UK IP 193.129.103.99 – A One in 3.7 Billion Fraud

By 30 December 2017KEY ARTICLES

UK IP 193.129.103.99 - A One in 3.7 Billion Fraud (±x)

Published on December 30, 2017
Joseph-S-R-de-Saram

Joseph S R de Saram (JSRDS)

Information Security Architect / Intelligence Analyst / Computer Scientist / Human Rights Activist / COMSEC / SIGINT / TSCM
753

Enter more text here

[IN THE FOLLOWING ARTICLE, THE USER OF IP ADDRESS 193.129.103.99 APPEARS TO BE GOWLING WLG, ALTHOUGH THEY WERE KNOWN AS ‘WRAGGE LAWRENCE & GRAHAM’ (“WLG”) PREVIOUSLY.

I AM IN THE PROCESS OF DRAFTING APPLICATIONS FOR NORWICH PHARMACAL ORDERS AGAINST VARIOUS PARTIES. ONCE THE IDENTITY OF THE USER IS CONFIRMED THEN THAT PARTY WILL BE IDENTIFIED AS SUCH AND ANY INACCURACIES IN THIS ARTICLE WILL BE UPDATED.

I HAVE BEEN REFERRING TO THE USER OF 193.129.103.99 AS WLG SINCE 2015 AND ON VARIOUS WEBSITES AND ARTICLES. AT NO POINT HAS WLG WRITTEN TO ME TO INFORM ME THAT THE IP ADDRESS IS NOT THEIRS.

HOWEVER, I IMMEDIATELY REQUIRE WLG TO WRITE TO ME SHOULD 193.129.103.99 NOT BE ASSOCIATED WITH THEM – HA HA!]

Understanding IP Addressing and CIDR Charts

Every device connected to the Internet needs to have an identifier. Internet Protocol (IP) addresses are the numerical addresses used to identify a particular piece of hardware connected to the Internet.

The two most common versions of IP in use today are Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6). Both IPv4 and IPv6 addresses come from finite pools of numbers.

For IPv4, this pool is 32-bits (232) in size and contains 4,294,967,296 IPv4 addresses.

The IPv6 address space is 128-bits (2128) in size, containing 340,282,366,920,938,463,463,374,
607,431,768,211,456 IPv6 addresses.

A bit is a digit in the binary numeral system, the basic unit for storing information.

Not every IP address in the IPv4 or IPv6 pool can be assigned to the machines and devices used to access the Internet. Some IP addresses have been reserved for other uses, such as for use in private networks. This means that the total number of IP addresses available for allocation is less than the total number in the pool.

Understanding IP Addressing and CIDR Charts

CIDR charts and a short guide to how IP addressing works...

Reserved IP Addresses and/or Non-Publicly Addressable

From memory, in 2015 there were around 588,514,304 IPv4 addresses that were reserved, since updated to 592,708,864 reserved addresses due to RFC 6598.

Working Publicly-Accessibly IP Addresses – 3.7 billion

[Approximate] figure is 4,294,967,296 minus 592,708,864 =

3,702,258,432

Unauthorised Access to Rhodium Servers in 2014

I had noticed unusual IP traffic to our servers from around April 2014 – a combination of website accesses, concurrent attacks (no penetration) and unlawful access.

Accordingly we maintained extensive tracking of such activity, as well as more sophisticated systems which could analyse the relationship of different IPs and their types of access across all our resources, over time.

Around October 2014, a specific IP address ‘turned up on our systems’, namely:-

193.129.103.99

and after that the pattern of accesses was markedly different. One specific aspect that I noticed was the number of attempts at ‘hacking’ increased across a range of IP addresses and

ACTUAL UNLAWFUL ACCESS BY 193.129.103.99 AND/OR SAME 254-IP BLOCK WAS IDENTIFIED ON AT LEAST ONE OCCASION.

However the bulk of unlawful access was not from that IP address. Our systems had identified a range of unlawful accesses, predominantly UK-based from

various unknown actors who appeared to be working together and co-ordinating a specific offensive between them.

although it was clear that the user of 193.129.103.99 was the

‘ring-leader’

Server Logs

We of course had the raw log files from the servers which confirmed both the IP address as well as the type of access, port, and obviously copious volumes of metadata.

Furthermore on top of that arrangement, there was a fairly basic one which generated an e-mail every time there was access to various websites, and provided basic information.

An example of such an e-mail message is:-

20141023 – Server access – JSRDS.COM

20141030 – Server access – JSRDS.COM

In the above examples the user of 193.129.10.99 has accessed my JSRDS.com website – obviously the party has an interest in our commercial operations and I, and was undertaking investigations.

IN FACT SERVER LOGS CONFIRMED A DIRECT CORRELATION BETWEEN THE ACCESSING OF OUR RHODIUM WEBSITES AND SERVERS BOTH AHEAD OF AN ‘EVENT’ AND ‘AFTER THE FACT‘.

 

REMEMBER, ACCESSING A WEB SITE DESIGNED FOR THE PUBLIC IS NOT UNLAWFUL, BUT UNAUTHORISED ACCESS TO THE SAME SERVER FOR ANOTHER PURPOSE IS UNLAWFUL.

 

B3 2AS – Wragge & Co

I recognised the postcode of B3 2AS as that of Wragge & Co (“Wragge Lawrence & Graham in 2014”), a law firm that had been representing a matter involving the UK DTI and I.

[insert evidence of postcode and DTI]

Whilst I can appreciate that there may be more than one user of an IP address and more than one party situated within the post code of B3 2AS, simply analysing the context of the access itself confirms the nature of the access and the party behind it, or at least associated with it.

As it happens I had re-engaged Eversheds for various matters involving the Melbourne Fraudsters and their gang for Defamation and Injurious Falsehoods.

[insert evidence]

A Simple Nexus

By way of information the lies of the Melbourne Fraudsters continually end up as fraud on the court, which then ends up as fraudulently-obtained judgments against me, which then is the ‘perception of insolvency’, and then leads to ‘incitement of violence’ and then actual physical assaults – all thanks to their self-victimisation and manipulation techniques.

However one of the problems of their desire to get ‘everyone on the bandwagon against me’ is an

ABSOLUTELY ENORMOUS ATTACK SURFACE WHICH THEY HAVE UNAVOIDABLY CREATED FOR THEIR FOLLOWERS, WHICH I AM TARGETTING AND WILL DESTROY IN DUE COURSE NOW THAT I HAVE RECOVERED THE FORENSIC EVIDENCE:-

Birds of a Feather

Frauds of a feather, f*#k together" - JSR DS Introduction Today's article is about Common Interest Privilege, and the many pitfalls associated with...

Further Accesses from 193.129.103.99

A number of websites on Rhodium servers were subsequently accessed by 193.129.103.99, as the evidence confirms. These sites relate SPECIFICALLY to the Melbourne Fraudsters.

I queried our logs and ascertained 193.129.103.99 had visited other sites on 13 January 2015, around five times from memory.

20150113 – Server access – ABOUTMARGARET.COM / LITIG8.NET

I then traced them back to 08 January 2015:-

December 2014

In December 2014 I was the victim of a theft of data and destruction of evidentiary materials from my apartment, by a Sri Lankan named JV Lasantha Priyadarshana (“JVLP”), directly following the visit of Edward de Saram (“EDS”). Various USB drives were stolen, paperwork, as well as DVDs and Blu-rays.

By January 2015 I had imaged the SSD from the laptop that JVLP had been using and it was clear that he had obtained unauthorised access to various devices in the days before he left. Most interestingly it was data relating to Margaret Cunniffe (“MTC”) / David Brown (“DAB”) / Simon Thompson (“SVBT”) / Ian Slater (“ICS”) / McDonald Slater & Lay (“MSL”), parties in Australia who continually pervert the course of justice by their bad faith antics, injurious falsehoods, perjurious affidavits, diversionary tactics, and whom we are suing or in which cases litigation is pending.

Data Exfiltration Engineered from UK

It was obvious that JVLP had neither the brains nor the balls to mastermind this on his own, and his subsequent self-serving e-mails were written by a native English speaker rather than a local who had learned English. In fact it was Margaret Cunniffe’s style, and her signature themes do get tiring after a while and pop up everywhere.

On 11 January 2015 I sent JVLP an e-mail containing a number of links, one of which was a secret url that no-one outside Rhodium knew about.

[insert evidence]

Within Rhodium only three people knew of this and were all instructed not to visit the secret url.

The secret url was designed to exclusively track the flow of information. Since no-one outside Rhodium knew about it our systems could simply monitor the url to ascertain who was involved (a little like the dust that some colleagues and I used in the early 1990s to track locations assets had visited).

The Melbourne Fraudsters

As if by magic (although in fact it was entirely predictable because it was I that set the trap), MTC DAB accessed the secret URL less than three hours later, using a VPN service from HideMyAss which obfuscated their IP address. I knew it was them because of monitoring their visits to our sites during the preceding years, and using metadata/traffic analysis.

20150111 – Server access – THEBROWNPUPPY.COM

I later recovered direct evidence:-

[insert evidence]

that showed that it was IN FACT

DAB’s HideMyAss account

was linked to

DAB’s [email protected] personal e-mail address.

this is not really rocket science.

20150113 – Server access – THEBROWNPUPPY.COM

Another Simple Nexus

Clearly the user of the 193.129.103.99:-

(a) Has an investigative/legal interest in me, from at least October 2014;

(b) Is directly associated with various unlawful accesses of rhodium infrastructure;

(c) Is directly associated with the Melbourne Fraudsters;

(d) Is directly associated with JVLP who stole my/our evidence;

I DELIBERATELY GAVE A CRIMINAL WHO STOLE AND DESTROYED EVIDENCE, A SECRET URL, AND TWO DAYS LATER 193.129.103.99 (APPEARS TO BE WRAGGE LAWRENCE & GRAHAM) IS IN POSSESSION OF IT, ACCESSING THE SITE FROM THEIR B3 2AS LOCATION – WHAT A SIMPLE NEXUS INDEED.

It doesn’t matter about intermediaries, agents and parties who try to obfuscate the ‘handling of stolen materials’, or act as ‘accessories after the fact’. It doesn’t matter about layers/lawyers that have been put into position afterwards so parties can distance themselves from the source.

Legal Position in relation to UK Lawyers

The Law Society states:-

6.4.5 Crime/fraud exception

LPP protects advice you give to a client on avoiding committing a crime [Bullivant v Att-Gen of Victoria [1901]AC 196] or warning them that proposed actions could attract prosecution [Butler v Board of Trade [1971] Ch 680]. LPP does not extend to documents which themselves form part of a criminal or fraudulent act, or communications which take place in order to obtain advice with the intention of carrying out an offence [R v Cox & Railton (1884) 14 QBD 153]. It is irrelevant whether or not you are aware that you are being used for that purpose [Banque Keyser Ullman v Skandia [1986] 1 Lloyds Rep 336].

Intention of furthering a criminal purpose

It is not just your client’s intention which is relevant for the purpose of ascertaining whether information was communicated for the furtherance of a criminal purpose. It is also sufficient that a third party intends the lawyer/client communication to be made with that purpose (e.g. where the innocent client is being used by a third party) [R v Central Criminal Court ex p Francis & Francis [1989] 1 AC 346].

20141023 – Server access – JSRDS.COM

IN SIMPLE TERMS:-

(E) THE UNAUTHORISED ACCESS TO RHODIUM SERVERS BY 193.129.103.99 AND CONNECTED PARTIES FROM THE UNITED KINGDOM CONSTITUTES CRIMINAL OFFENCES IN THE UK AS WELL AS LK.

(F) THE PHYSICAL THEFT OF DATA FROM SRI LANKA ENGINEERED BY 193.129.103.99 CONSTITUTES CRIMINAL OFFENCES IN THE UK AS WELL AS LK.

* * THE USER OF IP ADDRESS OF 193.129.103.99 AND PARTIES CONNECTED TO THAT USER, IS THE OBVIOUS NEXUS BETWEEN BOTH (E) AND (F) AND THE JURISDICTIONS OF UK, LK AND AU – HA HA! * *

Legal Position in relation to UK Computer Misuse Act 1990

Section 1 Unauthorised access to computer material.

Computer Misuse Act 1990

An Act to make provision for securing computer material against unauthorised access or modification; and for connected purposes...

Section 2 Unauthorised access with intent to commit or facilitate commission of further offences.

Computer Misuse Act 1990

An Act to make provision for securing computer material against unauthorised access or modification; and for connected purposes...

Section 3 Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of computer, etc.

Computer Misuse Act 1990

An Act to make provision for securing computer material against unauthorised access or modification; and for connected purposes...

3ZA Unauthorised acts causing, or creating risk of, serious damage

Computer Misuse Act 1990

An Act to make provision for securing computer material against unauthorised access or modification; and for connected purposes...

6 Territorial scope of inchoate offences related to offences under this Act.

Computer Misuse Act 1990

An Act to make provision for securing computer material against unauthorised access or modification; and for connected purposes...

Legal Position in relation to LK Computer Crime Act 2007

Untitled-1

PARLIAMENT OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA COMPUTER CRIME ACT, No. 24 OF 2007 Printed on the Order of Government [Certi...

[I WILL WRITE A SEPARATE ARTICLE IN RELATION TO UK/LK ‘COMPUTER-RELATED CRIME’ ACTS IN DUE COURSE.

Eversheds Exposed in 'Destruction of Rhodium Evidence' Case

20170613 updates in progress - watch the above video in HD... In really simple terms, a SPECIFIC IP address 193.129.103.99 is associated with

obsolete article

WLG and Melbourne Fraudsters Linked to Destruction of Evidence

20170611 EVIDENCE INSERTED In December 2014 I was the victim of a theft of data and destruction of evidentiary materials from my apartment, by a Sri...
Joseph-S-R-de-Saram

Joseph S R de Saram (JSRDS)

Information Security Architect / Intelligence Analyst / Computer Scientist / Human Rights Activist / COMSEC / SIGINT / TSCM
RHODIUM GROUP