|This is an unabashedly liberal webpage,
but I am introducing all of you to facts and correlations that I have
found regarding the misinformation and bald-faced lies that have been
circulating for far too long.
|The first topic addresses the so-called
"hacking" by Russia of the American Internet, for which I have found
evidence by collecting the Raw Access files that my Internet Provider
collects and has saved at my request for more than ten years. Those
Russian miscreants were not active in these files until September of
2016, a couple of months before the 2016 election. The activity
peaked in January of 2017 and continues to the present day. For example, here are the data for April, 2018 in a large, detailed webpage. The
analysis of Topic One is contained in the following pages:
Mode (this page); History; Patterns; Operation; Examples (AS9123); Examples (AS24940); Timing - Simultaneous Arrival of HEAD / HTTP requests; and the complete data set of HEAD / HTTP/1.1 requests from September 2016 through December 2017. The timing method is illuminated here. The potential for even greater harm is illustrated here. For those in a hurry, here are some graphs of what's going on.
|There is another branch to the hacking business: Exploitation
of weaknesses in the software of the popular website-creation program
WordPress, including weak passwords, in order to take over the Internet
servers on which the affected domains reside. See my analysis of the associated Raws Access Files of MiDomane.com for May 2018. The data for January through June 2018 indicate that the efforts to compromise our Internet continue.
One; Mode of Russian Interference:
Meddling by certain individuals, particularly a couple of people in Russia and another person claiming an address in the Seychelles, has been ongoing since
September, 2016; the tables presented for just two days in December of 2017 below shows how these few folks have been hammering away at MiDomane.com
(anonymized with a generic domain name, of course), trying to uncover personal data and/or infiltrate Internet servers in the USA so as to capture these
servers to function as robots to disseminate false information and Me-Too opinions within Social Media.
The request that they are making is termed "HEAD /HTTP/1.1" of which the following is an example, anonymized:
HEAD http://www.MiDomane.com/pub/WWW/index.htm HTTP/1.1
406 Not Acceptable
Date: Sun, 17 Dec 2017 17:35:31 GMT
Content-Type: text/html; charset=iso-8859-1
Client-Date: Sun, 17 Dec 2017 17:35:30 GMT
Client-Peer: [MiDomane's IPv4 address & port number]
These requests & their requestors are blocked from access to MiDomane.com, so they cannot get any data from MiDomane.com, but they continue anyway,
because the requests are issued through an as-yet-unidentified robot which is likely to be trying this tactic on virtually all the domain names that they can
find. The requesters show no other interest in MiDomane.com and never request any of the .HTM or .JPG content of those webpages.
Here's the puzzle: The tables below show just two days worth of HEAD / HTTP attacks on MiDomane. Originally spreadsheets sorted strictly according to
the time stamps of the individual access requests, I have added spaces between some rows to delineate the groups, within each of which I can attribute the
requests to a specific person who is controlling all of the grouped servers.
Here are the functions of the columns in the first table:
Column 1 - IPv4 address of the requestor
Column 2 - Canonical name of the requestor's server
Column 3 - IPv4 address range in CIDR format for the requestor's server
Column 4 - Autonymous System Number for the requestor's server
Column 5 - Date & time stamp of the request
Column 6 - Protocol of the request
Column 7 - Error code (i.e. Forbidden)
Column 8 - Bytes transmitted to the requestor - null
Column 9 - URL of the Intermediary Domain through which the request was made
Column 10 - Country code of the Intermediary Domain (RU = Russia; UA = Ukraine; DE = Germany)
Column 11 - IPv4 address of the Intermediary Domain
Column 12 - IPv4 address range in CIDR format of the Intermediary Domain's hosting server
Column 13 - Autonymous System Number of the Intermediary Domain's server
Column 14 - User Agent claimed for the request
Note that Column 14 lists various versions of Microsoft Internet Explorer and of the Windows operating system; that suggests that the individuals controlling
the access requests in the first column are attempting to exploit flaws in the MSIE/Windows environment.
What is noticeable in Column 5 is that the individuals initiating each group of access requests are executing those requests through a select group of
Intermediary Domains (listed in Column 9) within one or two seconds during each flurry of access requests. That suggests to me that there is a master IPv4
address from which each flurry of access requests is initiated.
Note also that the few persons (three or four, it seems) are sharing intermediary [compromised] domains, many (but not all) hosted in the .RU or .UA
country code, so the same AS numbered servers are showing up in different flurries of HEAD / HTTP requests controlled by the three or four different persons.
1. Is there any way of finding out from the CIDR's AS numbers whether there are connections between the different but overlapping groups of AS-numbered
servers in Columns 9 through 13 ?
2. Can one trace the routes between the various servers in Column 9 or the routes between the various servers in Column 1 (all different within each group
of access requests, by the way, in spite of the similarity betweeen the canonical names) to find if there is another server or IP address common to all the
servers in each group ?
The table below was prepared from data collected in the Raw Access File of MiDomane.com on December 15, 2017 and is representative of what has been
going on within MiDomane.com ever since September of 2016 and which is continuing to the present day.
Revelation ! During an hour-long conversation with my beloved brother, he came up with the equivalent of the ultimate anti-Internet weapon: After
accumulating the URLs of just about every page of every domain on the US Internet, the attacker will make a near-simultaneous request for each and
every one of those .HTML files and .JPG images at the key moment when Internet connectivity is most important to the US economy and/or security ...
Beware: There is every reason to believe that the URLs listed in the URL columns are not safe to visit ... but they and
others like them are likely to be the origins from which this ultimate Internet attack will be coming.
three principal malefactors who account for most of this activity on MiDomane.com.
Two - Examples of the Practice of Projection: