We have been told that NCGOP Chairman Hasan Harnett’s email had to be shut off due to some sort of “security threat”. For example, here is a quote from Deputy Secretary Scott Cumbie’s Facebook Note:
Within a few days a more serious act occurred. Since the details have not been made public, I will summarize what happened to the information that has been made public. The NCGOP staff was informed that an attack on the NCGOP servers and website was eminent. In an effort to protect the NCGOP’s electronic presence, remote e-mail IDs were disabled; websites were shut down; ISPs, hosting companies, ASPs and financial institutions were all contacted about a possible eminent threat.
This evening, while perusing the Chairman’s posts on Twitter, I found this:
The Chairman had tweeted the above screenshot on March 8 when he discovered his email was disabled. His comment on the image was: “My NCGOP Google email account is disabled. Really!!?? Normally I wouldn’t say anything but that is a bit much.”
Indeed, it was a bit much. But they HAD to do it to secure assets against http://www.ccapac.org/2016/02/07/somebody-hit-a-nerve/an attack, right?
First, let me explain that I have been employed as a software engineer and in various other information technology capacities in industries from aviation to finance to material handling for about 30 years, and have been focused on web development for the past seven years.
When I saw that screen shot, I thought “hmmm… they use Google for their email, and had to shut it down due to a security threat? That just doesn’t make sense.” When Google is threatened by a security threat, that is BIG news, the kind that the world hears about if it requires that email accounts be disabled. The chances that Google email accounts would have to be disabled due to a “security threat” are slim to none. Slim left town last week, and None has been gone for ages.
If my technical description that follows makes your eyes start to glaze over, please, rather than leaving this page, scroll down and read the last two paragraphs.
My suspicions caused me to see what I could find out about NCGOP’s email server. Guess what I found? Google is NCGOP’s email server! Now, what follows is a bit of “inside baseball” tech stuff, but it reveals the evidence. I will do my best to explain it so that folks who aren’t computer geeks like me can grasp it. It may omit some steps for clarity, but the essentials of the process are there.
First, it is useful to understand what Domain Name Service (DNS) is. It is a worldwide network of servers that translate domain names such as google.com or NC4Hasan.com to an IP (Internet Protocol) address. It is something like the phone book we all once used on a regular basis. If you wanted to call someone, you looked under their name in the phone book, and found their number. DNS is like a phone book where one server looks up the host name of another server to find its IP address.
If you send an email to someone at ncgop.org, your email server asks it’s DNS server “what is the IP address of the mail server for ncgop.org”. The DNS server replies with the IP address, something like 220.127.116.11. The email server then contacts the server at 18.104.22.168 to transfer your email message to that server.
Now, if I haven’t lost you, give yourself a pat on the back. Thanks for hanging in there. If I have lost you, don’t feel bad. Just remember to scroll to the end of the article before you leave.
If I sit down at my computer and open a terminal window (I use Linux, on a Windows machine this is a “command window”) and run the command “dig mx ncgop.org”, the command tells me the host names of the email servers that handle mail for ncgop.org. It looks like this:
Let me help you with the gobbledegook above. Under the header “ANSWER SECTION”, we see that there are five servers that can handle mail for ncgop.org. Notice anything there? For all five, the domain name is either google.com or googlemail.com!
Under the heading “ADDITIONAL SECTION”, we see the IP addresses of two of those servers. If we need any confirmation that these are in fact servers operated by Google, we can go to domaintools.com (and other sites who offer WHOIS lookups) to find who owns those IP addresses. Here is ￼what domaintools.com has to say about IP address 22.214.171.124:
If you are wondering about the other address shown in the earlier screenshot, check the line titled “NetRange”. You will see that the information in the image above applies to IP addresses from 126.96.36.199 to 188.8.131.52. In geek terms, that is an entire Class B network that includes both of the addresses shown in the earlier screen shot.
One thing has been proven above: NCGOP uses Google for email. There is not a thing wrong with this, but it casts significant doubt on the claim that email accounts were disabled due to some “security threat”.
Now, the critical reader might well argue that while I have provided significant evidence, I haven’t yet conclusively proven that anyone lied about why email accounts were disabled.
Stay tuned. There is more to come.
Edit: The “more to come” is here.