The SchNews article:

 http://www.indymedia.org.uk/en/regions/sheffield/2011/01/472496.html

 http://www.indymedia.ie/article/98706

 http://www.indymediascotland.org/node/22910

Source:

 http://www.schnews.org.uk/archive/news755.php

There is a routing problem between most of the internet and schnews web site


~$ traceroute schnews.org.uk
traceroute to schnews.org.uk (195.82.124.125), 30 hops max, 40 byte packets
1 10.151.82.1 (10.151.82.1) 102.182 ms 106.118 ms 110.668 ms
2 209.234.253.161 (209.234.253.161) 266.062 ms 266.104 ms 266.538 ms
3 TenGigabitEthernet3-4.ar8.NYC1.gblx.net (64.211.111.149) 122.787 ms 123.101 ms 123.330 ms
4 te2-8.ccr01.jfk07.atlas.cogentco.com (154.54.14.69) 123.610 ms 123.876 ms 128.753 ms
5 te0-3-0-1.ccr21.jfk02.atlas.cogentco.com (154.54.7.29) 128.787 ms 129.396 ms te0-2-0-4.ccr22.jfk02.atlas.cogentco.com (154.54.1.217) 129.136 ms
6 154.54.44.6 (154.54.44.6) 208.000 ms 154.54.44.46 (154.54.44.46) 179.915 ms 154.54.44.58 (154.54.44.58) 180.857 ms
7 te7-3.mpd02.lon01.atlas.cogentco.com (154.54.30.130) 184.677 ms te9-7.mpd02.lon01.atlas.cogentco.com (154.54.1.94) 188.613 ms te1-1.mpd02.lon01.atlas.cogentco.com (154.54.5.162) 192.449 ms
8 te1-2.mpd01.lon01.atlas.cogentco.com (130.117.3.225) 198.970 ms vl3493.mpd01.lon01.atlas.cogentco.com (130.117.2.17) 201.030 ms 201.433 ms
9 149.6.3.6 (149.6.3.6) 201.864 ms 201.945 ms 202.373 ms
10 core2.lon-th1.as8401.net (195.82.97.236) 202.547 ms 207.656 ms 207.692 ms
11 core2.lon-thm.as8401.net (195.82.97.240) 208.493 ms 208.333 ms 180.434 ms
12 core2.lon-th1.as8401.net (195.82.97.236) 179.745 ms 183.554 ms 187.389 ms
13 core2.lon-thm.as8401.net (195.82.97.240) 192.477 ms 196.516 ms 200.055 ms
14 core2.lon-th1.as8401.net (195.82.97.236) 205.468 ms 205.618 ms 205.965 ms
15 core2.lon-thm.as8401.net (195.82.97.240) 206.217 ms 206.807 ms 206.447 ms
16 core2.lon-th1.as8401.net (195.82.97.236) 211.789 ms 212.002 ms 212.780 ms
17 core2.lon-thm.as8401.net (195.82.97.240) 212.255 ms 180.738 ms 183.049 ms
18 core2.lon-th1.as8401.net (195.82.97.236) 187.074 ms 190.835 ms 194.753 ms
19 core2.lon-thm.as8401.net (195.82.97.240) 198.071 ms 204.298 ms 203.419 ms
20 core2.lon-th1.as8401.net (195.82.97.236) 203.884 ms 204.716 ms 205.092 ms
21 core2.lon-thm.as8401.net (195.82.97.240) 204.767 ms 210.730 ms 210.386 ms
22 core2.lon-th1.as8401.net (195.82.97.236) 209.845 ms 209.985 ms 211.116 ms
23 core2.lon-thm.as8401.net (195.82.97.240) 181.747 ms 183.284 ms 182.983 ms
24 core2.lon-th1.as8401.net (195.82.97.236) 186.952 ms 191.148 ms 195.294 ms
25 core2.lon-thm.as8401.net (195.82.97.240) 200.016 ms 203.785 ms 204.158 ms
26 core2.lon-th1.as8401.net (195.82.97.236) 204.348 ms 204.752 ms 205.952 ms
27 core2.lon-thm.as8401.net (195.82.97.240) 206.047 ms 210.284 ms 210.806 ms
28 core2.lon-th1.as8401.net (195.82.97.236) 210.454 ms 187.684 ms 187.758 ms
29 core2.lon-thm.as8401.net (195.82.97.240) 184.161 ms 183.152 ms 184.503 ms
30 core2.lon-th1.as8401.net (195.82.97.236) 186.684 ms 191.197 ms 195.979 ms

You are being routed through 149.6.3.6
A quick look at the postcode: LS7 2AA give minorplanet.com, a vehicle tracking company
Could mean nothing, not sure.
Also LA Fitness and CTrack and a few other companies come up.


whois 149.6.3.6
#
# Query terms are ambiguous. The query is assumed to be:
# "n 149.6.3.6"
#
# Use "?" to get help.
#

#
# The following results may also be obtained via:
#  http://whois.arin.net/rest/nets;q=149.6.3.6?showDetails=true&showARIN=false
#

NetRange: 149.6.0.0 - 149.6.255.255
CIDR: 149.6.0.0/16
OriginAS:
NetName: PSINET-B-6
NetHandle: NET-149-6-0-0-1
Parent: NET-149-0-0-0-0
NetType: Direct Assignment
NameServer: NS.PSI.NET
NameServer: NS2.PSI.NET
RegDate: 1992-01-28
Updated: 1992-02-03
Ref:  http://whois.arin.net/rest/net/NET-149-6-0-0-1

OrgName: PSINet, Inc.
OrgId: PSI-1
Address: 1015 31st St NW
City: Washington
StateProv: DC
PostalCode: 20007
Country: US
RegDate: 1992-01-28
Updated: 2009-01-26
Ref:  http://whois.arin.net/rest/org/PSI-1

ReferralServer: rwhois://rwhois.cogentco.com:4321/

OrgAbuseHandle: COGEN-ARIN
OrgAbuseName: Cogent Abuse
OrgAbusePhone: +1-877-875-4311
OrgAbuseEmail:  abuse@cogentco.com
OrgAbuseRef:  http://whois.arin.net/rest/poc/COGEN-ARIN

OrgNOCHandle: ZC108-ARIN
OrgNOCName: Cogent Communications
OrgNOCPhone: +1-877-875-4311
OrgNOCEmail:  noc@cogentco.com
OrgNOCRef:  http://whois.arin.net/rest/poc/ZC108-ARIN

OrgTechHandle: IPALL-ARIN
OrgTechName: IP Allocation
OrgTechPhone: +1-877-875-4311
OrgTechEmail:  ipalloc@cogentco.com
OrgTechRef:  http://whois.arin.net/rest/poc/IPALL-ARIN

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at:  https://www.arin.net/whois_tou.html
#



Found a referral to rwhois.cogentco.com:4321.

%rwhois V-1.5:0010b0:00 rwhois.cogentco.com
149.6.3.6
network:ID:NET4-950603041E
network:Network-Name:NET4-950603041E
network:IP-Network:149.6.3.4/30
network:Postal-Code:LS7 2AA
network:Country:GB
network:City:Leeds
network:Street-Address:195 North Street
network:Org-Name:186k Ltd
network:Tech-Contact:ZC108-ARIN
network:Updated:2010-06-01 12:57:00
network:Updated-by:Bill Garrison

Actually this is the address of  http://www.186k.co.uk/, an ISP so it's probably alright, just jumped the gun a little,
there are also loads of other companies registered to this address(Including a sex shop and a tavern), so it might be something dodgy, but business dodgy not spy shit dodgy.

So it appears that indymedia UK is about to officially come clean about the use of IP monitoring technology within the IMC UK content management system. This has been something that has been consistantly hidden from the users with admins hidding all references to the facts.

What does the existance of IP logging in IMC UK mean to you? Well first off it means that the admins can protect the site from spammers and trolls. More importantly it also means that admins have had tool available to assist in the identification of misinformation posts. All this is good stuff but the admins have up till now refused to admit that they are doing this so the user has been left ignorant of the orchastrated campaigns of misinformation so common in the comments section.

Not only have user been kept in the dark but they've been left with a false sense of security. All admins have access to the IP addresses of people posting on the IMC UK site and that puts users at massive risk. It would be very easy for cops or private spooks to have obtained admin passwords for the UK site from one of the various regional collectives around the country. According to publically archived mailing list post, at one point there were over 100 admins passwords in use around the country. None of the currently exposed undercover cops appear to have been involved in indymedia but who's to say that one or more of the admins are not infact infiltrators.

Nobody posting to indymedia should consider it a secure site. Always to measures to protect your true IP address and other details from being spied on by sysadmins.

Also see post here from gateway-303.energis.gsi.gov.uk:
 https://netcu.wordpress.com/2010/10/24/mark-stone-police-officer/

And see the comment here:
 http://www.indymedia.org.uk/en/2009/10/440928.html?c=on

I run a website and after a comment was posted on SHACwatch linking to a specific page on it, the first visitor was from one of the internet gateways used by people in government: gateway-NNN.energis.gsi.gov.uk. The browser identifier was quite interesting too, "Meridio for Excel 4.4.727"

Maybe someone knows which areas of government use these particular gateways - is it just central government or things like local government, police, hospitals and schools etc. too? And is this Meridio thing specific to a particular area of government?

I think this is fairly conclusive proof that SHACwatch is run from someone inside the state, either with their explicit permission or not.

I believe comments from SHACwatch are moderated before appearing on the site, so it's fairly certain to be the main person behind it.

There were a few other connections from other people soon after - I assume these are SHACwatch groupies. One was a home broadband connection and another from Belgium.

The posts that come from gateway-NNN.energis.gsi.gov.uk could just be any lowly employee working in a jobcentre or local government office. It isn't necessarily the filth.

What we really need is access to one of the admins who work on the Energis government gateways. I'm sure they keep detailed logs so they can check on employees surfing porn at work, etc. They should be able to tell us where these posts are originating from.

The cops may infiltrate us, but there are far more of us than there are them. It's time for us to infiltrate their institutions and start tracking what they are doing.

While it seems to be that quite a number of people use the proxy server at gateway 303, it is also quite clear that it is the government server that has been consistently used over the last five years for posting disinformation on netcuwatch, arcops, indymedia, fitwatch and elsewhere. Twice may be a coincidence, three times plain odd, shit loads of times is plain obvious. If it had been a mix of other of the gateway computers (there eg 202, 103 and so on), you might have a stronger point, but that is not the case.