george on 4 Apr 2018 13:25:10 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Massive Breach in Panera Bread 

While the security breach revealed in this clearly documented discussion
is important to inform IT managers about the privacy risks to affected
individual accounts of blind usage of canned proprietary software, I've
been following another risk growing out of the Russian interference with
our 2016 election.

This has been going on since September 2016 and continues to the present
day. The Russians are working on the logistics of attacking our entire
installed software base with the aim to control a massive shutdown of the 
Internet by pushing a "Czar" button at the Troll farm ...

They have been developing a technique of activating an arbitrarily large
number of compromised Russian-language websites worldwide from the Remote Access Ports shared by a number (presently about two dozen) of Russian and 
Seychelles-based servers controlled by a handful of actors. They now are
able to engineer the nearly simultaneous arrival of HEAD / HTTP requests
made by the numerous compromised Russian-language websites.
Starting December 2017 and since they have apparently been escalating to the near-simultaneous sending of PORT requests to deliver compromised WordPress applications, plugins, etc. to minimally protected WordPress installations 
so as to compromise them or their servers.
They're doing this to my webpage (anonymized on the 'Net) even though there is no WordPress software on its server, but I presume that the attempt is spread among as many prospective victims as possible without evaluating or 
winnowing the unproductive instances.
To whom should these activities be reported ? I've gotten no feedback of any kind since I went public with this, and the only "visitors" to the website (pinthetaleonthedonkey.com) are RU, UA, CN, TR, IR, KR and various WordPress attackers, all 403'd or promptly added to the site's .htaccess file. Google 
occasionally visits, but in-depth readers are few and far between.
These efforts will be exceedingly difficult to stop because the compromised Russian-language websites are scattered worldwide and the Port 3389 servers are all out of our reach. However, if the Powers-That-Be can gain admittance to the Access Files of the compromised servers that are on friendly ground, then the presently hidden activating servers might be traced from the timing and identity of the specific requests documented in pinthetaleonthedonkey.com. 

George Langford
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug