by Marg Hutton
20 July 2003
'90East helps ASIO ferret out spies and subversive elements.
"There's a process established by which we inform our highly
protected customers of what's going on and give them as much
information as possible."'
Brian Denehy, quoted by Paul Ham in
'The Men who hold off Canberra's cyber siege', SMH, 3 December 2002
Last December we were proud to announce that sievx.com is now being
archived twice a year by the National Library of Australia which
downloads our entire site to preserve it for future scholarship.
More recently we have discovered that a significant proportion of
sievx.com is being downloaded every night by government watchdogs - either an as yet unknown government department or the outsourced private company that handles its internet security (90East.com).
It is one thing to surmise that sievx.com is probably being regularly
monitored by one or more of Australia's national security agencies -
it is another thing to now be sure that this is actually happening, to
learn how comprehensive and frequent it is, and to read about the
somewhat disturbing company in which we have apparently been categorised. We
explain below (with some unavoidable technical detail) what we
recently discovered and how.
How we found out we were being swept by 90East.com or one of its government clients
Over the last few months we have noticed a sharp increase in traffic to sievx.com from computers identified by two IP numbers - 126.96.36.199, also known as coopers.sge.net and 188.8.131.52, also known
as limonite.sge.net. (IP stands for Internet protocol - an IP number or address is the unique number of each computer connected to the Internet)
The increase was so dramatic - upwards of 600 hits per day from the first IP number - that we decided to investigate further.
On examining our logs we discovered an interesting pattern - every
morning in the wee small hours, at exactly 1.42 or 1.43am, sievx.com is
visited by the first IP number which stays for around three hours and
sweeps the website, downloading and/or scanning a significant
proportion of our files - about 600 every visit. Later in the morning on weekdays it returns and examines about half a dozen pages - the ones that have been added, edited or linked during the previous day.
We can see how this could be useful for government agencies interested in our work - to get a daily update on any new material we put up. Essentially it is the same job that Media Monitors, a press clipping service, does. The difference is that Media Monitors acts in a transparent manner and declares which newspapers and journals it monitors.
Here is a list of some of the activity on sievx.com by coopers.sge.net (184.108.40.206) during the last week:
Over the last year sievx.com has received an astonishing 50,000 hits in total from these two IP numbers.
Not surprisingly we began to wonder about who 220.127.116.11 and 18.104.22.168 might be and why they are so interested in sievx.com.
Using Google we were able to establish an incidental link between the second IP number and the Australian Federal Police (AFP) from a posting to a message board by someone using an AFP email address which was posted from a computer with the same IP address.
Using the web detection tools publicly available at samspade.org we were also able to discover that both IP numbers supposedly originate from the Department of Primary Industries and Energy. (see screen dumps 1 and 2)
But the Department of Primary Industries and Energy no longer exists - it is now the Department of Agriculture, Fisheries and Forestry Australia.
When we did a 'who is' on the IP numbers (found doing a reverse DNS check) of government departments that might be interested in surveillance of sievx.com, such as ASIO, the Attorney Generals and the AFP, they all showed up as the 'Department of Primary Industries and Energy'. (see for example screen dumps 3 and 4) So ASIO or AFP computers may well show up on web logs as being from the Department of Primary Industries and Energy, just like our regular visitors to sievx.com.
And these government departments have another characteristic in common.
The technical contact for the internet domains of all these departments is listed as Brian V. Denehy of 90East.com, a private internet security company.
90East.com 'handles web security for ASIO, the cabinet office and most government departments.' 'ASIO... is one of several "highly protected clients who are grouped together in a single cluster"' 'Former Defence Signals Directorate and Australian Defence Force Academy experts manage the little private company'. (Ham, op. cit.)
90East.com hosts a wide range of government departments. Most departments hosted by them appear to have their mail servers on www.sge.net (which appears to be an
alternative for or an earlier incarnation of 90East.com). The home link of www.sge.net does not explain what SGE is, but instead shows two pretentious quotes about war and intelligence gathering:
"Thus it is said that one who knows the enemy and knows himself will
not be endangered in a hundred engagements. One who does not know the
enemy but knows himself will sometimes be victorious, sometimes meet
with defeat. One who knows neither the enemy nor himself will
invariably be defeated in every engagement."
-Sun Tzu, Chou Dynasty: Warring States period of China (circa 403
"Where it is possible to guard against a foreseeable risk which,
though perhaps not great, nevertheless cannot be called remote or
fanciful, by adopting means which involves little difficulty or
expense, the failure to adopt such means will in general be
-Chief Justice Gibbs of the High Court: Turner v The State of South
Why all this assiduous intellingence gathering on sievx.com?
Government ministers have consistently played down the concerns raised about the SIEVX affair implying that there is no genuine cause for alarm about the sinking of SIEVX and that those who do have concerns have overly fertile imaginations. Yet the government or its security advisers are closely and expensively monitoring this website.
Perhaps the reason for this is the high profile work of SIEVX advocate Tony Kevin. As a former senior Australian Diplomat, Tony Kevin is a highly credible spokesperson, attracting regular attention in the mainstream media, keeping the issue and questions about possible government complicity in the public eye.
While the website sievx.com and Tony Kevin are quite separate, our work is complementary. So perhaps the government is keeping a close eye on sievx.com in order to keep up with what Tony Kevin and this website may reveal next.
When Tony Kevin heard of this scrutiny of sievx.com, he said:
"We are neither spies nor subversive elements. We are seeking to help uphold in Australia well-accepted principles of the rule of law, equal justice for all, and respect for the Senate's powers of independent review and scrutiny of government. There is nothing remotely subversive about these goals. Our pursuit of the truth of how SIEVX sank and how Australian national security agencies are helping to cover up aspects of the SIEVX history is entirely consistent with these principles."
Once again, we must ask the question - if the Australian Government has nothing to hide in relation to its handling of the SIEVX tragedy, why is it so worried that it has to keep daily tabs on what we are doing?