Web site cert used as a countdown timer to 9/11 attacks?

From: Tao, Greg (greg.tao@private)
Date: Fri Oct 19 2001 - 13:21:15 PDT

  • Next message: George Heuston: "FW: NIPC Daily Report, 19 October 2001"

    Check out the story below.  I looked into the Verisign registration info,
    and it appears to confirm the details in the story.
    
    Registrant:
    Saudi Binladin Group (SAUDI-BINLADIN-GROUP2-DOM)
       Prince Abdullah Street
       Jeddah, 21492
       SA
    
       Domain Name: SAUDI-BINLADIN-GROUP.COM
    
       Administrative Contact, Technical Contact, Billing Contact:
          Lumsden, Philip  (PLP239)  philip@private
          Arq Limited
          The Old Post Office
          George Street
          Bath, BA1 2EB
          UK
          01224 312 391
    
       Record last updated on 11-Sep-2000.
       Record expires on 11-Sep-2001.
       Record created on 11-Sep-2000.
       Database last updated on 19-Oct-2001 06:34:00 EDT.
    
       Domain servers in listed order:
    
       NS0-S.DNS.PIPEX.NET		158.43.129.83
       NS1-S.DNS.PIPEX.NET		158.43.193.83
    
    
    Perhaps another example of the ancient art of steganography...
    
    Greg
    
    
    
    
    
    from http://citypaper.net/articles/101801/sl.howcol.shtml
    
    ---------- BEGIN STORY ----------
    
    October 18-25, 2001
    
    pretzel logic
    
    Date with Destiny?
    by Howard Altman
    
    It is a matter of public record that the bin Laden family has vociferously
    disavowed their wayward 17th child. And who could blame them?
    
    No mere wanton wastrel, the world's most wanted man has brought great shame
    upon this wealthy family. Even worse than shame, though, Osama's actions
    have endangered the clan's coffers.
    
    So it is not surprising that the bin Ladens have cut ties to "the evildoer,"
    as George Dubya likes to refer to him.
    
    Or did they?
    
    A web domain registered to the Saudi Binladin Group (the megabucks
    corporation uses the alternate spelling of the family name) raises questions
    about what role, if any, the family has played in the Sept. 11 terrorist
    attacks.
    
    The domain was registered on Sept. 11, 2000, with a preset expiration date
    of Sept. 11, 2001, according to a technician with VeriSign, an Internet
    domain registry service formerly known as Network Solutions.
    
    Coincidence?
    
    Or was this website set up to start the countdown on the most devastating
    attack in U.S. history?
    
     
    
    Like a lot of information that has been pouring in to me since shortly
    before 9 a.m. Sept. 11, the tidbit about www.saudi-binladin-group.com was
    amazingly tantalizing.
    
    Unlike a lot of the tidbits, however, this morsel, delivered last week by an
    anonymous source I will refer to as Deep Spore, has a paper trail attached
    to it.
    
    The paper trail began with a web search of the Binladin Group that revealed
    the aforementioned website. A check of that site showed that it no longer
    existed. A quick "whois" check on VeriSign's website - which lists who set
    up a particular site and when - showed that, unlike Binladin-related sites
    that were taken down right after the attacks on New York and Washington,
    saudi-binladin-group.com expired on the day of the attacks.
    
    This was no accident, according to a VeriSign technician in Mountainview,
    Calif.
    
    "This was timed so it would expire on that date," says the technician, who
    identified herself only by her first name, Antonette, and by her employee
    number, 001. Antonette also verified that the information listed in the
    whois search was accurate and not tampered with by an outside party.
    Antonette added that VeriSign had already been contacted by law enforcement
    about other attack-related domain names the company had registered.
    
    "I had a call from the L.A. police," she said. "He was also asking about a
    domain name that expired on Sept. 11. I can't remember the name of it, but
    it had something to do with the WTC."
    
     
    
    The Binladin website was created by a company called Arq Limited, a U.K. web
    design firm. The administrative, technical and billing contact listed on the
    whois search is a man named Philip Lumsden.
    
    After several calls to the U.K., I learned that Arq Limited went out of
    business, replaced by a company called Active 8 Solutions, which shares the
    same Bath, England, mailing address and a telephone number that is only one
    digit off from Arq Limited's old number.
    
    I learned one more interesting thing.
    
    "Mr. Lumsden left a week ago," said a man who answered the phone at Active 8
    Solutions. "I am not aware of why he left."
    
    The man, who would not give his name, added that he had "no clue" about the
    saudi-binladin-group.com website.
    
     
    
    A half-dozen odd calls Tuesday, October 15, to the Saudi Binladin Group's
    headquarters in Jedda, Saudi Arabia, turned up little other than assurances
    that if I called back in 20 minutes or a half-hour, then somebody would be
    able to give me some information about the website.
    
    Each time I called, I explained that I wanted to ask somebody at the company
    why the website expired on Sept. 11, 2001, a rather significant date in
    world history. Each time I was told to call back until, finally, I spoke
    with someone who could answer my questions.
    
    But not for long.
    
    "You can check with VeriSign," said a man who did not identify himself.
    "VeriSign has all the details."
    
    The man then asked me to hold on because he had to take another call. Then I
    was disconnected. I called back, only to be disconnected again. When I
    called back a third time, another man answering the phone asked if I could
    send an e-mail listing my questions.
    
    "It is already after 6 p.m. here," said the man. "Nobody is in anymore."
    
    The next day, I called again and again was told to call back later. By
    deadline, neither of the two emails I sent seeking comment were answered.
    
     
    
    If the attackers did use this website, the FBI, which is tracking down
    thousands and thousands of leads, may be interested.
    
    "I am not aware of [the website], and I do not know whether the FBI is aware
    of it, but I can't speak for the entire FBI," said Joe Valiquette, spokesman
    for the FBI's New York office. "Generally speaking, we would be interested
    in something like that."
    
    ---------- END STORY ----------
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:28:18 PDT