Revised analysis of Mottershead / Jones / Ulevitch reports

Date: 04 Mar 2008 16:55:35
From: Guy Macon
Subject: Revised analysis of Mottershead / Jones / Ulevitch reports

For the record, here is my analysis. I have some degree
of expertise in this area; I estimate my own skills to
be roughly equal to those of Mottershead, and I estimate
both of us to have skills well below those of Robert
Jones and David Ulevitch, both of whom are well-known
experts.

I would also like to note that when I first posted this
analysis, I invited those who think that Truong did
not generate any of the fake posts to please weigh in
with possible explanations I may have missed, rational
analysis of my comments below, or any other reasoned
discussion. It has been six weeks and nobody has
attempted to refute my analysis. I repeat my request
now; I try very hard to be fair to everyone, and would
very much welcome anyone blowing holes in my reasoning.

My analysis:

I have based this analysis on the information found at
the following URLs:

http://rs235.rapidshare.com/files/62649719/mottershead.zip
http://craic.com/forensics/uscf_usenet_analysis/USCF_Usenet_Abuse_Report_20071206.pdf
http://chessusa.blogspot.com/2008/01/expert-opinion-mottershead-report.html

After examining the above, I conclude:

The mottershead.zip files says that when Truong moved
to Lubbock, the author of some or all of the fake posts
moved to Lubbock. When Truong visited Mexico City, the
author of some or all of the fake posts visited Mexico City.

The report from Robert Jones of Craic Computing concludes
that the data he examined shows that some or all of the
fake Usenet posts were sent from the IP address as USCF
user "chesspromotion" (Truong), and that the IP addresses
moved together as Mottershead described.

The reports from David Ulevitch concludes that some or
all of the fake posts were posted from the same physical
locations that Truong was in at the time of the posts,
and that the posts to the USCF forums by chesspromotion
/ Truong, were also made from the same physical locations.

Here are all of the explanations that I can think of,
some far more likely than others. My comments on each
follow:

Possible explanation #1:
Truong generated those particular fakes.

Possible explanation #2:
Mottershead fabricated the data that his report was based upon.

Possible explanation #3:
Someone else fabricated the logs Mottershead relied upon.

Possible explanation #4:
Someone else had physical access to Truong's computer.

Possible explanation #5:
Someone controlling Truong's PC remotely.

Possible explanation #6:
IP address spoofing

Possible explanation #7:
Identity theft.

Can anyone think of another possibility, no matter how remote?

Here is my analysis of each possible explanation, in reverse order:

Possible explanation #7:
Identity theft -- someone else was logging on to the USCF forums,
posting some or all of the fakes, going to Mexico, etc.

Not a reasonable explanation. Too many people saw Truong in the
cities mentioned, and he has never reported being the victim of
such a comprehensive identity theft

Possible explanation #6:
IP address spoofing -- the IP addresses themselves are faked.

This is not possible from the user's location. See the Ulevitch
report for an explanation as ti why this is true.

It *is* possible if the ISP itself is under control from someone
who can change logs, etc., but that is not a reasonable
explanation -- it would requite compromising multiple servers
at multiple ISPs.

Possible explanation #5:
Someone controlling Truong's PC remotely

Not a reasonable explanation. To produce the timing shown in
the logs, this controlling would pretty much have to happen
while Truong was at the keyboard, Also, the person doing the
controlling would have had to take control of Truong's new
computer (a PC running the Tablet PC version of Vista.

Possible explanation #4:
Someone else had physical access to Truong's computer.

Not a reasonable explanation. This would require a wife, girlfriend
or child was pretending to be Truong, and Truong not noticing a
large number of bogus posts in his name. Also, Truong has never
claimed that it was someone else in his house.

Possible explanation #3:
Someone fabricated the logs Mottershead relied upon.

Not a reasonable explanation. This would require the USCF servers
to have been taken over remotely, the USCF sysadmins to be
incompetent, and no other crackers or botnet operators taking
over and causing ill effects other than a few logs being changed.
It would also require evading all malware scans since then.

Possible explanation #2:
Mottershead fabricated the data that his report was based upon.

I cannot evaluate whether this is a reasonable explanation.
Clearly, if the data that I and the two independent experts
examined was a clever fake, we would all come to the same wrong
conclusion. Is there any reason to believe that Mottershead
might have motive as well as opportunity? Has anyone else
examined the actual servers just in case such a fabrication
was done through post editing? Or checked the timestamps and
backups of the server data to see if the supposed fabrication
missed a backup or two? I personally don't buy this as an
explanation, yet I cannot say that it is impossible.

Possible explanation #1:
Truong generated those particular fakes.

Unless someone can show me another possible explanation or convince
me that one of the above possible explanation's holds water, I can
only conclude that the evidence presented so far points to Truong
generating the fakes analysed by Mottershead.

Truong has repeatedly claimed to have evidence that he is withholding
that proves his innocence. I cannot evaluate that claim without
seeing that alleged evidence. Thus my final conclusion is still open
to revision based on new evidence.

--
Guy Macon
<http://www.guymacon.com/ >

Date: 04 Mar 2008 14:20:27
From: [email protected]
Subject: Re: Revised analysis of Mottershead / Jones / Ulevitch reports

On 4, 10:55=A0am, Guy Macon <http://www.guymacon.com/ > wrote:
> For the record, here is my analysis. =A0I have some degree
> of expertise in this area; I estimate my own skills to
> be roughly equal to those of Mottershead, and I estimate
> both of us to have skills well below those of Robert
> Jones and David Ulevitch, both of whom are well-known
> experts.
>
> I would also like to note that when I first posted this
> analysis, I invited those who think that Truong did
> not generate any of the fake posts to please weigh in
> with possible explanations I may have missed, rational
> analysis of my comments below, or any other reasoned
> discussion. It has been six weeks and nobody has
> attempted to refute my analysis. =A0I repeat my request
> now; I try very hard to be fair to everyone, and would
> very much welcome anyone blowing holes in my reasoning.
>
> My analysis:
>
> I have based this analysis on the information found at
> the following URLs:
>

>
> Possible explanation #4:
> Someone else had physical access to Truong's computer.
>
> Not a reasonable explanation. This would require a wife, girlfriend
> or child was pretending to be Truong, and Truong not noticing a
> large number of bogus posts in his name. =A0Also, Truong has never
> claimed that it was someone else in his house.

Actually, this explanation was floated once, in one of the odious
anonymous postings. It was phrased strangely, as if Sloan knew that it
was true and was choosing to ignore it.

It would raise some interesting issues, but would not exonerate Truong
completely. It makes me very uneasy to bring children into this
discussion who are almost certainly blameless,
so I think it should not be probed further unless it is brought up as
an actual defence.

I might be more inclined to consider this as an actual possibility if
Paul himself did not already show dishonesty in the PhD claims, and
show similar posting patterns in the Bob Bennett
posts.

Jerry Spinrad
>

>
> --
> Guy Macon
> <http://www.guymacon.com/>

Date: 06 Mar 2008 20:31:15
From: samsloan
Subject: Re: Revised analysis of Mottershead / Jones / Ulevitch reports

Please note:

ChessIntegrity signed his postings as "TMH". Everybody assumed at the
time that he was board member Timothy M. Hanke. However, from the
content of his postings it is now clear that ChessIntegrity was Paul
Truong. ChessIntegrity last posted on June 8, 2004.

http://games.groups.yahoo.com/group/fide-chess/message/12892

Sam Sloan

Date: 06 Mar 2008 19:59:40
From: samsloan
Subject: Re: Revised analysis of Mottershead / Jones / Ulevitch reports

On 4, 6:49 pm, Guy Macon <http://www.guymacon.com/ > wrote:
> Content-Transfer-Encoding: 8Bit
>
>
>
> [email protected] wrote:
>
> >Guy Macon <http://www.guymacon.com/> wrote:
>
> >> Possible explanation #4:
> >> Someone else had physical access to Truong's computer.
>
> >> Not a reasonable explanation. This would require a wife, girlfriend
> >> or child was pretending to be Truong, and Truong not noticing a
> >> large number of bogus posts in his name. Also, Truong has never
> >> claimed that it was someone else in his house.
>
> >Actually, this explanation was floated once, in one of the odious
> >anonymous postings. It was phrased strangely, as if Sloan knew that it
> >was true and was choosing to ignore it.
>
> >It would raise some interesting issues, but would not exonerate Truong
> >completely. It makes me very uneasy to bring children into this
> >discussion who are almost certainly blameless,
> >so I think it should not be probed further unless it is brought up as
> >an actual defence.
>
> >I might be more inclined to consider this as an actual possibility if
> >Paul himself did not already show dishonesty in the PhD claims, and
> >show similar posting patterns in the Bob Bennett
> >posts.
>
> I need some assistance here from those who frequent the USCF
> forums. How long had Paul Trong been posting there before
> all of this? If the starting date was around the time of
> the first fake posts, that would be more believable than if
> he started long before -- which would require a family member
> inpersonating a USCF board member on the board member's PC
> in a USCF forum for a long period of time without anyone
> noticing and with no apparent motive, then to have him later
> take the blame for something he didn't do.

Paul Truong first posted to my FIDE-chess Yahoo Group as
"Chessketing" on February 14, 2003:

http://games.groups.yahoo.com/group/fide-chess/message/3751

This posting contained the now familiar grandiose claims of owning a
$7 billion company before retiring to devote himself to chess.

Starting from that date, Truong has posted 2119 times to my group.

Bob Bennett, who we now know to be Paul Truong, started posting just
before that as "bennettchess". His first posting was on February 12,
2003.

http://games.groups.yahoo.com/group/fide-chess/message/3702

Susan Polgar posting from [email protected] also started at about
the same time Her first posting was on January 23, 2003 .

SusanPolgar first joined my group on Jan 15, 2003 12:09 pm . Bob
Bennett joined on Feb 12, 2003 8:38 am
Paul Truong joined on Feb 14, 2003 12:35 pm from [email protected]

http://games.groups.yahoo.com/group/fide-chess/message/3239

Prior to that, Truong posted briefly as "ChessIntegrity". His first
posting was on January 21, 2003

http://games.groups.yahoo.com/group/fide-chess/message/3217

Sam Sloan

Date: 05 Mar 2008 18:42:55
From: help bot
Subject: Re: Revised analysis of Mottershead / Jones / Ulevitch reports

On 5, 6:56 pm, Mike Murray <[email protected] > wrote:

> In the old days (2003-4 ?), I think the FSS posted as the "Rev Calvin
> Quoz" or something like that. He wasn't into impersonation as much as
> outright bigotry and vulgarity. Then again, the Rev Calvin *could*
> have been somebody else.

I seem to recall that it was more like the
Reverend Calvin Abu Hindu Qutz. The
name Calvin is somewhat rare these
days, and it reminded me of Calvin
Blocker -- an IM I think, who played in
Ohio. I watched him "dismember" Ben
Finegold, back when the latter was still
quite young. In another tourney, I
observed Calvin Blocker himself getting
"taken apart" by Michael Wilder, who
seemed to be half asleep at the time.

I could be mistaken, but I think the
Reverend also had the title of doctor--
possibly a doctor of theology. I should
have challenged him to a game-- then
we would quickly know if he was or was
not Calvin Blocker, depending on how
much of a fight he put up before I would
have eventually checkmated him. ; >D

-- help bot

Date: 05 Mar 2008 14:48:57
From: Louis Blair
Subject: Re: Revised analysis of Mottershead / Jones / Ulevitch reports

I do not know precise dates, but I believe that the fake
Sam Sloan posts started around June of 2005. See
http://groups.google.com/group/rec.games.chess.politics/msg/b3413ef1acb5481d?hl=en

I believe that the ChessPromotion posts at the USCF
Issues forum started MANY months later.

There is a coincidence that does not involve the
ChessPromotion posts: The earliest USCF Issues
posts (that I can find) (posted by anyone) come from
around June of 2005. Don't take this too seriously
until someone checks it. I might have goofed. I am
not sure that I understand the USCF software.

Date: 05 Mar 2008 15:56:10
From: Mike Murray
Subject: Re: Revised analysis of Mottershead / Jones / Ulevitch reports

On Wed, 5 2008 14:48:57 -0800 (PST), Louis Blair
<[email protected] > wrote:

>I do not know precise dates, but I believe that the fake
>Sam Sloan posts started around June of 2005. See
>http://groups.google.com/group/rec.games.chess.politics/msg/b3413ef1acb5481d?hl=en

>I believe that the ChessPromotion posts at the USCF
>Issues forum started MANY months later.

>There is a coincidence that does not involve the
>ChessPromotion posts: The earliest USCF Issues
>posts (that I can find) (posted by anyone) come from
>around June of 2005. Don't take this too seriously
>until someone checks it. I might have goofed. I am
>not sure that I understand the USCF software.

In the old days (2003-4 ?), I think the FSS posted as the "Rev Calvin
Quoz" or something like that. He wasn't into impersonation as much as
outright bigotry and vulgarity. Then again, the Rev Calvin *could*
have been somebody else.

Date: 04 Mar 2008 23:49:25
From: Guy Macon
Subject: Re: Revised analysis of Mottershead / Jones / Ulevitch reports

Content-Transfer-Encoding: 8Bit

[email protected] wrote:
>
>Guy Macon <http://www.guymacon.com/> wrote:
>
>> Possible explanation #4:
>> Someone else had physical access to Truong's computer.
>>
>> Not a reasonable explanation. This would require a wife, girlfriend
>> or child was pretending to be Truong, and Truong not noticing a
>> large number of bogus posts in his name. �Also, Truong has never
>> claimed that it was someone else in his house.
>
>Actually, this explanation was floated once, in one of the odious
>anonymous postings. It was phrased strangely, as if Sloan knew that it
>was true and was choosing to ignore it.
>
>It would raise some interesting issues, but would not exonerate Truong
>completely. It makes me very uneasy to bring children into this
>discussion who are almost certainly blameless,
>so I think it should not be probed further unless it is brought up as
>an actual defence.
>
>I might be more inclined to consider this as an actual possibility if
>Paul himself did not already show dishonesty in the PhD claims, and
>show similar posting patterns in the Bob Bennett
>posts.

I need some assistance here from those who frequent the USCF
forums. How long had Paul Trong been posting there before
all of this? If the starting date was around the time of
the first fake posts, that would be more believable than if
he started long before -- which would require a family member
inpersonating a USCF board member on the board member's PC
in a USCF forum for a long period of time without anyone
noticing and with no apparent motive, then to have him later
take the blame for something he didn't do.

Date: 04 Mar 2008 12:00:31
From: help bot
Subject: Re: Revised analysis of Mottershead / Jones / Ulevitch reports

On 4, 11:55 am, Guy Macon <http://www.guymacon.com/ > wrote:

> I would also like to note that when I first posted this
> analysis, I invited those who think that Truong did
> not generate any of the fake posts to please weigh in
> with possible explanations I may have missed, rational
> analysis of my comments below, or any other reasoned
> discussion. It has been six weeks and nobody has
> attempted to refute my analysis. I repeat my request
> now; I try very hard to be fair to everyone, and would
> very much welcome anyone blowing holes in my reasoning.

Actually, it has already been pointed out here
that evidence pointing to Paul Truong might
just as well implicate his wife, Susan Polgar.

Every "report" I have seen discussed here
seems to merely /assume/ that PT -- and not
his wife, SP -- posted from PT's computer.
Where is the evidence which indisputably
exonerates SP?

This reminds me of the story about a man
who went around complaining that the whole
world stank; it turned out that he just had
some mustard over his lip. Now, if SP and
PT traveled everywhere together, then all the
so-called evidence relating to his where-
abouts implicates them both equally, along
with anyone else they may have dragged
along. One possibility is that both PT and
SP made some of the FSS postings.

-- help bot

Date: 04 Mar 2008 11:40:56
From: Mike Murray
Subject: Re: Revised analysis of Mottershead / Jones / Ulevitch reports

On Tue, 04 2008 16:55:35 +0000, Guy Macon
<http://www.guymacon.com/ > wrote:

>Unless someone can show me another possible explanation or convince
>me that one of the above possible explanation's holds water, I can
>only conclude that the evidence presented so far points to Truong
>generating the fakes analysed by Mottershead.

>Truong has repeatedly claimed to have evidence that he is withholding
>that proves his innocence. I cannot evaluate that claim without
>seeing that alleged evidence. Thus my final conclusion is still open
>to revision based on new evidence.

Your analysis and conclusion is very reasonable. Right-thinking
people hold open the option of revising their opinions if presented
with new evidence.

The PT supporters seem to have abandoned direct attack on the Report.
Instead of producing new evidence, their current strategy seems to be
to (1) claim knowledge of important exculpatory evidence they have
been forbidden to examine (2) make various ad hominem attacks against
Mottershead himself, (3) create distraction by pointing out
deficiencies in USCF management and operations (many of them true, but
not relevant to the FSS problem), (4) continually complain that the
Report was unauthorized or the impacts of dealing with it are too
expensive.

But they never quite cross the line into accusing Mottershead of
fabricating the underlying data And they avoid being pushed into
saying that the report, true or false, should be tossed because of
problems with authorization. And they have no real answer when folks
ask why PT's attorneys don't go after the "forbidden data".