Matt Giwer © 2001 and 2002
Update 21 March 2005
Updated 5 February 2002
Zionazi forger sighted in Toronto!
Many people have been subject to a newsagent attack. Newsagent is usually referred to as HIPCRIME.
The press will run it as "Internet used to make death threats" or some such.
Please see note  for some observations.
26 April 2001
The first thing I discovered is over half either don't speak English or any language I can use to make myself understood or they don't give a damn. (I did have success in getting an anonymizer in Germany use to send threatening emails shut down in three days.)
Some shut down in a few days or activated a rejection on IP mismatch. A few started putting the mismatch notice in the path but stayed open. And as noted most made no changes.
Now I was presented with the problem of stopping the forged cancellations without ISP cooperation. The solution which has worked so far turned out to be quite simple. Point my newsreader at the same news server which was used to issue the forged cancellations.
While flexible newsagent has limitations. It can target entire newsgroups canceling every post which is not what a psychopath would want to do to silence the opposition. It can also make matches with From: and newsgroup. It can also attack newsgroup and originating IP. It can also select From: and IP.
So by regularly making slight changes in my identity the only option available is to cancel all messages to the newsgroup from the IP. And as they are non-english speaking ISPs it is extremely unlikely to generate complaints from the ISP's users. But that is where newsagent eats itself.
Newsagent also requires a post from a psychotic to the newsgroup to work.
So the news server executes the cancellations on a newest first basis. Which means it first cancels the cancellations. Then finding no other cancellations it has nothing more to cancel.
Voila! One more psychotic bites the dust.
28 April 2001
Notice above I said he could not cancel an entire newsgroup without canceling all posts to that newsgroup every place. I was wrong. The psycho found a way to cancel an entire newsgroup on one ISP while propagating individual cancellations. But canceling an ISP's entire newsgroup record? What better way to get the attention of folks with more clout than a lowly user.
He did not find a way to avoid propagating the cancellation message so all I had to do was read the Path: to find the open server, point my newsreader to it and then survey the damage. And make a few taunting posts in the process to see if he will get more obvious in his actions.
Back to the drawing boards and the Java code.
Maybe I will start posting to dozens of newsgroups to encourage the psycho to use this same method and make more enemies. The more finger prints he leaves the more law enforcement has to work with.
The most recent use of this tactic was on an ISP in South Carolina, USA. The ISP was informed as was its domain space supplier, Time Warner as well as networksolutions which registered both Time Warner and Bell Canada who, after repeated notifications are permitting these rogue cancellations to continue without taking action.
I am not saying the internet is at risk but when major players like Bell Canada and Time Warner are too busy with more important things than disruption of the largest disk space consumer on every ISP something is a bit rotten in Denmark. We need an Arnold to take out the trash.
1 May 2001
The first is erasing or doing any damage to anyone's computer by any means even if there is no lock on the door is a federal crime. And the cost of repairing the damages is based upon the hours expended by the sysadmins. In most states of the US the level of a felony is $50. The cost is not the wages but the total cost of employment which runs 160% to 180% of wages. Anything over one hour will likely constitute a state felony.
The second is posts are not erased but simply marked deleted. He is leaving evidence of a felonies no matter what he does.
News servers do not erase posts. They simply mark them for deletion and do not serve the headers to news readers. The headers and and message bodies are there until they fall off the end of the disk by reason of the retention time set or until the disk is compacted. The fingerprints of the felon are there long enough for all the evidence to be recorded. There is no way to force a disk compact without root privilege which compounds the primary felony.
In regard to  people knowing of his crimes and not reporting the crimes to the police are considered at the minimum accomplices to the crime, spousal and confessor privilege excepted where recognized. Anyone who is assisting in the commission of these crimes is legally part of a criminal conspiracy. As the simple explanation goes, if a kid steals a candy bar it is petty theft. If two kids plan to steal a candy bar it is ten years.
The amusing part of this is there is more than one person and they have left public posts documenting it in many ways, usually by knowing things only the active party, the patsy, could know and vice versa.
And even after our public postings of where they have gone wrong in failing to cover their actions and in knowing things they could not know unless ... they continue doing it. The gang who couldn't shoot straight. There have been public posts as to their identities being known to the police, the FBI and the RCMP and as to the investigation as a whole.
I am reminded of that character in one of the James Bond movies "I am inwincable" just before meets his end.
What pisses me off is I never wanted to waste my time learning this much about nntp implementation. I do have better things to do with my time. If these guys ever learn enough to be dangerous I just might have to read the RFCs. And that is boring.
Captain's log, Earth date 5 May 2001
Thought of the hour. Odd newsgroups on an ISP will not generate many complaints. But how about including likely popular newsgroups as in this case soc.culture.australia and soc.culture.australian. When newsagent causes the entire local news spool of those groups to be canceled local users are going to complain to the ISP.
On the first tries the posts were not canceled. Some were canceled on subsequent tries but varying the newsgroup order left them uncancelled. There appear to be only a dozen or so Australian newsgroups including alts and porns. If this is working there should be no problem getting the ISP to stop the rogue cancellations or lose customers right and left.
And the beauty of it is he is doing it to himself.
But that failed. The next tried tried also failed. That was to crosspost all messages to control.cancel in an attempt to get the cancellations canceled first. How is that being accomplished? Enter virgin leafnode installations.
8 May 2001
A particularly serious abuser has been optushome.com.au which despite dozens of notifications over the weeks has continued forging cancellations and at present has exceeded 2500 forgeries.
Recently demon.net has joined in the forgeries. Demon.net is one of the largest ISPs in the UK. They set up leafnode which has a useful maximum of about 100 users to issue its forgeries. From the leafnode website ...
Leafnode is a USENET software package designed for small sites running any flavor of Unix, with a few tens of readers and only a slow link to the net. It was originally written by Arnt GulLIandsen and is currently being maintained by Cornelius Krasel <[email protected]>. The current version is 1.9.18.From this we learn no ISP has any use for leafnode. When we find it being run by an ISP and open to the world we know it is has been done for a purpose. In this case the purpose is to issue forged cancellations.
In investigating these cancellations I always try to point my newsreader to the news spool. If I can logon it is an open relay. If I cannot it means the ISP is guilty of forging cancellations. Which is where leafnode comes in.
Open relays imply innocence. Those which are closed imply guilt. By setting up leafnode which is small and does not interfere with the ISP's operations and leaving it open, guilt or innocence is ambiguous. Of course it also implies gross incompetence in leaving it open after installing as how to stop that is right up front in the README file. You can't complete the installation without reading how to stop it. It also implies gross stupidity by an ISP in choosing leafnode.
On the assumption an ISP is not this dumb nor this stupid the ISP is guilty simply by having it operating.
It is clear an ISP the size of demon.net has no use for leafnode save perhaps for internal use behind its firewall for a small group within demon.net. It is clear whoever set up leafnode on demon.net is inside the company. So we have major companies (if the fire the employee they can be excused) forging cancellations.
This fits with control.cancel not working as a news server has no newsgroups when initiated. Not having a control.cancel newsgroup prevents the crosspost to control.cancel from working. The method to deal with this is to logon to the open relays and read control.cancel. At first it will not be there but the next time it updates it will show up and cancellations will be canceled. At least that is the current tactic. The counter tactic is to set it to never update.
Also in this time cabal.int has become involved by issuing resurrections for the canceled messages. When resurrection messages are canceled cabal.int issues resurrections of the resurrections. This can go on ad infinitum if cabal.int maintains an interest. While it may harm the newsgroups for the moment it has the potential of organizing many ISPs to rooting out the people conducting this campaign.
10 May 2001
But we can answer the question, has it all been the work of just one person? Clearly no. In the last week multiple ISPs have been cancelling the same message.
Today tac.net joined in forging cancelations.
The foray with HUB.ORG was of value as rather than THT.NET's "F*** You, Eh?" silence [email protected] aka [email protected] was willing to respond. It was a lot of unimpressive stalling until one email. In that email for no reason whatsoever and out of the blue included a name which had not been discussed previously. That person was Ken McVay of NIZKOR.ORG. Ken McVay has a long history of shilling for B'nai LIith.
I have no idea why HUB.ORG implicated Ken McVay in death threats. I would say scrappy has a lot of explaining to do to Mr. McVay.
After that connection with nizkor was made the attacks from THT.NET were transferred to other servers. Anyone connecting the dots identifies THT.NET as the nexus of the on-going criminal activities and disruption of usenet. How McVay of Nizkor fits in is unclear but has been implicated by HUB.ORG as part of the nexus.
Hub.org aka [email protected] aka [email protected] refused in no uncertain terms to shut down tht.net's newsfeed or take any remedial action against it. He also said he had worked for and had been offered a job by tht.net possibly explaining his reluctance to act responsibly. Possibly because he was involved or at least knew the person or persons and was willing to take his legal chances with the charges.
12 May 2001
Stopping the abuse via a leafnode installation requires the following steps. The commands are.
I will admit it may be somewhat more complicated than that on a large multi-server ISP. But then the system administrators should be knowledgeable enough of their system to do the same thing just as quickly. If they cannot then they are incompetent.
I have also been asked another question. How do you know? I have an email from one John Morris, frequent usenet participant, who has identified Larry Schiff, owner of tht.net, at the infamous NAZIHUNTER and the person who has been making the death threats on international telephone carriers. Dr. Morris will not object as he knows his email is not only record but also in the hands of the FBI and RCMP.
I have also contacted Bell Canada on the death threats. Bell Canada knew the person making the death threats but insisted upon protecting his identity. Despite numerous complaints to Bell Canada over the years it has not only protected his identity but taken no action at all against the person whom they know is using their system to make death threats.
I find myself quite amazed at the protective system around the person John Morris has identified. I find it also interesting Dr. Morris has not gone to the authorities with his knowledge. I have no idea what fear prevents Dr. Morris from going to the authorities to avoid being charged as an accomplice which he is now as he has remained silent. His entire professional career is on the line here.
I also have a usenet post offering from tht.net. The only excuse might be he/it used an alias. I recommend anyone before a judge saying, "I used an alias so it is OK." Falsely offering fake is like falsely offering illegal drugs. You get busted on the charges as though it were real.
Doctor Morris has been a long time defender of Ken McVay and other Zionazis who have terrorized those who disagree with them. Harrassing employers is the least of their tactics. I have posted fake employers just to let them waste their phone calls and get charged with harrassing phone calls. When you recognize their tactics, use them. Not the tactics, them.
And as my address has been posted so many times over the years on the internet by tht.net with the invitation to homicidal violence I really have no concern about this clown who is a few candles short of menorah.
I do have a concern regarding how many non-Zionist Jews he is defaming when I post true desciptions in my resurrected subject lines. One of his earliest usenet posts to me was "He is not an antisemite but I am going to make him one." People like this try to make enemies so they can claim to be defamed and justify their criminal actions and let them continue in their business.
Some folks may be gambling the police being stupid on the internet. They are but they are improving rapidly. And the statute of limitations is seven years at a minimum for these felonies. I give the following salutation, "Rotsa Ruck!"
14 May 2001
I have been asked why I even began these public posts rather than let the law take its course. The first reason is the law will act upon its own priorities which can mean as much at three years. The second reason is several people such as [email protected], Dr. Morris and Ken McVay appear to be in too deep to back out.
Amateurs never comprehend to precepts of the real world. When in a hole, don't dig, and, unlike wine bad news does not improve with age. The constant public posts encourage them to keep on digging and hope to buy time. Thus the recent post by the Zionazi he is taking two weeks off, immediately belied by a test post from newsfeeds.com.
These postings are taunt them to continue, to dig deeper to leave a bigger hole for law enforcement to fall into on top of them. They are to keep the trail fresh so law enforcement will learn how to follow the trail. The Zionazi Monkeys can either continue or go to ground forever.
So far they have taken the bait and dug deeper and left a longer trail. I can't really call it bait as their psychotic personality cannot let go despite their imminent risk of exposure and arrest. These are people who try to hide behind "My ancestors were holocausted before I was born" and other certifiable types.
I have also freely used "they" instead of refering to one person. That is because the record in the newsgroup control.cancel has clearly shown more than one cancelation from different ISPs on the same message. The second to arrive is wasted so Guido does not resurrect a forgred canceled post more than once. No Zionazi Monkey as stupid as this one in Toronto can do that much alone.
These mutiple cancels have likely been an attempt to outsmart Guido which is rather hopeless at the start. Guido is both a Vulcan and a Sicilian.
16 May 2001
In the process he has implicated [email protected] aka [email protected], netcom.ca and attcanad.ca as participants in his operations. Again folks you know what to do and how to do it if you are interested.
22 May 2001
Additionally he has started copying the forged cancels to alt.test so fake email is created. That gets even more ISPs pissed at him. Watching this guy you get a feel for the mentality of those who think they are so clever they will never be caught.
I am a rank amateur at this internet stuff and he is upsetting people who do it for a living. Yet I have followed him at every turn and forced him down to the only method he can use and that method leaves a wide open trail. He has not changed his method in weeks.
One has to ask if he wants to get caught.
Yes, again, the crime. Hacking and entering is a federal felony in the US worth five years and $US10,000 fine without a lesser count to plead to. There is peddling under an alias, an alias is not exculpatory. Good enough? All costs of stopping the intrusion and misuse are at the normal billing rate at full burdened rates for all parties involved meaning about double the gross salary at one hour minimum per person. That exceeds felony level every place in this world by definition.
What are these boys going to plead? Poor put upon Jews who could not help themselves? Why do they want to make martyrs of themselves? I have no answers only questions.
27 May 2001
To most this appears to be no more than a harmless prank. ISPs pay for their newsfeeds just like any other information on their computers. Destruction of information contained on computers is a felony in most countries which have gotten around to passing computer related laws including all western countries. The felony is simply doing it regardless of value.
The valuation may be trivial but as it is paid for by each ISP and thus by each customer they trivial amount is multiplied by at least the number of ISPs and perhaps by the number of people connected to the internet. Multiplying this by the number of cancelations and the value mounts.
Add to that the number of hours people all over the world spend dealing with this. Not only the sysadmins but law enforcement where simply processing a report costs hundreds considering all the paperwork and steps in the process.
14 November 2001
Needless to say these also constitute felony hacking. They use of internet bandwidth and the disk space of ISPs all over the world. As bandwidth and disk space both have a financial worth which adds up quickly the financial harm exceeds the felony threshold.
The targets this time were people in alt.revisionism, talk.politics.mideast, soc.history.ancient, and soc.history.what-if. (Note, alt.revisionism has had this kind of attack off and on for years.) Specifically they were people who were reciting problems with the Old Testament and posting negative material about Israel and Zionism. Thus we infer once again the perpetrator is some combination of Jewish, Zionist or Israeli.
That combination takes us back to Ken McVay of nizkor.org and Laurence Shiff of tht.net who were implicated by [email protected] in the matter of the forged cancellations. Note the targets are the same as in the forged cancellations.
30 November 2001
15 December, Having fun with open relays
To determine which it is, set your own news reader to the originating ISP, to one of the last last names in the Path. For example with newsfeed.ozemail.com.au!ozemail.com.au!not-for-mail you would use newsfeed.ozemail.com.au in place of where you now have your ISPs news server name. Then try to use it.
If you cannot connect then the ISP is participating in the spam and is liable. If you can connect you can post news. One fun thing to do is post a confession by the perpetrator. If you know who it is be certain to use his name. If you are just annoyed you might post as [email protected] and say how much fun it is to destroy newsgroups. Be creative and have fun.
A Christmas gift to ISPS, filter your news
His options are to upper case the first letter of every word in his lists which is equally unheardof and as easily filtered with no loss. The remaining obvious winning strategy is to uppercase every word. That does match the pattern used by some other posters but there is nothing lost by deleting those also.
30 December 2001, ozemail returns to forging
Where to file FBI complaints
3 January 2002, NAVIX.NET
9 January 2002, Navix.net spams after over a week of
11 January 2002, In the last two days
Terrorist attackers of the Internet
2002 01 16 sporger and his criminal accomplices at nac.net, kornet.net and ono.com another 1600 sporgeries to soc.history.what-if starcat.ne.jp 800 not a criminal conspirator yet 2002 01 17 1000+ from ono.com 2002 01 18 1000+ from ono.com 2002 01 21 1000+ from ttd.net and quicknet.nl 2002 01 22 1000+ from kih.net 2002 01 23 The following have been almost completely spams identifying this website. 500+ kornet 2002 01 28 2000+ from kornet 2002 02 02 2000+ from abs.net, ksc.co.th, 2002 02 03-04 24,000+ from ksc.co.th divided into 14,945 to soc.history.what-if 8,462 to soc.history.ancient 12,011 to ancient 16,700 to what-if 17,102 to what-if 12,301 to ancient 2002 02 04 from wanadoo.fr and kornet.net mostly from kornet 4,800+ to soc.history.what-if, linux.redhat, comp.os.linux 4,600+ " " " 2,000" " " " The same sporgery is being flooded to at least 50 other newsgroups I have tracked. They are being jointly attacked with soc.history.what-if apparently to get the replies in those groups also posted to s.c.w-i. This has resulted in only a few hundred such replies. 2002 02 10 from siol.net 1024 to soc.history.what-if 1024 to sci.astro.seti 1024 to comp.graphics.apps.gimp 2002 02 11 100 to comp.os.linux.redhat from siol.net 2000 to sci.astro.seti from usenetserver.com 500 to comp.os.linux from uswest.net a long time criminal ISP 2002 02 12 1500 to soc.history.ancient from uswest.net long time criminal ISP 700 to comp.os.linux from usenetserver.com joining the ranks of criminal ISPs 900 to sci.anthropology from uswest.net 2002 02 13 800 to sci.astro.seti from usenetserver.com 2002 02 13 evening I began using a script to change identifying elements of my posts on every post in a deterministics and sort of one way manner. No spams since then. 2002 02 14-18 none 2002 02 19 900+ to soc.history.what-if from uunet.co.za This flood was a throwback to the old pick a few names and attached them to the flood. Four were chosen out of some fifty different ones to ten newsgroups. 2002 02 20 none
The massive increase occurred after I mentioned the Sporderer's Apprentice. If you look at the list of the ISPs which have been part of the attack you find kornet and wanadoo have figured prominently. And they have been notified what they are doing and have continued for a year.
Who are the targets
It is a somewhat diverse list but clearly the opposite of pro-Israel and pro-liberal as defined in the US and Canada.
The list of people being canceled started with one and it now over fifty with almost as many as the ISPs, wittingly or unwittingly, which have participated in these cancellations.
As it is a windows program it loses all of its setting after each cancellation. That would require reading every message in a newsgroup for content to establish the new names. A daunting task to re-enter everything every time with every variant name.
Variant names may appear to lose personal identity in a newsgroup. But Matt Giwer and Matt Giiwer and Matt Giwer2 and a finite but very large number of human readable but software unreadable variants exist. Software unreadable as soft matches can not work in automatic extraction of variants from a news spool and automation of the cancel process.
This approach failed indicating an effort to read all messages. Totally different names require reading all messages posted. An effort beyond all but the most dedicated psychotic.
This psycho is obviously being fed with information as to who has open feed news servers. I do not wish to put too fine a point on it but those who search for them for fun are enabling psychotic when they indiscriminately share the information. I know there is a ethos of "no responsibility" but remember you could be next. Today's smasher of one icon is tomorrow's smasher of another icon which could be yours. Think about it.
 Of interest are the RICO statutes which are effectively the same in Western Europe, Canada and the US. All people who work towards a common objective even if they do not know all the others are criminally liable for all the crimes of all working towards a common objective.
The known felonies of one or more participants are computer hacking and destruction of computer records, international telephone death threats and dealing in. The latter is interesting. As with offering fake drugs for sale falsely offering carries the same penalties as offering real drugs.
The issue involves the juvenile offering it for sale in the name of another person. Using an alias in a felony compounds the felony. Meaning offering it for sale in the name of another is the same as offering it for sale in one's own name. And all persons working towards the same objective are equally guilty of dealing in.
A partial list of ISPs used wittingly or unwittingly. Most have acted responsibly but usually very slowly. Some have participated in the forgeries. Some have made made forgeries possible. It is partial as it is difficult to keep track of them all.
Origin of the first forgeries
How to deal with cancelations
Most ISPs can be contacted by emailing to abuse@ in this case [email protected] I have discovered there is better response by also emailing abuse@ the other ISP in the path statement such as direct.ca, execpc.com and sol.net. When including those it is worth requesting the newsfeed of the guilty ISP be suspended. ISPs in this list can also refuse to accept posts from the guilty ISP.
A whois utility which you may have or you can find at www.geektools.com (top right option) will give you generic contact information. networksolutions.com is also interested in abuse of the internet and has an abuse@ mailbox.
A general rule of the internet is the Terms of Service which apply to customers also apply to the ISPs. If you would lose your account for doing something the ISP can be terminated for the same reason. If you were forging cancelations as at least one reader of these newsgroups is, then the ISP can be cut off from the internet.
This is how you can do your part, if you care to do anything other than encouraging the forgeries. The more complaints the better. Make them responsible for their actions. Simply adding abuse@ to a response to the repost in the newsgroup is much easier.
You can read above the forged cancellation attack began with THT.NET owned by Laurance Shiff of Toronto, Canada. The current attack flooding newsgroups with nonsense is in the same manner.
The HUB.ORG refused to do anything about THT.NET for over a month and gratuitously included nizor.org and tht.net in a CC: response to attempts to get hub to shut of tht's news feed if it did not stop.
For those who missed the discussion a few years ago, there were attempts to contact Ken McVay of nizkor by phone including the afterhours number. The afterhours number was answered by the head of the British Columbia chapter of B'nai Brith.
THT.NET is owned by the person who has used the telephone to threaten people and their families. He is a sick little rich Jew kid with a worthless degree in Babylonian history. He posts under several names the most common is Nazihunter which is what jewish boys play instead of cowboys and indians.
The only reason he is still free that he has bought the RCMP and they have chosen to stay bought.
And then we must keep in mind that when I got the first telephone death threats Bell Canada said the phone number was owned by Laurence Shiff. And the same name shows up in all of this. I guess the RCMP protects rich Jews. The rich are greater than us. But why does every Jew resolve to rich?
And then my son started receiving the same death threats as did my father. What kind of Jew shit is this that he as any defenders at all? Here is a little shit jew who has said he is a jew in the death threats so who am I to argue. Is this forger a neo-nazi or a jew? You tell me.
Were I to be charitable I would say he is trying to make Jews look bad but Shiff is a Jew and therefore this is what Jews are like. If any Jew objects to that, shut down Shiff. And if you claim it is not clear it is Shiff then turn in your Einstein badge as you are dumber than dog shit. Shut off Shiff or let Shiff be the archetypical Jew. Silence and INaction gives consent.
I do not want to hear excuses from you Jews out there. You can read on this page how to stop the little jew shit forger. So don't tell me you cannot. And do not try to hide behind a Jew never speaking ill of a Jew in public. I am not telling you to respond in public, just stop him by following what I have explained on this page.
You can pick your side be claiming this little jew shit is a real Jew but if he is so are you all including flappers like McVay.
All times Eastern Standard Time, GMT -5
Why this list? Because the little boy posted a few thousand spams with this website URL in order to generate complaints about it. I want him to read what he has accomplished.
History: about 2500 hits since first post in June 2001 through the link addition
2532 noon 28th
At that time I added a link to my index page directing people to this page if they got my web address from a usenet spam. No one ever said Larry the Lampshade or his apprentice were very bright. There were over 500 hits on this page in the first 10 hours.
500 in 12 hrs after adding a link referencing this page in the late morning of 1/28/02
10 hits/hr overnight EDT early morning of 1/29/02
Page reads: 15531