 |
a zip file that preserved the rulerfrog site
as it initially appeared
The rulerfrog page as it last appeared before
the Federal Shutdown
The Watcherz
Site Background
File Vault
What Rulerfrog/Watcherz contributed to the puzzle.
this email was received by retroorbit, Willingthrall, Zepher_hex and Neliamne
Got an odd e-mail, though I'm not sure if it's connected to the game yet... but here it is. It came from sv@kolabs.ru (Russia?) The link in the e-mail leads to a wierd news page. Did anyone else recieve this?
.: thought you might find this interesting: http://geocities.com/rulerfrog
A Friend
A week elapsed with people speculating about whether or not the rulerfrog/watcher website was a legitimate part of the puzzle, then this:
switchflipper 12/28/01 2:40 am
Here's a short transcript of a short chat with Kdirectorate on AIM. It looks like there's a whole lot of stuff that we're overlooking.
[02:35 AM] switchflipper8: <O>
[02:36 AM] Kdirectorate: There is so much you have yet to discover.
[02:37 AM] switchflipper8: Where?
[02:38 AM] Kdirectorate: R.F. is not an accident.
[02:38 AM] *** Kdirectorate signed off at Fri Dec 28
02:38:21 2001.
retroorbit
Ok, so after staring at the rulerfrog site for a whole week now, here's the random tidbits I've noticed:
All the links on the site lead to other domains except for 2 of them which are hosted on the site itself: http://geocities.com/rulerfrog/undercover.html (no longer active) http://geocities.com/rulerfrog/satellitemind.html (no longer active)
switchflipper
[04:40 PM] switchflipper8: Do you know rulerfrog?
[04:42 PM] Kdirectorate: I know that sometimes things can
be camouflaged to conceal their true meaning.
[04:43 PM] switchflipper8: So who is "the watcher"?
[04:43 PM] switchflipper8: Or what is it?
[04:44 PM] switchflipper8: "tempus omnia revelat"
[04:45 PM] Kdirectorate: Stick with English. And familiarize
yourself with the "virtual" dead-letter box.
[04:45 PM] switchflipper8: I'll go from there..
[04:47 PM] *** Kdirectorate signed off at Sun Dec 30
16:47:22 2001.
Then the reason for the "undercover" (by unityvice) page was discovered.
jaxp
The one that you have to pay attention to is the one that links
to
http://geocities.com/rulerfrog/undercover.html (no longer active)
De-steg that innocuous looking pic of Bert [Ed. note: the Bert
pic was not preserved on this site for personal reasons] with the Camouflage
program that is linked to on that page with the password "undercover"
(the title of the "article"). Inside you'll find a text file called "briefcase.txt"
which reads simply: http://briefcase.yahoo.com/unityvice (no longer active)
password: kgb
Go to the briefcase, open up the briefcase and download the 'zip'
file there.
Unzip it and use the 'kgb' password. There's the vkd-674.wav file that (thanks to fyre47's help) says:
(Dialtone)
(A number being dialed)
(Rings twice)
Guy: "Good afternoon, Jennings Aerospace."
Caller: "Uh, yeah, hi, I'm looking for Joey's Pizza...?"
Guy: "Copy that, going to secure mode in
three...two...one...ma -- "
Then it beeps into oblivion with some kind of scrambled sound/fuzz.
There are two voices on the .wav. The male voice who answers the phone "Good afternoon, Jennings Aerospace." (older, strong male voice) and the caller (sounds younger...maybe a male voice in his 20's...sounds a little apprehensive, perhaps unsure of himself...?) who asks for Joey's Pizza.
fyre did bring up the point that Jennings Aerospace is an SD-6 business cover and Joey's Pizza is the CIA call-in cover for Sydney.
Signalost used a tone decoder to find out what number was being dialed. That number is 1-773-509-5118 and he was kind enough to make a .wav of the recording from that phone number ( a Chicago suburb number)
On that recording the following numbers are heard spoken:
13 15 20 8 5 18 and it allows you to leave a message.
Willingthrall speculated that the numbers indicate letters in the alphabet. Using that theory the numbers translate to the word Mother.
In the background can be heard Morse code -.- --. -... that signalost translated as KGB.
At this point it seems relevant to revisit the 'dead letter'.
From steven.gordon@creditdauphine.com Fri Dec 07 11:13:10
INFOSEC INCIDENT SUMMARY
Pertaining to Task Agent 30408-31275, regarding the mishandling and storing of classified information, and password-protected audio inter-visual docs from an unsecured laptop computer. We believe the unprotected terminal in question was possibly used by agent's spouse to send and receive e-mail via a web server mail account, and user, or users, may have had access to several peer-to-peer file trading networks; both of which are potential security risks. It is not yet clear if any sensitive information was compromised. We are currently evaluating the extent of this breach. A full report is pending.
Gordon
password-protected audio inter-visual [sic] docs= the .wav file and
it's password 'undercover'.
e-mail via a web server mail account=rulerfrog@yahoo.com
peer-to-peer file trading networks=http://briefcase.yahoo.com/unityvice
signalost
Finally got a one-line response from KDirectorate on AIM today:
Kdirectorate (5:10:35 PM): Stay the course.
section one opr7 (5:11:17 PM): which course is that?
Kdirectorate signed off at 5:11:50 PM.
Doesn't seem like much, but could also mean we're on the right track...
willingthrall
I saw kdirectorate on AIM yesterday. I said to her "KGB mother <o>" and she replied "tip of the iceberg"
The rulerfrog page as it last appeared
before the Federal Shutdown [without the Buy the Moon orthe
watcher graphics] Thanks to signalost for this.
|
|
Clicking on the above link
(no longer active) took the player to the page below (Found by signalost
on 2/5/02. It was last modified on 2/3/02) and had this in the source code:
<p><!--USERNAME: thewatcher, PASSWORD: bypass --></center>
That source code was meant to be found. After that, thewatcherz.com
started using htmlock to hide the source code.
|
|
WWW.RENSE.COM
|
Anyone activly disagreeing with policies of the U.S is now automaticly rendered a "terrorist" in the eyes of national security.... Where raisethefist.com will go from here, I don't know. Based on what i've been told, i'll most likely be in jail, so most of my focus will be towards getting an attorney." |
When players returned to the rulerfrog site the next day they found this.
THIS SITE HAS BEEN SHUT DOWN FOR VIOLATION OF
18 U.S.C.
§ 798
In the upper-left-hand corner of the page there is a tiny character.
Clicking on the character opens a login page. Taken from the source
code of the above page, the username is thewatcher
and the password is bypass. That will
take you to
http://geocities.com/rulerfrog/sources/index2.html
neliamne
Current law already makes it illegal to leak certain national
defense information (18 U.S.C. 793), disclose information to aid
foreign governments (18 U.S.C. 794),
***disclose intelligence on communication techniques (18
U.S.C. 798)***, and identify covert agents (15 U.S.C. 421). Moreover, persons
with a security clearance can lose their clearance and their job if they
leak information.
Local copy without logos here in case it is taken down (the logo and free speech banner appear to already be missing).
Click on the free speech banner with a black ribbon at the bottom. The link goes to another page with only the banner on it that is listed as barc3.jpg. Click on it to be taken to the barc4.jpg That top secret document contains a password and information that guides the player to a camoflauge stegged image at:
Part One
- Vehicle Surveillance: The FBI's System
This is an instructional manual on spying techniques from a long-defunct
web site called Spycounterspy [If that link goes down, the page will be
restored here.]
The briefing from the fig-1a.gif
mottjr2001
Here are the rest of the Spy&Counterspy pages if anyone
is interested. There are a few more mirrors out there, but this one seemed
to be the most "current".
http://www.overcomers.myweb.nl/home.htm
SpyCounterSpy has long gone from the web. I do not know where they
have gone. The (e-mail) addresses, phone-numbers, etc., mentioned on
this
website, are not valid anymore.
Here is what you'll find in this file.
Message: This is a supplemental puzzle reference to unityvice's zip.zip.
This archive contains the old Rulerfrog Geocities site before it was changed on Jan 4th, 2002.
Also included is an MP3 of the recorded phone message to 17735095118.
What is not included in this zip are the Geocities counter and any 1x1 hidden pixel gifs related to Geocities at the time.
Contents:
Rulerfrog.HTML -was the original index.html or main page at the time
Satellitemind.HTML -an article from Pravda on
Rulerfrog's site with the same filename.
Undercover.HTML -The Steg page
EvilBert.JPG
GWB.JPG
ILE-buythemoonanim.gif
paper_crumpled.gif
The_Watcher_21212.gif
The_Watcher_21408.gif
17735095118.MP3 -MP3 file of the phone recording deciphered from unityvice's vkd-674.wav
mottjr2001 2/6/02 8:11 am
Some additional seaching lead me to this address (www.thewatcherz.com) which is hosted by Yahoo. The domain is registered to jesse alexander who is a supervising producer for Alias. Interestingly, the registration address is in Studio City, which is the first one I've seen that doesn't link directly back to Eric Scott and dayfornight. The admin e-mail is listed as rulerfrog@thewatcherz.com I tried to ftp at this address and got nothing. Maybe someone else will have better luck.
mottjr2001 2/7/02 8:10 am
Some people questioned how I came across the thewatcherz.com
site. I simply did a search on geocities with some of the sites mentioned
in the rulerfrog raid.html document. This immediately gave me the
thewatcherz.com site since it has identical content to the rulerfrog site.
Jim
Domain Name.......... thewatcherz.com
Creation Date........ 2001-12-20
Registration Date.... 2001-12-20
Expiry Date.......... 2002-12-20
Organisation Name.... Jesse Alexander
Organisation Address. 4302 Wilkinson Avenue
Organisation Address.
Organisation Address. Studio City
Organisation Address. 91604
Organisation Address. CA
Organisation Address. UNITED STATES
Admin Name........... Jesse Alexander
Admin Address........ 4302 Wilkinson Avenue
Admin Address........
Admin Address........ Studio City
Admin Address........ 91604
Admin Address........ CA
Admin Address........ UNITED STATES
Admin Email.......... rulerfrog@thewatcherz.com
Admin Phone.......... 818-560-7071
Admin Fax............
Tech Name............ YahooDomains Techcontact
Tech Address......... 701 First Ave.
Tech Address.........
Tech Address......... Sunnyvale
Tech Address......... 94089
Tech Address......... CA
Tech Address......... UNITED STATES
Tech Email........... domain.tech@YAHOO-INC.COM
Tech Phone........... +161.98813096
Tech Fax.............
Name Server.......... ns8.san.yahoo.com
Name Server.......... ns9.san.yahoo.com
willingthrall 2/6/02 10:20 am
The creation date of thewatcherz.com matches well the date
of message 1087 in this club.
So I guess now we know that rulerfrog/TheWatcher is definitely
*NOT* a legitimate site used by unityvice, but rather is a part of the
game. So anything on it might be a clue.
Message 1087 (AliasWebPuzzle Club)
retroorbit 12/21/01 11:13 pm
Got an odd e-mail, though I'm not sure if it's connected to the game yet... but here it is. It came from sv@kolabs.ru (Russia?) The link in the e-mail leads to a wierd news page. Did anyone else recieve this?
.: thought you might find this interesting:
http://geocities.com/rulerfrog
A Friend
You are to surveil a meeting between a suspected agent and an unknown contact. Our intel reveals that:
1) The target often arranges meetings on Wednesdays or Saturdays between
9:45-10:00pmEST.
2) The meetings always take place in one of the "Chicago" Yahoo Chat
Rooms.
3) For this meeting - the target will be "wearing a pink carnation"
as a recognition sign to her contact.
Mission objectives are as follows:
1) Obtain the names of the targets.
2) Get a transcript of the oral bona fides spoken.
3) Send this information to in_drop@hotmail.com.
If you make direct contact with the targets, or compromise yourself in any way, the operation will be aborted.
willingthrall 2/10/02 11:14 am
"Bona fides- establishing an operative's true identity, affiliation or intentions."
jennc_98 Date: Wed Mar 6, 2002 8:18 pm
Subject: The "Key"
Ok guys, I have found something new (I think) on
thewatcherz.com
On the "Developing" page, there is a new link about stealth software.
The "key" in
keystrokes is a link to a zip file that contains a self-extracting file vault.
