... Foggy Bottom.

to do with this finding?

I know there is a Foggy Bottom in DC, but not familiar with its clandestine history.

This ISIS situation is mind-boggling. Are they being led by other groups/countries? I know there have been discussions about Saudi Arabia financing them. What a wicked web they weave.

instead of Syria etc. Thinking of how a tweet of a person in Syria can have an IP address that is routed to SA would (in my old IT thinking) have to either be originating in SA or hitting a proxy server in SA.

IT guys.. you are way smarter than me on this.

Then Syria, Iran, North Korea, Sudan, and Cuba would be blocked from hitting most US sites.

Crazy that Cuba is still on the list, anyway it is clear sailing with a Saudia Arabia IP.

needed large blocks of IP Addresses. But since they now run proxy servers with 10. local addresses they do not need that many any more. But the ones they sold to Saudi Arabia became registered as Saudi addresses. The question still remains is why in the heck are tweets and instant messages originated by Daesh using those addresses. Either the messages are coming from SA or they are going through a proxy server in SA.


I am hoping that a IT guy can explain it.

Geolocation of IP addresses is often unreliable unless a user has a fixed IP address (quite common in the US for those with cable providers, less so elsewhere in the world, where dynamic IP addresses are more usual - they change periodically). If I do a check on my own (dynamic) IP, the results can be a good few hundred miles out, showing the location of my Internet provider's node, not my home.

I'd imagine Saudi has pretty good telecoms infrastructure compared to other countries in the region, so comms are likely to get routed through there from elsewhere in the region. I can't find out much about the mobile company mentioned in the article - "Mobile Telecommunications Company" - as obviously that's a poor Google search term. But it's likely to operate in a number of countries, not just Saudi.

There's every possibility that Daesh is supported/operated within Saudi, of course, and not just by keyboard warriors ...

Its the simplest explanation and makes sense. SA is run by sunni wahhabists just like ISIS. The probability ISIS gets financial and material help from SA is damn high (logically)... internet access is material help in the way they are recruiting.

Who with any serious clout is going to call out the Saudis on it, though? And let's not forget who set up the precursors to Daesh, either ... a bit closer to home.

Useful as it can be, I don't know how much of a role Twitter can play in actual operations/planning, though - more likely to be used as a propaganda/incitement/recruitment tool.

Consider it a "gateway drug" of their recruitment process.

Step 1: Put a bunch of horrible messages/acts against humanity in the name of jihad on the internet via twitter
Step 2: Wait for young impressionable minds to start following and commenting
Step 3: Pick out those who seem to be serious, or of great potential value
Step 4: Invite the people identified in step 3 to a closed, encrypted, internet conversation
Step 5: Make concrete plans with the impressionable minds, and enable them to enact upon them

Step 5 is speculation, as at that point it is out of the public domain... but I think the circumstantial evidence makes it an obvious next step

Seriously, Twitter can be vile (as well as all sorts of good things), but Facebook can be the utter pits. Almost as bad as the comments sections on some RW sites or newspapers.

and I only have a facebook account from the days when you had to have a .edu email to join. It is nice to keep up with my group of old friends, but I haven't explored it at all in the last 10 years

Brits had sold part of the block in October to Saudi Arabia. It was not geolocation. They were just going by who owned the IP addresses.

If you know the IP of something you can do http://whois.urih.com and find out the owner of it.

I got sidetracked with the articles and didn't glom onto how they'd come to their conclusions.

In that case, the situation's even less clear. Whois will give you details of whoever registered the domain, but that can mask the real owner. Whoever registered it may have just been a commercial registrar engaged to figure out that side of things, and may be dealing with thousands of accounts and a wide range of sequences of IP addresses. (This is what's known as IP geolocation, BTW.)

For instance, if I check my own IP at your link, it comes up with RIPE Network Coordination Centre (RIPE), with a PO box number in Amsterdam. It doesn't even say who my ISP is, let alone tell me correctly in which country it's located.