UPDATE: Govt Sites appear OK right now // Earlier Feds / IIR.com apparently scrubbing Trapwire related websites: down from DNS but not offline

///// UPDATE: August 14th 7PM: Apparently more takedowns of media pieces are occurring. Here is a pastebin from Barrett Brown (@barrettbrownlol), and also please listen to a nice interview with Barrett on RadioDispatch, my friends' Molly & John Knefel's radio show. SOURCE: http://pastebin.com/gsR8HEwN

As of 6:40 CST here in U.S., these are the Australian articles on Trapwire that have been simply removed by their respective outlets with no explanation. Note that there are rumors to the effect that they are down to inaccurately stating that Cubic Corporation owns Abraxas Apps - rumors that are false, as show here (http://privatepaste.com/6810d9914a) and as could have been verified for nearly a year on Project PM's Echelon2.org wiki entry for Cubic Corporation (http://wiki.echelon2.org/wiki/Cubic_Corporation) which itself links to the pertinent tax documents. Incidentally, Cubic and Abraxas have long been our focus due to their known involvement in persona management software as provided to CENTCOM by the wholly owned subsidiary Ntrepid. Here, the, are the articles that are down - not corrected, but entirely removed:

http://m.smh.com.au/technology/technology-news/revealed-trapwire-spy-cam... stralia-20120813-2448z.html
http://www.canberratimes.com.au/technology/technology-news/revealed-trap...
http://www.smh.com.au/nsw/surveillance-system-linked-to-transport-defenc...
http://m.watoday.com.au/technology/technology-news/revealed-trapwire-spy...
http://m.theage.com.au/technology/technology-news/revealed-trapwire-spy-...
http://www.katherinetimes.com.au/news/national/national/general/revealed...
http://www.brisbanetimes.com.au/nsw/surveillance-system-linked-to-transp...
http://m.canberratimes.com.au/nsw/surveillance-system-linked-to-transpor...

God forbid that this unprecedented incident receive at least a cursory examination from those journalists who are paid to do what many of us in the activist community have long done for free.

As to the potential reason for such articles going down in Australia, and not elsewhere, this non-scrubbed article may hold a clue:

http://www.heraldsun.com.au/news/victoria/cubic-transportation-systems-o...

As may this:

http://www.optuszoo.com.au/news/breaking/brisbane-times/surveillance-sys...

This, too, is quite understandably down:

http://www.smh.com.au/nsw/surveillance-system-linked-to-transport-defenc...

And to those who are claiming that Trapwire does not actually entail anything like facial recognition, please take a few minutes to read what ex-CIA agent and Abraxas head Richard Helms said about the intent of the software seven years ago: that it would “collect information about people and vehicles that is more accurate than facial recognition," among other things. This was noted at http://publicintelligence.net/unravelling-trapwire/ where anyone could read it, not just those of us who bothered to do so.

In conclusion, fuck the media, and fuck the dozens of state-linked firms that the media hasn't bothered to do a single fucking bit of research on despite this problem having quite demonstrably gotten out of hand years ago.

Barrett Brown
Project PM
barriticus@gmail.com

END UPDATE /////

///// UPDATE: August 12 7AM: via two different DNS services it looks like the sites are looking up correctly now. My net connection's pretty dodgy at the moment but I think they are loading correctly now. It could have been a temporary glitch - strange since other lookups were working correctly on a that stable connection all day, while both ncirc and nsi.ncirc failed in lookups and had been working correctly on that DNS only hours earlier. Oh, domain name system, why must you be so quirky? [Needed: a good way to check quite a few open DNS servers at once for a query like this - I don't have a good method obviously]

On the upside, even if this was a transient thing and not a nefarious takedown, a few things can be learned. It's good to take a careful look at Suspicious Activity Reporting, which is the underlying basis of this sketchy Trapwire system. It's also good to know about the technique that I used to get around the faulty lookups and talk to the Apache servers (manually setting /etc/hosts allows you to send the correct headers to load a site, even when DNS is not pointing correctly at the server).

I'll add that I have seen this happen before, where a Suspicious Activity Report related government site went weirdly offline and I had to go back into the google cache to retrieve the missing site data. Thus, may have fallen a bit to confirmation bias.

Unfortunately in this case I was under a major time constraint - battery was about to run out & had to kick out a notice about this possibly going down before I lost power & internet availability. It's difficult to determine DNS changes on the fly - especially as power starts to drop out :[

Additionally http://twitter.com/unoccupyABQ retrieved more files using Google Cache (not wget) and those should be added to a new file archive later today after I get some rest.

I'm certainly sorry for prematurely drawing limited interest to this odd circumstance -- however, when we posted tweets asking if other people could see the server, a couple responses indicated it was still working, but there wasn't much feedback to confirm or deny the state of these DNS lookups. [& indeed it's possible they changed files, but I lack the ability to check right now - running wget again may be able to confirm such changes]

Also in the process I learned that IIR.com, a weird quasi-governmental organization, is controlling both ncirc.gov and nsi.ncirc.gov domain name registrations, which is an interesting inflow of authority from the quasi-gov sector into the .gov realm, and further linkages between IIR.com, Trapwire, and SARs will probably turn up, I'd suspect. Again sorry for the DNS drama but at least the effort brings other useful info.

$ dig ncirc.gov

; DiG 9.6-ESV-R4-P3 ncirc.gov
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 5598
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 0

;; QUESTION SECTION:
;ncirc.gov. IN A

;; ANSWER SECTION:
ncirc.gov. 30 IN A 199.44.41.59

;; AUTHORITY SECTION:
ncirc.gov. 30 IN NS talgtm.iir.com.
ncirc.gov. 30 IN NS ns3.iir.com.
ncirc.gov. 30 IN NS MURFGTM.iir.com.

;; Query time: 362 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Aug 12 06:50:19 2012
;; MSG SIZE rcvd: 111

and nsi,ncirc.gov:

$ dig nsi.ncirc.gov

; DiG 9.6-ESV-R4-P3 nsi.ncirc.gov
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 49668
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 0

;; QUESTION SECTION:
;nsi.ncirc.gov. IN A

;; ANSWER SECTION:
nsi.ncirc.gov. 30 IN A 199.44.41.191

;; AUTHORITY SECTION:
ncirc.gov. 30 IN NS talgtm.iir.com.
ncirc.gov. 30 IN NS ns3.iir.com.
ncirc.gov. 30 IN NS MURFGTM.iir.com.

;; Query time: 403 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Aug 12 06:52:11 2012
;; MSG SIZE rcvd: 115

END UPDATE ///////

Apparent #trapwire gov coverup in realtime!! it looks like the government is scrubbing Suspicious Activity Report related .gov sites and dumping their DNS entries. However the boxes are still online, if you use /etc/hosts on osx/unix you can still get in and mirror the files. i got 40MB+ off one site and 100+MB off the other.

IIR.com is a very sketchy org, one of these quasi governmental orgs that sets up tracking systems in the US, and advocates policies for them.

you can still get it with adding /etc/hosts entries:

199.44.41.191 nsi.ncirc.gov

199.44.41.59 ncirc.gov

on UNIX

wget -m --tries=5 "http://ncirc.gov"

and

wget -m --tries=5 "http://nsi.ncirc.gov"

*****

LETS HAS THE ARCHIVES I GOT with WGET. these are not necessarily the full files on these webservers but they are everything which the WGET mirroring spider could grab.

MD5 (ncirc.gov.zip) = d94b716f9b62c9bf5c65ca92bb566e86

FILE http://hongpong.com/files/ncirc/ncirc.gov.zip 85.7MB

MD5 (nsi.ncirc.gov.zip) = 0b23e1bb048cce2a499f5ec9476b30c5

FILE http://hongpong.com/files/ncirc/nsi.ncirc.gov.zip 34.3MB

DNS INFO SEE http://dnshistory.org/browsedomains/ncirc.gov.

DNS History - Domain Browser

Domain: ncirc.gov. (view subdomains / view in browser)
Added: 2009-12-29 Last Checked: 2010-10-16
PageRank: 6

What links here by: CNAME / NS / MX / PTR

View all domains starting with ncirc.*.

SOA - (history)

2010-10-16 -> 2010-10-16
MName: MRFGTM.iir.com
RName: hostmaster.iir.com
Serial: 18
Refresh: 10800
Retry: 3600
Expire: 604800
Minimum TTL: 60
NS - (history)

2010-05-16 -> 2010-10-16: talgtm.iir.com.
2010-05-16 -> 2010-10-16: mrfgtm.iir.com.
MX - (history)

2010-05-16 -> 2010-10-16: 10 -> janus.iir.com.

FOR more infos on the TRAPWIRE program situation - >>

Unravelling TrapWire: The CIA-Connected Global Suspicious Activity Surveillance System | Public Intelligence

Abraxas and Trapwire: the technology and personnel revealed « Darker Net