Threats against Afghan blogger

This post has been removed at the request of the Afghan blogger involved, as new information has come to light substantially changing the story. The post concerned the following:

“Sohrab Kabuli“, Afghan blogger and winner of the Freedom Blog Award for his Farsi blog, Shared Pains, has been getting death threats. (You can read an interview with him about his blog and its impact here.)

Initial information pointed improperly to the source of the threats.

26 comments

  • paul

    Hmmm. Anybody taking DHCP and/or NAT into account here?

    I doubt the BBC would spend the money to have an internet routable IP address for every computer in their intranet.

    They would much more likely use a Network Address Translator that gives an address from a smaller (ergo, less expensive) pool of internet routable addressed to each computer any time it reaches out to the internet from the BBC intranet.

    So, unless the BBC has good logging for their NAT/DHCP servers, then it is rather unlikely they’ll be able to isolate the exact computer that sent the message.

    For example, my company has well over 200 PC’s, but we only have 30 routable addresses. So, there will be an IP address of 206.117.x.x shown for this post of mine, but that is not directly traceable to the PC on my desk.

    I’d give it a 50% chance they can.

  • […] The Committee to Protect Bloggers recently received the following statement from the BBC in response to complaints by Afghan Blogger Sohrab Kabuli that somebody has been using a BBC computer to threaten him. The statement was sent by Mike Gardner, Head of Media Relations at BBC World Service: The BBC has met with Sohrab Kabuli – the pseudonym for the Afghan blogger – who alleges that offensive e-mails were sent from a BBC staff member in the Kabul office. […]

  • mikem

    I have been following this story for well over 15 minutes and I’m trying to be fair. This has Karl Rove’s fingerprints all over it; blah. No terrorist sympathizer would ever be dumb enough to post a hateful, threatening email; blah. This is an attack on the unbiased BBC by partisan political operators; blah

  • Jim Peterson

    My question is how long will it take before we black bloggers get another “take down” like Aslam?

    You just got another Instalanche here. Will this get results? Will this become a major BBC scandal until the instigator is behind bars?

    Inquiring minds want to know.

  • Jim Peterson

    I should clarify: “black blogging” is the new term for blackballing the main stream media when they step over the line with certain articles and reports. We are determined to get our scalps. This time the scalp has to be the threatening BBC employee fired and behind bars.

  • Junyo

    IP addresses are logical addresses, not physical. On most large networks they are dynamically assignned, i.e. an address that belonged to a specific computer yesterday belongs to another today, and yet another tomorrow, this person kept the same IP for better than a month. Does the BBc use static IP’s or multi-month DHCP leases? Spammers and malicious hackers compromise networks all the time to generate unwanted traffic and/or attacks from a network with no connection to them other than poor security, so as Vann said someone outside the BBC could be taking advantage of a compromised network. Most firewalls make all of the traffic from a network look like it’s coming from a single address, and the address in question resolves to webgw0.mh.bbc.co.uk (which I’d guess is Web Gateway 0, a proxy or firewall server with dozens if not hundreds of users behind it).

    I’m more than willing to believe the Beeb would employ a gutless terrorist sympathizer, but you need a little more evidence before you start naming names.

  • Fides

    Jim:

    Racist! Your use of the term ‘black’ clearly indicates you do no understand whom you may hurt or slander, as I’m sure the Beeb will tell you. You consequential backpeddling doesn’t matter. ;)

  • Open Mind

    Well, where is the BBC reporter based? It may be that his locale has one assigned IP address, and it may be that he is the only BBC reporter there. That would explain why his IP would stay the same for so long.

    Or not.

    It would not surprise me at all that a person, even a reporter, would not realize that IPs can be traced, though. Plenty of smart people don’t realize that, so I wouldn’t use that as evidence either way.

  • Otis Wildflower

    Listen, even with DHCP/NAT, you have logs that tell you which system MAC address acquired which IP address, and when. So you can, if you have the desire and technical know-how, walk the cat back to at least a particular piece of hardware (since MAC addresses are hardware unique IDs for most desktop PCs/Macs). You can trace this thru ethernet switch logging, DHCP logging and firewall/NAT logging.

    That is, if you have technical competence and have due diligence logging. I believe the BBC has that competence, but not necessarily the desire.

  • monkeybrau

    If they know the IP address and the time of the post, it literally will take MINUTES to look at the DHCP or static IP logs on the BBC network. As a network administrator, I can tell you that this is something that shouldn’t take more than 5 minutes.

    The network logs will show the “MAC” address of the computer/network adapter that connected to THAT IP at THAT TIME and is uniquely identifiable. They should be able to narrow down the PC that had this IP address on those dates and identify the person who used that PC.

    Good luck and take care. I hope this person is exposed very soon.

Cancel this reply

Join the conversation -> Jim Peterson

Authors, please log in »

Guidelines

  • All comments are reviewed by a moderator. Do not submit your comment more than once or it may be identified as spam.
  • Please treat others with respect. Comments containing hate speech, obscenity, and personal attacks will not be approved.