WTFF?

I know a bit about the internet... having worked various bits of it since 1976.

There are ways of detecting the origin of any message... even it the original sender goes to some lengths to hide the origin.

We started way back when with tools like traceroute and ping and ttcp ( written by my friend Terry Slattery at the US Naval Academy )

There are many more sophisticated tools since then to trace packets even through a TOR router. But never mind that... all twitter needed to do was to trace your fake followers back to either a non-US origin or a TOR router ( internet black hole ) and make a simple determination that your follower is NOT who they claimed to be... and is likely a bot or foreign troll.

Bye bye fake followers. As for you. dear James. turns out not that many people (real ones) are into you.

Not all malware is about scams, and granny tea partier is running Windows XP that wasn’t patched even when it was supported.

Oh, those cheap Russian developers that wrote the point of sale software used by the IT consultant who set up the bakery down the street... it has some undocumented features.

Cmon. People’s machines are highjacked to run crypto mining. A remote twitter server is pretty damned simple.

if the only message ever sent by the malware was preprogrammed into the hijacked computer.

However, if you wanted to command it to do something more real time... you have to send the hijacked machine a message... even if encrypted, that message would have originated someplace. relate the events and bingo, you have a different origin.

However, I suspect that twitter isn't that sophisticated yet, nor has access to the tools to do that sort of tracing... and, fortunately for us, neither are the russian bot farms.

To command the installed bot, all it has to do is read steganographic messages in YouTube videos of cats, or Facebook posts of cute animated gifs. The possibilities are endless and would look like ordinary traffic on Granny tea party’s machine, or a server at the NRA.

Yeah, you might think someone would notice a shitload of data being piped out of Sony Pictures to North Korea too, but...

stenography being my specialty.

And yes, I would infect the target with a once a day "picture fetch" ( at times that are not suspicious ) and have it fetch a .jpg from a benign source of an image that appears no place else ( must be original content ) and have your encrypted message in the last 3 bits of every pixel ( or even 1 bit of each color in the pixel ) That would be almost untraceable. Almost. Then all the bot farmers have to do is embed the "twitter follow" or "retweet" command in a sufficiently large enough photo and bingo, you have effectively hidden a bot on the US sourced machine with likely a stolen identity.

Again, from all that I've read, the St. Petersberg operation was not anywhere near that sophisticated.

To detect this sort of operation one would likely construct an AI and train it with a few billion simulated hacks of this nature and then turn it loose on all twitter traffic. I'm betting that this is good enough to detect the Russian bot farmers ( at least for now )

How about that nice cheap security camera you bought online or that really cool Wi-Fi connected widget. I got this great Wi-Fi enabled action cam I use for cycling for only 89 bucks!
I have no illusions that it doesn’t phone home to China.

There is so much traffic, you can do a “spread spectrum” type of approach, such that the encoded message, and no intelligible part of it, is contained within a single channel.

I remember when we thought it was amazing that Dave Farber had a WHOLE T1 line to his house when some entire engineering departments would have to share that kind of capacity

But you don’t have to use compromised systems anyway, if you have confederates operating systems for you here in the US. The haystack is huge.

to use blockchain encryption methods to establish a verified online identity for every legitimate user. One which is established for you at a bank or other institution by means of biometric identification. Once established, your various internet connected devices would verify your authority to command things in "your name" by solving the blockchain encryption and comparing results with the rest of the internet (similar to what crypto-currencies do now.

Haven't worked it all out yet.

BTW, my group put in the first backbone T1 from MAE-West to MAE-East (NASA Ames to NASA Goddard) way back in the day.

...Go Fuck A Bag Of Broken Glass. Have A Nice Day!

I am soooooo stealing that!

Link to tweet

Steven Leser
?

@stevenleser
4m4 minutes ago
More
Replying to @JamesOKeefeIII
Didn't you plead guilty to several crimes and don't you deliberately produce misleading videos? And now you are playing at being self-righteous? #hypocrite #liar #fraud

Dozens of redneck nobodies who are outraged they lost thousands of followers. It does not occur to them that they did not acquire them in the first place by being eloquent, bright or a known public figure. They did because they re tweeted and followed bots, which in turn did the same and it snowballed to them having thousand of not followers carrying Russia's propaganda...