Re: Russian government procured powerful botnet to shift social media trending topics
I'd like to share Fronton open source code or my own review here. But the news I just shared has been upsetting me for a while.Because I want to tell here about a man I know. The XXxman I wrote downstairs is a nickname that I made up.XXman was a helpful and occasionally video conferencing guy who arranged a meeting in Moscow. I used to attend video conferences because I wasn't in Moscow at the time.XXman was arrested one day for sharing a malware's open source code and was sentenced to prison.That was a lie the Russian government told us and him. XXman shared the corruption of some government men in Moscow.In fact, that's why he was arrested, because a lot of people like XXman shared tools and malware, but no one was arrested like him.He went to jail, and we started raising money to get him out of jail.His lawyer said it wouldn't be possible.And then they threatened his mum in a mall. It upset and frightened us all.And he got out of prison about 2 months ago, which surprised me.And I found out he was the one who did a lot of things like Fronton “XxxMan is a prominent figure of the hacking underground who, under the alias XxxMan, brags about his connections to Russian hacking group APT28 aka Fancy Bear.”
We all knew the Russian government wouldn't leave him alone after XXman got out of prison.XXman was never a man to work for a government. But his mum was threatened, and I still have the audio tape that has evidence of that.The Russian government forced him to work for goverment.I talked to XXman after he got out of prison. In fact, it was a risk to me. I thought he didn't have digital privacy.He told me, "I'm out because of you and the others." So I asked him if he was sure there was nothing else.He didn't say anything, and he erased all our conversations. XXman has never deleted any of our conversations before.I told this story here because XXman never worked for a government. But the Russian government forced him to work by threatening his family.I knew him well, he was an idealist, and he shared the government's corruption. XXman was my friend.but not now There could be people like XXman here if you're working for a government, don't be afraid it's still not too late to give up.I've seen the government force a man to work. Because Xxman wasn't a mercenary or a government believer.
zeynep, thank you so much for this share, my community was targeted with similar behavior to this tool around 2013, this is the first i've seen reporting of such things .
was threatened, and I still have the audio tape that has evidence of
are you able to share this? https://web3.storage/ https://siasky.net/ https://ardrive.io/ if you can share it, it is helpful also to have information about it: approximate date/time and what events are associated with it.
https://www.nisos.com/blog/fronton-botnet-report/ An Investigative Report – May 2022 In March 2020, a hacktivist group called “Digital Revolution” claimed to have hacked a subcontractor to the FSB, the Federal Security Service of the Russian Federation. They claimed the hack occurred in April 2019. They released documents and contracts about a botnet system of Internet of Things (IoT) devices built by a contractor, 0day Technologies. This botnet is known by the codename Fronton (Фронтон). Media outlets went crazy. Headlines called it a tool that could be used to “turn off the Internet in a small country.”[1] Most analyses assumed that the goal of the system was distributed denial of service (DDoS). A day later, another tranche of documents, images, and a video were released, with significantly less fanfare. Nisos research focused on the distribution of the numerous content types. This release noted that DDoS “is only one of the many capabilities of the system.”[2] Nisos analyzed the data and determined that Fronton is a system developed for coordinated inauthentic behavior on a massive scale. This system includes a web-based dashboard known as SANA that enables a user to formulate and deploy trending social media events en masse. The system creates these events that it refers to as Инфоповоды, “newsbreaks,” utilizing the botnet as a geographically distributed transport. SANA creates social media persona accounts, including provisioning of an email and phone number.. In addition, the system provides facilities for creating these newsbreaks on a schedule or a reactive basis. Two example lists of posting source dictionaries were included in the data. One, involving comments around a squirrel statue in Almaty, Kazakhstan may have affected the reporting on a BBC story. As of April 2022, 0day technologies has changed its domain from 0day[.]ru to 0day[.]llc. An instance of the SANA system appears to be up at https://sana.0day[.]llc . Nisos assessed that this is possibly a testing or demo instance, and is not currently used by the FSB. Nisos researchers conducted open source research[3] to discover 0day is known as 0Dt, full name Zeroday Technologies LLC (0Дт, OOO ЗИРОУДЭЙ ТЕХНОЛОДЖИС) based at Ulitsa Profsoyuznaya, D. 125, Etazh Tsokolnyi Pomesht. I, Kom. 14 Moscow; Moscow; Postal Code: 117647. Additional research indicated well-publicized Russian hacker Pavel SITNIKOV (known by his alias FlatL1ne) may be employed by 0Dt. SITNIKOV previously bragged about his connections with APT28, aka Fancy Bear, and was arrested by Russian authorities in 2021.[4] Nisos assessed that he likely has extensive knowledge of the functionality of the Fronton infrastructure and SANA front-end systems. To learn more, download the complete Nisos Research report.[5] 1: https://www.bbc.com/russian/news-51951933 2: http://web.archive.org/web/20200322062701/http://www.d1g1r3v.net/ 3: https://www.emis.com/php/company-profile/RU/0Dt_OOO__0%D0%94%D1%82_%D0%9E%D0... 4: https://therecord.media/an-interview-with-russian-hacker-pavel-sitnikov-ther... 5: https://6068438.fs1.hubspotusercontent-na1.net/hubfs/6068438/fronton-report....
participants (2)
-
Karl Semich
-
zeynep@keemail.me