Ok so last week i posted an article about the highly controversial new University of Cape Town gossip blog ‘UCT Exposed’ HERE. The blog and Facebook page caused a massive outcry amoungst students and even made the front page of the Cape Times after the site posted the name and picture of a student labelling him an ‘undercover racist’ as well as revealing the identity of a failing student along with her academic record. At the time the identity of the person behind UCT Exposed was not known, but some excellent detective work has revealed that the alleged culprit is none other than Qamran Tabo, the same person behind that ‘UCT votes on most attractive race’ article which caused so much outrage in April HERE.
I’m not gonna go into all the details of how they managed to exactly identify the person behind UCT Exposed, but basically they traced the IP address by baiting the Facebook page with some juicy gossip.
“In this case, we gave them a unique and private link (that nobody else would ever stumble upon) to one of our servers. To make it easier to link this with a person on campus, this server would always reply with the following message:
This site is only accessible from within the Computer Science building, UCT. last updated 2011;
We hoped that they’d follow the hint, and access it from UCT campus, where we can fairly easily link computers with students.
So, we sent “John Smith” a private message on Facebook, that said:
“hey dude, ignore the haters. thank fucking god you exposed that fucking racist vianello. seen him posting in src, disgusting shit
When someone clicked on this link, their web browser would send our server a request for the page. From this request, we can determine the IP address (a computer), and the version of the web browser (http://en.wikipedia.org/wiki/User_agent). The server would record this in a log, together with a timestamp.
We saw a hit on the honeypot at 09:01:45 pm Thursday, September 12, 2013 (local time, 07:01:45 UTC). This user-agent string suggests that it was accessed using a 32-bit version of the Google Chrome browser on a 64-bit Windows 7 machine (which matches the screenshots released by UCT Exposed). We traced this IP address back to..”
Go read the rest HERE…very interesting how they did it.
So what now?
Given that some folks have called for the person behind UCT Exposed to be sued for defamation, how will this new infomation affect things.
Well done to the team who made the effort to discover who is behind it.