Platte River Networks executive epic fail opens new avenues

The news on Monday the 19th included this headline, by Sundance, at the Conservative Treehouse:

Discovery - 2014 Reddit Archive: Platte River Network's Paul Combetta ("Oh Shit" Guy) Requesting Tech Help To Strip "VIP's Emails" ...

The story starts with this:

A rather stunning discovery has been made by a researcher named Katica who uncovered a July 24th 2014 Reddit thread started by Platte River Network executive Paul Combetta who -at the time- was requesting technical advice on how to strip a "VIP (VERY VIP)" email address from archives stored on a server he has "full access to".

The same story includes the request Mr. Combetta appears to have written:

[July 24, 2014] Hello all- I may be facing a very interesting situation where I need to strip out a VIP's (VERY VIP) email address from a bunch of archived email that I have both in a live Exchange mailbox, as well as a PST file. Basically, they don't want the VIP's email address exposed to anyone, and want to be able to either strip out or replace the email address in the to/from fields in all of the emails we want to send out.

In reality, the job is much bigger than his description suggests because internal references and attachments have to change in consistent ways meaning that the job has two parts: fix the existing archive, and change the system so future transactions don't recreate the problem.  The second part is fairly simple: use transport rules and some stored procedures to make future changes on the fly ~ but the first part is very time-consuming and error-prone if done in the Wintel environment.  Outside the Microsoft world, however, it is relatively simple  always ill advised, and often illegal (e.g., in government and health care), but not difficult.  In fact, given some legitimate reason to do this with an MS-Exchange server setup, I'd simply unplug the machine from the network, export the database to Unix, make the changes, replace the machine, upgrade the database and exchange server installation on the new machine, and reload the archive.

Notice, however, that the point of upgrading the exchange setup to another machine and the next point release is to provide a plausible reason for transferring the file in this way.  It may look stupid, but stupid is common, and it arguably makes sense and the fact that it is entirely intended to support a future lie if anyone ever questions the legitimacy of the archive is obvious but not directly provable.

And that intent to deceive is, of course, exactly what Mr. Combetta demonstrated when he didn't ask the technical people in his own company (or, if there aren't any, someone at Microsoft or whatever organization he gets his support from) how to do this.  Had he done so, or chosen a Wintel forum instead of a progressive gossip site to ask his question, he would have received several actionable answers in minutes but because he didn't do either of those things, we can probably conclude that he was either not technically plugged in or afraid to raise the question among people who might get interested in his reason for asking.

So what's the big deal?  Mr. Combetta took the Fifth throughout his non-testimony before Congress, but we now have some new avenues of exploration because anybody actually trying this, including him, would have made a backup first.  More interestingly, the willingness to explore this approach suggests that he may have, at some point, succeeded  meaning that someone should now go through every archived file Platte River Networks has access to with something rather more sophisticated than a pattern matcher looking for a few well known names and/or email addresses. 

The news on Monday the 19th included this headline, by Sundance, at the Conservative Treehouse:

Discovery - 2014 Reddit Archive: Platte River Network's Paul Combetta ("Oh Shit" Guy) Requesting Tech Help To Strip "VIP's Emails" ...

The story starts with this:

A rather stunning discovery has been made by a researcher named Katica who uncovered a July 24th 2014 Reddit thread started by Platte River Network executive Paul Combetta who -at the time- was requesting technical advice on how to strip a "VIP (VERY VIP)" email address from archives stored on a server he has "full access to".

The same story includes the request Mr. Combetta appears to have written:

[July 24, 2014] Hello all- I may be facing a very interesting situation where I need to strip out a VIP's (VERY VIP) email address from a bunch of archived email that I have both in a live Exchange mailbox, as well as a PST file. Basically, they don't want the VIP's email address exposed to anyone, and want to be able to either strip out or replace the email address in the to/from fields in all of the emails we want to send out.

In reality, the job is much bigger than his description suggests because internal references and attachments have to change in consistent ways meaning that the job has two parts: fix the existing archive, and change the system so future transactions don't recreate the problem.  The second part is fairly simple: use transport rules and some stored procedures to make future changes on the fly ~ but the first part is very time-consuming and error-prone if done in the Wintel environment.  Outside the Microsoft world, however, it is relatively simple  always ill advised, and often illegal (e.g., in government and health care), but not difficult.  In fact, given some legitimate reason to do this with an MS-Exchange server setup, I'd simply unplug the machine from the network, export the database to Unix, make the changes, replace the machine, upgrade the database and exchange server installation on the new machine, and reload the archive.

Notice, however, that the point of upgrading the exchange setup to another machine and the next point release is to provide a plausible reason for transferring the file in this way.  It may look stupid, but stupid is common, and it arguably makes sense and the fact that it is entirely intended to support a future lie if anyone ever questions the legitimacy of the archive is obvious but not directly provable.

And that intent to deceive is, of course, exactly what Mr. Combetta demonstrated when he didn't ask the technical people in his own company (or, if there aren't any, someone at Microsoft or whatever organization he gets his support from) how to do this.  Had he done so, or chosen a Wintel forum instead of a progressive gossip site to ask his question, he would have received several actionable answers in minutes but because he didn't do either of those things, we can probably conclude that he was either not technically plugged in or afraid to raise the question among people who might get interested in his reason for asking.

So what's the big deal?  Mr. Combetta took the Fifth throughout his non-testimony before Congress, but we now have some new avenues of exploration because anybody actually trying this, including him, would have made a backup first.  More interestingly, the willingness to explore this approach suggests that he may have, at some point, succeeded  meaning that someone should now go through every archived file Platte River Networks has access to with something rather more sophisticated than a pattern matcher looking for a few well known names and/or email addresses.