How Russia hacks you
http://cnnmon.ie/2no9d5R
Louise MenschVerifizierter Account
@LouiseMensch
I'm upgrading this story from "theory" to a report, according to my sources with links to the intelligence community
NOTE...she broke the initial story months ago concerning the FISA Warrant being issued in the Trump Russian connection story......
Alfa Bank, Trump Tower and a Social Media Impeachment
April 1, 2017
https://patribotics.blog/2017/04/01/...a-impeachment/
How Russia hacks you
http://cnnmon.ie/2no9d5R
Russian twitter troll and for a long time now.....
Kevin Rothrock
✔ @KevinRothrock
New: we made an interactive map of UK surveillance company exports. IMSI catchers, internet monitoring tech, more
https://motherboard.vice.com/en_us/a...nce-export-map …
"New details emerge about 2014 Russian hack of the State Department: It was ‘hand to hand combat’ "
http://wapo.st/2otPiX8?tid=ss_tw#
Kremlin Trolls CI#@KremlinTrolls
We've just had repeated attempts to access our Twitter acc, which means Moscow is mad b/c we're right over the target
KI has been naming an unusual number of Russian twitter troll accounts over the last days......
"Moonlight Maze evolved into what today we know as Turla APT, a Russian cyber-espionage group first spotted in 2007"
21 Years Later, Experts Connect the Dots on One of the First Cyber-Espionage Groups
https://www.bleepingcomputer.com/new...ionage-groups/
Great video.....Back in the 90s, in 1996, when the Internet was barely a few years old, two cyber-espionage groups dominated the cyber-space: Moonlight Maze and the Equation Group.
Their operations shocked the world and made people realize that hackers are also capable of stealing state secrets, not just money from bank accounts. That's when the term cyber-warfare became reality and not just the plot B-rated Hollywood movies.
While details collected about the Equation Group across the years have allowed researchers to issue theories on its connections with the US National Security Agency, very few details were collected about Moonlight Maze, the first ever APT.
Moonlight Maze, the first ever APT
The group was active in the late 90s and seemed to have disappeared at the turn of the century. Their attacks were studied and studied again and their mode of operation became standard practice for malware and cyber-attackers.
The group and its attacks achieved mythical status in the cyber-security world and were the subject of many books.
Through the years, Moonlight Maze hacked many important US targets such as government agencies and top universities. Victims included the Pentagon, NASA, the US Navy, and the Department of Energy, just to name the bigger ones.
Moonlight Maze group evolves, investigators fall behind
For years investigators collected mountains of evidence but failed to make any headway into the investigation. They said Moonlight Maze operators stole so much information that if printed on paper it would stand three times higher than the Washington Monument. Data on all attacks was classified.
As years went by, cyber-espionage became standard practice. Multiple groups had become active, and investigators needed to focus on current-day threats. That's why all Moonlight Maze data, on which the investigation was stalling, was permanently destroyed in 2008.
The world seemingly forgot about the Moonlight Maze group, as its attacks stopped. In reality, they just developed new tools and deployed new infrastructure. Researchers were still detecting their attacks, but they didn't know it was this mythical group from the 90s.
Researchers catch a break
The mystery about Moonlight Maze's disappearance lived on until 2016 when a misredacted FOIA request revealed the name of a British sysadmin, David Hedges.
A team of investigators from King's College London and Kaspersky Lab tracked down Hedges during 2016. Their persistence was eventually rewarded, as they discovered that Hedges had kept an old Linux machine that was compromised by the Moonlight Maze group in one of their operations.
Called HRTest, this was a Linux server that was hacked and used as a relay point in a giant network of proxies operated by the Moonlight Maze group.
Data would travel through these proxies for countless of hops until it would reach a dropping point where attackers could download it. Unknown to the Moonlight Maze group was that Hedges discovered the intrusion.
Working with UK authorities he transformed the HRTest machine into a honeypot, sniffing all the traffic that went through. All traffic details (no actual stolen data) were logged and saved offline.
Moonlight Maze's Linux backdoor
While US authorities classified data on Moonlight Maze attacks in an attempt to safeguard the stolen data from third-party investigators, it soon became clear they didn't have the experience of security researchers working in the private sector. Investigations stalled and eventually stopped, as Moonlight Maze disappeared from the face of the Earth during the early 2000s.
In reality, the group revamped all its infrastructure after attacks in 1999 became the subject of news headlines all over the world.
They did this by slowly refashioning their attack tools, shifting from Linux tools to Windows malware. They did this progressively, still using some of their older tools, learning along the way.
One of this tools that evolved during this transition period was a Linux malware family based on the LOKI2 backdoor published in a Phrack magazine in 1997.
Despite being used in attacks for almost 17 years, Kaspersky researchers unearthed evidence of attacks with this backdoor only in 2014.
At the time they didn't knew they had discovered a tool from the Moonlight Maze group and named the backdoor Penquin Turla, assigning it to a new APT discovered in the 2000s, named Turla.
Moonlight Maze operators made mistakes
But in 2016, data from the HRTest logs that wasn't destroyed by the FBI in 2008 came to light. This data was a goldmine for researchers, a forensics "time capsule."
It also helped that Moonlight Maze operators kept their own logs, which they forgot to delete, of all the actions they took.
These and the HRTest traffic logs from 1998 and 1999 revealed not only the humongous size of the Moonlight Maze network but also operational details, including the presence of the LOKI2 backdoor.
Jaws dropped when researchers realized the implications. They just solved one of the biggest mysterious in cyber-security: "What happened to the mythical Moonlight Maze?"
The Turla connection
In a presentation at the Kaspersky Security Analyst Summit (SAS) taking place this week in St. Maarten, researchers say Moonlight Maze evolved into what today we know as the Turla APT, a Russian-speaking cyber-espionage group first spotted in 2007, which has been behind some of the advanced hacks in recent years.
The group is most famous for using malware to hijack communications satellites and spy on targets in remote areas. In reality, its arsenal of tools includes many Windows malware families and UNIX attack tools.
The connection between Moonlight Maze and Turla shows that a nation state has gathered a# group of highly-talented hackers that are breaking ground on new ways to hack into systems.
The Moonlight Gaze group was one of the first groups to launch coordinated cyber-attacks on targets across the world using the Internet, and then they shifted to using satellites in the 2010s.
What's missing is a period in the early 2000s. The same research team believes that Moonlight Maze/Turla is also the group behind a series of attacks referenced as Storm Cloud, reported in 2003. These attacks targeted the Department of Defense and also used the LOKI2 backdoor.
The hunt continues
While 100% attribution is never certain in cyber-espionage campaigns, the clues uncovered on the HRTest server revealed more insight into Moonlight Maze operations than ever before.
Kaspersky researchers are now making a public plea to other sysadmins that still have old servers running or tucked somewhere on their network. If they still have logs going back to those early days of the Internet and they have evidence the server was compromise, researchers can be reached via email.
The full Kaspersky report can be found here, IOCs are here, and YARA rules for discovering Moonlight Maze malware is here.
https://youtu.be/9RorL9y70GU
This video is highly correct as some of us are in fact still chasing elements that are functioning and still under Russian control....
Last edited by OUTLAW 09; 04-04-2017 at 01:03 PM.
Franklin Foer's @FranklinFoer story will go down in history. So will @EricLichtblau's, but not in a good way.
Was a Trump Server Communicating With Russia?
This spring, a group of computer scientists set out to determine whether hackers were interfering with the Trump campaign. They found something they weren’t expecting.
http://www.slate.com/articles/news_a...th_russia.html
CHECK the date of the article....
Cyber attack on Singaporean defence ministry occurred weeks before being detected
http://buff.ly/2nXFQKr
NSA penetrated hacker's computers, “So we were able to see them teeing up new things to do"
http://www.atlanticcouncil.org/blogs...ment-networks#
This is in reference to the DoS hacking of 2014.....
NSA learned #Russian hackers were inside State Dept network from a Western intelligence agency.
Last edited by OUTLAW 09; 04-04-2017 at 06:13 PM.
US FAKE News.....
RICE ORDERED SPY DOCS ON TRUMP?
http://drudge.tw/2oUA1uA
Anyone who understands how NSA works absolutely knows that they will have you pound sand if they feel the request is illegal...
Every NSA knows that....
Sweden is one of the countries that was the target of a major cyber-attack "Cloud Hopper", using phishing, says civil defence agency
The attack was mainly against USA, Taiwan and Japan, but also hit Sweden, Norway, Finland, UK, France and Swizerland, says MSB
A MUST READ.....it was a sustained state sponsored attack....
https://www.pwc.co.uk/cyber-security...t-final-v3.pdf
https://www.buzzfeed.com/amphtml/jos...utah-with-love
It is just not Russians driving propaganda, disinformation and fake news....
Nevermind The Russians, Meet The Bot King Who Helps Trump Win Twitter
“It’s All Us, Not Russians. And We’re Not Going To Stop”
Posted on April 05, 2017, 06:01 GMT
Joseph Bernstein
At 7:23 on Sunday evening, the conservative internet personality Mike Cernovich tweeted that former national security adviser Susan Rice had requested the “unmasking” of Americans connected to the Trump campaign who were incidentally mentioned in surveillance readouts. At 7:30, the owner of the Twitter account MicroMagicJingleTM noticed, and began blasting out dozens of tweets and retweets about the story.
“Would be nice to get 'Susan Rice' trending,” he tweeted at 8:16. And then, he made exactly that happen.
MicroMagicJingleTM is the latest incarnation of MicroChip, a notorious pro-Trump Twitter ringleader once described by a Republican strategist as the "Trumpbot overlord.” He has been suspended from the service so frequently, he can’t recall the exact number of times. A voluminous tweeter, his specialty is making hashtags trend. Over the next 24 hours, following his own call to arms, MicroChip tweeted or retweeted more than 300 times about Rice, everything from a photoshopped image of Donald Trump eating her head out of a taco bowl to demands that she die in jail, almost always accompanied by the tag #SusanRice. Meanwhile, in massive threaded tweets and DM groups, he implored others to do likewise.
By 9 a.m. Monday, the tag was being tweeted nearly 20,000 times an hour, and was trending on Twitter; by 11 a.m., 34,000 an hour. (As of Tuesday morning, the tag was still trending, partially thanks to a tweet from Donald Trump Jr.) At 4:48 p.m. Monday, 18-odd hours after he started his campaign, MicroChip was ready to call it a success:
Before? What did he mean by “before"? Before the election, before the campaign, and long since before “Russian interference” was the mantra of every political consultant, British former member of parliament, and American senator turned Tolstoy enthusiast, MicroChip has been figuring out how to make pro-Trump tags go viral on Twitter. When people talk about Russian Twitter bots, they are, very likely, sometimes talking about his work. They’ve ranged from the innocuously rah-rah (#TrumpTrain) to the wildly xenophobic (#Rapefugees) to the extremely unconfirmed (#cruzsexscandal and #hillarygropedme). What they’ve all had in common is a method, the focus of speculation for nearly a year, and a chief promulgator, MicroChip, about whom little is known.
Indeed, MicroChip, who operates behind a VPN (a special secure network that obscures his location), is an object of fascination and fear, even among some of his political and ideological fellow travelers, who hope not to end up on the wrong side of one of his Twitter campaigns. One conservative observer of the alt-right, who spoke to BuzzFeed on the condition that his name not be used, claimed he once hired private investigators to trace him.
“You can’t,” the observer wrote in a text message. “He’s too good.”
Unconvincing internet investigations have suggested that MicroChip may be anyone from the prominent alt-righter Baked Alaska to Justin McConney, the director of social media for the Trump Organization, to a shadowy Russian puppet master.
But in an interview with BuzzFeed News — his first with a media organization — MicroChip said the truth, both about his identity and the method he developed for spreading pro-Trump messages on Twitter, is far more prosaic. Though he would not divulge his real name or corroborate his claim, MicroChip said that he is a freelance mobile software developer in his early thirties and lives in Utah. In a conversation over the gaming chat platform Discord, MicroChip, who speaks unaccented, idiomatic American English, said that he guards his identity so closely for two reasons: first, because he fears losing contract work due to his beliefs, and second, because of what he calls an “uninformed” discourse in the media and Washington around Russian influence and botting.
“I feel like I'm a scientist showing electricity to natives that have been convinced electricity is created by Satan, so they murder the scientist,” he said.
Indeed, in a national atmosphere charged by unproven accusations about a massive network of Russian social media influence, the story of how MicroChip helped build the most notorious pro-Trump Twitter network seems almost mundane, less a technologically daunting intelligence operation than a clever patchworking of tools nearly any computer-literate person could manage. It also suggests that some of the current Russian Trumpbot hysteria may be, well, a hysteria.
“It’s all us, not Russians,” MicroChip said. “And we’re not going to stop.”
MicroChip claims he was a longtime “staunch liberal” who turned to Twitter in the aftermath of the November 2015 terrorist attacks in Paris, and “found out that I didn’t like what was going on. So I redpilled myself.” Through Twitter, he found a network of other people who thought liberal politicians had blindly acceded to PC culture, and who had found a champion in Donald Trump. In his early days on the platform, MicroChip said, he started “testing,” dabbling in anti-PC tags like #Rapefugees and seeing what went viral. His experience as a mobile developer had exposed him to the Twitter API, and a conversation with a blogger who ran social media bots convinced him he could automate the Twitter trending process.
“Micro is a true believer alt-right guy,” wrote the alt-right observer who had MicroChip investigated. “He’s brilliant and is not LARPing. His tech skills are real as is his opsec.”
As MicroChip found other like-minded accounts, he said, they began to organize themselves into enormous, 50-person direct message groups. Within these groups, members would distribute content from the Drudge Report and Reddit’s r/The_Donald subreddit, then tweet it with a commonly decided hashtag, and retweet one another’s tweets ad infinitum. MicroChip called the DM rooms, simply, “retweet groups,” and by September of last year, there were 15 of them. Some of the groups were chock-full of egg and anime avatars, according to MicroChip, but others were composed of Christian conservatives or hardcore Zionists. Taken together, they were like a strange Twitter mirror image of the Trump coalition.
MicroChip added automation to these dedicated DM groups, which he insisted are populated entirely by real people with real accounts. He started using AddMeFast, a kind of social media currency exchange, in which people can retweet or like other tweets in exchange for points that they can then can spend to list their own content (such as pro-Trump hashtagged tweets) to be promoted. You can also buy these points, and an investment of several hundred dollars, according to MicroChip, can yield thousands or even tens of thousands of retweets.
A third component of MicroChip’s blended army of DM groups and crowdsourced social media signal boosters were simple Google script bots. These bots, which MicroChip said “you don’t have to do any programming at all to run,” can be programmed to find and like or retweet tweets featuring certain terms or hashtags.
At its height, MicroChip said, the network he helped create could reliably generate 35,000 retweets a day.
“It’s high volume and it takes work,” he said. “You can’t take a break — you sit at the screen waiting for breaking news 12 hours per day when you’re knee-deep in it.” It’s hard work: MicroChip would sometimes reach his daily limit of 1,000 tweets a day, sometimes taking Adderall to focus — though he added, “Shaping a message is exhilarating.”
Along the way, Twitter started to suspend MicroChip’s accounts — first his original handle @WDfx2EU, then subsequent variations, each started with a link to his Keybase page to verify his identity, and each presided over by the same avatar: the Instagram hunk Brock O’Hurn wearing a Make America Great Again hat and eating an ice cream cone. MicroChip showed BuzzFeed dozens of other accounts he owns, ready to activate if and when his current account, @WDFx2EU95, gets suspended.
While it may take work to stay active, MicroChip says he has has an ideal platform in Twitter with which to shape a message. "Twitter is easier [than other social networks] and more volatile," he said. "Emotions run high at 140 characters. The chaos is perfect."
Continued.....
It now appears that a large number of bots being used by this so called American from Utah are in fact Russian and Russian controlled....Originally Posted by OUTLAW 09
Nothing says "non-Russian" like an unverified claim of being American plus an admission you made a botnet for Trump back in 2015
Russia has launched over 7,000 cyber attacks on Ukraine over the last 3 years. - Defense Minister Poltorak
https://www.ukrinform.net/rubric-def...A6aWR.twitter#
Russian state TV host says Russia is defending itself in hacking DNC to get Trump elected
AND there is no intertwining of Russian and US driven propaganda...fake news and disinformation.....??
Former Breitbart writer launches radio show for Sputnik: “I’m on the Russian payroll now."
http://theatln.tc/2oJZ2JK
A US alt rightist conspiracy theorist working now for the 300% Russian owned propaganda media outlet Sputnik International...
Russian softpower IE black money hard at work.....
Sputnik’s Unknown Brother – another vital must read investigation by @rebaltica
http://en.rebaltica.lv/2017/04/sputn...nown-brother/#
FAKE NEWS.....
Sputnik
✔
@SputnikInt
#SyrianArmy has never used and will never use #chemicalweapons against civilians and terrorists – Syrian FM
https://sptnkne.ws/ead
14 chlorine gas attacks alone in the second half of 2016....
Totally unsurprising investigation finds that @LtBaltnews and other marginal news sites are linked to Rossia Segodnya.
Last edited by OUTLAW 09; 04-06-2017 at 11:16 AM.
Baltic Defence @Baltic_Defence
#Latvia’s Special Services accuses #Russia of #cyber-espionage #cyberwar http://www.ehackingnews.com/2017/04/...ssia.html?m=1#
Apparently this guy is now controlling an official government twitter account. http://www.politico.com/blogs/media/...-207688.html#…
So the Twitter account of the US nuclear bomber and missile operations is now run by Bannon?
This "block" by a US military site of a legal US person came ONLY when I insulted the Bannonite troll account @RoguePOTUSStaff this morning
Chuck C Johnson controls the account
Wikileaks now pushing Russian government line that the Syrian chemical weapons attack was a false flag, joining InfoWars and Cernovich.
NOTICE now how WikiLeaks and the Russian info war medial outlets are working with US conspiracy blogsites
Posting Permissions
Bookmarks