Registration Packet For 2014-2015: Fill & Download for Free

What sort of improvement exactly do you want? I am sharing some of the improvement's made on IRCTC website over the year.Internet Ticketing:Internet ticketing on IRCTC website was started in year 2002 with 29 tickets on the first day. This has now increased to more than 13 lakh tickets booked in a single day (achieved on 01/04/2015).Internet ticketing on IRCTC website has progressively increased over the years and its share in the total reserved tickets has also progressively increased.Due to increased demand of e-ticketing and capacity constraint there were problems in ticket booking process and complaints of website slowness and non availability. The Next generation e-ticketing system(NGeT) was launched on 28/04/2014 to handle increased ticket booking. The capacity was increased from 2000 tickets in a minute to 7200 tickets in a minute . The capacity of NGeT was further increased to 15000 tickets in a minute in 2015 to book tickets fast and easily. The e-tickets may be booked easily and faster through website and the IRCTC website is able to handle 15000 tickets per minute at present. The concurrent user connections were increased from 40,000 to 1,20,000 in NGeT, which has further been increased to 3,00,000 before Diwali rush. The enquiries in NGeT have also been increased from 1000 per second to 3000 per second. Capacity in NGeT was increased this year by doubling the servers in integration layer and adding storage space.Scripting:A scripting or script language is a programming language that supports scripts, programs written for a special run-time environment that automate the execution of tasks that could alternatively be executed one-by-one by a human operator. Scripting languages are often interpreted (rather than compiled). Primitives are usually the elementary tasks or API calls, and the language allows them to be combined into more complex programs. Environments that can be automated through scripting include software applications, web pages within a web browser, the shells of operating systems (OS), embedded systems, as well as numerous games. The scripting technology is also useful to automate the process of filling the data in web pages at client end. The scripting is available in google chrome, Mozila and other browsers.CAPTCHA:CAPTCHA Tells Humans and Computers Apart Automatically. A CAPTCHA is a program that protects websites against attacks by generating multiple automatic requests using scripting technology or other computer program. In general, a CAPTCHA is used to prevent abuse by automated scripts.Scripting on IRCTC website:The demand of Tatkal and ARP (Advance Reservation Period) tickets is increasing day by day hence use of Scripting technology is also increasing on IRCTC website client end web pages for filling up the various forms used during ticket booking process for faster booking. This Scripting technology and tools are being used by programmers for developing software like Black TS etc for faster filling the forms used during ticket booking process. The parameters at client end can be easily seen by programmers of any website and may be used for scripting. The scripting tools, technology is available online and Google Chrome and Mozilla Browsers support the scripting. The scripting software for input at client end may be developed easily for any website. Since the scripting at client end cannot be stopped, the impact of the use of scripting technology has been negated by the various checks in the form of Captcha , Time delay and other server side checks. Banks have also implemented OTP in net banking to control the automated booking using scripting software/tools.Checks Implemented on IRCTC website to stop misuse of Internet Ticket booking facility by the use of automated softwares:Registration:CAPTCHA is implemented on IRCTC website at Registration page to stop automated registrations.Single email, single Registration is also implemented on website to stop multiple registrations on one Individual email-id. Verification link is sent to email-id for verification.Single Mobile, single Registration is also implemented on website to stop multiple registrations on one Individual Mobile. OTP (One time password) is sent to mobile to verify Mobile.Booking:(i) Minimum form filling time check implemented in passenger reservation form.(ii) Minimum payment time check implemented for payment process.(iii) Only two Tatkal tickets can be booked for single user ID in opening Tatkal Hrs. i.e 10-12 hours .(iv) Maximum 12 tickets in a month can be booked on an user ID if its linked to aadhar card.(v) One user can do only one login at one point in a time.(vi) Only one Tatkal ticket in single session (except return journey).(vii) Only two opening Tatkal tickets per IP address.(viii) OTP (One time password) is implemented in net banking payment options.(ix) Captcha is implemented at login, Reservation Form page and Payment page.Time taken in Booking of ticket:The Next Generation e-Ticketing System (NGeT) is able to handle load of 15000 tickets in a minute. Hence 250 tickets can be booked concurrently in a second. At best, an individual user can book his ticket in 35 seconds.. The time taken for ticket booking depends upon the speed of internet at client end, form filling speed of individual and bank response time. At reservation counters, a ticket can be booked in less than 35 seconds.To stop the misuse of website various time checks and Captcha have been implemented as discussed above. With these checks in place, it is not possible to book any Opening Tatkal ticket by any software being sold in the market earlier than 35 seconds. Tables shown below which indicate first 35 seconds bookings and 36th second to 60th second booking separately at 10:00 AM and 11:00 AM for Opening Tatkal at PRS counters vis a vis IRCTC website.Table-D: First Minute Tatkal ticket booking in AC Classes at 10:00 AM.Table-E: First Minute Tatkal ticket booking in Non AC Classes at 11:00 AM.From the above tables, it is clearly evident that while it is possible to book tickets through human process at PRS counters within first 35 seconds, it is not possible to book any Tatkal ticket in first 35 seconds on IRCTC website even by using scripting software. The claim made by various software sellers in the market that their software can book Tatkal in 10 to 20 seconds is not factually correct. Further, only 5 to 6 Thousand tatkal tickets are booked in the first minute both at PRS counters and IRCTC website put together out of the total 1.5 lakhs Tatkal tickets available on PRS. This again is contrary to the claim made by the media that entire Tatkal tickets are booked within first 30 seconds by using automated software.Security measures to control HackingMultilayered security with deep defense in the NGeT system:1. State of the art perimeter security in the data center comprising of front-end & backend firewall, network intrusion prevention system, Web application firewall, Security information event management(SIEM) , host intrusion prevention system (HIPS), OS hardening on all servers , Web/App server hardening, database server hardening, Spring security framework in the application software.2. All best practices for ensuring security in the application software have been followed. All 10 OWASP (Open Web Application Security Project) application software vulnerabilities have been addressed..3. By dint of these security measures, no hacking attempt has been successful on the NGeT system. All intrusion or Distributed Denial of Service (DDoS) attempts have been thwarted.Third party auditPeriodic external audits are being conducted. In a recent audit done by STQC (Standardization, Testing and Quality Certification) ,DeitY, Govt. of India, the auditing agency has certified that the web application is free from OWASP top 10 and any other known vulnerabilities; and is safe for hosting.Pre-launch Source code audit by Cert-In (Computer Emergency Response Team - India), DeITY Govt. of India, was conducted.Real -time feed of internet traffic to Cert-IN for security alerts:Packet headers of traffic traversing through internet gateway routers are forwarded in real-time to CERT-In for their analysis & reporting. In response, CERT-In sends real time alerts (in case some malicious activity is detected) and weekly reportsSource:- pib.nic.in

From Deconstructing the Great Firewall of China—————————————————————Technical ComponentsIn China, the Internet developed with choke points built into it. Virtually all Internet traffic between China and the rest of the world travels through a small number of fiber-optic cables that enter the country at one of ten different backbone access points, seven of which had only been added in January 2015. A limited number of international entry points, coupled with the fact that all Internet service providers in China are licensed and controlled by the Ministry of Industry and Information Technology, mean that Chinese authorities can analyze and manipulate Internet traffic much more easily than, say, the United States. Built in 1999, the Great Firewall is the blanket term for the collection of techniques used to filter traffic in China. However, it’s a bit of a misnomer since not all filtering occurs strictly at China’s borders, nor does all traffic flow through a firewall, as we’ll soon see. In this section, we’ll dive into the technology behind the major technical elements that comprise the Great Firewall.IP blockingThe method of blocking IP addresses is generally very low cost and easy to deploy. Equipped with a blacklist of undesirable IP addresses, routers drop all packets destined to blocked IPs, which could include the address of a sensitive site like the New York Times, or of a public DNS resolver like Google’s. In China, an IP blacklist is injected via BGP using null routing. Null routes for destinations on a provided IP blacklist are propagated into the network, forcing routers to drop all traffic bound for blocked IPs and effectively creating a black hole. Although null routing can only block outbound traffic and permits inbound traffic, it’s usually enough to block a website because most Internet communication can be established only with two-way interaction.IP blocking is a particularly lightweight censorship solution — the government can maintain a centralized blacklist without much involvement from the ISPs, and thus without much risk of leakage. Null routing also adds only a tiny load to ISPs’ filtering routers, and no special devices are needed. However, IP blocking has a few main problems: first, the blacklist of IP addresses has to be kept up to date, which could be difficult if the blocked content provider wants to make it hard for the ISP to block their sites, as changing or rotating IP addresses is fairly trivial. Second, China runs the risk of accidentally leaking these null routes to neighboring ISPs outside the country, as Pakistan did with null routes to YouTube, blocking YouTube for most of the world in 2008. Finally, the system can also very easily suffer from overblocking, since many innocuous websites may share an IP address or address block with a banned site.In the past, censored websites like Falun Dafa’s have used this overblocking tendency to their advantage by deliberately introducing collateral damage. Falun Dafa | Falun Gong | 法轮大法 | 法轮功 began to resolve to the same IP address as The Massachusetts Institute of Technology (MIT), and as a result the Great Firewall blocked that address. MIT’s OpenCourseWare site was thus inaccessible for Chinese users, leading to such a public outcry that the block was revoked.DNS tampering and hijackingBecause changing domain names is not nearly as trivial as changing IP addresses, DNS-related techniques are often used in conjunction with IP blocking. DNS tampering involves falsifying the response returned by the DNS server, either through intentional configuration or DNS poisoning. The server can lie about the associated IP address, any CNAMEs related to the domain, the authoritative servers for the domain and the existence of the domain itself. As a result, users are given false responses for censored sites like Twitter, and websites are blocked at the domain level. Used together, DNS tactics and IP blocking can effectively seal off censored sites and servers on both the domain and IP levels. As an example, DNS poisoning has been used not only to block sensitive content but also to promote home-grown businesses: for two months in 2002, Google redirected to Baidu, China’s search engine equivalent.Apart from DNS tampering, routers can also disrupt unwanted communication by hijacking DNS requests containing banned keywords and injecting forged DNS replies. Researchers found that DNS-based censorship occurs in China’s border ASes, usually two or three hops into the country, using a blocklist of around 15,000 keywords. Injections of fake DNS A record responses will successfully block sites even when users use third-party DNS resolvers outside the country, since the Great Firewall will still answer queries sent to those resolvers.The first reports of DNS injections date back to 2002, when spoofed responses took the form of the same poisoned record for all blocked domains. By 2007, this had evolved into using keyword filtering and the use of at least eight different IP addresses in injected replies. DNS servers are also affected by this practice, since the servers themselves cache tampered DNS responses received from within the Chinese network.Figure 1: Routers hijack DNS requests containing sensitive keywords by injecting forged DNS replies.DNS servers along the route will also cache the tampered DNS responses.Once sites are blocked, there’s little recourse. While the Great Firewall censors actively uncover and censor new undesirable domain names, they don’t particularly attend to unblocking — researchers observed that more than two-thirds of censored domains had expired registrations.Collateral DNS DamageDNS-related techniques can certainly be powerful, though they also have the potential to have unintended consequences. In deploying DNS injections, The Great Firewall does not distinguish between traffic coming in and out of the country. As a result, large-scale collateral damage occurs, affecting communication beyond the censored networks when outside DNS traffic traverses censored links. Collateral damage can occur whenever a path passes through a censored network, even if both the source and destination are in non-censored networks.Paths from recursive resolvers to root name servers located in China seldom suffer from collateral damage, since the roots are heavily anycasted and DNS queries to the root rarely transit Chinese networks. In contrast, substantial collateral damage occurs when resolvers query top-level domain (TLD) name servers whose transit passes through China. For example, let’s say a US-based DNS resolver needs to resolve a query for Epoch Times - Online Nachrichten aktuell and thus needs to contact one of the DNS TLD authorities in Germany. If the path to the TLD authority passes through China, the Great Firewall will see this query and inject a false reply, which the US resolver will accept, cache and return to the user, preventing the user from reaching the correct web server. Without DNSSEC validation, the resolver will generally accept the faked answer because it usually arrives earlier than the legitimate one; as a result, access to the site is blocked.Research showed that Chinese DNS injection affected 15,225 open resolvers (6% of tested resolvers) outside China, from 79 countries. In addition, the TLD suffering from the most collateral damage was .de, due to the fact that a large amount of Germany-bound transit from the United States and Japan passed through China.The use of anycast DNS authorities, where a single IP address may represent a widely deployed system of servers, further complicates the picture. Even though two resolvers in different networks are attempting to contact the same IP address, they may reach different physical servers along very different paths, some of which may pass through censored networks.Another unintended consequence of DNS-related censorship practices is that huge loads of traffic can be accidentally redirected to innocent, unprepared sites. Take, for example, the purposeful misdirection of torproject.org, an organization that provides a number of tools to bypass censorship. Researchers found that a number of DNS server responses in China all redirected Tor Project traffic to a unique alternative domain, which turned out to be the site of a pet grooming service in Florida. The site’s webmaster didn’t know the reason behind their large volume of Chinese traffic until being contacted by researchers!Another example of DNS poisoning gone wrong in China occurred on January 21, 2014, when a large number of domains were mistakenly resolved to a single IP address owned by Dynamic Internet Technology, a small U.S. company that provides services to bypass the Great Firewall. Many hypothesized that the Great Firewall might have intended to block the IP but instead accidentally used that IP to poison a number of domains. It was estimated that as much as two-thirds of Chinese traffic — 200 million users — was disrupted for more than an hour, and the effects reverberated for as long as 12 hours as the cached bogus records expired. Users in China couldn’t access a range of major local websites including Sina and Baidu. The misdirection had the effect of an enormous DDoS attack on Dynamic Internet Technology, which saw hundreds of thousands of visitors per second.Judging by the work of researchers and recent events, it’s clear that DNS-based censorship has evolved into a powerful tool that can have significant repercussions even outside China’s borders. But we’re not done yet — at the heart of the Great Firewall is deep packet inspection.Deep packet inspection and keyword filteringMost content inspection schemes work by passing all traffic through a proxy that refuses to serve results for forbidden material. However, a proxy-based system that can cope with the traffic volumes of a major network, or an entire country, would be extremely expensive and difficult to scale.The alternative content inspection method deployed by China uses components from an Intrusion Detection System (IDS). Filtering routers pass copies of passing traffic to out-of-band devices based on IDS technology. The packets continue on their path unhindered while the IDS technology inspects the copies to determine whether the content of the packets, including the requested URL, matches the Chinese government’s blacklist of keywords. Specifically, since late 2008, Chinese censors only inspect the first HTTP GET request arriving after a TCP handshake, ignoring HTTP responses and even GET requests without a preceding TCP handshake. This is likely for the sake of efficiency and speed. In addition, the Great Firewall can reassemble both IP fragments and TCP segments for HTTP connections. It’s able to do all of this by maintaining state — a powerful functionality that most other censorship systems have not yet achieved.On-path systems (as opposed to in-path barriers) like China’s have the advantages of being more efficient and less disruptive if they fail. However, they also have the disadvantages of being less flexible and stealthy than in-path systems, where all traffic flows through a firewall. This is because they can’t prevent in-flight packets that have already been sent from reaching their destinations; only injections of spoofed traffic can be used to terminate connections.Figure 2: Filtering routers pass copies of passing traffic to out-of-band IDS devices that inspect for blacklisted keywords.Sensitive content is blocked by injections of forged TCP resets.If the IDS technology detects undesirable content and determines that a connection from a client to a web server is to be blocked, the router injects forged TCP resets (with the RST flag bit set) into the data streams so that the endpoints abandon the connection. After blocking the connection, the system maintains flow stateabout source and destination IP addresses, port number and protocol of denied requests in order to block further communication between the same pair of machines, even for harmless requests that would not previously have been blocked. It continues the block using more injections of forged TCP resets that are constructed with values based on the SYN/ACK packet observed even before the GET request. These timeouts can last for up to hours at a time and escalate if more attempts are made to access the censored content. The timeouts can also have the effect of blocking other users or websites located in the same address block.Because the Great Firewall doesn’t stop packets from traveling to their destinations, it’s very possible that one or multiple legitimate responses from the destination web server make their way back to the client before the TCP reset arrives. As a result, blocking takes the form of multiple spoofed TCP reset packets, each slightly different in an attempt to ensure that the client terminates the TCP connection in all possible cases. In the majority of connections, four spoofed packets are returned, each with a different sequence and acknowledgement number. The ACK numbers of three of these spoofed reset packets either correspond to the sequence number in the original client packet or are offset by the full size (1460 bytes) of one or two packets, providing for the case where the reset beats all legitimate packets to the client, and the cases where one or two legitimate full-size response packets have already reached the client. The fourth spoofed reset packet arrives without a corresponding ACK number, which would suppress the connection in cases where non-standard packet lengths are received on systems that will accept a reset without an ACK number.Figure 3: Blocking takes the form of multiple spoofed TCP reset packets, each slightly different in an attempt toensure that the client terminates the TCP connection in all possible cases.So where in China’s network does the filtering happen? Research indicates that filtering occurs more on the AS level rather than strictly at border routers. The majority of filtering devices are located in border and backbone ASes that peer with foreign networks, as they can most easily serve as traffic choke points. However, there are exceptions, and even the two largest ISPs in China differ in their approaches to censorship. Specifically, CNC Group (owned by China Unicom) places the majority of its filtering devices in the backbone as expected, but ChinaNet (owned by China Telecom) offloads much of the burden of filtering to its provincial networks, with the result that many of its filtering devices are located in internal ASes. ChinaNet is a much larger network operator with three times more peerings with foreign ASes than CNC Group. Placing all filtering devices in the backbone could create a bottleneck for such a large operator as ChinaNet, and this may partly explain ChinaNet’s distributed approach. While the Chinese government provides guidance on content and keywords to be censored, it’s ultimately the ISPs that make decisions around the actual implementation of online censorship.We can see signs of ChinaNet’s censorship approach in a test running from our Cloud Agents in China to Log In or Sign Up. Traces from the Shanghai and Wuhan agents are stopped in the China Telecom network (AS 4812) and the China Telecom Backbone (AS 4134), respectively. Research has found that only 49 of 374 filtering interfaces in AS 4134 actually belong to the backbone; the rest belong to provincial branch companies, so it’s actually quite likely that these traces are being filtered in provincial networks. Further, the traces from the Guangzhou and Chengdu agents are stopped in provincial networks, confirming that ChinaNet does indeed conduct filtering there.Try the interactive data below.Shanghai, ChinaGuangzhou, ChinaWuhan, ChinaChengdu, ChinaFigure 4: Traces from the Guangzhou and Chengdu agents are filtered in ChinaNet’s provincial networks.For all its sophistication, the Great Firewall still has its shortcomings. The keyword filtering method can suffer from overblocking — for instance, because the names of party leaders (like Hu, Xi and Wen) are often sensitive keywords, Chinese terms like xue xi (study), hu luo bo (carrot), and wen du ji (thermometer) are also likely to be banned.The Great Firewall has its holes too: Researchers observed that filtering is inconsistent, allowing up to one fourth of offending packets through during busy Internet traffic periods. As a result, some believe that keyword filtering functions more as a “panopticon” than a firewall. A metaphor borrowed from architecture, a panopticon is a type of building that allows a watchman to observe all occupants without the occupants knowing whether they are being watched. In other words, the Great Firewall’s keyword filtering mechanism doesn’t need to block every illicit word, but only enough to promote self censorship. The presence of censorship, even if easy to evade, promotes self censorship, ultimately achieving an Internet aligned with the Chinese government’s goals.Other TechniquesApart from the techniques inextricably entwined with the infrastructure of the Chinese Internet, authorities also employ a number of other strategies to plug the remaining holes in the Great Firewall.Filtering at the client machineIn 2005, Skype and TOM Online partnered together to produce TOM-Skype, a custom version of Skype, at the request of Chinese authorities. TOM-Skype was generally the only version available within the country, since Skype | Free calls to friends and family and all related domains were redirected to http://skype.tom.com. This version routinely collects, logs and captures millions of records that include personal information and contact details for chat messages or voice calls placed to TOM-Skype users, including those from the regular Skype platform. TOM-Skype automatically scans incoming and outgoing chat messages for sensitive keywords on a blacklist. While it once blocked sensitive messages, now when a TOM-Skype user sends or receives a chat message that contains a blacklisted keyword, the conversation is allowed to continue and is uploaded and stored on TOM-Skype servers in China for surveillance purposes. Unfortunately, researchers discovered that these messages, along with millions of records containing personal information, were stored on insecure publicly-accessible web servers together with the encryption key required to decrypt the data. As a result, this tremendous vault of sensitive information was essentially made public.Skype and Microsoft came under fire for their complicity in China’s surveillance and censorship practices, and in November 2013, Skype ended its joint venture with TOM, lifting all censorship restrictions on their China product so that all information began to be communicated directly to Microsoft via HTTPS.While the deployment of this filtering technique may have been challenging, it had the advantage of not consuming any network resources or requiring any enhancement to network hardware. The expansion of keyword filtering to the client machine is also particularly interesting, as it establishes yet another site for the battle over information taking place between governments and political activists. While new technologies provide an innovative platform for netizens to communicate globally, they can also provide governments with the ability to monitor, track and even suppress political activity.Manual enforcementAn estimated 50,000 employees make up the Chinese Internet police force that manually monitors online content, directly deleting undesirable content or ordering websites, content hosts and service providers to delete offending material. In addition, the government hires around 300,000 Internet commentators that make up the 50 Cent Party. Paid at the rate of 50 cents RMB per post, these commentators post content and comments that promote the Communist party and disparage government critics and political opponents.Self censorshipThe Chinese government has also been successful in fostering a culture of self censorship on the Internet. Not only are ISPs expected to monitor and filter content on their networks according to state guidelines, but all Internet companies operating in China are also required by law to self censor their content. As a result, many large Internet companies also employ their own computer algorithms and human editors to identify and remove objectionable material. If companies can’t successfully censor their content, they face harsh penalties: warnings, fines, temporary shutdowns and possible revocation of their business licenses. Netizens themselves are also expected to toe the party line online, and similarly face serious consequences — you could lose your job, be held in detention or go to prison. There’s even a euphemism for the stern warning you could receive: being “invited to have a cup of tea” with government officials.A Formidable ForceAfter our review of China’s extensive system of censorship, it’s obvious that it’s a powerful, evolving force to be reckoned with. As the multitude of censorship tools that make up China’s Great Firewall grow in sophistication and reach, netizens both inside and outside China will likely become increasingly concerned about the security and privacy of the Internet they traverse every day. A number of examples we explored in this post — including collateral damage from the Great Firewall and monitoring communications with TOM-Skype — have had significant repercussions even outside China’s borders, often in stealthy ways that only a tiny minority of users notice. As new technologies and information battlegrounds emerge, and as nations’ digital boundaries begin to blur, it will become increasingly important to understand the implementation and ramifications of Internet control and manipulation both inside and outside a country’s borders.

I think he’s very likely the current Q. There have been two main ones, likely other than the kid/troll who started “QAnon” in the first place. Here’s the story.Part 1: The Image BoardsSo it all begins with 2channel. 2channel was founded in 1999, created by Hiroyuki Nishimura, in Japan, and at one point saw 10 million users per day and 2.5 million posts, the largest text board in the world at that point. In 2007, it saw an annual revenue of ¥100 million!2channel was particularly popular with Japan’s *netto-uyoku,* their extreme xenophobic right wing. 2channel was also suspected as a site for drug dealing, and other criminal behavior, though no changes were filed. Lawsuits, on the other hand, were plentiful. Nishimura, saw over one hundred lawsuits filed.Perhaps due to the all the flack or whatever, in 2009 Hiroyuki Nishimura transferred ownership of 2channel to an unknown company in the Philippines, Packet Monster Inc., though he retained control and full involvement. The site site and domain were hosted by a company called N.T. Technology in San Francisco, a company specializing in hosting Japanese pornography sites, and was not at the time concerned with 2channel’s content.In 2003, Christopher “moot” Poole launched 4chan, intended to be an English language clone of 2channel, based initially on 2channel’s open source code. Poole was 15 years old when he launched the “image board” platform.An interesting feature of 4chan was the use of trip codes rather than registration. Anyone could post under any name, but those who so-desired could use these trip codes to prove their identity.Being anonymous brought in lots of traffic, not all of it necessarily desirable. 4chan saw boards about Japanese Anime, but eventually others were created, including some involving child pornography. Those were deleted in 2004 after threats of legal action, but some damage was done, and 4chan lost their domain registrar, causing a move to a new registrar and 4chan . org. Paypal suspended their account, just at the time Poole was deep in debt and running out of money.That child pornography experience got Poole more proactive about dumping really objectionable content — the kind of stuff that could get his web service providers to drop him. This started with the incels, lots of violent, anti-female content, including doxing and threats of rape or murder against specific people. In 2011, one of the generic boards had been taken over by racists — they were tossed. And they trouble with web attacks, bots, etc.They implemented reCAPTCHA to thwart bots, but that angered some users. So in 2012, a pay-for “4chan pass” allowed users to bypass the authentication, and provided at least some income for the site. Still, Poole was having trouble making a go of it, and ultimately stepped down from administrator in early 2015, and later that year, announced that the site had been sold to 2channel creator Hiroyuki Nishimura.Another programmer had noticed the success of 2channel. In 2013, Fredrick “Hotwheels” Brennan unveiled 8chan, another new imageboard, which soon became a haven for users too crazy, radical, or racist for 4chan. So it’s not exactly a shock that this became a hotbed of barking mad conspiracy theories. Because, seriously, what else do these folks have in their lives?Brennan welcomed everyone all over to 8chan — he didn’t have a problem with Nazis, white supremacists, incels, anti-Semites, conspiracy nuts, child pornographers, etc. In the month of the initial exodus from 4chan, 8chan went from 100 posts per hour to 4,000 posts per hour. Brennan had real problems keeping up with this volume of traffic, but that is how you make money — if you can at all — in the business. And with that popularity came problems: 8chan had been delisted from Google, lost its domain server, etc.Anyway, Brennan, under increasing pressure in the USA, made a deal to work with the Japanese site 2channel. Which had been the inspiration for his 4chan, anyway, and which, curiously, wasn’t located in Japan at all, or in California, but now the Philippines.Enter Jim Watkins. Mr. Watkins was the founder and owner of the web hosting and registrar company used by 2channel, N.T. Technology. He created this back in the 1990s while enlisted in the US Army and working as a helicopter repairman. N.T. Technology’s main purpose was providing web and domain hosting services, initially to a Japanese pornography site called “Asian Bikini Bar.”Before too long, he was hosting a number of Japanese pornography sites that, based on their content, couldn’t be hosted in Japan due to censorship issues: no “southern” naughty bits in Japanese pornography. And while it was never brought to court, investigators found that N.T. Technology was hosting a number of sites names suggestive of child pornography.Anyway, after he left the Army, around 1999, Watkins moved his business to the Philippines. In 2005, he established businesses under the names Race Queen and Loki Technology, and at some point, a conspiracy-theory-laden internet “news” organization called The Goldwater[1].As mentioned, Watkins was hosting 2channel. After a credit card breech on 2channel, Watkins at least claimed that Nishimura/Packet Monster couldn’t pay him. Nishimura disagreed, claiming he paid in full. Anyway, Watkins ceased 2channel’s domain, and in 2014, proceeded to set up his own version of 2channel (changed to 5channel in 2017, as Nishimura owned the copyright). Packet Monster also got themselves a different URL and a new host, so there were actually two different 2channels (oh, the irony!) active at the same time. By 2017, Watkins’ version of 2channel was seeing 2.5 million posts per day, while the original owners’ site was down to 5,700 posts.So meanwhile in the Philippines, Jim Watkins’ son Ron had seen an item about Brennan and his troubles on television. Watkins called Brennan and offered a partnership, as long as Brennan was willing to relocate to the Philippines. Brennan, of course, knew about 2channel’s success (though not the theft of it), so he moved to Manila. Later that year, the ownership of 8chan was transferred to Watkins. Brennan stuck around until sometimes in 2016.Part 2: Q-AnonThen there was Qanon . 4chan was swimming in “Anonymous” login handles: FBIAnon, CIAanon, HLIAnon, Pamphlet Anon, etc. (if you entered no handle, you got “Anonymous” automatically assigned, these others were intentional). And as mentioned, anyone could use any name — there could have been a dozen FBIAnons posting under than name. But regardless, all these claiming to have secret knowledge, all pretty silly due to the complete lack of knowledge of their claimants. But that is what conspiracy theories are always about — something that seems like it might be true to a person with little knowledge, no critical thinking skills, and some desire for that odd thing to actually be true.So one of these was Q-Anon, which started on 4chan in the fall of 2017. The “Q” was due to the original posts claimed to be from someone with government clearance working for the Department of Energy. Q clearance or Q access authorization is the United States Department of Energy security clearance required to access Top Secret Restricted Data, Formerly Restricted Data, and National Security Information, as well as Secret Restricted Data. It’s all about access to top secret nuclear information. And here’s the first speedbump: if there were these kind of deep, dark secrets being revealed to certain people with top secret clearances, it wouldn’t be people with clearance to nuclear secrets. That’s not how security clearances work. They are extremely compartmentalized.So what seems to be the case is that, after these few posts among dozens of nonsense, jokes, and conspiracy theories, three people on 4chan took over the Qanon conspiracy theory from its unknown originator, who was likely just trolling, as were most of the “Anon” accounts. The so-far-unnamed usurpers included one YouTube video creator and two 4chan group moderators. From the analysis, it seems the “drops” themselves were written by just one of the three.And for whatever reasons, Qanon took off. It’s not a huge shock: people are on the fringe of society and reality because they don’t get what they’re looking for in the real world. 4chan was already rife with conspiracy theories, to the point where it was a very effective filter bubble for conspiracy theorists. If you believe one or two conspiracy theories, you will probably believe just about anything under the right circumstance .So curiously, as the Q-drops migrate to 8chan, the authorship of them seems to have changed, based on analysis of the writing[2] . It seems highly likely that, since moving to 8chan, Ron Watkins is writing the Q-drops. His father may be helping out. After all, Ron Watkins had been the business of spreading hate, conspiracy theories, and other dark crap for nearly two decades at this point. Qanon was entirely on-brand.And this was going along just swimmingly until authorities started to link 8chan to international acts of terrorism: the mosque shootings in Christchurch, New Zealand; the murder in synagogue in Poway, California; and the massacre in El Paso . Killers were posting manifestos on 8chan, sometimes right before committing their evil deeds, and inspiring others to do likewise.After El Paso, security company CloudFlare dropped 8chan as a customer, only the second time they had done that. The first was the Nazi news site, The Daily Stormer. This and other measures lead to 8chan going dark.But it resurfaced. Watkins found a far more permissive security company in VanwaTech LLC, based in the USA, to replace CloudFlare, and were reborn as 8kun. Eventually, they moved to a Russian security company. So today, all Q-drops happen on 8kun.But it wasn’t just 8chan/8kun that popularized the barking mad Qanon conspiracy theory. Another big impact was from the Qmap . pub site.This site was created by Jason Gelinas[3], at the time a senior vice president in CitiBank’s technology group, running artificial intelligence projects on Wall Street. He was married, had kids, a nice normal house in the North Jersey suburbs, etc. But he started going bonkers on politics. There is a personality type that’s susceptible to conspiracy theories. Intelligence and scientific thinking may help you avoid such traps, thing that seem silly and obviously works of bad fiction for those outside the conspiracy theorist’s filter bubble. But you can’t bet on intelligence keeping everyone away from such nonsense.So anyway, by mid-2018, Gelinas’ Qmap side-project was getting 10 million hits per day. He had designed it as a means of introducing the Qanon madness to regular people — “normies” as he put it — soccer moms, white-collar workers, etc. For reasons initially unknown, he wasn’t making money directly from Qmap. But he tied this site together with a Patreon site, which allowed him to collect several thousand per month from Qanon followers without the usual level of interference you’d get on large, open social media sites (if you’re unfamiliar, you pay on Patreon to be privy to special works from your chosen content creator). Not surprisingly, Gelinas had problems with technology providers for Qmap, and eventually enlisted VanwaTech for his security.It was a bit later, after it came out that the massacre in ChristChurch was assisted though 8chan/8kun, Fredrick “Hotwheels” Brennan — who, if you’ll recall, left 8chan in 2016 — got re-involved. This time, though, he was an unlikely force for good, trying to take down Qanon! He had been tracking down the companies hosting 8chan, outing them on Twitter, and helping to get them shut down. At least in the USA. Qmap’s move to VanwaTech alerted Brennan to Qmap, which he characterized as “the main vector for Q radicalization”. So there you go: at least some people fell into the Qanon idiocy by being intentionally targeted with a less extreme facade.Brennan’s efforts managed to attract a few online researchers, fact checker Joe Ondrak and AI researcher Nick Backovic. Together, Ondrak and Backovic managed to track down QMap to a company called Patriot Platforms, and then to Gelinas as its sole employee[4], and clearly the guy running Qmap . Very quickly, Gelinas ghosted himself and his wife from all social media, and CitiBank fired him for violating company policies. Apparently, Gelinas had been building a Qanon social media networking app at the time as well.And it gets weirder yet. In late 2020, Brennan managed to track down the fact that both 8kun and QMap used the same content delivery network service. Digging deeper, he found that other than QMap and various Watkins domains, only The Daily Stormer — the Nazi website — uses that service company. Which was founded in late 2019, a few weeks before 8chan, which had been resoundingly kicked off a variety of web services by then, sprung back to life as 8kun. So while it was well hidden, and while Gelinas denied any connection to Watkins, it seems that while Gelinas wrote it and ran it, Watkins also actually owned QMap as well. In short, Watkins owned pretty much the entire original content world of Qanon — everything else was an echo.Jim Watkins’ background in fake news and other radical sites made him, not a surprising or questionable purveyor of Qanon stuff as some pundits have suggested, but an ideal one. None of the Qanon material has the slightest ring of truth to it. And of course, it didn’t happen in a vacuum. A large bit of the Q mythology had been worked out by the previous owners on 4chan and YouTube. All Watkins had to do to keep making money was to make himself and his son Ron the center of the Qanon universe and keep it going in the same direction[5]So is Ron Watkins “Q?” We know it’s one writer at this point, and it could be either Ron or Jim, but it’s pretty likely they’re doing it together, regardless of who’s putting pen to ink or fingers to keys to actually write the “drops.”Footnotes[1] Meet The Online Porn Pioneer Who Created A News Site For Internet Trolls[2] QAnon's Mysterious Leader 'Q' Is Actually Multiple People[3] QAnon High Priest Was Just Trolling Away as a Citigroup Tech Executive[4] QAnon Key Figure Revealed as Financial Information Security Analyst from New Jersey[5] The men behind QAnon