Is isanybodydown.com operator Craig Brittain and David Blade one and the same?

On October 30 , my comrade from Popehat, Ken, received an e-mail from Craig Brittain with an originating IP address of 75.70.221.14.

 

Today, I received an e-mail from “David Blade, Attorney at Law” originating from the IP address 75.70.221.14.

 

For both e-mails, the next step in the message’s journey, Google’s mail servers, was IP address 93.114.44.79.

 

Turning back to address 75.70.221.14: This IP address is serviced by Comcast Cable, and originates in Colorado Springs.  You can check it yourself at this site.  If you’re willing to take my word for it, here’s a map:

I am certain this isn’t a Tor node or other proxy server.  Maybe Mr. Blade Brittain is stealing some elderly neighbor’s wifi.  But, in any event, I think we’ve solved the great David Blade identity mystery.

 

 

 

 

41 Responses to Is isanybodydown.com operator Craig Brittain and David Blade one and the same?

  1. That’s a far drive to work as a PD in NY every day.

  2. jikamens says:

    It never ceases to amaze me how many internet miscreants seem to misunderstand how traceable there online actions are.
    I once had a guy, upset over criticism of his business posted on my blog, post a comment purporting to be from a police detective. He didn’t seem to get that I would have access to the IP address from which the comment was posted, and it was the same originating IP address attached to other comments posted by him under his own name.
    When he had his lawyer send me a thuggish “take down your blog posting or we’ll sue you for defamation, libel, interference with a business relationship, etc.” letter, I told him in my response that he was welcome to sue me, because I would be happy to reveal in open court the evidence that he had engaged in the criminal act of impersonating a police officer. I never heard from him again.
    I wonder if he actually told his lawyer all the stupid things he had done (this wasn’t the only one!) before making the lawyer waste his time sending me his stupid thug letter. I’d tend to doubt it; I’d like to think that the lawyer was as pissed at his client as I was after he read my response.

  3. Jay Wolman says:

    I’m not convinced they are the same person. We already know they are working in concert, and they admit that the lawyer has the pornographer host his website. Given they use the same IT resources, it is quite probably they share mail servers.

    • jikamens says:

      Nope. Their mail server is Google, which means the IP address shown in the header isn’t that of a mail server. Rather, it’s the IP address of the site from which the email was sent.

  4. This makes me think my guess was wrong, its Craig, not Chance, playing the lawyer (since Chance is in Arizona…). This is a Comcast residential IP in all probability (the reverse for the business ususally have ‘comcastbusiness.net’ or similar), so its not likely to be “shared business infrastructure”

  5. dan says:

    isnt it illegal to call yourself a lawyer (even in another jurisdiction) in colorado without actually being one?

  6. Aleph One says:

    So he’s practicing law without a license?

    And in addition, if the person posting the nude pics without permission is the same person offering to get them taken down for a fee, he’s also guilty of extortion.

    Forget lawsuits, someone needs to file a criminal complaint.

  7. Allen says:

    Check out the bottom comment at:

    http://en.wikipedia.org/wiki/Talk%3ANudity

    You can find other comments on Wikipedia from that IP going back to 2009.

  8. [...] 1. Analysis of email headers suggests that Craig Brittain is David Blade. [...]

  9. Joe Pullen says:

    Credit where credit is due. I obtained both email headers from Marc and Ken, determined they were from the same originating IP and forwarded them to Nicholas for some additional analysis. Below are his findings:

    OK, looking at the mail headers in more detail:

    To ken@popehat from “Craig Brittain”:

    The path it took:
    75.70.221.14 (Comcast Home, Colorado), TCP port 57123
    93.114.44.79 (The webserver for all the scumness)
    then to the recipient…

    The mail software used:
    DreamMail 4.6.9.2

    Date received by the badness server:
    Wed, 31 Oct 2012 06:28:11 +0200

    To mjr@randazza.com from: “David Blade III, Attorney at Law”

    The path it took:
    75.70.221.14 (Comcast Home, Colorado), TCP port 56713
    93.114.44.79 (The webserver for all the scumness)

    The mail software used:
    DreamMail 4.6.9.2

    Date received by the badness server:
    Wed, 31 Oct 2012 05:34:15 +0200

    OK, so this gets fun: With 100% certainty, the two emails were sent from the same IP address/network connection within an hour of each other, connecting from Colorado (a residential Comcast connection) to the mail server hosted on the badness server, before being forwarded on. So right there there is a very strong connection between the two personas.

    With reasonably high certainty, the two emails were sent from the same COMPUTER. Here’s why:

    1) They both were sent with the same rather obscure email program (DreamMail, http://www.dreammail.eu/intl/en/home.html which is designed to handle multiple mailboxes/accounts.)

    2) The email to Marc was sent about an hour before the mail to Ken, and the TCP port for the mail to Marc was 410 below the mail to Ken. Many computers linearly increase the port number with each connection (so each web request, email sent, etc), which further suggests that these two mails were sent not just from the same network place but the same computer.

  10. Funny. My site has been visited four times by that IP today — including once several hours before I even posted.

  11. StupidityThyNameIsCB says:

    Well, normally I would urge caution when dealing with IP addresses, given that most people’s are dynamically assigned.

    However, it seems that this jackass has a static IP address given that it has made multiple edits to ‘Is Anyone Up?’ between April and September. (Also appears to be a white supremacist but may just be trolling.) http://en.wikipedia.org/wiki/Special:Contributions/75.70.221.14

    Now, obviously, it *could* still be assigned dynamically, but I would put a very low probability on it being assigned to a single subscriber on that many occasions across that many months, or on it being assigned to multiple people who edit the same Wikipedia page.

    • jikamens says:

      Now, obviously, it *could* still be assigned dynamically, but I would put a very low probability on it being assigned to a single subscriber on that many occasions across that many months

      I wouldn’t be so sure. I’ve had the same dynamic IP address from RCN since July 2011. They only change it when they need to, and they don’t need to very often.

      • StupidityThyNameIsCB says:

        That’s true actually, it seems to be more common in America / with Cable providers. Fair enough. But either way, based on the activity of that IP address at different websites, it is almost certainly being used constantly by CB for the last year or two.

    • Bill says:

      I think everyone is making a much bigger deal out of Dynamic IP Assignment than is warranted. It’s been noted that while not truly static, they stay constant so long they might as well be. But even if not, Comcast definitely has record of all the traffic coming from that address at any given time. If it was lost each time the IP Changed, every file sharing jackass would just need to tweak their routers and get new ones assigned. think about this – your phone’s 3 or 4g connection is all kind of dynamic. However the traffic is still pegged to your account (think AT&T which has clear throttling limits and charges for excessive usage). We wouldn’t be able to see all the IPS used or who’s behind any given request, but if one was involved in litigation and could subpoena Comcast they could get it – and it seems that in this case, there’s already one super-lawyer involved and looks like quite a few more ready to jump in.

      • Alice Wonder says:

        Static IP’s are not given out to residential addresses by most ISPs anymore. They use to for Mac OS pre OS X but most don’t now. That being said, mine only changes when I power off my modem to go out of town for week+. Even then not always.

        That being said, e-mail headers are incredibly easy to fake, though I doubt this bloke is sophisticated enough to know how to do so.

        • alpha4centauri says:

          Why would either of these two supposedly separate people fake the other’s IP and mailserver?

          I can get a new IP assigned after two minutes disconnection time. Better than proxies!

  12. [...] Marc documented in a series of posts, "Is Anybody Down?" had a sleazy relationship with "Takedown Laywer" "David Blade III," who [...]

  13. Ken says:

    I have been inspired by the “David Blade” handle.

    I shall now henceforth be known as “Drake Howitzer,” because it connotes single-minded and arguably unbalanced aggression.

    No need for Marc to pick a handle.

  14. Alex Ander says:

    Just a thought, since this guy brought up DMCA in one of his letters, by allowing submission of user content, in order to receive the safe harbor provisions of DMCA, doesn’t this guy have to place on his website either his or an agents name, address, phone number, and electronic mail address and state that as the location to send any takedown requests?

  15. ShelbyC says:

    Well, reading some of the other blogs, it may not be user content, it may be that this guy was getting ladies to send him their photos through craigslist or something. So no safe harbor anyway.

    • Bill says:

      Reading through the site, it’s almost a certainty that many of these were gained from Social Engineering. It’s pretty easy – put up a fake dating site profile, get some picture of some attractive person of target’s desired sexual preference, put up compelling profile and ask for picture trades up front. CL is notorious for people doing it (in fact, many Dating Sites actually use this method to Harvest real looking profiles which are then used to lure suckers into paying for the service or premium version of the service)

  16. TheMawg says:

    Hey Marc, you might like this, our boy Craig has now given you grounds for a libel suit: http://www.trolldown.com/

    • Wow, um, that’s incredible. Does he really believe that shit?
      In terms of a libel suit, my only worry is that what’s written there is so entirely absurd and outrageous that I’d be worried a judge might rule like the judge did in the Crystal Cox case — that no reasonable person would believe those statements are true, and therefore they aren’t libelous.

  17. Bill says:

    I can do it with a script later but if someone has a second, randomly pick a few of those images and stick them in – http://tineye.com – if the images were culled from another site as opposed to the victim just sending them, chances are good that Tineye will point to where.

  18. Part of the social engineering is that they were advertising to get women seeking women. A woman is probably going to be less self conscious about sending a nude photo if it’s to another woman. (Although admittedly, some of those photos aren’t the sort of things strangers see a woman do in the locker room at the gym…) It also increases the extortion value if the woman isn’t “out” to her friends, family, and employer.

  19. [...] admins so its easy for me to get things done. But recently those meddling kids over at Popehat and LegalSatyricon are creating a whole heap of trouble for me. I think a defamation suit is in order, and being that [...]

  20. Sharon says:

    Someone who will “personally vouch for Crystal Cox” has chimed in on isanybodydown’s side. Or more accurately, they’re against Randazza’s side: http://extremecompanions.com/adultnews/blog/2012/11/02/copyright-troll-trash-marc-randazza-is-proven-to-be-anti-freedom-of-speech-by-crystal-cox-and-isanybodydown-com/

  21. [...] admins so its easy for me to get things done. But recently those meddling kids over at Popehat and LegalSatyricon are creating a whole heap of trouble for me. I think a defamation suit is in order, and being that [...]

  22. [...] – The Slow Creep Of The TSA, Lets Fuck Up David Blade, isanybodydown.com Responds, isanybodydown.com Operator, Police Brutality=SPAM,  Kenneth White . . [...]

  23. Dave says:

    The WHOIS info for both domain names indicates Craig Brittain. Everything other than the name is obfuscated, though. Both domains point to the same IP address, which appears to belong to Voxility SRL. A traceroute indicates that the server is hosted in Bucharest, Romania, which makes sense considering that Voxility SRL is based there.

  24. [...] of IsAnybodyDown. Indeed, copyright and First Amendment attorney Marc Randazza has found circumstantial evidence that IsAnybodyDown and Takedown Hammer are, in fact, both owned by a man named Craig [...]

  25. [...] of [site removed]. Indeed, copyright and First Amendment attorney Marc Randazza has found circumstantial evidence that [site removed] and [site removed] are, in fact, both owned by a man named Craig [...]

  26. [...] $250 to have their content removed from the site. Many others, including Ken White of Popehat and Mark Randazza, have raised obvious questions about the legitimacy of this service and have provided evidence that [...]

Follow

Get every new post delivered to your Inbox.

Join 2,891 other followers

%d bloggers like this: