2009
06.01
Letter to Nelly Neben of Axis Artist Management regarding transition of the RitaCoolidge.com web site to her new developer.
Nelly,

Please inform Kristen that regarding the RC site and accesses to programs or peices of code, I almost always use the userid and password combination  XXXXXXX  and XXXXXXXX.  When only a password is required, the password will most often be XXXXXXXX, XXXXXXXX, or XXXXXXXX.

It would be greatly appreciated if I was kept in the loop with regard to changes.  The hacks taking place at the RC site were consistent with the timing of events here.  Those clues are extremely important.  If there is anything unusual which happens, please inform me.

Some things to watch for…
They were using the site for XSS Scripting and redirection via IP address and port, among other hacks.  This allowed them to hide the transmission of data from my computers as I would not block access to the RC.com site.   The evidence of this was also initially on Justin’s site.  In the JG site’s case, you transferred it without talking to me.  No Phone or Email which they control/filter.  As I didn’t know, and they didn’t know.  Their hack stopped working, but the data was continuing to be sent thru to the new servers.  This left a considerable amount of the evidence of this attack on the servers that was no longer active.  They have consistently been careless with regard to cleaning up after themselves, or following any kind of standard.  This has made identification of corrupted files very easy.

The other hack that was frequently found and executed was one which triggered when a certain picture file was displayed.  That file would generate the code to cause a line to be added to the web pages which hooked each display of the page to a site in China.  I have been very consistent about the formatting of the file names for pictures.  This made their infected picture very easy for me to find.  Even after the file was deleted and affected files cleaned, they would place it back on the site and re-execute it.  ( They have EVERY PASSWORD. )   This hack was simply to waste my time and make me think that it was a random hacker.

When it came to naming the music files on the site, I did not use the song names.  The structure is very simple though. XXXXX XXXXX XXXXX XXXXX  XXXXX XXXXX XXXXX XXXXX  XXXXX XXXXX XXXXX XXXXX  XXXXX XXXXX XXXXX XXXXX  XXXXX XXXXX XXXXX XXXXX  XXXXX XXXXX XXXXX XXXXX  XXXXX XXXXX XXXXX XXXXX  XXXXX XXXXX XXXXX XXXXX  XXXXX XXXXX XXXXX XXXXX  XXXXX XXXXX XXXXX XXXXX  XXXXX XXXXX XXXXX XXXXX  v XXXXX XXXXX XXXXX XXXXX  XXXXX XXXXX XXXXX XXXXX  XXXXX XXXXX XXXXX XXXXX  XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX  XXXXX XXXXX XXXXX XXXXX.  The RitaRadio program also has functions which prevent the file names from being presented on the web. 

Please, Please, Please do not delete my email accounts (or any established ones).  It would cause complete devastation as so many things are registered and linked back to that address.  Professionally and personally.  It is critical that they never be deleted.  I’ll still be checking them.

So many of the attacks have been directed through Rita’s web site that her site is evidence, and has been evidence since the initial hack in February 2007.  I do have several backups from recent weeks and the past months and years.  It would be appreciated if the site was backed up regularly and that copies of those backups be provided to me.  It will indicate their transition to being unable to attack from that location.

As they were also unaware of the transition here, BE VERY CAREFUL.  I DO NOT RECOMMEND RECYCLING ANYTHING on the current site.  DO NOT TRUST any suspicious files.  The hacks have placed their code inside just about every file type.  When in doubt it is best to run any program or open any file in a sandbox to prevent infection of YOUR equipment.  Bear in mind they won’t know whether you are really you, or me pretending to be you.  This has been proven as I was getting things accomplished while using my neighbors child’s name to rebuild the computers and get below their radar.  They have additionally hid their equipment within range of mine by using my neighbors names as the naming convention for the equipment.

When Sonya, her lawyer, private detective and the software company are finally prosecuted and I am able to return to some sort of a life, I will be back for the web site.

As I think of other specifics I will let you know.
Terance

REMINDER:  All Communications are directly affected.  Cell phone and Email are not reliable methods of getting in touch with me.  Unfortunately, if I tell you in this email how I have worked around that, then that would be compromised and affected also.

No Comment.

Add Your Comment

%d bloggers like this: