China’s HUGE New Year’s Eve Windows Hack Attack Targets Millennial Democrats.

I’d just like to thank you, China. By including me in yesterday’s massive, personally motivated anti-Windows hack attack, as covered yesterday by Forbes Magazine, you gave me the best present anyone ever has, in this whole ten-year period. Furthermore, you used a Russian ransomware virus, but a variant of it created by yourselves, hinting strongly that you and Russia were in on this together-which I’ve also been saying for years. Proof of what you’re up to is not easy to find.

You really made my decade and my New Year.

I’ve been working on showing the world, China, what your horrible hacker jackals have been trying and failing to do to me for years, ever since the sonic attacks that injured our diplomats while visiting your country.

China Will Likely Be 2020’s Main Hacking Actor, Not Russia! Be Alert!

Last fall we did that piece telling the world to watch out for Chinese disinformation actors in the 2020 electoral cycle, perhaps beyond even the Russians- who are continuing to infest the Instagram community of Pete Buttigieg, even now.

This is from a second alt-right troll on Instagram, @harold.balls. But it’s got a certain horrifying logic about it too. “Be like Pete” is just creepy. Joker creepy.

But no matter how many failed attempts or brute-force attacks you’ve made against my website, it’s been an uphill battle telling the world what Microsoft and the Trump administration has not wanted to admit- that you, and not Russia, is the most skillful and numerous of our cyber-adversaries.

Then came yesterday’s one-two punch, which certainly did unsettle me for a few hours- with pure excitement.

First, there’s the unbelievably powerful malware my dear good Windows Defender Firewall caught you trying to use on one of my honeypot computers.

You didn’t think I’d leave the back door unlocked on a computer I actually use, did you, silly China? Boy, howdy. It’s called a honey trap for a reason, Ping-Pong. I caught you with a hunk of junk put together from spare parts in twenty minutes. Learn how to read.

(Speaking of reading, folks, this story’s in two parts, and therefore nowhere near as long as it looks; the second part is really just for specialists. Do with it as you please, the two halves are clearly delineated.)

This was an unreal discovery. That is military-grade ransomware you’re looking at there, folks. The fearsome Cerber virus. They tried to hit me with CERBER. I know how they did it, too; our tech guy baited them with a proxy network. He left the door open for them, the slobs. They came right in- and got caught red-handed.

I still can’t believe that an indy journalist like me, one who is not even getting paid to write their thoughts down, is being targeted by this level of resources. Even at this late stage in the game, Cerber is used to take huge hospitals hostage, not single citizens. Out of every piece of malware known to man, only the Stuxnet virus, which can send nuclear reactor cores into meltdown, is more terrible. Even the Botnet virus is not considered as dangerous. This is no kiddie script. Someone who sends that at you is not messing around. They hate you.

They personally hate you.

It has been confirmed that the Microsoft Digital Crimes Unit (DCU) has been tracking a hacking campaign against Windows users. Unlike recent threats involving zero-day vulnerabilities facing Windows users, this time the danger is a lot more personal.

Along with the Microsoft Threat Intelligence Center (MSTIC), the DCU has been monitoring an advanced persistent threat (APT) [Editor’s note- APT37 is the group I correctly identified as being behind my site’s cyber-targeting last fall when warning our community to watch out for the Chinese in 2020] hacking group operating an extensive criminal network to compromise accounts and steal data.

Who is behind the Microsoft Windows attack campaign?

The threat group behind these cyber-attacks is thought to be based in North Korea and has been named as “Thallium” by Microsoft and is also known as APT37. The hacking group appears to have been targeting government employees, university staff, those working on nuclear proliferation issues, as well as world peace and human right. The majority of those targeted were based in the U.S. but Microsoft has confirmed individuals in Japan and South Korea also found themselves in the hacking crosshairs.

So I’ve been doing research on this all day, of course, and had planned to write something up about it soon anyway. But then around nine at night, I saw this about Microsoft attacks in this Forbes story released and came to understand it was not just me. Still, there were only a few hundred of us targeted, for personal and political reasons, out of a world of seven billion people.

It’s like a dark matter Pulitzer Prize.

Objectively speaking, it’s kind of a big deal. It represents a drastic escalation compared to what they’ve tried with me before. Hacking a website is still personal, even as a vast campaign of attacks meant to traumatize the whole free world’s community, but this is far worse.

I decoyed them, and they bit. As hard as they could. Like a striking snake.

They followed who they thought was me down a dark alley network, and tried to take me, prisoner. I wonder who the others they attacked were? The Forbes article said everyone targeted was a human rights and freedom activist, one they’d been stalking and preparing to savage for years. We should all get together.

Microsoft hit them back, and so did we. They got their asses kicked, too. I have said it before, and I’ll say it again. Don’t mess with the US, and least of all with American Democrats.

This will raise morale in our community, folks. The global elite has just been shown its hot cross buns again. They have money and resource advantages, yes, but in terms of personnel, they are the disadvantaged ones. They are NOT invincible and they CAN be beaten, by regular people, just like you and me- although, as a matter of fact, anyone who doesn’t specialize in the topic may want to stop here. It’s going to get technical. Those who would like to know more about our methodology are welcome to continue down below, where our tech guy will give you the whole story.

Going forward, whether or not we are technical specialists, we can thank our brave technical staff for taking this risk for us, and protect ourselves in the usual manner- by not clicking on strange links, and not opening strange emails. We cannot stress enough just how dangerous things are going to be for the rest of a year that began in so dramatic a fashion-and is guaranteed to get even worse.

Look after yourselves and every Democrat. A lot of us have been dying and disappearing, and we already know what killers our opponents are. This ransomware is bad stuff; fastcompany.com called it No. 2 on their Five Most Dystopian Technologies of the Decade List. You do not want to play games on it. Putin, Xi, and Trump will stop at nothing and shirk no dirty work- but that doesn’t mean they’re winning. Just the opposite, in fact. Ours is the stronger side and always will be, so long as we insist on it.

Happy New Year, Democratic family, from your friends here at Millennial Democrats!

Part Deux!

Bromium®, Inc., the pioneer and leader in application isolation and containment for endpoint protection that stops advanced malware attacks, has uncovered US-based web servers that are being used to host and distribute banking trojans, information stealers and ransomware. 

Analysis of public data and Bromium threat data between May 2018 and March 2019 showed the malicious threats were originating from web-servers registered under the name PONYNET and hosted on BuyVM data centers in Las Vegas, Nevada. BuyVM is owned by FranTech solutions, a so-called bulletproof hosting provider which has links to far-right websites

From our good friends at the Truth in Vision Tech Corps

Greetings, friends, and Happy New Year! Looks like I finally scored. See that blockquote up there? It’s from an article about PonyNet, “the malware equivalent of Amazon fulfillment” according to a spokesperson from Bromium.

PonyNet is like an open-air bazaar for malware, particularly the new ransomware (as well as being a FranTech customer, like Daily Stormer and the National Association of Man-Boy Love). They’ve been sending the best at MD for a long time now, of course; that’s the whole reason I joined up with them. But these guys are really something else. I knew it was big if they were in on it.

I’ve been looking for a way to get the Chinese and Russians stalking me to tip their hand now for quite a while, so I recently took some more active measures. They took the chance dramatically, but who knew they were planning to include us in such a large-scale assault? Massive resources were put into this one; they’ve been stalking the victims for years.

When we got a hacking attempt from them the same day as that ransomware alert came from the dear good Windows Defender Firewall, I knew the moment had come. So I threw up the traps and waited.

There is no way I could have known they were doing that when I set up that old network (I can’t be a hundred percent sure what Bromium means by ‘secure threat containers’, but what I mean by it is a few old hunk of junk computers I built in twenty minutes and hooked up to a proxy network) to catch the hackers with. It’s literally per happenstance.

There’s been a couple of things that have had me suspecting they were planning to try for something worse than the usual, this time. For one thing, it’s the New Year, which is a very big deal to the Chinese. Perfect time to make a big splash. The point is to demoralize the Democratic community; we at Millennial Democrats are warriors who have fought them many times successfully. If they can go splatter it all over that they finally beat us, going into the election cycle, it would have been a tremendous psychological blow to us and a huge victory for them.

The Chinese, friends and Democrats, wanted to rub your noses in filth, by rubbing our noses in filth. By taking down your symbol and silencing your voice, they would have made themselves look fearsome and we look small.

Better luck next time, Ping-Pong! Too strong for you.

Levity aside, please don’t try this at home, folks- even I didn’t do that! My real data was never anywhere NEAR this system, and if you decide to go hunting them down as I did, make sure yours isn’t either.

The ways one can exploit the basic framework of a computer’s relation to the Internet are nearly endless because, in the beginning, its designers didn’t know things would get to this point. The point was for end-users and their individual systems to be hubs and spokes in the free and open exchange of information, not to be cybertronic islands unto themselves, and so the whole Internet, in a nutshell, is insecure as any adolescent- or even as insecure as Donald Trump.

No matter how good you are, there’s always somebody better. Take nothing for granted. Take no uncalculated chances at all, and never forget that while you are the hunter, you are also the hunted. Be careful.

There’s a couple of different ways they might have gotten the IP address I was using, for one big reason: I wanted them to have it (For God’s sake, folks, listen to me about not trying this at home)! We needed more compelling evidence, so I have been hunting around everywhere I can think to stir them up and smoke them out of hiding. I wanted to treat them to an ass-kicking for the New Year.

As it worked out, they had had the same in mind for us, not to mention hundreds of other prominent human rights advocates worldwide. I don’t think most of us would choose to call ourselves “prominent”, but that is what the Forbes article said, so, thanks, China. You’re going to make us legends by the time it’s all said and done.

In the process of doing so, I ended up finding a bunch of Russian ads leading to a site called RomanceScam.com. I figured some of the same people had to be involved with one of my hackers or another, and I was right. Last week the owners of a company named Selectel, Ltd. tried to hack me, and the names of the owners were right there in the whois registry. Looking up the first one, a Dmitry Malevanov ended up leading me back to these same ads.

Aha, I thought, happily filling one out.

Lonely people and anyone else who is hurting are the kinds of Americans foreigners target.

The final Selectel owner might share a name with or might actually be the name of an extremely famous- and beautiful- Russian woman, Tatyana Litvinova, whose pictures they used on the site.

For once, I get something out of the deal.

As a brief side note, Tatyana here was a heckuva a step up from “Brazilian” Elliott Rodge, though it was from reading this thread of him arguing with yet another one of my hackers, FlokiNET from Iceland, who had been hosting his website- proving once again how the world of alt-right and far-left are the same. This guy, whose How to Rape Women site had already made him infamous, later went on to become the Santa Barbara Killer. I found him looking up. Sigh. It’s nothing less than shame, what we wind up finding looking up the million MD hackers. Pure, unadulterated shame.

You know, it’s funny. No matter how big a piece of trash Elliott Rodger might have been, with his Rape FAQ websites and friends from Russia and the Daily Stormer, homophobia, and so on, what he said about this FlokiNET is true. He’s far left and a so-called free speech activist who will try to silence anyone to the right of him, which certainly includes us- and the Santa Barbara Killer. What a pleasure to be in his company.

The sole, lone, singular thing about my life that ever makes me question what I’ve done with it is the fact that it has got me reading stuff written by guys like this. In reading their exchange, I learned that Brazil and Russia have an extremely close relationship, which is what those oldest hacking attempts against this site must have been about. That’s another one that really taught me how truly connected all these alt movements really are, like one tremendous bowel.

Earlier this week, the same day as Selectel, in fact, we were also targeted by the owners of Rostelecom is the biggest Telecom network in Russia.

They own Morton Telecom and Anton Kamykin who was responsible for trying to hack the Brave News Blog post calling Tulsi Gabbard a nasty garbage person or whatever it was, lol. Now I know for sure that the same people who targeted her have now also tried to hack me.

This was interesting, because these were Anton’s bosses, and he was bad enough.

They never fail to send their best when it comes time to hit me.

So now that I had answered a few of their scam messages- on a honey trap computer I assembled out of spare parts, on a network I set up as a proxy God knows how far from where I actually live, folks, do NOT try this at home- all that remained was to sit back and wait. I knew full well they would come eventually. I opened the computer’s Secure Shell port, left it unencrypted, and set a program called Wireshark up to record the incoming traffic.

That, fellow Democrats, is how I caught the girl who left me Cerber.

person:         Naishuang Ye
nic-hdl:        NY40-AP
e-mail:         email@zju.edu.cn
address:        N0.20 Yugu Road Hangzhou
phone:          +86-571-87952059
fax-no:         +86-571-87951670
country:        CN
mnt-by:         MAINT-CN-CHINANET-ZJ-HZ
last-modified:  2008-09-04T07:32:04Z
source:         APNIC

She’s from Hangzhou, China, as so many of our hackers have been since 2018 when I first started handling MD’s tech stuff. I will never forget how weird it was to review their first hacking attempt from there. The Chinese? It hardly seemed like their fight. What do they care? I wondered out loud. I figured they were being contracted by Russia, and now I think so even more. Why?

Because Cerber is a Russian virus operated by a team of Russians- but the variant they tried hitting me with was invented by the Chinese. This suggests collaboration of the closest type- and one befitting Xi’s conception of Putin as his “best, most dearest friend”.

Before I even knew Guccifer 2.0 was among those world-class criminals they have sent to silence this Democrat, . Her name is Naishuang Ye, and she’s a student at a shady school, the Finance and Trade Institute of Zhejiang University.  I found Naishuang there hanging out in the back door I prepared for her with a simple netstat scan.

First I booted her, and then I looked her up. I found her right away on the whois registry kept for us by the good old American Registry of Internet Numbers.

Hangzhou, China?! I could hardly believe my good luck. Now I was sure it was no mere coincidence. Out comes Maltego, lightsaber of the OSINT specialist, to track what else is on her network. It was not long before I hit pay dirt.

What you’re looking at in Maltego Exhibit A are all the connections I checked in the web of networks around Naishuang Ye, the hacker I caught sniffing out my honey trap, IP address 202.96.99.84. There are a great many figures and companies of interest to examine here. But we chose the most famous. See below.

This school is on the same network as the Alibaba-owned Hangzhou Yongsheng Group Company, which-again, like most of my hackers, is an offshore shell company. This one is well-known, too. It’s in the Offshore Leaks database run by the International Consortium of Investigative Journalists (ICIJ) for being actors mentioned in the Paradise Papers, just like Donald Trump, Felix Satter, and Vladimir Putin.

Some of the most notoriously shady activities in the world have been committed by the global elite on these offshore locations. Cloud servers and shell companies are strongholds for criminals and the Radical Information Pipeline I discovered and have been sounding out.

The Paradise Papers, like the Panama Papers, are put together by some legendary researchers in the ICIJ; I have to wonder how many of them were targeted New Year’s Eve. It was really neat to see a lot of the same stuff we’ve been telling people right there inside them. They have been tracking them for much longer than I have and have come to some similar conclusions; I recommend checking them out.

Panama Papers rendition of key players- recognize anyone?

Returning to the topic at hand, earlier this week, I did some network analysis on the Aliyun crew, where I regularly encounter some Chinese hackers from the same city who have visited me through this more usual channel of attacking the Millennial Democrats blog here more times than I can count.

They too are from Hangzhou, Zhejiang. I don’t believe in coincidence anymore. They are on the same network as the Secure China Communications Network, the largest governmental telecom apparatus in China. Kylie Bull over at securitymagazine.com gives us the freaky story.

China is to use quantum cryptography to create an “unhackable” communications network. Using the network, some 200 users from the military, government, finance and electricity sectors will be able to send messages without the concern that others may be able to read them.

These guys are not messing around, and my other hacker lives next door to them.

In closing, the thing to remember is that even if it’s hard to see at first, there is without a doubt a solid and viewable connection to all these criminals and hackers and alt-right figures and Russians, and it is becoming clearer all the time.

The ones who hit me yesterday morning were probably APT37, who we warned people about last fall, half Chinese, half North Korean. They are the same ones who are operating Thallium who did Microsoft as well. They also tried hitting me through FranTech’s PONYNET.

Ponynet has become the “Amazon of Malware”, according to one cyberspecialist magazine I read.

FranTech, owner the greasy-looking Francisco Dias,

Nefer, Neferu, Aten- These Egyptian gods are what FranTech’s owner, this man Francisco Dias, named his Tor nodes after; I’ll give him props for that much. 

At this point, FranTech is known for hosting NAMBLA, the Daily Stormer, and the stalking forum Kiwi Farms. They were also formerly hosting Santa Barbara Killer and notorious alt-right extremist Elliot Rodger’s website on how to rape women; I encountered that thread earlier tracking down yet another one of my hackers, Flokinet, a far-leftist. #FarLeftIsAltRight, folks. There’s just no way around it. For them, the Amazon of Malware, to try and hack the site the day before we get the Cerber virus sent into a honey trap computer by a Chinese student living next door to Alibaba- It requires too much suspension of disbelief for my tastes. Hopefully one day the National Security Agency rounds up every single rotten one of them.

In closing, I repeat last year’s warning about Chinese interference into this year’s election cycle. This is the same lot I identified as being Russia’s likely accessories eighteen months ago and my own chief persecutors last fall, when I did my piece warning Democrats to watch out, that they would be among the chief actors this next year, possibly the chief actors. In my experience they are better than the Russians, more numerous and determined, and fighting the former’s battles for them. Watch out for yourselves, Democrats. And watch out for each other.

My (possibly) Chinese friend, saying hello to me again. Hi, buddy. Change your ways!

My (possibly) Chinese friend, saying hello to me early in our fight. Hi, buddy. Change your ways!

 

 

Advertisements

Come join in our Great Talk!