November 2014
S M T W T F S
« Oct    
 1
2345678
9101112131415
16171819202122
23242526272829
30  
News for Norther Colorado and the world

Friday, November 28, 2014

Who done it, Part III

 

computer3 Who done it, Part III

The Unreliable Witness

On 8 Oct. 2010, Trustee John Bauer leveled a very serious accusation against Jen Rotar – that she had intentionally removed content files from Main Street’s Go Daddy account, making the site inaccessible for public web users. Bauer went public with his accusations, going to the Main Street Board, and seeking their approval to file and pursue, on behalf of Main Street, a criminal complaint against Rotar. The Berthoud Main Street board agreed.

Having examined the evidence Bauer presented to the Berthoud Police Department in Part II, we will move on to examine the equally flawed witness statement turned in by Trustee John Bauer on behalf of the Berthoud Main Street (BMS) board.

In addition to the ftp log file as the main piece of evidence, the witness statement by Trustee John Bauer is the only other element describing the events. Eric Boyd, the Main Street Director is also listed as a witness, but provided no statement.

It might help the reader to review the opening information presented in Part I and Part II. The Recorder Online was purposely taken off line in order to recreate and verify the validity in Bauer’s sequence of events in the witness statement. The same wording that Bauer used in his witness statement was used in Part I, and since both BMS and the Recorder use Go Daddy the technical support interaction would be the same.

Following is an examination of Bauer’s statement almost line by line. You can follow along viewing his witness statement by clicking here (Bauer Witness Statement.) Note: Items in blue are links to documents.

One of the first things to notice is that Bauer has created his own template with all his personal information included. This is the second time Bauer has used this form and it certainly makes it easier for him to make written police reports. The fact that this is a form of his own making (patterned after the Berthoud Police form) is evident by the misspelling of the word “serve” in the line beginning “I volunteer the…”

Note also that a characteristic of Bauer’s commentary is the use of unnecessary emotionally charged words like “alarmed,” (used three times) and the making of leading statements. It is also evident by this report that he is attempting to conceal (from the police?) his own considerable computer expertise. In fact, he goes out of his way to make himself appear to be a novice in the area.

In the first paragraph, Bauer relates that he went to the web site to capture statistics for the new web designer. Perhaps true. It does indicate that Pixels and Press does not have access to do that task.

In paragraph three Bauer finds, with the help of a technician, that the files were deleted before the Go Daddy backup of August 11. Suspicious. Bauer makes it sound as if backups are made every day. This is not true. Backups are made twice weekly on sequential days. The odds that someone who was deleting files would do so between the backups are one in seven. It is doubly suspicious because this would have been the first backup made after the newspaper article that Bauer claims precipitated the event. As the Account Administrator, Bauer can see when backups are made.

In paragraph four Bauer has the technician telling him that no one logged in on the administrator account. Possible – the support people have an access log. However, Bauer goes on to say that the technician then tells him that someone logged on using an ftp account. This is False. In conversation with four different technicians, the Recorder was told that a technician could not tell if someone logged in with an ftp account. The only way to find out this information is to request a log file from the Advanced Hosting Support team.

Since the previous statement is false, the suggestion that the technician told him that this was a separate ID and password that were set up when the account was set up is also False. The statement itself is probably true, and already known to Bauer because he is the one who set up the account and created the “separate ID,” but he did not get this information from the technician.

Bauer goes on to say, “As we had Jennifer Rotar from Railiable Buisnesss (his spelling) Services volunteer to set up this web site and hosting service on behalf of the Berthoud Main Street Program, (False) I was not aware of this separate account.” False. These emails from Go Daddy to John Bauer show that he was the one who set up the account and hosting when the site was moved to Go Daddy in May 2009. The first page is the transfer of the domain name registration to Go Daddy and the second is the receipt for the hosting service, all in Bauer’s name. This email from Bauer to Rotar when the site was originally established at FRII in 2005 shows him giving her the necessary information for the ftp account he created for her use. The account name is “berthoudmain,” the very account that Bauer claims to know nothing about. At this point of his narrative, Bauer already seems to know that the website was accessed by ftp and is aware of the name of the account used. How is he able to know this before the information is available from Go Daddy? It would seem that only the person who deleted the files would know how it was done before the ftp log files are created.

Bauer also does not disclose to the police that, as the Account Administrator and the creator of the berthoudmain account, he also has the ability to use the account, nor does he disclose, as the above document shows, his own expertise at using ftp.

In the next paragraph Bauer has the technician request the ftp log and goes on to say …  he was told that he would receive an email with instructions on how to download the file. This statement is false. In several calls, the technician never said there would be download instructions. The technician would not say that because the message Advanced Hosting Support sends does not include download instructions.

Next Bauer relates that on Thursday, August 26, “I received an email from Go Daddy that the log was now available. Maybe, but Bauer has forged parts of this document as we discussed in Part II. Note that there are no download instructions in this email.

After downloading the file Bauer writes, “someone logged into the server using the “berthoudmain” FTP account from IP address 174.29.150.58 and deleted all the files.” False. It is probably true that “berthoudmain” was used but highly unlikely that the access came from 174.29.150.58. Bauer had the ability to use the account, as perhaps did others. In Part I we saw how easy it is to change those numbers and given the amount of deception in this report we would conclude that the IP address has been altered.

Next Bauer relates, “I did a reverse IP lookup … and found that this IP address was issued to a Qwest customer during the timeframe of 08/10/2010 and 08/12/2010. Partially true … but misleading. Reverse lookup can reveal the Internet Service Provider but not the dates. It is probably true that Qwest always has this in its pool of addresses, but this statement is intentionally misleading and seems intended to influence the reader.

Finally, after Bauer determines that the IP address belongs to a Qwest Communications customer, he states that he calls Qwest customer support. He relates, “Speaking to a technician on the phone, he confirmed (confirmed is an interesting choice of words. Probable meaning is that he confirmed what Bauer already knew) that the IP address was issued to Qwest DSL Customer Dan and Jennifer Rotar.” False. Qwest has very strict polices governing the access to customer information and would never have given that information to Bauer. This confirms what we already suspected, that Bauer was in possession of Rotar’s IP address before he got the file from Go Daddy Hosting Support. See Part I for how easy it is to know someone’s IP address.

Bauer finishes by saying he sent an email to abuse@qwest.net and filed a police report. Qwest has no record of an abuse complaint and the police report was not filed until more than a month later.

In summary, there is little truth in any of Bauer’s statements. His purposely twisted and slanted narrative is designed to point to Jen Rotar … and away from himself. This case consists of forged documents, altered evidence and now false witness to the police. For example, “the account was one I created for Rotar to use …” would have been the truth and would be incriminating. However, we find that Bauer does not even tell that simple truth, but instead denies knowing about the berthoudmain account entirely. If Jen Rotar had been the culprit in this case, the truth would have sufficed.

In Part IV we will look at ethics, motives and the Bauers’ use of the police.


Print This Post Print This Post