Proof Stonetear is full of shit
125 2016-09-24 by nycola
I have to wonder how much the FBI actually fact checked, because I was able to fact check a story in a few hours of virtual machine installations
See here: https://i.imgur.com/VUrQhO8.jpg
This sounded shady to me - so, I decided to setup an internal SBS2011 (2008 R2 w/ Embedded Exchange 2010), along with another internal mail server to test correspondences and see what happened to an email address & Account after it was renamed in Exchange.
Here are the results
If you want - I can record the entire process of me renaming the accounts and exchanging emails, I'll need to dust off dxtory & Vegas though.
27 comments
17 pjvex 2016-09-24
Good work. I know there are some amount of intelligent people in the government, but that's the problem with government... Unless you are an idealistic recent college graduate, nobody cares about doing their job unless they are directed to do something, receive the proper instructions to do it, and everything follows the appropriate bureaucratic procedure. So no one would likely take the initiative you just did in setting up those virtual devices to confirm behavior of the outlook/exchange server.
Other than the above described problem, I'm guessing that federal employees waste a tax dollars surfing BBC porn, downloading torrents, or spending hours on My Little Pony fanpic sites (as has been confirmed in the news periodically).
2 uxixu 2016-09-24
yup. The entire bureaucratic structure needs to be purged. Difficult to see that happening peacefully. Getting the right POTUS, congressional majorities and judges in the appellate and supreme court at the same time would be extremely unlikely. Possible to circumvent all 3 with Article V, of course...
13 acurafail 2016-09-24
Nice work.
Could you elaborate on the use of the open source email server mentioned at the end? What's the significance / reasoning of that?
I'm trying to make sure I get the full picture here.
11 nycola 2016-09-24
I just needed an additional email server internally, setting up exchange again is a pain in the ass, but I wanted to demonstrate what Outlook showed from both sides, so simply piping raw SMTP helo commands wouldn't accomplish that. The reason this is significant is because Exchange handles internal emails a bit differently, it doesn't show the to/from it simply shows the "Name" due to it associating accounts with Active Directory SIDs. I needed to emulate "external" emails coming in and going out to show what happens. So while "hillary's" account is based in an exchange 2010 environment, John smith's is hosted using https://www.hmailserver.com open source email server. Neither domains used are "real" and all correspondence was done via internal lan with the SBS acting as the NS server for both domain and MX records.
Edit: here is a screenshot of what "internal" exchange correspondences look like between users on the same server. As you can see I have to mouseover the name for it to display the email address associated to it. Because of this, I felt it would be easier to demonstrate with an separate email server.
http://i.imgur.com/VkE89en.png
10 SQUID_FUCKER 2016-09-24
That example email is hilarious.
13 nycola 2016-09-24
I wish i could take credit! But its from an old Dogbert
2 noodlesdefyyou 2016-09-24
can confirm, exchange install is balls. ok cool you got everything required, hit next! oh wait, youre missing this, but to install it, you have to reboot. oh, now youre missing this update. now you have to uninstall this and reinstall it since you installed this update before joining a domain.
edit: i use exchange 2010. im sure exchange 2013 is a bit easier, and ive not played with e2016 yet.
3 acurafail 2016-09-24
Awesome -- I thought that was what was going on, but appreciate the more in depth explanation.
I hope this information goes somewhere.
Nice work actually going through with demonstration.
7 claweddepussy 2016-09-24
This is great. I've been trying to think through this stuff but my tech knowledge is very limited.
I found this article yesterday:
Clinton’s ‘Secret’ Email Accounts
The article says that when you print out an email from an Exchange server and the email address has been changed since the email was sent or received, the email address gets changed. This seems to hold together, because in the Clinton emails that have been released the active From field always shows hrod17@clintonemail.com, while in some of the chains (addresses in the body of the email) you see the actual address she's supposed to have used during her tenure, HDR22@clintonemail.com. See this email, for example. At some point they decided to print the emails for submission to the State Department rather than providing electronic files. I don't know when they made this decision.
I wondered whether this explained stonetear's Reddit posts and the part in the FBI interview record that you put in your post. However he doesn't refer anywhere to printing. What's more, as you have pointed out in other posts on /r/politics they could have just temporarily changed Clinton's email address back to the old one if they wanted all of the printed emails to show the email address that was actually used at the time the email was sent or received.
In other words, I'm not sure whether this printing thing explains what stonetear was on about. I'd be interested in any comments.
11 nycola 2016-09-24
It doesn't get changed for past emails, only future ones. Whether electronic or printed. If I printed out an email in outlook from before I got married, it would still reflect my original, unmarried name.
2 claweddepussy 2016-09-24
Another point, as well:
To definitively test this out you need a screenshot of a Hillary email with the old email address and then the very same email brought up after the email address was changed. If the article I linked to is correct it may be the uppermost, active email address that gets changed but the ones in the chain in the body of the email don't.
BTW, thanks for doing this. This stuff needs testing.
8 nycola 2016-09-24
So in an Exchange <-> Exchange Environment emails aren't so much sent by email address as much as they are by user SID. Each user has a unique SID, which enable permissions, as well as mailboxes to easily carry over immediately when an account is changed.
When you look at internal Exchange communications, message are sent SID123Mailbox <---> SID456Mailbox. So I can change the names and email addresses associated with SID123 and SID456 without effecting any file permissions or mailbox access. Because of this, on the Exchange Side Only - this does NOT hold true for External viewing, the old emails retain the previous "Name" however, the SMTP: is updated accordingly to its current state. Exchange generates no "Internet Headers" for Internal-only communications. So that is untrackable. However, when Internal emails are printed, or replied to, or sent - they won't even display the email address in outlook unless you look at the properties of the name. It will only display the name of the person the message is sent to/from. So in order to test this, I need to look at these original messages by downloading them post-namechange and viewing them in a third-party email client that does not have the same, native Exchange integration that Outlook has. This will definitively answer "Do old emails dynamically update the first level to/from with a name change".
This is not true for any emails with external recipients. So changing an email address will retroactively change the "to/from" field of Exchange-only based communications, which means it would take about 5 seconds to change back to the original, and dynamically update all exchange-only based communications, instead of needing a third party tool. Because while Exchange is smart enough to tell Outlook it is the same person, it does not actually dynamically change the email address.
I used Thunderbird to view both IMAP & POP3 versions of these messages, as to exclude any of Outlook's auto-exchange integration,
Emails sent between external servers and Exchange retain their initial headers, and are easily and immediately changed with an account rename. Emails with external correspondents are not altered. Here are screenshots that show that.
I'd like to add that I JUST set Thunderbird up, several hours after these email conversations took place - and this is how they were downloaded.
http://imgur.com/a/694hs
I should also add, that once the initial emails are downloaded from Exchange using IMAP or SMTP, the headers will NOT change, even if the correspondence is Internal - this behavior is ONLY for Exchange-connected Outlook clients.
http://imgur.com/a/X5PpB
2 claweddepussy 2016-09-24
Wow, thanks for all that.
What I take from all this is that in some scenarios the email address will dynamically update. However in these cases it is a simple matter of temporarily changing the email address for the purposes of printing/sending. There is no need for any special tools.
In other words, the dynamic updating when an email address is changed does not explain what stonetear/Combetta was up to, i.e. he's full of shit and there's something else going on.
Have I understood that correctly?
4 nycola 2016-09-24
Yes - Anywhere the address dynamically changes with an account being renamed, it is easily changed back by renaming the account, the changes are literally immediate.
4 nycola 2016-09-24
I'm headed to get yellow dye for pikachu costumes for my kids, give me 1 hr and I will do so.
1 claweddepussy 2016-09-24
Excellent, thanks!
2 Thameus 2016-09-24
Also need to factor in SMTP headers, though.
4 nycola 2016-09-24
The SMTP Headers keep their "original" settings - even internally. Here is a conversation between Hillary + Paul, both with internal exchange accounts on the same server. Her email changes between the two. I just copied these out of Outlook, and neither hillaryclinton@ nor hrc@ are her current email, it is set to hrc2016@. Therefore, SMTP headers remain unchanged even with accounts being renamed.
1 claweddepussy 2016-09-24
What do you make of that article, then? They had several tech experts who said that it does get changed.
8 nycola 2016-09-24
I can literally make a video demonstrating the above screenshots that it does not get changed.
Just imagine the repercussions of being able to that easily change the audit trail, name, and email address on thousands of emails. If you could retroactively change email headers, he wouldn't have been asking reddit for a tool to do it.
He stated he wanted to change the headers because he didn't want her "current email address to get out". That was never a danger, the headers already retained their prior email address as I demonstrated.
He literally created a paradox framing himself. "Cheryl Mills was concerned her new email address over wrote her old one and wanted it changed back" simply put, bullshit. If it had changed to begin with, it would be just as easy to change back, and he wouldn't need to search reddit for help on how to do it.
2 claweddepussy 2016-09-24
See my additional new comment. If you could do the extra screenshots I suggested that would provide a definitive test.
I still would be interested on a comment on the article. Is the article just wrong?
And as I said I agree there was a very simple workaround - just change the email address back temporarily. That is why I'm puzzled and the whole thing doesn't seem at all right.
1 darksim905 2016-09-24
But what you're tlaking about makes no sense/doesn't matter if printed emails were provided. They don't see headers there & they just see the most recent e-mail the address was changed to. Nothing else can be proven unless electronic files are in hand
2 claweddepussy 2016-09-24
They changed Clinton's address on the system before the emails were printed out. If they wanted to show the address that was in use at the time the emails were sent or received - that was allegedly one address, hdr22@clintonemail.com - all they had to do was temporarily reinstate it or select it as the primary address. If this is all that stonetear was genuinely asking about, his level of tech knowledge is incredibly, unbelievably bad. I'm not a tech person and I even worked that out.
1 dirtyslutsPM_ME 2016-09-24
Can someone ELI5, please? I understand who he is and what he did (to some extent) but can you ELI5 as far as why he is full of shit? Thank you.
0 outbackdude 2016-09-24
This should be higher...
-3 perfect_pickles 2016-09-24
puzzling why u/stonetear2016 is busy on reddit in r/conspiracy, and u/Afrobean too, who had a zombie year dormant account suddenly seems to have a reactivated active one with recent posts. theres gaming in this story with reddit admin help.
there seems to be serious forces that want HRC taken down by any means possible. and its not amateur redditors and youtubers.
u/stonetear2016 has way too much post and comment karma for a five day old account.
so this gaming is either sanctioned on high or running on the wild side of the DoJ and risking action by them.
the whole affair, HRC emails on private servers, the hackings, the revelations, its all amateur hour and a disgrace, not how a sane country does business. prob the only saving grace is that the rest of the world is incompetent too.
3 Afrobean 2016-09-24
Why do you keep tagging me lol what are you smoking
2 uxixu 2016-09-24
yup. The entire bureaucratic structure needs to be purged. Difficult to see that happening peacefully. Getting the right POTUS, congressional majorities and judges in the appellate and supreme court at the same time would be extremely unlikely. Possible to circumvent all 3 with Article V, of course...