A while back, we got an e-mail from a customer who was concerned that terrorists might be using her site to plan an attack on the space shuttle. Please note, this is a real ticket that was submitted to our security department by one of our customers. Identifying information has been removed and replaced with asterisks (*). See the entire story after the jump.
From the customer:
Posted on Nov 19 2008 10:04 AM
Your assistance is requested to perhaps quiet an overactive imagination,
or confirm a legitimate concern.
Our primary domain is **********.com, we also have another domain,
The Kennedy Space Center is located in our county, and since I have
noticed a spiking in hits on our website from the Netherlands at a time
of heightened terrorist alerts, I would like to know more about where in
the Netherlands these hits are coming from. The Netherlands is a known
location of Arab communities, and Florida was a known location of
terrorists that were involved in 9/11.
We have on our website a calendar that utilizes Google maps and
identifies our parks in clear proximity to Kennedy Space Center.
I can think of no reason for such a consistent amount of unusual high
hits from another country (unless a University were using it for “park
My concern is that terrorists could be using it for reference to our
parks as sites to shoot missiles at Kennedy Space Center.
I would rather this concern just be my overactive imagination, but I
would like to know the source IP and location for the Netherlands hits,
and any other information you feel is pertinent.
Please look at the Origin Countries and you will see what I mean. Also,
the unresolved IP addresses.
You can see how convenient our Calendar maps make it for people to find
their way around here on the Space Coast:
Please let me know ASAP. Thank you!
Posted on Nov 19 2008 10:29 AM
I don’t think you have anything to be concerned about, I cannot see anyone using
a parks website to get information when they can just use Google maps to pull
the same details. Looking at the logs, I don’t see any specific pattern to the
.nl traffic over any other specific ip or host in your logs. As for the physical
location of the various .nl ips, the Netherland ISP’s do not publish physical
locations to IP lookups. You can contact the local ISPs, telfort.nl and
chello.nl but I do not think they will give you any more detailed information.
As for unresolved IP addresses, those are just IP addresses without a reverse
lookup. That is normal. Please let us know if you have any further concerns.
Posted on Nov 19 2008 12:19 PM
Thank you for checking on our server stats.
However, as convenient as Google Earth and Google maps are, without our
website, Google maps don’t pinpoint and cluster all of the parks, nor do
they provide what our website provides: park opening/closing hours,
narrative driving directions, photos, and links to add’l information in
our website that help people get quickly oriented, including a list of
I-95 Exit ramps, and so on.
I would like to think a lot of Netherlands folks are planning a lot of
vacations, but our Tourism Director tells me most tourists from other
countries to the Space Coast come from Canada, UK, and Germany
(Netherlands being about 10th on the list); or, that they are using our
website for park planning, however when folks do that they usually
correspond with us also.
That leaves a big question mark as to why Netherlands hits have been
consistently so high since July.
Posted on Nov 19 2008 12:58 PM
More than likely, this is all innocent traffic, but if you are concerned I would
suggest forwarding this information to our local FBI branch. They will be able
to investigate this, and if they determine there is a legitimate threat, be able
to act upon it. Please go to http://www.fbi.gov/contact/fo/fo.htm for more
Posted on Nov 19 2008 04:49 PM
Thank you. I am inclined to believe so too, but it’s unusual, and I
don’t want to brush off something that might be regrettable later.
In attempting to dispel any possibility, I used a Netherlands search
engine and entered some strings (Nederland **********, Nederland
**********) that brought up only 1 or 2 results.
http://zoek.lycos.nl/ So the hit level that far exceeds Canada, UK &
Germany is still a mystery.
Thanks again for your assistance.
However, it didn’t end there. A few days later our security department got a call from the FBI requesting the logs for the site, citing privacy concerns our security department declined the request. The response from the FBI was basically, “that’s fine, we’re pretty sure this is a non-issue.”
So far we haven’t had any more crazy tickets from that customer.