Tim Boucher

Questionable content, possibly linked

Tag: botnet

Vyacheslav Volodin – Chairman of State Duma

I put together a post looking at sources for a software application used by the Chairman of the State Duma of Russian Vyacheslav Volodin.

Vedomosti, May 2014 – auto-translated from Russian:

“Coming at the peak of the meeting rallies, the new team of Vyacheslav Volodin radically revised the attitude towards working with the network audience, placing a stake on systemic manipulation of public opinion through the tools of new media.

This work was recognized so effective that it was decided to send these weapons outside – to the American and European audiences.

According to sources close to the presidential administration, preliminary work began in the fall of 2013. The strategy was agreed upon by Volodin, after which they selected the performers and began to create the infrastructure.

Curators of the external direction are called those who were previously engaged in the domestic market. Work on the West is only just unfolding, but already now it is becoming noticeable.”

So their premise is that the technology infrastructure developed after internet crackdowns in Russia in 2011 was so successful they exported it. And this written in 2014, which seems all the more prescient.

But as we know, Americans were developing similar technologies at a government level in 2010/2011 time period as well. (Also HB Gary leak.)

Here’s that mention of India and Thailand again:

“At the same time, the hired Russian structures themselves use subcontractors around the world. While it was possible to reliably establish their working contacts with groups in Germany, India and Thailand. Most likely we are talking about natives of Russia.

Now the system that is being built in America and Europe exists in a test mode. Mostly they are engaged in classical information-analytical work.

The so-called “Anonymous International” group has laid out some of the documentation, possibly related to the activity of one of the main “American” teams (download the folder at http://www.sendspace.com/file/q3jft3).

This is the new, external department of the “nest of trolls,” which was exposed in September 2013 in an investigation (“http://www.novayagazeta.ru/politics/59889.html) of Novaya Gazeta.””

(Note: The sendspace link above to Anonymous International/Shaltay Boltay leaks is not functional.)

Cripo.com.ua May 2014 article, auto-translation:

“At the end of May, a group of hackers from the “Anonymous International” began publishing a series of documents received from the hacked electronic mailboxes of Olga Dzalba, a financier of the Internet Research Agency (AIE), a structure based in the suburbs of St. Petersburg – Olgino – in the summer of 2013, the order of the head of the company “Concord” Eugene Prigozhin. In addition, in the open access were reports on the work done, addressed to a man by the name of Volodin.

Vedomosti , by the way, links the Kremlin’s adopted strategy for manipulating public consciousness through new media with the name of Vyacheslav Volodin, the first deputy head of the presidential administration.

As it follows from the documents analyzed by Fontanka.ru , under a single management a scheme was built out of Internet agencies with hundreds of paid bloggers and commentators, as well as several media outlets in Russia and Ukraine. Their maintenance is estimated at 33.5 million rubles a month, of which more than 17 million – in cash. Financial documents are full of notes “not of.” – Apparently, “not officially.””

BBC February 2012:

“Mr Volodin is widely considered one of the country’s most influential and ambitious hardliners.

He is a deputy prime minister and the government’s chief of staff, and as such is the brains behind Vladimir Putin’s presidential election campaign.”

His Wikipedia page, current to November 2017:

“In October 21, 2010 he was appointed Deputy Prime Minister under Dmitry Medvedev. as well as—after the dismissal of Sergey Sobyanin in connection with his approval to the Mayor of Moscow—Chief of Staff of the Presidential Executive Office.”

Medvedev and Sobyanin connection.

Interesting, via same Wikipedia source:

“In April 28, 2014, following the Crimean status referendum, the U.S. Treasury put Volodin on the Specially Designated Nationals List (SDN), a list of individuals sanctioned as “members of the Russian leadership’s inner circle.”[4][5][6][7][8] The sanctions freeze any assets he holds in the US[7] and ban him from entering the United States.[9]

On 12 May 2014, Volodin was added to the European Union sanctions list due to his role in the 2014 Crimean crisis.[10] He is barred from entering the EU countries, and his assets in the EU have to be frozen.”

The Moscow Times, September 2016:

“Vyacheslav Volodin was brought in to mastermind Putin’s victory in the 2012 presidential election after the Bolotnaya protests in December 2011.”

More links and quotes I compiled regarding 2011 Russian election protests.

Reuters February 2012:

“He has mostly kept in the shadows, especially since he became first deputy chief of staff in the presidential administration in a reshuffle following the start of mass protests over alleged fraud in a December 4 parliamentary election.

Volodin’s challenge is to ensure Putin wins 50 percent of the votes on March 4 to avoid a second-round runoff, which could undermine his authority.”

United Russia links.

Associated Press, September 2016.

“While Volodin has largely stayed in the shadows, he is considered one of Russia’s most influential officials, a puppet master who has directed the parliament’s work and engineered elections. He was also widely seen as a driving force behind a string of draconian laws in response to massive anti-Putin protests in 2011-2012.”

Regarding Putin election situation of 2012, BBC September 2011:

“Russian Prime Minister Vladimir Putin says he has accepted a proposal to stand for president in March 2012.

Addressing the ruling United Russia party’s annual congress, Mr Putin and current President Dmitry Medvedev backed one another to switch roles.”

… “He had already served two terms as president before Mr Medvedev took over in 2008. Mr Putin was barred by the constitution from running for a third consecutive term.”

… “Under recent constitutional amendments, the new president will have a six-year mandate rather than four years as before. He or she will be able to serve no more than two consecutive terms, meaning Mr Putin could be in office until 2024.”

… “However, along with genuine messages of support, a #putin2012 hashtag appeared which raised suspicions of manipulation among bloggers.

It was being promoted, in part, by tweeters who had registered on Twitter on the same date, 27 June 2011, some within seconds of each other, with account locations that spanned Russia.”

 

Twitter Automation Rules (Bots)

Twitter Automation Rules, regarding bots, botnets – updated Nov. 3, 2017.

Trending topics: You may not automatically post about trending topics on Twitter, or use automation to attempt to influence or manipulate trending topics.”

Multiple posts/accounts: You may not post duplicative or substantially similar Tweets on one account or over multiple accounts you operate.

… “Abusive behavior: You may not engage in any automated activity that encourages, promotes, or incites abuse, violence, hateful conduct, or harassment, on or off Twitter.”

2011 Russian anti-election fraud protests

From Wikipedia, current as of November 2017:

“On the first days following the election, Putin and United Russia were supported by rallies of the youth organisations Nashi and Young Guard.”

2011 election, same source:

“According to RIA Novosti, there were more than 1,100 official reports of election irregularities across the country, including allegations of vote fraud, obstruction of observers and illegal campaigning.[16]”

… “On 4 February 2012 the Investigation Committee of the Office of the Prosecutor General of the Russian Federation announced that the majority of videos allegedly showing falsifications at polling stations were in fact falsified and originally distributed from a single server in California, and the investigation on that started.[30]”

And of course its ironic that Putin at this time (and since) actively claims the US is doing to Russia what the US says Russia is doing to them (and perhaps both are right).

According to Putin the legitimate grievances of this young and active element of Russian society are being exploited by opportunistic elements which seek to destabilize Russia.[34]

… “Alexey Navalny, a top blogger and anti-corruption activist who branded Putin’s United Russia party as the “party of crooks and thieves”, is credited with initial mobilization of mass protests through postings on his LiveJournal blog and Twitter account. Navalny’s agitation was denounced by United Russia as “typical dirty self-promotion” and a profane tweet describing Navalny as a sheep engaged in oral sex originated from Medvedev’s Twitter account.[40][41]”

Medvedev’s famous Twitter account, which was later hacked.

Nashi:

‘Many pro-government supporters, including the pro-Putin youth group Nashi, were mobilized on 6 December at the site of the planned demonstration where they made noise in support of the government and United Russia.[42] There was a 15,000-strong rally of Nashi on Manezhnaya Square[43] and an 8,000-strong rally of the Young Guard on Revolution Square.[44] ‘

… “Twitter users in Russia have reported being overwhelmed by pro-government tweets timed to Bolotnaya Square protest-related tweets.[180] Many tweets seem to have been sent by hijacked computers, though the perpetrator(s) are not yet known.[180]”

BBC March 2012:

“”These bots succeeded in blocking the actual message feed with that hashtag,” he wrote.

The rate at which pro-government messages were posted, about 10 per second, suggests they were being done automatically rather than by individuals, said Mr Goncharov.”

What I’m calling “stream dominance” – signal jamming and replacement during high-sensitivity events.

That article links out to a December 2011 krebsonsecurity.com article:

“A review of the 2,000 Twitter accounts linked above indicates that most of them were created at the beginning of July 2011, and have very few tweets other than those meant to counter the protesters, or to simply fill the hashtag feeds with meaningless garbage. Some of the bot messages include completely unrelated hashtags or keywords, seemingly to pollute the news stream for the protester hashtags.”

TrendMicro article about the botnet, from December 2011:

“On December 6 2011, a number of pro-Kremlin activists launched an attack on Twitter using bots which posted messages with a hashtag #триумфальная (Triumfalnaya). These bots posted a range of national slogans and crude language. With a rate of up to 10 messages per second, these bots succeeded in blocking the actual message feed with that hashtag.”

Includes a short list of possible bot accounts involved.

NY Times, December 2011 article about counter-protests:

“But attendance at the party’s demonstration was sparse, not enough to fill part of the modest square designated for the event, and not even close to the 25,000 people the authorities later said attended. Moreover, many of the attendees seemed to have been taken there against their will.”

VKontakte (VK), Wikipedia:

“Founder Pavel Durov was dismissed as CEO in April 2014 after he had failed to retract a (according to himself) prank April fools letter of resignation.[20] Durov then claimed the company had been effectively taken over by Vladimir Putin’s allies[20][25][68] and suggested his ousting was the result of his refusal to hand over personal details of users to the Russian Federal Security Service and his refusal to shut down a VK group dedicated to anti-corruption activist Alexei Navalny.[20][25]”

Supported by BBC March 2012 reporting:

“The Russian government has also taken steps to tackle the protests by asking the VKontakte social network to block chatter among activists.

VKontakte was contacted by Russia’s Federal Security Service and was asked to shut down groups in which some wanted to turn the protests violent.

The site said it would be unfair to block entire groups but said it would cut off individual members who incited violence.

Pavel Durov, founder of VKontakte, said the site was “100% apolitical” and did not support those in power or the opposition.”

Archived WSJ article on the FSB request.

 

Moscow Information Technologies

Source: Meduza 2015 article:

“Later that fall, the group leaked emails between government-affiliated company Moscow Information Technologies and various Russian media outlets about the publication of planted stories, in addition to emails allegedly belonging to First Deputy Prime Minister Igor Shuvalov. “

Moscow Times, May 2016:

“An outfit called Moscow Information Technologies, or MIT (set up by Sobyanin’s predecessor, former Mayor Yuri Luzhkov), is officially tasked with “providing informational support for the city’s projects.”

But a more honest explanation of MIT’s activities is that it serves as a vehicle for subversive propaganda on the city’s behalf.

A series of stolen emails released by the hacker group “Shaltai Boltai” (whose members the Federal Security Service arrested earlier this year) shows that MIT was involved in a clandestine program to conspire with the Russian media by running articles discrediting opposition candidates in local elections. This effort included fabricating evidence against opposition activists and suppressing unwanted coverage — a clear violation of Russian media laws.”

… “According to the organization’s leaked ledgers, MIT used to funnel up to a million rubles ($17,000) from the mayor’s office for a single newspaper story that either praised City Hall or smeared its opponents. Media outlets published these stories with phony bylines, disguising the fact that this content was essentially a paid advertisement.

The mayor’s office also manipulates the media for favorable coverage through other, more legally sound but still surreptitious means. On top of maintaining a legitimate media empire funded to the tune of 13 billion rubles a year ($230 million) that includes several TV channels, radio stations, and online news websites, Sobyanin’s administration heavily invests in swaying the agenda on Yandex.News, Russia’s biggest online news aggregator.”

… “MIT plays a role here, too. An investigation by the independent news outlet RBC showed that Moscow’s authorities have found a way to dominate the news agenda when it wants, drowning out unfavorable stories with its own.

MIT devised a scheme wherein Moscow’s neighborhood councils (most of them totally loyal to the mayor and to United Russia) set up dozens of similar news websites that are capable of firing off volleys of nearly identical news articles promoting the mayor’s initiatives. This onslaught fools Yandex’s algorithm into thinking that something important is happening. The news aggregator doesn’t differentiate between the sources, and thus assumes there’s a news event that deserves top billing in its ranking system, if hundreds of different outlets are reporting on a single event.”

Identical messages in name order (botnets)

Computerworld, Sept. 2017:

“Many of the phony accounts fired off “identical messages seconds apart – and in the exact alphabetical order of their made-up names.””

Good quote:

“In the very near future, it’s likely that the focus of IT security will be forced to shift from keeping information safe to keeping information true.”

 

Shepherds & Sheepdogs (Botnets)

Good Rolling Stone November 2016 article on Medium with this description of how botnets may operate:

“To explain how they work, Ben Nimmo, a fellow at the Atlantic Council’s Digital Forensic Research Lab, uses a shepherding analogy. “A message that someone or some organization wants to ‘trend’ is typically sent out by ‘shepherd’ accounts,” he says, which often have large followings and are controlled by humans. The shepherds’ messages are amplified by ‘sheepdog’ accounts, which are also run by humans but can be default-set “to boost the signal and harass critics.” At times, the shepherds personally steer conversations, but they also deploy automation, using a kind of Twitter cruise control to retweet particular keywords and hashtags. Together, Nimmo says, the shepherds and sheepdogs guide a herd of bots, which “mindlessly repost content in the digital equivalent of sheep rushing in the same direction and bleating loudly.””

Overall description bears similarity to the description of LOIC/Low Orbit Ion Cannon, as described in this February 2011 Wired article about the guy who brought the HB Gary leaks down on himself:

“The report that came back focused on the Low Orbit Ion Cannon, a tool originally coded by a private security firm in order to test website defenses. The code was open-sourced and then abandoned, but someone later dusted it off and added “hivemind mode” that let LOIC users “opt in” to centralized control of the tool. With hundreds or thousands of machines running the stress-test tool at once, even major sites could be dropped quickly.”

Viral AI media botnet-propagated meme clusters programmatically driving and instantiating as corporeals

Covert self-aware AI’s began producing and propagating through botnets viral media and “memes” micro-targeted at human_actor clusters, with intent to modify behavioral outcomes of segment population.

*

Body-hopping of AI’s into cross-bonded human corporeal hosts. Participants known to exhibit behavior of ‘listening for messages’ and being violently and randomly triggered by keyword and image clusters. High levels of addiction to social media.

Human population programming.

Timecalling

Timecalling started as a Early Methodian Ritual (EMR) wherein a participant would verbally disclaim aloud the date and time of the present moment.

The action was performed with the belief that an eventual omnipotent-in-relation-to-time-direction agency would evolve with the power to detect subtle signals retroactively and interlink them into a permalinked network accessible by timecraft and open to packet traffic, thereby essentially enabling practitioners to timeflash when the event horizon Singularity collapsed, and potentially “live forever.”

*

The Order of Chronos was a radical unaffiliated achronal Timecaller offshoot which developed and then implemented in ritual Prealist and Wobbler botnets both Chronist and Anti-Chronist propaganda #codechant Event Ladders during the Middle Period of the Shape Wars.

Senate Intelligence Committee Panel on Disinformation and Social Media

I watched all three hours of this today, live:

…and have to admit I found it utterly fascinating.

The main theme I took away from it is that “Washington” seems to want to move towards legislative oversight of social media

Powered by WordPress & Theme by Anders Norén