/1.1" 302 -
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915
Firefox/1.0.7" -
68.80.28.111 - - [15:52:03] "POST /subscribe/subscribe.tml HTTP/1.1" 302 -
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915
Firefox/1.0.7" -
68.80.28.111 - - [15:52:12] "POST /subscribe/subscribe.tml HTTP/1.1" 302 -
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915
Firefox/1.0.7" -
68.80.28.111 - - [15:52:29] "POST /subscribe/subscribe.tml HTTP/1.1" 302 -
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915
Firefox/1.0.7" -
68.80.28.111 - - [15:52:36] "POST /subscribe/subscribe.tml HTTP/1.1" 302 -
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915
Firefox/1.0.7" -
68.80.28.111 - - [15:52:43] "POST /subscribe/subscribe.tml HTTP/1.1" 302 -
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915
Firefox/1.0.7" -
68.80.28.111 - - [15:52:49] "POST /subscribe/subscribe.tml HTTP/1.1" 302 -
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915
Firefox/1.0.7" -


==================================================


Fortunately, I still have the two E-mail messages that Mr. Muaddi sent me from his Yahoo account and their full headers appear below. They suggest very strongly that 68.80.28.111 is Mr. Muaddi's permanently-assigned IP address on a high-speed connection like DSL or cable. I encourage President DeGioia and his staff to run these by GU's own Internet security people and see if they reach the same conclusions that I do.

Note that, if he is using a dialup account, he is probably assigned a new IP address every time he logs on. If he is on a high-speed connection, he has a permanently-assigned address. However, these two E-mails were sent almost 12 hours apart and, unless he was logged onto a dialup account all day, he is on a high-speed connection with the fixed IP address of 68.80.28.111: the same address from which the malicious newsletter subscriptions were placed.

Pay close attention to the following line in the message headers.
Received: from [68.80.28.111] by web33501.mail.mud.yahoo.com via HTTP;


From - Thu Jan 12 12:12:21 2006
X-UIDL: 1eX54R7gb3Nl34d0
X-Mozilla-Status: 0011
X-Mozilla-Status2: 00000000
Status: U
Return-Path:
Received: from xi.pair.com ([209.68.1.25])
by mx-pinchot.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 1eX54R7gb3Nl34d0
for Thu, 12 Jan 2006 11:13:29 -0500 (EST)
Received: (qmail 73782 invoked by uid 8211); 12 Jan 2006 16:13:28 -0000
Delivered-To: wlevinso-stentorian:com-wlevinson "at" stentorian.com
Received: (qmail 73775 invoked from network); 12 Jan 2006 16:13:28 -0000
Received: from localhost.pair.com (HELO xi.pair.com) (127.0.0.1)
by localhost.pair.com with SMTP; 12 Jan 2006 16:13:28 -0000
Received: from web33501.mail.mud.yahoo.com (web33501.mail.mud.yahoo.com [68.142.206.150])
by xi.pair.com (Postfix) with SMTP id 566C215653
for ; Thu, 12 Jan 2006 11:13:28 -0500 (EST)
Received: (qmail 85366 invoked by uid 60001); 12 Jan 2006 16:13:27 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;

h=Message-ID:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;

b=0M28uZbkjYl1LdlQPENAxmfyHYrntGazWxVmrmCR8Lt6ElQVLrGuTmYwYWGriENnP9VELtIuZk+y4TedEw79/mpHR2J+5Vq3HK+gwYXHWKTtUUf/sSWKbLdW395O4UXpszsTx8z0s6uF2Swbf6MivwhYdVnxFFRWt6SPqtP+8Kg= ;
Message-ID: <20060112161327.85364.qmail@web33501.mail.mud.yahoo.com>

Received: from [68.80.28.111] by web33501.mail.mud.yahoo.com via HTTP;

Thu, 12 Jan 2006 08:13:27 PST
Date: Thu, 12 Jan 2006 08:13:27 -0800 (PST)
From: Nadeem Muaddi
Subject: Re: Legal Action Against Levinson's Defamation
To: Ted , wlevinson "at" stentorian.com
Cc: president "at" georgetown.edu, gucomm "at" georgetown.edu, dh2 "at" georgetown.edu, ems62 "at" georgetown.edu, porterfd "at" georgetown.edu, jay7 "at" georgetown.edu
In-Reply-To:
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1922006409-1137082407=:78565"
Content-Transfer-Encoding: 8bit


====================================================

From - Thu Jan 12 23:27:57 2006
X-UIDL: 1eXgi151S3Nl34m0
X-Mozilla-Status: 0011
X-Mozilla-Status2: 00000000
Status: U
Return-Path:
Received: from xi.pair.com ([209.68.1.25])
by mx-casero.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 1eXgi151S3Nl34m0
for ; Thu, 12 Jan 2006 23:11:49 -0500 (EST)
Received: (qmail 38580 invoked by uid 8211); 13 Jan 2006 04:11:49 -0000
Delivered-To: wlevinso-stentorian:com-wlevinson "at" stentorian.com
Received: (qmail 38576 invoked from network); 13 Jan 2006 04:11:48 -0000
Received: from localhost.pair.com (HELO xi.pair.com) (127.0.0.1)
by localhost.pair.com with SMTP; 13 Jan 2006 04:11:48 -0000
Received: from web33512.mail.mud.yahoo.com (web33512.mail.mud.yahoo.com [68.142.206.161])
by xi.pair.com (Postfix) with SMTP id A8B7E1564F
for ; Thu, 12 Jan 2006 23:11:48 -0500 (EST)
Received: (qmail 13162 invoked by uid 60001); 13 Jan 2006 04:11:48 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;

h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;

b=QA0ndKFJb3UDSRhVJmRiDDTmvOokGbnL7R9MSRFq+E0bInJ1nOCyCwXxexFlrKDv8b43xkOzgIFcCDyz1ZRcEKrVJHVtQudGxA+B2th0EiW5ItTCOqqWV0ifXvC8/oFVVIOJhTh9seO53fcVQY9akl1781SzcJ2CrFwJS31ksd4= ;
Message-ID: <20060113041148.13160.qmail@web33512.mail.mud.yahoo.com>

Received: from [68.80.28.111] by web33512.mail.mud.yahoo.com via HTTP;

Thu, 12 Jan 2006 20:11:48 PST
Date: Thu, 12 Jan 2006 20:11:48 -0800 (PST)
From: Nadeem Muaddi
Subject: Re: Legal Action Against Levinson's Defamation
To: "William A. Levinson" ,
Ted
In-Reply-To: <43C6C871.3070605@stentorian.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-228505637-1137125508=:13130"
Content-Transfer-Encoding: 8bit
X-ELNK-AV: 0

--0-228505637-1137125508=:13130
Content-Type: text/plain; charset=iso-8859-1

==============================================

Again, I encourage Georgetown to show this information to its own Internet security and abuse department, and see if it reaches the same conclusion that I do.

[End of letter to Georgetown]

Posted by Bill Levinson at January 17, 2006 05:16 PM

Trackback Pings

TrackBack URL for this entry:
http://www.israpundit.com/mt-tb.cgi/12103


Comments

1. Ilana Rosen said:


What did Georgetown do, and are you considering taking it further?

Posted by: Ilana Rosen on January 18, 2006 03:48 AM

2. Jerusalem Posts said:

The IP address you mentioned belongs to comcast and it's them you have to complain to in order to have Muaddi's account suspended because of abuse.

Posted by: Jerusalem Posts on January 18, 2006 07:41 AM

3. Jerusalem Posts said:

OrgName: Comcast Cable Communications Inc.
OrgID: CMCS
Address: 1800 Bishops Gate Blvd
City: Mt Laurel
StateProv: NJ
PostalCode: 08054
Country: US
NetRange: 68.80.0.0 - 68.87.255.255
CIDR: 68.80.0.0/13
NetName: JUMPSTART-2
NetHandle: NET-68-80-0-0-1
Parent: NET-68-0-0-0-0
NetType: Direct Allocation
NameServer: DNS01.JDC01.PA.COMCAST.NET
NameServer: DNS02.JDC01.PA.COMCAST.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2002-01-28
Updated: 2003-11-05
RTechHandle: IC161-ARIN
RTechName: Comcast Cable Communications Inc
RTechPhone: 1-856-317-7200
RTechEmail: CNIPEO-Ip-registration@cable.comcast.com
OrgAbuseHandle: NAPO-ARIN
OrgAbuseName: Network Abuse and Policy Observance
OrgAbusePhone: 1-856-317-7272
OrgAbuseEmail: abuse@comcast.net
OrgTechHandle: IC161-ARIN
OrgTechName: Comcast Cable Communications Inc
OrgTechPhone: 1-856-317-7200
OrgTechEmail: CNIPEO-Ip-registration@cable.comcast.com
CustName: Comcast Cable Communications Inc.
Address: 3 Executive Campus
Address: 5th Floor
City: Cherry Hill
StateProv: NJ
PostalCode: 08002
Country: US
RegDate: 2003-03-19
Updated: 2004-07-02
NetRange: 68.80.0.0 - 68.81.255.255
CIDR: 68.80.0.0/15
NetName: PA-METRO-7
NetHandle: NET-68-80-0-0-2
Parent: NET-68-80-0-0-1
NetType: Reassigned
Comment:
RegDate: 2003-03-19
Updated: 2004-07-02
RTechHandle: IC161-ARIN
RTechName: Comcast Cable Communications Inc
RTechPhone: 1-856-317-7200
RTechEmail: CNIPEO-Ip-registration@cable.comcast.com
OrgAbuseHandle: NAPO-ARIN
OrgAbuseName: Network Abuse and Policy Observance
OrgAbusePhone: 1-856-317-7272
OrgAbuseEmail: abuse@comcast.net
OrgTechHandle: IC161-ARIN
OrgTechName: Comcast Cable Communications Inc
OrgTechPhone: 1-856-317-7200
OrgTechEmail: CNIPEO-Ip-registration@cable.comcast.com
ARIN WHOIS database last updated 2006-01-17 19: 10
Enter ? for additional hints on searching ARIN's WHOIS database.

Posted by: Jerusalem Posts on January 18, 2006 07:43 AM

4. Jerusalem Posts said:

Spamming someone in order to overload their mailbox is a typical ploy of Islamists - it's an old and tiresome ruse, but in their end they're hurting themselves.

You should also write to his mail provider and complain about the spam being sent to you and ordered from that IP address.

The changing numbers just means he's on a dynamic ADSL connection.

The right computer techies have wonderfully automated ways of deal with people like Muaddi...

Posted by: Jerusalem Posts on January 18, 2006 07:48 AM

5. Dan Barkye said:

Bill, what is the GU doing? This is what is important.

Posted by: Dan Barkye on January 18, 2006 01:46 PM

6. Bill Levinson said:

I did report him to abuse at Comcast.net. The point here is that his puerile action shows that his maturity is that of a junior high school student and not a mature adult, and that is what I am making clear to Georgetown.

Posted by: Bill Levinson on January 18, 2006 03:52 PM

7. Jerusalem Posts said:

Bill, that's a typical reaction from Islamists or leftists... they can't debate any valid points, so go for personal attacks instead.

Posted by: Jerusalem Posts on January 18, 2006 04:20 PM

Post a comment




Remember Me?

(you may use HTML tags for style)