Stop the hate, a technical tutorial to trace the origin of hate messages

I have finished writing "Stop the Hate", a technical tutorial to trace the origin of hate messages.

Did you ever receive hate mail? Do you have a blog and wish you could find out who’s sending you those racist messages and make sure they face up to the consequences of their acts?

Are you Jewish, Italian, Irish, Christian, Black, Hindu, Muslim, a woman, gay, or part of any minority and have received a hate message? Well, I decided to write this tutorial to help you stop the hate messages, or at least to make some people face up to the consequences for their racist emails – read on and you’ll be better equipped to react when you’re attacked.

I get my share of hate messages, including death threats, on a regular basis. Here's an example, from somebody we'll call Mr. Hate:

"You jews ARE "pigs and monkeys", and the sooner the Palestinians all their land libertae and jewish swine vermin exterminate , the better. You jews too much world opinion control and distort it to portray yourselves as victims. The sooner a virus that targets and kills juden is developed and shipped the better. Das Welt - Judenfrei, bitte. You are a filthy, inbred race, that has caused havoc throughout the history of the world and the quicker to all you swine death comes, the besser will it be. Stinking Schwein!"

This lovely remark was written as a comment to a post that described how in June 2002, the Iman of the Mosque of Mecca in Saudia Arabia has called all Jews “pigs and monkeys”.

Mr. Hate obviously agrees with the Iman of Mecca, but I decided I wouldn’t take it without a fight. I decided I would do everything possible to find out more about Mr. Hate and make him feel there are consequences to his acts.

The tutorial below will show you how I was able to trace back the message to a computer belonging to the “Australian Department of Defence” (they spell it with a “c”) and how an official investigation is now underway to stop the above anti-Semite from continuing to spread his hate.

Please note that you will not always be able to trace the message, but here are a few technical tools that will give you a good chance of finding the origin of the racist comment. There are many technical courses and books out there related to computer security. My goal in this document was to give simple instructions on how to trace back hate messages - this article is for anyone that owns a computer and has no prior knowledge on how to react after receiving such a message.

So see below for the rest of the article, and don't hesitate to send me an email or comment on the document.





Stop the Hate
A technical tutorial to trace the origin of hate messages
http://www.factsofisrael.com/load.php?
p=/blog/archives/000450.html

This document has been written by David Melle from www.FactsOfIsrael.com

The FactsOfIsrael.com website covers the basic facts on the State of Israel and the Middle East. This includes maps, the history of the region, statistics, and more. We decided to create the FactsOfIsrael.com website and the free screensaver after realizing that although many people are passionate about the Israeli - Palestinian - Arab conflict, many are also clueless about the history, stats, and even the basic facts on Israel and the Middle East. The FactsOfIsrael.com screensaver displays one fact on Israel and the Middle East every few moments. It includes over 499 facts, over 120 images, background music, and more. Additionally, it includes interactive navigation buttons, and support for multiple monitors. FactsOfIsrael.com is not affiliated with any government, company, or institution. It is simply a personal attempt to give information on Israel and the Middle East. Download your free copy of the screensaver now at www.FactsOfIsrael.com , you'll like it.

Introduction

Did you ever receive hate mail? Do you have a blog and wish you could find out who’s sending you those racist messages and make sure they face up to the consequences of their acts? Are you Jewish, Italian, Irish, Christian, Black, Hindu, Muslim, a woman, gay, or part of any minority and have received a hate message?

Well, I decided to write this tutorial to help you stop the hate messages, or at least to make some people face up to the consequences for their racist emails – read on and you’ll be better equipped to react when you’re attacked.

My name is David Melle and I am a Software Engineer who created FactsOfIsrael.com. In my site I cover different aspects of Israel and the Middle East including the history, geography, stats of the region, victims of Palestinian terrorism, Jewish history and more. I get my share of hate messages, including death threats, on a regular basis.

Here's an example, from somebody we'll call Mr. Hate:

"You jews ARE "pigs and monkeys", and the sooner the Palestinians all their land libertae and jewish swine vermin exterminate , the better. You jews too much world opinion control and distort it to portray yourselves as victims. The sooner a virus that targets and kills juden is developed and shipped the better. Das Welt - Judenfrei, bitte. You are a filthy, inbred race, that has caused havoc throughout the history of the world and the quicker to all you swine death comes, the besser will it be. Stinking Schwein!"

This lovely remark was written as a comment to a post that described how in June 2002, the Iman of the Mosque of Mecca in Saudia Arabia has called all Jews “pigs and monkeys” – see:

Iman of the Mosque of Mecca calls Jews "pigs and monkeys" http://www.factsofisrael.com/load.php?p=/blog/archives/000102.html

Mr. Hate obviously agrees with the Iman of Mecca, but I decided I wouldn’t take it without a fight. I decided I would do everything possible to find out more about Mr. Hate and make him feel there are consequences to his acts.

This tutorial will show you how I was able to trace back the message to a computer belonging to the “Australian Department of Defence” (they spell it with a “c”) and how an official investigation is now underway to stop the above anti-Semite from continuing to spread his hate.

Please note that you will not always be able to trace the message, but here are a few technical tools that will give you a good chance of finding the origin of the racist comment. There are many technical courses and books out there related to computer security. My goal in this document was to give simple instructions on how to trace back hate messages - this article is for anyone that owns a computer and has no prior knowledge on how to react after receiving such a message.

I – IP Addresses, or “digital fingerprints”

Ok, so it’s a beautiful Sunday morning. I get up and let my two puppies out in the back yard, and after making myself a cup of coffee, I sit down to check and answer my email.

My heart all of a sudden sinks, after I receive an anti-Semitic and hateful comment that seems to come right out of a 3rd Reich press release (see Mr. Hate’s message above).

The first thing you must do in trying to trace back the origin of the hate message is to find its IP address. IP stands for Internet Protocol, and what many bad guys don’t know is that every computer connected to the Internet has a unique IP address.

Most users connect to the internet through a dial-up service provided by their ISP (Internet Service Provider), and will therefore have a dynamic IP address that is taken out of a pool available to its users. Most private and public companies, Government Institutions, and even users with high-speed DSL connections now have fixed IP addresses that will tell you exactly the origin of the hate message.

If we can find the IP address and trace it back to a computer belonging to a private or public company or a government institution, we’re in business. There’s little doubt that the CEO of the company or the government official in charge of the computers from where the message originated will do everything they can to help you in stopping Mr. Hate – most of them are decent people and it’s in their interest.

Depending on the message you’ve received you’ll be looking for the IP address using different tools. In this document, I will cover comments in Blog software, email messages and web server logs.

1A – Comments in Blog Software

In my case, to manage FactsOfIsrael.com, I use an application called Movable Type. This software will log the IP address of anyone who posts a comment on my site. After clicking on “Edit Entries”, finding Mr. Hate’s entry and clicking on “Edit Comment”, here’s what I had:

As you can see from above, the IP address turns out to be 203.10.231.229 – now I know I have a concrete piece of evidence against Mr. Hate, something like an Internet fingerprint!

Note that I also have an email address (petelczyc@yahoo.com) and a name (Karel Z Petelczyc). But the email address and name fields can be entered by Mr. Hate himself. In most cases, Mr. Hate is not stupid and the name and email will probable be fake. Therefore I ignore it and concentrate on the IP address (we’ll come back to this later).

Ok, but what if you don’t have Movable Type? I can’t cover all cases, but whatever blog software you are using (Blogger.com, Radio Weblog, etc…), there’s probably a function that allows you to retrieve the IP address of the comment/message. Check out the help or ask your administrator, and please send me your specific examples (dmelle@factsofisrael.com) to allow me to update this page – it would be great if I had specific instructions for Blogger and other applications as well.

1B – Email Messages

If you’ve received a hate email message, you can also find its originating IP. You’ll have to dig in into what’s called the “Mail Headers”. Basically, when an email message is sent, it goes from the originating computer through multiple email servers, until it reaches the destination mail server. Different messaging protocols are used, including POP and SMTP, as you can see below (click on image for larger picture):

Click on image for larger picture

Don’t be intimidated by the above illustration: the bottom line is that whenever you receive an email, you can find out the computer (IP address) from where the message originated. For example, here’s another delightful message I received a couple of months ago:

-----Original Message----- From: zoro gorif [mailto:fofifa@caramail.com] Sent: Thursday, August 08, 2002 6:35 PM To: remarks@factsofisrael.com Subject: open this dirty killers.

I am from qassam wing and i would like to inform you that your building is selected this time to be our coming target.

YOU ALREADY KNOW THAT WE WERE ALWAYS SERIOUS AND BE READY TO GATHER THE FLESH AND WASH THE BLOOD.

QASSAM SOLDIER.

The above excuse for a human being is referring to “Izz al-Din Al-Qassam”, a bunch of assassins that are part of the Hamas (Islamic Resistance), a Palestinian group that rejects peace and is dedicated to the destruction of the State of Israel and to the genocide of its citizens. They are responsible for hundreds of homicide/suicide bombings and massacres of Israeli women and children as you can see in the Palestine, Victims, and Palestinian Terrorism pages.

This idiot turned out to be a looser from Morocco - here’s how I found out:

I use Microsoft Outlook XP, and to view the extended e-mail headers here’s what you should do:

1) Open the appropriate e-mail message.
2) From the View menu, select Options.
3) Additional information including the return path, received-from data and the message ID are displayed under Internet Headers.

Here are the headers I got:

Return-Path: Delivered-To: remarks@factsofisrael.com Received: (qmail 25562 invoked by uid 508); 8 Aug 2002 23:36:00 -0000 Received: from unknown (HELO mail3.caramail.com) (213.193.13.94) Received: from caramail.com (www27.caramail.com [213.193.13.37]) by mail3.caramail.com (8.8.8/8.8.8) with SMTP id BAA20779 for remarks@factsofisrael.com; Fri, 9 Aug 2002 01:35:25 +0200 (DST) Posted-Date: Fri, 9 Aug 2002 01:35:25 +0200 (DST) From: zoro gorif To: remarks@factsofisrael.com Message-ID: <1028849725004759@caramail.com> X-Mailer: Caramail - www.caramail.com X-Originating-IP: [212.217.101.20] Mime-Version: 1.0 Subject: open this Date: Fri, 09 Aug 2002 01:35:25 GMT+1 Content-Type: multipart/mixed; boundary="=_NextPart_Caramail_0047591028849725_ID"

Your email client (Outlook Express, Eudora, MSN Hotmail, Yahoo Mail, etc…) has a similar function to check a message’s Mail Headers (if it doesn’t, please change email clients). Ok, there’s a lot of information here, but look at the fifth line from top (the last header that start with “Received:”):

Received: from caramail.com (www27.caramail.com [213.193.13.37])

This indicates which computer (IP address) sent the message. In our case, this was sent from a French web email service called Caramail.com, but many times you’ll get Mr. Hates’ exact IP address.

Note that there’s also a field called “[X-Originating-IP]”. If you see it, great, you can use it, but unfortunately this is not a standard field, and you will not always find it (I know that MSN Hotmail uses it). Another field you may find is “[X-IPAddress]”, but once again that’s not standard.

The best bet is to look at the first “Received:” line, unless you have one of the X [extended] mail headers.

1C – Web server Logs

In addition to blog software logs and mail headers, if you have a Website, you may also check your web server logs. I use Apache to host FactsOfIsrael.com and after checking my logs, I saw that Mr. Hate accessed my website multiple times as shown below:

[28/Aug/2002:22:58:51 -0400] "GET /left.shtml HTTP/1.0" 200 2097 "http://www.factsofisrael.com/load.php?p=http://www.factsofisrael.com/blog/index.php" "Mozilla/4.0 (compatible; MSIE 4.01; Windows NT)" [28/Aug/2002:22:59:11 -0400] "GET /blog/index.php HTTP/1.0" 200 110594 "http://www.factsofisrael.com/load.php?p=http://www.factsofisrael.com/blog/index.php" "Mozilla/4.0 (compatible; MSIE 4.01; Windows NT)" [28/Aug/2002:23:12:36 -0400] "GET /blog//styles-site.css HTTP/1.0" 304 - "http://www.factsofisrael.com/blog/archives/000315.html" "Mozilla/4.0 (compatible; MSIE 4.01; Windows NT)"

This is another digital fingerprint that will help you make your case when making Mr. Hate responsible for his acts. To find the above, I first had to make sure I knew where my Apache logs were stored (ask your hosting company if you don’t know).

I then connected to my hosted account (through a secure program called SSH), and did a “grep 203.10.231.229 access_log”, which basically looked for all instances of web pages served to Mr. Hate’s IP address at 203.10.231.229.

I knew in advance which IP address I was looking for based on the investigation from sections 1A and 1B. Note that many hosting companies will only keep the last 48 hours of your web logs, so act fast.

No matter what web server software (Apache or Microsoft IIS), or what Operating System (Linux, Windows, Solaris, etc…) you are using, you can scan your web server logs in a similar way.

II – Traceroute, or “finding where Mr. Hate hides”

Ok, so now we have Mr. Hate’s IP Address, 203.10.231.229 – but instead of these weird numbers, can we have Mr. Hate’s name? Well not exactly, but we can find out if Mr. Hate’s computer has a name.

As mentioned before, the IP address is a number that uniquely identifies a computer on a network, such as the Internet. Computers enjoy managing numbers; it’s easy and convenient for them. But we humans prefer names since, for example, it’s a lot easier to remember www.jpost.com instead of 192.114.68.51 (the IP address of the computer called "www.jpost.com")

So to make our lives easier, the smart folks that invented the Internet (no, it was not Al Gore!), made something called DNS, or Domain Name Service. DNS servers basically translate names (Links) into numbers (IP Addresses) and vice-versa (Reverse DNS).

When you type in a link into your browser’s address (such as www.littlegreenfootballs.com), a DNS server will translate it to it’s IP Address (64.239.122.12). If you have an IP and you want a name, you would use a Reverse DNS Service.

There are many reverse DNS services out there, but one of the simplest and most effective tools is available right on your desktop computer. In Windows operating systems (Windos 95/98/Me/2000/XP), there’s a program called “tracert” (Trace Route) that you can use to check what path would take a message sent from your computer to any other computer in the world.

Remember that any email or message sent from one computer to another computer in the Internet will travel through multiple machines, sometimes even crossing countries. The great thing is that “tracert” also does an automatic reverse DNS of every machine it hits, giving us names we can understand.

So, here’s what to do to trace Mr. Hate’s IP address:

1) Click on Start / Run.
2) Type in “cmd” (for Windows 2000/XP), or “command” for Windows 95/98/Me.
3) A command line window opens up.
4) Type in “tracert 203.10.231.229”

Here’s what I got (I removed my originating IP for security reasons):

Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp.

C:\>tracert 203.10.231.229

Tracing route to defepx01.defence.gov.au [203.10.231.229] over a maximum of 30 hops:

9 63 ms 75 ms 91 ms sl-st20-sj-14-0.sprintlink.net [144.232.20.66]
10 21 ms 22 ms 29 ms bpr1-so-6-0-0.SanJoseEquinix.cw.net [208.173.54.9]
11 23 ms 23 ms 22 ms iar4-loopback.SanFrancisco.cw.net [206.24.210.45]
12 21 ms 22 ms 22 ms optus-networks.SanFrancisco.cw.net [208.173.173.218]
13 171 ms 171 ms 171 ms pos2-1.ig5.optus.net.au [203.202.143.209]
14 337 ms 335 ms 336 ms 202.139.129.130
15 323 ms 327 ms 323 ms defepx01.defence.gov.au [203.10.231.229]

Trace complete.

Since I originally started distributing this document, I have received some great feedback on additional tools we can use to find Mr. Hate. If you use Mac OS or Linux check out “Appendix A – ‘Trace Route’ tools for additional Operating Systems” at the end of this document.

Please send an email to dmelle@factsofisrael.com if you have any suggestions on good trace tools for Windows or any other OS (Mac OS, Linux, Solaris, etc…) and I’ll update this document.

By the way, to copy and paste text from within a “cmd” (or “command”) line window, simply select the text to be copied with your mouse and press “Enter”. You can then use CTRL-V to paste the text in any other application (Notepad, Word, etc…).

From above we can see my message went through:

1) A computer belonging to Sprint (sl-st20-sj-14-0.sprintlink.net [144.232.20.66])
2) A computer in San Jose (bpr1-so-6-0-0.SanJoseEquinix.cw.net [208.173.54.9])
3) A couple of computers in San Francisco (optus-networks.SanFrancisco.cw.net [208.173.173.218])
4) It then jumped to a computer in Australia (pos2-1.ig5.optus.net.au [203.202.143.209])
5) It finally reached Mr. Hate’s computer at defepx01.defence.gov.au [203.10.231.229]

So Mr. Hate’s computer (at the IP address 203.10.231.229) has a name and it’s “defepx01.defence.gov.au” . I removed the “defepx01” from the beginning of Mr. Hate’s computer name, and added “www” instead, giving me www.defence.gov.au – most web servers start with “www” (for World Wide Web).

I then opened a browser and pointed my browser to www.defence.gov.au .

To my surprise I found out that this website and the domain “defence.gov.au” is owned by the Australian Department of Defense! Oh my God! Has Australia joined forces with the Palestinian Islamic Jihad and Neo-Nazi groups to annihilate the Jewish people?

Definitely not, but someone using a computer that belongs to Australia’s Department of Defense (ADoD) sent me the racist message. Mr. Hate could be an employee of the ADoD or someone who has hacked into ADoD’s network and is using its resources to spread racism and intolerance. I decided I better tell Australia’s Department of Defense that this is happening, so they could find out who Mr. Hate is and take the appropriate action (hopefully fire him or bring criminal charges against him/her).

2A – Mr. Hate’s Name and Email

I said earlier that we should ignore the name and email address we receive in a hate message, since this information might not be valid. That’s true: many people might spoof someone’s email address or name instead of giving their real name when sending a racist or anti-Semitic message.

That said, sometimes these racists are such idiots that they might even give you their real name and email address when sending their hate message. Therefore it doesn’t hurt to do a bit more research to see if you can find any web page that mentions Mr. Hate’s name.

Furthermore, many times, even though Mr. Hate is passing in fake information, he’ll use the same false name and email address in other racist comments in additional websites. This will allow you to at least contact somebody else that has been attacked by Mr. Hate and will give you a bit more information on him.

So, just to see if I could dig up something new, I pointed my browser to www.google.com and typed in “petelczyc@yahoo.com” (Mr. Hate’s email address).

At http://www.wj.com.au/
message/_disc6/00000021.htm
I found the following (Google cached page):

Flying to Lightning Ridge From: Michal (petelczyc@yahoo.com) Date: 20 May 2002 Time: 10:06:31 Remote Name: dknip001.defence.gov.au

Comments
Are there any flights Sydney to Lightning Ridge return? I'd want to leave Sydney on a Friday (anytime) and leave LR Sunday arvo....please e-mail me on petelczyc@yahoo.com

Hmmm… Mr. Hate’s name seems to be Michal, and he seems to live in Sidney, Australia. He also sent his message from another Australian Department of Defence computer – our original assumptions seem to be holding up.

At http://www.alandall.co.uk/
watn/registers/mar_2002.htm
I found the following:

Name: petelczyc Last Known: RAF in WW2 Contact: petelczyc@yahoo.com Date: 14 March 2002

Comments
Trying to find out anything about my dad who is Polish and served with the RAF during WW2. . I think my old man was a radio operator and held the rank of sergeant (or is it flight sergeant?)

Ok, it seems that Mr. Hate is of Polish origin and a rabid anti-Semite.

At http://kingpopiel.tripod.com/guestlog.htm I found the following:

Name: Michal Karol Petelczyc E_mail: petelczyc@yahoo.com URL: Town: SYdney State: NSW Date: 08 Jul 2002 Time: 03:22:43 Comments My father, Michal Josef Petelczyc, came to AUstralia from Poland in 1949 or so and died o2 July 2002 aged 82 or 83. I believe he came from a village called Petelczyce which is either in Poland or Belorussia. As of today, 8 July 2002, I believe he has one sister alive in Poland/Belorussia. I'd like to contact her or any other Petelczyc relative. I have a son Luke and a daughter Jade, both of whom also live in Australia

More details on Mr. Hate’s family history. His father apparently came to Australia from Poland in 1949 – I wonder if his dead Dad helped the Nazis try to exterminate the Jews during the Holocaust? And if he did, is Mr. Hate proud?

I then searched for “Michal Petelczyc” (the quotes are important) on Google.com and found the following:

At http://members.ozemail.com.au/
~yorkhouse/ahoy2001.html
I found:

12th May 2001 Hi, great site. I am an ex-MOBI January '67 intake. I am trying to contact one or moe of the following:

CPOFC Donelly, married a Wran, bought a farm in Vic near Cerberus
CPOETW "Sunshine" Clifford, served at HMAS WATSON
ERA Dick Roebuck Jan '67 intake NIRIMBA

Cheers
Michal Petelczyc
petelczyc@yahoo.com

What’s a MOBI? Some kind of Australian military term? Is Mr. Hate a MOBI Dick?

At http://www.abc.net.au/news/indepth/
featureitems/s485028.htm
I found:

Whether leg before wicket, stumped, caught, caught and bowled, run-out, clean bowled, hit wicket with bat, out is out Dr Hollingworth. Time for you to now leave the crease - a batsman does not appeal when he is deemed out. Similarly, the majority of Australians have decided you are out (of order, of your depth, of your ability, of your competence, of your understanding of basic Australian moral issues), so walk. -- M K Petelczyc

So, Honest John will hold a royal commission into child sexual abuse if he is convinced it will help victims and fight the "flesh-creeping" practice. Come on Mr Howard, admit you made a monumental stuff-up in appointing Dr Hollingworth. As Dr Hollingworth is now readily quoting the bible and claims God endorses his actions, may I offer this biblical quote to Mssrs Howard, Ruddock, Costello & Hollingworth: "What you sow, so shall you reap". And Dr Hollingworth, just go, please.
-- Michal Petelczyc

The above seems to be some commentary by Mr. Hate on Australian politics, and it’s out of my league. But once again it has proven that Mr. Hate lives in Australia, supporting the evidence we had previously uncovered.

So if Mr. Hate is really stupid (and he seems to be), he entered his real email address and name when posting his racist comments on FactsOfIsrael.com.

Our Mr. Hate seems to be none other than Michal Karol Petelczyc who lives in Sidney, Australia and either works or has worked for the Australian Department of Defense. He’s of Polish origin and has one son and a daughter who also live in Australia.

Once again, we don’t know this for sure, but this information can be useful later. In any case, although the name might be fake, the IP address certainly isn’t – the hate message definitely came from a computer that belongs to the Australian Department of Defense.

III – Sending a warning email, or “making Mr. Hate crawl out of his hole”

Now, armed with my Movable Types logs, my Trace Route, Mr. Hate’s IP address and its Reverse DNS, my Apache logs, and my Google links with Mr. Hate’s real name I decided to contact the Australian Department Of Defense and ask them to open an investigation to find out why Mr. Hate is sending racist messages using ADoD computers.

For the Australian Department of Defense, all I had to do was go to their main website at www.defence.gov.au and find many contact email addresses listed.

For private and public companies, I try to contact not only the technical folks (the webmaster or the IT Department), but also the Marketing/Sales people. They are generally more sensitive to issues that might harm their image, particularly if it’s a publicly traded company.

Furthermore, if you send your email to multiple recipients, you have a better chance of getting an answer – I don’t condone spam, but sending your message to 3-4 different people in Mr. Hate’s company will increase your chances of getting results – just make sure you don’t go overboard.

When writing your messages please be very precise and to the point. Be polite and respectful - after all you are sending a message to someone who doesn’t know you and you are asking for their help. They might not even know that someone in their organization is using a computer to send out hate messages: it’s your job to make sure they’ll want to cooperate with you in finding Mr. Hate.

Although free speech is something I strongly believe in, private and public companies, government institutions and ISPs have license agreements and rules that their users must respect. Wishing for the genocide of all Jews or sending death threats generally will break one or more of these rules, allowing their internal groups to properly prosecute Mr. Hate.

Here’s the message I sent to the Australian Department of Defense (for security reasons I removed the real Australian DoD email addresses):

-----Original Message----- From: David Melle [mailto:dmelle@factsofisrael.com] Sent: Monday, August 26, 2002 9:23 PM To: user1@cbr.defence.gov.au; user2@cbr.defence.gov.au; Cc: petelczyz@yahoo.com Subject: Racist messages sent from Australia's Department of Defence Computers

Hello,

One of your users, Michal Karel Petelczyz (petelczyz@yahoo.com) sent me the message below:

"You jews ARE "pigs and monkeys", and the sooner the Palestinians all their land libertae and jewish swine vermin exterminate , the better. You jews too much world opinion control and distort it to portray yourselves as victims. The sooner a virus that targets and kills juden is developed and shipped the better. Das Welt - Judenfrei, bitte. You are a filthy, inbred race, that has caused havoc throughout the history of the world and the quicker to all you swine death comes, the besser will it be. Stinking Schwein!"

I have traced the message he sent from one of your IP address - 203.10.231.229 - which corresponds to a computer that belongs to Australia's Department of Defence - the server defepx01.defence.gov.au

Mr. Petelczyz who seems to be of Polish origin (see http://www.alandall.co.uk/watn/registers/mar_2002.htm and http://kingpopiel.tripod.com/guestlog.htm ) is apparently living in Australia and uses Australia's Department of Defense Internet resources to send hate messages. He is racist and anti-Semitic.

Although “Michal Karel Petelczyz” and petelczyz@yahoo.com might not be the real name and email address of the sender of the racist message, the originating IP address from above is definitely linked to a computer belonging to the Australian Department of Defence.

Why does the Australia Department of Defence allow such racist messages to be sent from its servers? Does Mr. Petelczyz work for the Department of Defence or has he hacked into one of your servers?

Please let me know the results of your investigation and do not hesitate to contact me if you have any additional questions or remarks.

David Melle,
dmelle@factsofisrael.com

One day after sending the above message, I had three responses from different members of the Australian Department of Defense. They all told me that they took this matter very seriously and they promised me an investigation would start.

Please note that all of your messages might not get this kind of response. Australia, like the United States and Israel, are countries based on Democracy, human rights and freedom. Racist, homophobic and anti-Semitic messages are not accepted by the large majority of the population and their institutions. Don’t expect this kind of response from French or Moroccan ISPs for example (I tried).

As I write this document, the investigation has not yet ended. In fact I wrote this document to help the investigation. Hopefully, Mr. Hate will learn that there are consequences to sending hate messages.

IV – Make it public, or “making Mr. Hate sweat”.

Notice that when I sent my email explaining what had happened and the evidence I had, I sent a carbon copy (CC) to Mr. Hate himself (or at least the email message Mr. Hate entered in his comment - petelczyz@yahoo.com).

This serves two purposes:

1) Generally, people that are accused of something they haven’t done will come out very quickly and strongly deny they are responsible for it. Michal Petelczyc has not yet contacted me after I sent him the email.
2) Make Mr. Hate squirm. Make sure he understands that you are on to him, and that you won’t let him intimidate you. Make him feel ashamed for his racist remarks, make his son and daughter realize what a racist father they have.

Talk to your friends and family about your investigation and its results. Contact your local press if you can and tell your story. If you have a blog, post the whole thing online and ask for comments.

After sending the message, I also posted the whole story on FactsOfIsrael.com, where hundreds of people can see it daily. You may find my post under the “Anti-Semitism” category at:

Australia's Department of Defence computers used to generate racist and anti-Semitic messages http://www.factsofisrael.com/load.php?p=/blog/archives/000315.html

V – IP Spoofing, or “how Mr. Hate hides like a coward”

I mentioned at the beginning of this article that every computer connected to the Internet has its own unique IP address. Although this address cannot in normal circumstances be changed, there are exceptions to this rule.

One of the techniques used by professional hackers is called “IP Spoofing”. With IP Spoofing, the hacker will basically change the IP address of his/her computer replacing it with the IP address of another computer from the network. The result is that although your software (blog, email or web server) might log a certain IP address, the real IP is not taken into account.

Although this technique exists, it is extremely rare and only professional hackers know how to implement it. In any case, once you send an email to the originating organization, their IT department can start the investigation and they will notify you if they notice any trace of IP spoofing (your message activity logs will not match their logs).

VI – The “Stop the Hate” campaign and button

I hope you enjoyed this tutorial and I wish you luck in fighting Mr. Hate wherever he is. Don’t let the network bully push you around: stand up and let him feel the heat. It’s the best way to stop these fanatics from spreading their hatred.

If you found this document useful and would like to spread the word, I have created a button which you may place on your website:

Here’s the HTML code you can use to link to this article:

<a href=” http://www.factsofisrael.com/load.php?p=/blog/archives/000450.html” target=”_blank”> <img src=”http://www.factsofisrael.com/en/images/ stopthehate/stopthehate-icon.jpg” width=”70” height=”106” border=”0”> </a>

I have also created an MS-Word version of this article. If you’d like to download and send it to your friends and family, click on the image below:

factsofisrael.com-stop-the-hate.doc (MS Word Format, Size: 1.64Mb)
One last remark: choose your battles wisely. Not every message you receive deserves the attention and investigation described above. Attack the big fish, the ones that deserve the title “Mr. Hate” –you won’t burn out and your case will be stronger.

Thanks and good luck!

David Melle
dmelle@factsofisrael.com
Get the facts, check out http://www.FactsOfIsrael.com

November 2002.


Appendix A – “Trace Route” tools for additional Operating Systems

After releasing this document, I received a few messages with remarks and suggestions on how to execute a trace route in non-Windows Operating Systems – thanks to all of those who sent me the messages! If you use a Mac or Linux, try this:

A.1 Mac OS X

Suggestion given by Andres M.:

As Mac OS X is just a flavor of Unix you use the "traceroute" command as you would in Linux (or other Unix OS). To use this shell command you must first start up the Terminal application, which is in the Utilities folder.

A.2 Mac OS, classic (anything lower than X - 9, 8, etc…)

Suggestion given by Andres M.:

There are a number of utilities which do the same job as OS X’s “traceroute” command such as:

* The freeware WhatRoute - http://crash.ihug.co.nz/~bryanc/
* The shareware Interarchy (really an ftp client on steroids) - http://www.interarchy.com/

You would need utilities like these on the older (classic) Mac OS.

A.3 Linux

Whatever flavor of Linux you are using, open up a bash window (or whatever command shell you prefer). I used the bash that came with Linux Redhat 7.0. Just like the MS-DOS/Windows version, all you need to do is:

>traceroute 203.10.231.229

A.4 Lokbox Lookup

I found a great utility for Windows called "Lokbox Lookup". It allows you to do WhoIs searches (who owns a domain), DNS and Reverse DNS lookups, WhoIs searches by IP address (who owns an IP address) and more. Download "Lokbox Lookup" for free at:

http://www.lokbox.net/download.asp

A.5 Better “tracert” for Windows

Suggestion given by Brendan W.:

One tool you might be interested in using to hunt down people like your obnoxious correspondent is a freeware tool called Trace. It's simply a .bat file that simplifies the sequenced use of internal Windows tools. In terms of what it can do it's nothing out of the ordinary, but it is handy for the way it automates the whole tracking process:

http://www.pc-help.org/trace.htm
Posted by David Melle
 Link to this page |   Email this entry |   digg this

Comments

David,

I hope you keep us updated with any developments on your friend Petelczyc.

I was with a sinking feeling that I saw that your Mr Hate was an Australian. Anti-Israel views are quite common (mostly, I feel, due to mis-information about the Arab/Israeli conflict, which I try to gently correct where possible) but I have never come across this garbage in face-to-face speech.

I intend to forward this to Tim Blair, a journalist and top Aussie blogger, so it's possible we might have some local follow-up (at least when he gets back from the US)

Posted by: parallel at November 3, 2002 09:53 PM


Please consider the suspect to be innocent until proven guilty.

The odious Karel Z Petelczyc may have no connection to the MK Petelczyc of Reynolds St, Balmain NSW, the MK Petelczyc of Hargarve St Paddington NSW, Jon and Jenny Petelczyc way out in the isolated bush at Joondalup WA, or OJ Petelczyc of Parson's Way, Innaloo WA.

Petelczyc is an uncommon, but obviously not unique Polish, Prussian or Byelorussian name (the spelling czyc pronounced "check" is a dead giveaway that it's probably Polish).

Given from the first post you quoted that Mikel Petelczyc's dad served with the RAF ( that's Royal Air Force - British ) on bombers during WW2 - the ones with if I remember correctly a 60% casualty rate when they were bombing the crap out of Nazi Germany - your remark

"His father apparently came to Australia from Poland in 1949 – I wonder if his dead Dad helped the Nazis try to exterminate the Jews during the Holocaust? And if he did, is Mr. Hate proud?"

seems intemperate. Those Poles who kept on killing the Nazis (you know - the ones actually responsible for the Holocaust) before Hitler backstabbed Stalin were Not Welcome back in the People's Paradise of Poland after the war. Many came to Australia. Some, like many Poles, were rabid anti-Semites. Others, like many Poles before the Holocaust, were Jewish. Mikel Petalczyc's dad might be in either category, or neither.

From other evidence, it appears that Mikel Petelczyc is a member of the Royal Australian Navy.

He was likely born in the 1950's, in Australia. English would be his first language.
This just doesn't add up with the Germanicisms in the post. The structure is not that of Polish either. Someone is definitely trying to cover their identity.

I'm in Canberra (Australia's equivalent of Washington DC) and have worked as a contractor at the Dept of Defence. And for a legal publisher. Depending on the state where the post was made, the post may or may not be against the law, but IANAL. Such abuse of e-mail at Defence is taken *very seriously indeed* though, regardless. I'd be very interested in what response you get, and if no satisfactory response is forthcoming, I'll take my own actions, up to and including a quiet word in senior people's ears.

Based on my own quick analysis of the post, I'd say it was some dickhead in Defence who may have thought it would be a good laugh to get Mike Petelczyc in a bit of trouble. Or worse, some ratbag who has a thing about Red Sea Pedestrians but is too cowardly to say so except masquerading as someone else. I could be wrong, but I don't think so. Whoever it is, they're going to be in Trouble. If it was a bad, sad, practical joke would you accept a formal apology from the culprit, and another from the Australian Department of Defence? Regardless, you should at least get the latter, if the IP address wasn't spoofed (which although not impossible, is unlikely). Please accept in the interim my personal apology as an Australian, should my taxes have been misused by some bloody insensitive idiot or jew-hating dill as seems likely. And my thanks for the practical help you've already given in ferreting out the miscreant, even if the IP address was spoofed.

Feel free to contact me at my e-mail address about this.

Posted by: Alan E Brain at November 14, 2002 03:53 AM


may it be known that no amount of intimmidation,hatred,abuse name it will bring israel down not even terrorism. those of us who believe in the bible know that blessed are the ones who bless the children of israel and those who curse them stand cursed, this is irreversible.palestinians and other arabs would better be making peace with israel as the path of bloodshed that they seem to pursue will not succeed as no one beats israel.when they detonate a bomb in mombasa what do they gain? three or four grown up men exploding a car bomb out of hatred killing my poor kenyans and little israeli children.this is quite silly to the planners and whoever sends them.they are a failure and so is the religion that encourages them to commit such acts.

Posted by: vincent at December 3, 2002 01:14 AM


Sir:

I downloaded your tutorial with great interest. You are providing an invaluable service on this site. It's a very sad fact that anti-semitism appears to be on the increase and its dissemination via the Internet is adding to its poisonous effects.

Posted by: Tom Tibor at January 13, 2003 10:56 AM


Since NO actual God has ever required that we HATE and kill any "Race", and since Science has put all Race Theory to rest (we are ALL inter-breeding virtually identical biologies), it is obvious that hate-mongering is a purely political act. Look for the Tyrant who is USING weak-mindedness to trick idiots into sacrificing their lives for him.

May I suggest that we go after the Tyrants? Name their names. Who cares about the name of the weak-minded idiot who has no clue. Is there a way to "reveal" the cynical Hand behind the hatred?

The acts of tyrants can be traced. Their attempts to "blame others" for their own failures is like a watermark, a seal of authenticity for Losers.

Your Site is a big help.

Posted by: Tom Key at July 9, 2003 06:49 PM


Jews & Christians are as much the followers of Abraham as Muslims are. Is it then not possible for us all to give each other due consideration & respecting each other on the basis that firstly, we are the followers of Abraham(Peace be Upon him) & secondly, because we all are humans. How is possible to blame somebody else for our troubles. We all are responsible for our own acts & deeds. Isn't this the very thing which differntiates us humans from the animals. We must correct ourselves rather than to point fingers at others. This is the essence of Islamic Jihad - to control one's acts in such a way that no harms should come to oneself & others & not to hurt others. Strive for inner correction- that's what we should aim for. If we realize this, only then can we be sure that we have acomplished something, which can NEVER be achieved by killing jews, Christians or Muslims.

Posted by: Erum Qayyum at July 22, 2003 01:17 AM


"...and since Science has put all Race Theory to rest (we are ALL inter-breeding virtually identical biologies, it is obvious that hate-mongering is a purely political act. Look for the Tyrant who is USING weak-mindedness to trick idiots into sacrificing their lives for him."

"..their own failures is like a watermark, a seal of authenticity for Losers."

Clap Clap Clap Clap, nicely said.

I feel for those in Israel who have faced nothing but hatred for centuries. Israel will never fall.

Posted by: Ru_D at October 15, 2003 06:13 AM


its interesting to read about your reaction. someone once wrote a death threat on my locker door while I was in high school. I just thought they were being mean. My feelings were hurt, but I ignored it for the most part. I don't consider myself part of a political or racial minority, so I think this is why my reaction might have been different.

There were people whom I had in my mind that might have written the note. They picked on me because I was outspoken in my religious beliefs, and because they knew they could get away with it. But those same people were only the type to write mean things and not actually to do them.

Nothing ever happened to follow up that note. Perhaps if I had made a big deal about it someone might have enjoyed my fearful reaction.

Posted by: anonymous_please at December 3, 2003 07:32 PM


I suggest, to do this webpage in spanish for thounsands of jewish are living in South America. Thank you, and Shalom

Posted by: Javier Yearson at March 5, 2004 11:31 AM


I have read your tutorial on tracing the origin of the poster of the hate message. It's good as to its technical merits IMHO. I might have added a few things but that's not the point of this post. I would like you to consider several things.

1. It is 99% certain the post was made from a computer owned by the Australian defense dept.
2. It is in no way certain that the poster was the hater.
3. Consider how easy it is to post a comment to a web forum and add a name and email address.

Based on the above, my first reaction to the hate message would be that the poster is not Petelczyc but someone who wants to make him look bad. This someone most likely works at the Australian defense dept. because it is highly unlikely that someone who does not work there would have access to their computers.

Petelczyc may work there also. Based on my quick reading of the case you present, my guess is that he does. The fact that he did not respond to your email can actually be construed as evidence that he did not make the post. I say this because if he does work for the defense dept., he may be required in such a situation to disclose your email to his superiors. Even if he were not required to so do, I woud think his best course of action would be to disclose it.

The computer that the post was made from is positively identified assuming the dept. has reliable records. Now, you have to place Petelczyc at that computer at the time of the post. I think you see where I'm going here. It is possible that an innocent man has been set up as patsy. Worse case scenario would be that the dept. can make an analysis and prove that the post came from Petelczyc's computer and that he was at work at that time but he had stepped away from his office for a second and someone unknown posted that message.

My guess as to what really happened is that the poster is not Petelczyc. Both work for the dept. The poster has it in for Petelczyc. The poster did not post from Petelczyc's computer. The dept. will not be able to determine who made the post. The direct consequences to Petelczyc are minimal but a seed has been planted and his career may be affected for the worse.

I just found your website today and it's great.

Posted by: anonymous at June 1, 2004 07:39 PM


There's a great little programme you can download from www.samspade.org as well as using several online tools there. It's worth a look. I know who sends me my hate mail. Unfortunately, IP spoofing and the ability to hide IP addresses, seems to be becoming more common.

Posted by: Just Me at August 16, 2004 09:00 PM


Or having a dynamic ip like me is good too.

Another smart way is to go to a friend's house or public access to spam from there :)

Posted by: Asker at December 1, 2004 04:57 AM


No matter if you rigt or wrong, be carefull making generalizations about whole nations.

Few things about Poland and Polish people you may want to know:

- Poland had the largest Jewish population before WWII. It is not an accident. Ask yourself why the Jews from other countries were settling in Poland for centuries.

- Poland was the only country in Nazi-occupied Europe where helping Jews was punishable by death to the one that helps AND his family. Yet, 40% of the trees in the Yad Vashem instutute are for Polish people. And thousands of other dont have a tree because they perished.

Take a look, at for example, Zegota:

http://www.chgs.umn.edu/Visual___Artistic_Resources/Fritz_Hirschberger2/Zegota/zegota.html

- I am not sure if you realize the historical conditions of Poland during WWII ... here is an interesting (though emotional site) covering history you likely never heard of:

http://www.polandsholocaust.org/intro.html

Poland lost over 6 million people during WWII, half of them Jews. To most of the people, the story of Poland during WWII and the fact that it was given to the Soviets on a silver plate is little known.

- Yes - there may be cases of antisemitic episodes in Poland. But keep it in the context of the Europe under Nazi rule. When you condemn the Poles and praise Danes or Duch, keep in mind that thousands of the latter were part of Wermacht and their goverments collaborated with the Nazis. Not to mention the French.

Good luck with your site -

Wdowiak

Posted by: Grzegorz Wdowiak at January 6, 2005 12:51 PM


On the "he could have been setup front", it's worth noting that the message did look like it was typed in a rush.
Possibly suggesting that the real Mr. Hate could have been using this other guy's computer while he was away.
On the other hand, his English could just be bad or he could have been in a rush just because he didn't want anyone else seeing what he was doing.

Posted by: Luke at January 22, 2005 12:09 PM


I came here from Countercolumn ( http://www.iraqnow.blogspot.com ). I use a different tool to find traceroutes and DNS lookups and so forth: DNS Stuff ( http://www.dnsstuff.com/ ). It's a web page that has all sorts of useful tools for that sort of thing.

Posted by: Chap [TypeKey Profile Page] at December 8, 2005 07:45 PM


Hi!
Great work guys. Very nicely done. Keep it up!

Posted by: ELLA at January 15, 2007 11:20 AM


The defence computer defepx01.defence.gov.au is clearly a proxy. This is certainly not the actual machine the user was running their browser session from. Only the Aus DoD who have access to their proxy logs are in any position to know the actual machine the user was using. Keep this in mind when you make statements like "Mr X was using computer Y" - he wasn't.

Posted by: sfg at August 27, 2007 07:04 PM


Hi Erum Qayyum
You write that since we are Abrahmic, we should be friends. Will not that exclude others like Hindus and Buddhists? Moreover we in India have better relations with jews even though we are not Abrahmic. Honestly I can not understand why
guys fight so much. but indeed jews are innocent. God curse all holocaust deniers
and your article was very great, melle
keep it you
i love all jews

Posted by: amit at November 26, 2009 11:57 AM


Hi amit,

It's been 6 years since I commented on the article, but yes, killing of all humans is an offense, be they jews, hindus etc. I like jews too.

Posted by: Erum at December 7, 2009 10:27 AM


Post a comment




Remember Me?


Enter the code shown:   
This helps us prevent automated spam comments

Comments are open and unmoderated, although obscene or abusive remarks may be deleted. Opinions expressed do not necessarily reflect the views of FactsOfIsrael.com. See the Terms of Use for more details.

Email this entry
Email this entry to
(Please enter email address):


Your email address:


Message (optional):


Referrers to this Page

FAIR USE NOTICE

This site contains some copyrighted materials the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml. If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner.