G-7 Computer Misuse?
The Market Ticker - Commentary on The Capital Markets
Logging in or registering will improve your experience here
Main Navigation
Display list of topics
Sarah's Resources You Should See
Sarah's Blog Buy Sarah's Pictures
Full-Text Search & Archives
Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions.

NO MATERIAL HERE CONSTITUTES "INVESTMENT ADVICE" NOR IS IT A RECOMMENDATION TO BUY OR SELL ANY FINANCIAL INSTRUMENT, INCLUDING BUT NOT LIMITED TO STOCKS, OPTIONS, BONDS OR FUTURES.

The author may have a position in any company or security mentioned herein. Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility.

Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.

The Market Ticker content may be sent unmodified to lawmakers via print or electronic means or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media, to republish full articles, or for any commercial use (which includes any site where advertising is displayed.)

Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.

Considering sending spam? Read this first.

2018-06-10 07:00 by Karl Denninger
in Technology , 130 references Ignore this thread
G-7 Computer Misuse?
[Comments enabled]

Yeah, ok.  Sure.

Supposedly the G-7 is going to have a draft statement about "misuse of computers in the democratic process."

Oh really?  Well, how about the alleged "white hat" hackers who really aren't and further, who are increasingly buying access time on major cloud computer providers, including in the United States?

That's becoming an increasingly-real problem and you'd think there would be instant arrests and indictments, since to buy such access you have to provide the company with a billing method which is always traceable.

I've never seen any large company like Microsoft, Google or Amazon deliver services to people without being paid.

But I have seen multiple instances, including several within the last couple of weeks, of computer break-in attempts coming from these major cloud providers and have reported a few of them.

That's a broadly-illegal act and it wouldn't take many prosecutions before those who do this sort of crap got the message: You will be tracked down and arrested immediately.

This is critically important to actually putting a cork into the hacking problem both in the US and abroad because individual IP addresses are fairly easy to isolate and fairly hard to acquire in volume to launch attacks from -- right up until you use a cloud provider service that has a block of addresses that are hundreds of thousands to millions in depth and you can repeatedly access a new one by either making an explicit request or simply standing up a new instance of your "bad actor" code which, with many cloud providers, can be done in seconds or minutes.

It's a lot harder to amass a bunch of random "on some cable company's infrastructure" addresses through compromising individual customer equipment.  Oh sure, they're doing that too as I warned about before it hit the press, but this specific issue -- bad actors buying accounts on major cloud provider infrastructure and then using them with impunity is something that ought to lead to criminal indictment against the cloud providers if they either don't stop it when reported and they don't refer it, in every case, to the authorities.

As for the cops if they don't bring the indictments then we need new cops who will.

Go to responses (registration required to post)
 

 
Comments.......
User: Not logged on
Login Register Top Blog Top Blog Topics FAQ
User Info G-7 Computer Misuse? in forum [Market-Ticker]
Bodhi
Posts: 451
Incept: 2008-02-23

Georgia
Report This As A Bad Post Add To Your Ignored User List
I don't know if this is related to router hacking attempts, but my Windstream Actiontec DSL modem/router was rendered practically unusable early Friday morning. Since Windstream couldn't mosey over until at least Monday to troubleshoot I ended up logging into the modem and defaulted all the settings. Windstream's system then reconfigured the modem and I was back to normal.

I have a Netgear router behind the DSL modem and looked at its firewall log. What I found was interesting.

[DoS Attack: ACK Scan] from source: 31.13.65.3, port 443, Saturday, June 09, 2018 03:54:48
[DoS Attack: ACK Scan] from source: 31.13.65.3, port 443, Saturday, June 09, 2018 03:52:48
[DoS Attack: ACK Scan] from source: 31.13.65.3, port 443, Saturday, June 09, 2018 03:49:38
[DoS Attack: ACK Scan] from source: 31.13.65.3, port 443, Saturday, June 09, 2018 03:41:53
[DoS Attack: ACK Scan] from source: 31.13.65.3, port 443, Saturday, June 09, 2018 03:39:53
[DoS Attack: ACK Scan] from source: 31.13.65.1, port 443, Saturday, June 09, 2018 03:01:46
[DoS Attack: ACK Scan] from source: 31.13.65.3, port 443, Saturday, June 09, 2018 03:00:29
[DoS Attack: ACK Scan] from source: 31.13.65.3, port 443, Saturday, June 09, 2018 02:58:48
[DoS Attack: ACK Scan] from source: 31.13.65.1, port 443, Saturday, June 09, 2018 02:57:00
[DoS Attack: ACK Scan] from source: 31.13.65.3, port 443, Saturday, June 09, 2018 02:10:50
[DoS Attack: ACK Scan] from source: 31.13.65.3, port 443, Saturday, June 09, 2018 00:38:49
[DoS Attack: ACK Scan] from source: 31.13.65.38, port 443, Saturday, June 09, 2018 00:10:35
[DoS Attack: ACK Scan] from source: 31.13.65.1, port 443, Saturday, June 09, 2018 00:08:42
[DoS Attack: ACK Scan] from source: 31.13.65.7, port 443, Saturday, June 09, 2018 00:08:29
[DoS Attack: ACK Scan] from source: 31.13.65.1, port 443, Saturday, June 09, 2018 00:08:28
[DoS Attack: ACK Scan] from source: 31.13.65.7, port 443, Saturday, June 09, 2018 00:08:04
[DoS Attack: ACK Scan] from source: 31.13.65.3, port 443, Friday, June 08, 2018 23:33:29
[DoS Attack: ACK Scan] from source: 31.13.65.3, port 443, Friday, June 08, 2018 23:08:12
[DoS Attack: ACK Scan] from source: 31.13.65.1, port 443, Friday, June 08, 2018 23:06:52
[DoS Attack: ACK Scan] from source: 31.13.65.7, port 443, Friday, June 08, 2018 23:06:51
[DoS Attack: ACK Scan] from source: 31.13.65.3, port 443, Friday, June 08, 2018 23:06:23
[DoS Attack: ACK Scan] from source: 31.13.65.3, port 443, Friday, June 08, 2018 22:40:28
[DoS Attack: ACK Scan] from source: 31.13.65.3, port 443, Friday, June 08, 2018 22:31:41
[DoS Attack: ACK Scan] from source: 31.13.65.3, port 443, Friday, June 08, 2018 22:14:49
[DoS Attack: ACK Scan] from source: 31.13.65.3, port 443, Friday, June 08, 2018 22:11:50
[DoS Attack: ACK Scan] from source: 31.13.65.3, port 443, Friday, June 08, 2018 22:10:05
[DoS Attack: ACK Scan] from source: 31.13.65.52, port 443, Friday, June 08, 2018 21:58:16
[DoS Attack: ACK Scan] from source: 31.13.65.3, port 443, Friday, June 08, 2018 21:54:50
[DoS Attack: ACK Scan] from source: 31.13.65.3, port 443, Friday, June 08, 2018 21:27:03
[DoS Attack: ACK Scan] from source: 31.13.65.3, port 443, Friday, June 08, 2018 21:24:44
[DoS Attack: ACK Scan] from source: 31.13.65.3, port 443, Friday, June 08, 2018 21:23:34
[DoS Attack: ACK Scan] from source: 31.13.65.3, port 443, Friday, June 08, 2018 21:06:01
[DoS Attack: ACK Scan] from source: 31.13.65.3, port 443, Friday, June 08, 2018 21:04:02
[DoS Attack: ACK Scan] from source: 31.13.65.3, port 443, Friday, June 08, 2018 20:19:32
[DoS Attack: ACK Scan] from source: 31.13.65.1, port 443, Friday, June 08, 2018 20:05:01
[DoS Attack: ACK Scan] from source: 31.13.65.3, port 443, Friday, June 08, 2018 18:51:37
[DoS Attack: ACK Scan] from source: 31.13.65.7, port 443, Friday, June 08, 2018 18:31:29
[DoS Attack: ACK Scan] from source: 31.13.65.14, port 443, Friday, June 08, 2018 18:31:16
[DoS Attack: ACK Scan] from source: 31.13.65.38, port 443, Friday, June 08, 2018 18:31:04
[DoS Attack: ACK Scan] from source: 31.13.65.1, port 443, Friday, June 08, 2018 18:31:00
[DoS Attack: ACK Scan] from source: 31.13.65.1, port 443, Friday, June 08, 2018 18:30:28
[DoS Attack: ACK Scan] from source: 31.13.65.1, port 443, Friday, June 08, 2018 18:29:47
[DoS Attack: ACK Scan] from source: 31.13.65.1, port 443, Friday, June 08, 2018 18:29:16
[DoS Attack: ACK Scan] from source: 31.13.65.3, port 443, Friday, June 08, 2018 18:03:51

The entire range of 31.13.65.0/24 belongs to Facebook. Most of these scans of port 443 were in the middle of the night when I was logged out of Facebook and all PC's on the network were powered off. I suppose it could have been someone spoofing Facebook IP addresses, but whoever it was seems to have corrupted the DSL modem/router.

What are your thoughts?

Reason: wrong day
Jduwaldt
Posts: 656
Incept: 2010-06-10

Orange County, CA
Report This As A Bad Post Add To Your Ignored User List
Huh. Secure HTTP access port. They think you have a server?

RE: getting cloud companies like, say, Amazon, to stop this? Isn't this the same company sending out 1099s to people for the sales of books they did not write, the same ones who won't tell you who fraudulently charged your merchant account? I suppose the DOJ will get around to prosecuting them when they get around to prosecuting health care companies for not posting prices.

----------
It's not an issue of "cooperation" vs "go it alone": it's a question of involuntary vs voluntary relationships.
Bodhi
Posts: 451
Incept: 2008-02-23

Georgia
Report This As A Bad Post Add To Your Ignored User List
I don't know what they think I have, but there's no HTTPS server. I thought maybe they were trying to access the web page of the router, but the modem's firewall log shows no login attempts. I do have an FTP server on my PC, but it's only active when I need to loop back in from a phone system I'm connected to in order to update files.
Tinman
Posts: 316
Incept: 2008-02-16

Report This As A Bad Post Add To Your Ignored User List
Maybe trying to get to the admin http site but I bet WAN administration is turned off. Ummm... ftp is clear text, you might want to consider sftp or ssh.
Login Register Top Blog Top Blog Topics FAQ