Sunday, April 1, 2007

The White House email controversy: who runs GWB43.COM?


By David Gewirtz

We continue our technical analysis of the White House missing email controversy. Last week, we learned that the President's staff uses at least two domains for email: EOP.GOV for official business and GWB43.COM for political business. This week, we explore GWB43.COM for clues into the White House email infrastructure. We've come up with some disturbing new questions.

Follow the domain

Like the good email geeks we are, we did some research into the the GWB43.COM domain name, looking for whatever information we could find in the protocol wiring that runs deep under the surface of the Internet.

Before we show the first image from this investigation, it should be noted that we're being quite rigorous in our editorial practices for this special investigation. Normally, when we display an image, we generally size it to be convenient for you to display on your monitor.

"Finance guys follow the money. We geeks follow the domains."

However, because we want to make sure that we're capturing all of the information available and presenting it to you in a completely unaltered way, any time we capture a screenshot, we're going to have the clicked-through image be the full, unretouched image. Unfortunately, that means that once you click through the thumbnails, you're likely to be downloading some very big graphics. In this case, we'd rather be accurate and complete rather than convenient, so please bear with us.

To get started, we first ran a DNS report, shown in Figure A.


Where does GWB43.COM go? (click for larger image)

The DNS (Domain Name System) can be likened to a phone book for Internet communications. The DNS system is designed to translate human-understandable domain names (like GWB43.COM) to Internet-understandable IP addresses (like in much the same way that a phone book translates a person's name to his or her phone number.

These IP address translations are controlled at various levels by Domain Name Servers. Most domains are controlled by specific DNSs. For example, all of our ZATZ domains are controlled by our own DNS servers, which are computers we own and operate, but have located in our ISP's highly-secured facility within the former Command and Control Center of what was once the Chanute Air Force Base, a building affectionately known as "The Fortress".

Generally, a domain name like GWB43.COM can lead you to a domain name server and (this is where it's interesting for our investigative purposes), a domain name server can lead you to the service provider managing the domain.