Main Menu

Russki Hackers seek Obot Secrets

imageThe Obama Administration alleges that Russian state hackers attempted to influence the 2016 election by illegally accessing stored emails belonging to the Democratic Party and the Clinton Campaign. The emails, including material embarrassing to Democrats, were subsequently leaked to the public.

The FBI issued a report, “GRIZZLY STEPPE – Russian Malicious Cyber Activity,” that described the indicators that led them to the Russians. What the FBI did not say, and did not disclose, was that some of the same indicators (IP addresses) are found in traffic attempting to penetrate the secrets of this venerable blog.

Using advanced software engineering (egad, my coding is rusty!) I was able to match the list of IP addresses from the FBI with the December access logs here at Obama Conspiracy Theories. There were matches, lots of them! Of the 876 IP addresses claimed to be related to Russian hackers, 156 of them visited here!

My software scan looked at over 1.7 million HTTP accesses to obamaconspiracy.org from December of 2016 to seek out this nefarious activity.

OK, let’s turn off the Wild and Wacky mode and get more serious.

Security researcher Jerry Gamblin found that 21% of the IP addresses on the FBI’s list were Tor exit nodes. Tor is an anonymizing web browser that uses encryption and relays linked across the world to allow a web user, or hacker, to hide their origin. Exit nodes are the computers where the web request exits to the regular Internet, and the exit node’s IP address is what appears in access logs. Any Tor user could appear to come from any of these exit nodes.

The IP address 178.175.128.50 appears 147 times in my access logs (a log entry appears for any access to a page, a script, an image or anything else on a web page, and so any page access can appear multiple times on the log). Here’s the report for that IP address from the Tor node checker tool:

% TOR Node Checker Tool

% Checking IP: 178.175.128.50
%
Status: ACK
Exit-Node: ACK
% TOR-Name: Unnamed
% TOR-Onion-Port: 9001
% TOR-Flags: Exit Fast Guard HSDir Running Stable V2Dir Valid
% TOR-Exit-Node: ACK
% TOR-Version: Tor 0.2.8.8
% TOR-Full-Version: Tor 0.2.8.8 on Linux
% TOR-Uptime: 3319133
% TOR-Bandwidth-Average-Bytes: 40960000
% TOR-Bandwidth-Burst-Bytes: 51200000
% TOR-Bandwidth-Estimated-Bytes: 14598492
% TOR-Contact:
%

So yes, that was a Tor exit node, ironically, from Moldova–birthplace of Orly Taitz. I checked a few others and most were Tor exit nodes too. Two not listed as Tor exit nodes were in the Netherlands and another two in New York. For a complete list of the IP address and number of accesses, check here.

So what were these folks up to? Were they just browsing my site while seeking privacy, paranoid birthers? Most of the traffic resulted in a 403 (Forbidden) response from the web server. That’s not normal web browsing. At least some of the traffic was directed at a site API that is used for uploading articles and other automated functions. There were porn URLs in there (that returned errors), and I’m still trying to understand some of it.

, , ,

10 Responses to Russki Hackers seek Obot Secrets

  1. avatar
    Andrew Vrba, PmG. January 2, 2017 at 5:15 pm #

    Nah, Russia is really after the Bush Beans secret recipe.

  2. avatar
    Arthur B. January 2, 2017 at 5:57 pm #

    I hear there’s a ten-year-old kid who can do anything with computers.

  3. avatar
    Lupin January 3, 2017 at 3:14 am #

    Do you have a pizza place near you? 🙂

  4. avatar
    Dr. Conspiracy January 3, 2017 at 10:34 am #

    0.4 miles.

    Lupin:
    Do you have a pizza place near you? 🙂

  5. avatar
    Lupin January 3, 2017 at 11:24 am #

    @Dr. Conspiracy

    Launch Fake News 4… 3… 2… 1… 🙂

    (BTW the quote function seems disabled again.)

  6. avatar
    Rickey January 3, 2017 at 11:28 am #

    Lupin:

    (BTW the quote function seems disabled again.)

    Refreshing the page sometimes helps when that happens.

  7. avatar
    Lupin January 3, 2017 at 11:59 am #

    @Rickey:
    Nope. Didn’t work.

  8. avatar
    Crustacean January 3, 2017 at 1:10 pm #

    Dr. Conspiracy:
    There were porn URLs in there (that returned errors), and I’m still trying to understand some of it.

    I can help. You see, Doc, sometimes when a woman feels a special kind of love for her pool boy…

  9. avatar
    Andrew Vrba, PmG January 3, 2017 at 1:35 pm #

    Crustacean: I can help.You see, Doc, sometimes when a woman feels a special kind of love for her pool boy…

    Or if she ordered pizza despite having no money…

  10. avatar
    misha January 6, 2017 at 9:23 pm #

    Andrew Vrba, PmG.: Russia is really after the Bush Beans secret recipe.

    Ask the dog featured in the commercial. He’s far more honest than Trump/Putin.