What happened was that what appeared to be a group of Middle Eastern extremists and Western activists, for reasons known only to themselves, decided that our tiny little 18 person Midwestern carpooling list was the perfect place to come and announce to the world their hatred of Jews, America, etc. (We would later find out that, at the time, a number of other Burning Man lists were being hit, some not much larger than ours). By the time we logged in and even knew about this, some of this garbage had been accumulating in the archives for weeks. How embarassing!

And how upsetting for Paul Lewis, the original owner of the list. On returning from an absence, and banning the (apparent) offending parties, Paul found them determined to continue the fight for ... we weren't exactly sure what they were fighting for. Did we mention that it was an 18 person list? Not exactly TV network coverage for those posting in it, but some seemed to feel otherwise. The moment Paul announced that he had banned the offending parties and instituted a restricted membership policy, two more hacked their way in past Yahoo's security and posted more of the same. Paul ended up wondering if his account's security had been compromised, given that letter 7 appeared to have been sent from bm-rides@yahoogroups.com (an address that only moderators should have access to). He stepped down just to be safe.

The headers for the letters in question have been included in case you are skeptical about this, and we hope you would be. Right now, you're seeing them the way they'd look if you visited the archives for bm-rides without logging in. Yahoo's privacy function trims the domain name. Originally, the former list owner was going to download these letters while logged on in order to circumvent this, but made the unpleasant discovery that he could then log himself out from one of those copies. "Could somebody else do that while I'm online?", he wondered. It seemed like too much of a security risk, so these copies have been uploaded in their place, pending an answer to Paul's question from somebody in a position to know.

These alleged offenders were then banned from the list, getting the usual unpleasant kiss off letter - one which is no longer sent, for reasons which will soon be obvious.

"Alleged", you say? "Why the cop-out? Weren't the headers unambiguous?" So one might think. But when we look at the headers in one letter, allegedly from Don Schreiber over at Compuserve, whose law offices are allegedly in the San Francisco Bay Area, we found a .jp address. That would be in Japan. Kind of a strange thing to be seeing in a letter that's supposed to be from California to a North American location, don't you think? Kind of looks like a hacker convering his tracks? Noticing this, the new list owner decided not to send Mr. Schreiber a letter, and Paul decided that the first seven people were owed apologies (which have been sent, along with note to their providers about the confusion). With some interest, we noted that one of these three addresses appeared in each of the eight letters.

66.218.66.216
66.218.66.217
66.218.66.218

Interesting how similar those addresses look, isn't it. What does it mean? We wish we had somebody to ask, but Yahoo wasn't obliging us, leaving us in the dark as to how to proceed from here. One of the victims of this, however, was able to shed a little light.

Mr. Sami Mashney, Esq., an attorney whose practice focuses on the advocacy of Palestinian rights had been subjected to this before, and pointed us in the direction of a troubling article:

http://www.mediamonitors.net/gillespie7.html

In short order, we felt sick.

Here's the story. The people named in that article had been advocates for the Palestinian cause. One day, a group of Israel hackers started spoofing the addresses of these people, sending material much like what we've just seen to hundreds of very annoyed recipients, who then did as we did and complained to their providers, sending copies of the offending e-mail with headers attached. Much hate ended up in their mailboxes and their lives were greatly disrupted. Raja Mattar, in a letter to the outgoing owner, tells us this his Yahoo access has still not returned, and the apology e-mailed to Ellen Stanwick bounced.

Using our best judgment, we would have to say that this would appear to be greatly unjust. A message we've tried to get out to the Burning Man community is this : "Please know that this is going on, so that you will know not to become part of the problem. If your list has been hit, or you have been bothered with these spams personally, we understand your desire to get the problem taken care of, quickly. But I hope that we would agree that to get an innocent person punished merely because somebody forged his name to something would not be justice, and it isn't going to solve the problem". A simple message that seems to fall on deaf ears, but one has to try.

This already has become a recurring problem for our own and other online communities, and will probably continue to be. Hackers, by their very nature, tend to be persistent, because persistence is what makes them good at what they do. The disciplinary system will reward their persistence in a case like this, sad to say, because of the attitude that if somebody is accused of something often enough, he must be guilty. "Where there's smoke, there's fire", and similar nonsense. On these terms, all the hacker has to do to win is do what comes naturally and persist in his spoofing of his victims. What we need to do, as third parties, is change the terms by thinking about our own illogical reactions and changing them for the better. Even if that's not a very postmodern thing to say.

"And you guys are just taking an article on a website on faith? Kind of naive, don't you think?", some might say. To which we say, perhaps so - but what seems more likely? That somebody who turned out to be a professor of law at the University of Illinois had time to spam an obscure carpooling list, or that a group of hackers hit our list too, just for the joy of doing something this bizarre? Which seems more in-character?

"But how do you know that this wasn't a group of Palestinian hackers trying to create the impression that they were Israeli hackers in order to make Israel look bad?" That is possible, I will admit, but I don't believe that it is plausible. Consider who stands to gain here, and who stands to lose. If we find, and can show beyond a reasonable shadow of a doubt that our hackers were Israeli, and word gets around to the memberships of the many other lists they hit, the likely public reaction will be "those dumb kids!". If, on the other hand, they are found to be Palestinian, the likely public reaction will not be one that should make us proud: "those (expletitive deleted) Palestinians!". The only way that one can do political damage to a faction in a conflict in this way, is if those one seeks to sway are ready and eager to believe the very worst of the members of that faction.

In the wake of the September 11, 2001 destruction of the World Trade Center, anti-Muslim sentiments in the United States have run high enough that people of Middle Eastern descent have been held for years without trial, without being charged, and without being allowed access to legal counsel - all with little to no objection on the part of the general population. One can easily see who far more Americans will be quick to believe the worst of, and so the conclusion is inescapable. The most those favoring the Palestinian side of the Israeli-Palestian conflict could hope for out of this incident, under any plausible scenario, would be to break even in terms of political gain. If they are seen as harassing people in this country without reason, they are likely to suffer political losses. The amount of hate mail gathering in Prof.Boyle's box bears testimony to the amount of hostility that can thus be generated. With nothing to gain along the way and everything to lose, why would the Palestian side make that choice, knowing that alone the way that their own people will have their lives made miserable in the process? Why would they hand such a gift to their own opposition, at such a cost to themselves?

"But doesn't that article point to a provider on the West Bank, where many Palestianians live?" Yes, and a fair number of Israeli settlers, who while usually not very wealthy, are typically wealthier than their Arab neighbors, likelier to have Internet access, and have a vested political interest in the generation of hostility toward Palestinian activism, as their settlements are likely to be uprooted if said activism should succeed. Means, motive and opportunity - all three are possessed by the other side in greater abundance, leaving the Palestinian side in this incident looking fairly innocent. An observation which, as we have said, won't be likely to win any ground for their cause, but we hope, as some accept it, will be likely to end some of the harassment of these individuals.

Not that we find ourselves without the need to postulate some real stupidity on the part of the hackers, even should they be Israeli ones. Consider the amount of work done, and the fleeting nature of any gains they may have made. From their vantage point, with extensive contact with people fresh in from the United States, they're in an excellent position to realise that the above points would sooner or later occur to us, and probably sooner. This isn't as dumb as would be the action of working hard to do something that can only cost one political ground, can't possibly gain any for one's side, and is guaranteed to get one's own people harassed to the point of not being able to get work done - but it's still not a ringing endorsement of the intellect of the hackers. If one wishes to play at dirty tricks, the effort could far more effectively be invested elsewhere.

As for our earlier confusion :

If it seems like the staff at BM-Rides was being completely naive and didn't consider the possibility of address spoofing, I would point out that when one looks at the "activity" section in group management one does see the Yahoo IDs for the first seven of these people, who are recorded as having signed up for this list. To think that they had actually been here would be a reasonable mistake to make, if it even is a mistake. A moderator is under a certain amount of time pressure to get a situation under control if he is not to lose his subscribers and, in all fairness, computer security is not an area of specialization for any of the members of this list.

Yahoo hadn't even tried to help, so what could any of us do but take his best guess? If the people whose names you see actually were innocent victims of a spoofing by somebody who hacked into Yahoo's database, as the preponderence of the evidence clearly suggests that they were at this point, how could we not regret what must have been the very strange experience of getting that letter about a list they probably never heard of?

None of this had been stuff we'd be thrilled to see on any list - raw hateful stuff about who was in league with "the Jews". (Really? All 14 million of us? Now, that's coordination!) Certainly, it was off-topic, but what could we do? By the time we found out about this incident, these people (or this person) had subscribed, spammed the list, and then unsubscribed again. There was little we could do at that point, but what little there was to do was done. Paul Lewis, just before he stepped down, sent out this letter at a time when he was taking those addresses at face value:

(Clarity and apologies would come later).

Our initial reaction had been "what could these people, or more likely this person, have possibly been thinking about? 'We have spammed an 18 person list in the Midwest. Now the Israelis must tremble!' Um, yeah. Activists and extremists are an interesting bunch, and if I had to make a guess, I'd guess that our intruder fell into the second category, and had a strong bent toward hacking". We never guessed that they would fall into both categories, but as Israelis they do, we suppose. But even before Mr. Mashney wrote back, this looked weird to us. As we wrote later,

And now we seem to know, and if anything, that understanding makes the whole incident seem even more bizarre : anti-semitic spamming of a very small mostly Jewish-run (*) carpooling list in the Midwestern US, by (presumably Jewish) Israeli wannabee political conspirators hoping to undermine international sympathy for the Palestinians. Political intrigue a la Beavis and Butthead, one might call it. But what our hackers lacked in common sense, they more than made up for in determination and hard work, as they did this to one small target after another. Lives were disrupted at no apparent cost to the hackers themselves, who remain anonymous to this day as near as we can tell. (All that was found was the ISP they used as a base of attack).

As one of my brothers would say, the Internet is a coward's paradise.

Note : If you'd like to set up a link to this page in order to help get the word out, please feel free to bookmark this link here :

The Fake Palestinian Extremist Incident

We'll be leaving this page up indefinitely, as we don't want to see this happen to these people, again. Please, do what you can to get the word out, now more than ever. Anti-arab sentiment is likely to be at an all-time high in light of 9-11 and the Second Gulf War, and the last thing they need is more grief.

Returning to from whence you came ... where DID you come from?

1. The Café Satan Homepage
2. The Homepage for BM-Rides
3. Or would you like to ask us a question?

(*) Formerly Jewish, some would say, because we have generally converted to other religions, but anti-semitism rarely concerns itself with such distinctions. Besides which, there is the issue of family.