NETWORK INFRASTRUCTURE RECORDS

Investigation Hub Evidence & Documents
1

Subject: Network Infrastructure Records - Little St. James Island

DEAR SIR OR MADAM:

This letter constitutes a request under the Freedom of Information Act, 5 U.S.C. § 552 (“FOIA”), as implemented by the Justice Department’s regulations (28 C.F.R. § 16.1), and the Privacy Act, 5 U.S.C. § 552a. I request disclosure of all records held by your agency relating to network infrastructure, telecommunications, and information technology systems at Jeffrey Epstein’s property located at Little St. James Island, U.S. Virgin Islands (also referenced in case files as “LSJ”).

DESCRIPTION OF RECORDS REQUESTED:

I seek all documents, files, logs, reports, technical specifications, and communications created, received, or maintained by the FBI relating to the network infrastructure and IT systems at Little St. James Island, including but not limited to:

1. NETWORK CONFIGURATION & INFRASTRUCTURE

  • All router, switch, and firewall configuration files (Cisco ASR routers, Cisco Catalyst 3560 switches, Fortigate firewalls, Cisco Nexus 9K switches)

  • Network topology diagrams and architecture documents

  • IP address assignment records and VLAN configuration logs

  • DNS server configuration records and domain management logs

  • T1 line configurations, fiber optic setup documentation, and WAN connectivity records

  • All network management tool outputs and diagnostics

2. WIRELESS SYSTEM LOGS & RECORDS

  • Cisco Wireless LAN Controller (WLC) configuration files and management logs

  • Ruckus wireless access point controller data and client connection logs

  • All wireless client device lists (including MAC addresses, connection timestamps, signal strength data, bandwidth usage)

  • Wireless authentication and access logs

  • Wireless bridge configuration and performance monitoring data (Dragonwave microwave links, Ruckus bridges)

3. NETWORK OPERATIONS & MONITORING

  • Network monitoring logs and statistics (packet captures, flow data, traffic analysis)

  • System event logs and error reports

  • Network outage incident reports and troubleshooting documentation

  • Security logs including intrusion detection system (IDS) alerts and firewall blocked traffic logs

  • Network access control (NAC) logs and device authentication records

4. DEVICE MANAGEMENT & INVENTORY

  • Network device inventory lists with serial numbers, models, and configuration details

  • DHCP server logs showing device IP assignments and MAC addresses

  • Device management tool outputs (Cisco Prime, SolarWinds, or equivalent)

  • IT equipment purchase orders and deployment documentation

5. RELATED COMMUNICATIONS

  • All emails, memos, reports, and correspondence between FBI agents and IT personnel regarding network analysis or data collection from LSJ

  • Any requests from the FBI to telecommunications providers (Choice Communications, Verizon, etc.) for network records

  • Technical reports or summaries prepared during the investigation

6. SCOPE AND TIME PERIOD

  • All such records from January 1, 2000 through August 30, 2019 (date of Epstein’s death)

  • Any subsequent records relating to forensic analysis or investigation of the network infrastructure

JUSTIFICATION & PUBLIC INTEREST ARGUMENT:

The requested records are directly relevant to the high-profile investigation of Jeffrey Epstein’s criminal enterprise and his associates. Understanding the network infrastructure and connectivity logs at Little St. James Island is essential to:

  1. Identifying Epstein’s associates and visitors: Network logs may show which devices connected from specific locations, potentially identifying individuals present at the property during specific time periods.

  2. Corroborating victim and witness testimony: IT records can verify communications and connectivity patterns relevant to the investigation of sex trafficking.

  3. Understanding data destruction: Network logs may reveal evidence of data deletion, device wiping, or cover-up activities that would be relevant to obstruction of justice charges.

  4. Public accountability: The public has a strong interest in understanding how thoroughly federal investigators examined available evidence, including digital infrastructure forensics.

KEY DOCUMENTS BY CATEGORY:

PRIMARY NETWORK ASSESSMENT DOCUMENTS (6 versions of the same report)

These are multiple copies of the comprehensive “LSJ Preliminary Report” (dated December 14, 2015) which contains:

  • Dragonwave microwave link credentials and security issues

  • Ruckus wireless access point configurations

  • Cisco 3560 switches and IP addressing

  • Network loop problems and solutions

  • Outage logs (December 2015)

  • Equipment specifications and firmware versions

All six versions are substantively the same:

  • EFTA00593034, EFTA01110047, EFTA00634255, EFTA00597069, EFTA02676579, EFTA02677304

NETWORK UPGRADE PROPOSALS

  • EFTA00800465 (Nov 20, 2018) - “LSJE Network Upgrade Proposal” - Details proposed upgrade to Cisco ASR routers, Fortigate firewalls, Cisco Nexus 9K switches (cost: $303,795.19)

  • EFTA01013133 (Dec 15, 2018) - Wireless network refurbishment proposal for LSJ and Great St. James with IT rack photos

EMAIL COMMUNICATIONS WITH NETWORK ATTACHMENTS

  • EFTA00634248 (Dec 8, 2015) - From Cecile de Jongh to Epstein with LSJ Preliminary Report attachment

  • EFTA00631112 (Dec 7, 2015) - From Ann Rodriguez with network status updates

  • EFTA01139445 (Dec 8, 2015) - From Cecile de Jongh with fiber project details

INTERNET SERVICE PROVIDER (ISP) DOCUMENTS

  • EFTA00725248 & EFTA00725244 - Choice Communications service proposals for “Red Hook Virtual Circuit Internet Services” to Little St. James

EQUIPMENT DOCUMENTED IN THESE FILES:

Equipment Type Specific Models Purpose
Routers Cisco ASR 1001-X, Cisco 2921, Apple Router (removed) Core network routing, DHCP, NAT
Switches Cisco Catalyst 3560 (multiple), Netgear Prosafe JGS516PE Network switching, VLAN management
Wireless Ruckus access points, Linksys WAP11 Wireless coverage across island
Microwave Links Dragonwave Compaq Long-distance point-to-point links (St. Thomas connection)
Firewalls Fortigate (proposed) Network security
Internet Choice Communications, MIGN providers ISP connectivity

WHAT’S MISSING (worth requesting via FOIA):

:white_check_mark: Configuration files - Referenced but not fully included
:white_check_mark: Network logs - Flow data, traffic analysis
:white_check_mark: Client connection logs - Who connected when
:white_check_mark: Security logs - Access control, authentication records
:white_check_mark: Post-2015 maintenance records - Infrastructure updates 2016-2019
:white_check_mark: Wireless controller outputs - Full Ruckus/Cisco WLC data
:white_check_mark: Outage incident reports - Beyond the Dec 2015 logs shown

These missing records would be the focus of your FOIA request above.

3 Likes
2

I guess this is where James Ce might come in, or personalgenius.us as he shows up as in many emails. He serviced a lot of JE’s software and infrastructure.

If I remember correctly back in 2008 JE might have gotten tipped off as at a search they found a “CPU” (they meant computer) with a bunch of wires sticking out but no storage.

edit:

And Scott Denett who did technical troubleshooting. “March 20, 2013 10:00 AM : Ask scott to get rid of Facebook app!” Very technical.
More technical for a few JE locations: Age Verification | United States Department of Justice

2 Likes
3

Here is a brief breakdown of the network on LSJ, and the people that supported it. I’ll post a more in depth look also.

Little St. James (LSJ) Network

Architecture

  • Enterprise-style Cisco campus network.

  • Core switch: LSJ-COMM-3560 (192.168.8.251) — central hub for the entire island.

  • All buildings connect to this core in a star topology.

Building Switches (each building had its own network segment)

  • LSJ-JEOFFICE-3560 — Epstein office (192.168.8.240)

  • LSJ-OFFPAV-3560 — Pavilion office (192.168.8.241)

  • LSJ-CAPT-3560 — Captain’s residence (192.168.8.243)

  • LSJ-COTTAGE — Guest cottage (192.168.8.245)

  • LSJ-MAINHOUSE — Main house (192.168.8.247)

  • LSJ-BEACH-3560 — Beach area (192.168.8.248)

  • LSJ-GYM-3560 — Gym (192.168.8.249)

  • LSJ-WOOD-3560 — Maintenance area (192.168.8.250)

Internal Network

  • Private LAN: 192.168.8.0/24

  • Router uplink from the core switch.

Internet Providers

  • CHOICE: small /30 block (66.185.40.60/30)

  • MIGN: larger /27 block (208.50.70.188/27) likely main connection.

Wi-Fi & Devices

  • Wireless access points likely connected to each building switch.

  • Devices would be trackable via:

    • DHCP logs

    • router logs

    • switch MAC tables

    • wireless controller logs.

Surveillance

  • Network design strongly supports IP cameras in each building feeding to a central recorder.

People Connected to the Infrastructure

  • Brice M. Gordon — appears tied to network/system oversight.

  • Jermaine Ruan — handled AV / network-connected systems (Sonos, building systems).

  • Scott Denett — coordinated technical work or equipment.

  • Richard Kahn — administrative/management side, not direct IT operations.

Key Insight
Because each building had its own switch, logs could theoretically map:

device MAC → switch → building → timestamp

meaning network data could reveal where a device was physically connected on the island.

2 Likes
4

Sorry for the long post, but I want everyone to understand the way their network operated.

Little St. James (LSJ) Network Breakdown

With Investigative Red Flags

1. Network Architecture Overview

The LSJ network appears to be a campus-style enterprise network, which is unusual for a private island residence.

Architecture:

Internet
   │
ASR Router
   │
LSJ-COMM-3560 (Core Switch)
   │
 ──┬───────────────┬───────────────┬───────────────
   │               │               │
Building Switches  Cameras/WiFi   Internal Devices

:triangular_flag: Red Flag

This is not typical home networking.

The design resembles corporate campus infrastructure.

Possible implications:

  • centralized monitoring

  • high device count

  • multiple network services

  • segmented building networks

2. Core Network Infrastructure

Core Switch

Device:

LSJ-COMM-3560
IP: 192.168.8.251

Role:

  • central network aggregation

  • Spanning Tree root

  • management gateway

Connection:

Gigabit 0/12 → ASR Router

:triangular_flag: Red Flags

Enterprise Cisco infrastructure

Cisco 3560 switches are enterprise Layer-3 devices, normally used in:

  • corporate campuses

  • hospitals

  • universities

  • data centers

Not typical for a residential property.

3. Building-Level Network Segmentation

Each building had its own network switch.

Switch IP Location
LSJ-JEOFFICE-3560 192.168.8.240 Epstein office
LSJ-OFFPAV-3560 192.168.8.241 Office pavilion
LSJ-CAPT-3560 192.168.8.243 Captain residence
LSJ-COTTAGE 192.168.8.245 Guest cottage
LSJ-MAINHOUSE 192.168.8.247 Main residence
LSJ-BEACH-3560 192.168.8.248 Beach area
LSJ-GYM-3560 192.168.8.249 Gym
LSJ-WOOD-3560 192.168.8.250 Maintenance

Example documented uplink:

LSJ-COTTAGE → Gigabit 0/27 → LSJ-COMM

:triangular_flag: Red Flags

Full network segmentation by building

This allows:

device → switch → building → timestamp

Meaning network logs could potentially reveal which building someone was in.

This level of segmentation is typically used for:

  • corporate campuses

  • hotels

  • secure facilities

4. Internal Network Addressing

Private subnet used:

192.168.8.0 /24

Key infrastructure addresses:

192.168.8.240  JE Office switch
192.168.8.241  Pavilion switch
192.168.8.243  Captain switch
192.168.8.245  Cottage switch
192.168.8.247  Main house switch
192.168.8.248  Beach switch
192.168.8.249  Gym switch
192.168.8.250  Wood shop switch
192.168.8.251  Core switch

Devices likely present:

  • computers

  • phones

  • WiFi access points

  • IP cameras

  • storage servers

:triangular_flag: Red Flags

Large internal infrastructure implies:

  • many connected devices

  • centralized monitoring

  • potential surveillance systems

5. Internet Connectivity

Two separate ISPs were used.

CHOICE Provider

66.185.40.60 /30
Gateway: 66.185.40.61
Free IP: 66.185.40.62

This block only allows one usable public IP.

MIGN Provider

208.50.70.188 /27
Gateway: 208.50.70.190
Free IP: 208.50.70.189

This provides:

~30 public IP addresses

:triangular_flag: Red Flags

Two ISP connections can indicate:

  • redundancy

  • failover

  • dedicated network segments

But the /27 public block is large for a residence.

It could support:

  • servers

  • remote access infrastructure

  • VPN

  • surveillance streaming

  • remote administration

6. DNS Infrastructure

Configured DNS servers:

CHOICE:

66.185.33.226
66.185.33.230

Level3:

209.244.0.3
209.244.0.4

:triangular_flag: Red Flag

Use of multiple DNS providers suggests:

  • redundancy

  • externally reachable services

7. Wireless Network

WiFi likely connected through each building switch.

Typical flow:

Device
  ↓
Access Point
  ↓
Building Switch
  ↓
Core Switch
  ↓
Router

Logs could exist in:

  • DHCP servers

  • router logs

  • wireless controllers

  • switch MAC tables

:triangular_flag: Red Flag

WiFi logging could potentially identify:

device MAC
device location
timestamps
movement between buildings

8. Surveillance Infrastructure

The network design strongly supports IP camera surveillance.

Typical layout:

IP Camera
   ↓
Building Switch
   ↓
Core Switch
   ↓
Central Recording Server

Likely coverage areas:

  • main house

  • docks

  • beach

  • gym

  • entrances

  • guest housing

:triangular_flag: Red Flags

The infrastructure supports centralized monitoring of multiple locations.

A system like this typically stores:

  • video recordings

  • motion alerts

  • camera logs

  • remote viewing access

9. Personnel Associated With Technical Systems

Based on communications.

Brice M. Gordon

Referenced in approvals:

Brice gave a verbal approval

Possible role:

  • IT oversight

  • systems management

Jermaine Ruan

Referenced in system troubleshooting:

Example message:

Kitchen is back online
Tiki is still down
extra Sonos was a bridge not a player

Likely responsible for:

  • AV systems

  • network-connected devices

  • building technology

Scott Denett

Appears coordinating equipment and system work.

Possible role:

  • vendor coordination

  • technical support

Richard Kahn

Appears in communications but likely administrative rather than technical.

10. Key Investigative Insight

Because of the switch architecture, logs could potentially map:

MAC address
switch port
building
timestamp

Example:

MAC: AC:DE:48:00:11:22
Switch: LSJ-MAINHOUSE
Port: Gi0/14

Which can indicate:

device → building → time

:triangular_flag: Red Flag

This type of logging allows device movement tracking across the island network.

:white_check_mark: Bottom line:

The LSJ network appears to have been designed with enterprise-level infrastructure capable of monitoring devices, buildings, and potentially camera feeds across the entire island.

3 Likes
5

On this note, Scott Denett also mentioned working on LSJ network here, according to EFTA01779819. I believe this is him.

Dec 17, 2010 3:01 AM: “Hello Jeffrey, I was wondering how you would feel about the following idea. Instead of going to saint thomas now I could use that time to build 71street from the ground up with the focus being.”