Attack of the amazons!



Had a nasty attack from a bunch of amazon machines this moring attempting to brute force this little old wordpress installation of mine! Be interested if anyone else has a similar pattern occurring?

This is a list of the offending ip address all of which have all since been blocked. Have emailed the little bookshop, be interesting to see if they get back to me!

List of the nastys if anyone wants that info

18.219.238.104
18.221.168.153
18.222.237.188
18.224.71.171
3.128.28.102
3.129.248.175
3.140.194.158
3.140.244.237
3.141.36.174
3.14.146.203
3.141.6.25
3.143.24.78
3.144.131.230
3.144.170.151
3.144.201.27
3.144.216.162
3.14.5.120
3.145.42.95
3.14.66.5
3.15.190.45
3.15.193.0
3.17.147.229
3.17.165.220
3.17.173.148
3.17.70.252
3.18.108.221
3.84.49.179
52.14.6.71


Phone

So over the last few months I’ve had this really annoying phone problem – it has this glitch with sending and receiving sms graphic attachments. Essentially you have to re-start the thing to receive or send pics! It’s most annoying !!!!

One way to trouble shoot this behaviour, is to do a total reset of the device. (I’ve tried all sorts of things to sort this… it’s a near last resort).

Anyway I nearly locked my self out of not only my phone, but my personal section of the google walled garden. It’s scary when you read that it make take 3-5 working days for google to re enable your account! But some how I fudged it and managed to get my life and this small device that I have trouble bonding with, to access my digital existence.

It was an interesting problem – google wants to send you and an sms but the phone is not set up yet with your google account so it can’t receive the sms – a lovley chicken and egg sort of issue. The work around was to not allow an initial google re-install of my data. Just set the phone up and start – enable it so it can start to send and receive sms. Once I had that working it was just a matter of logging in and then using the sms data that they sent me to confirm that I am in-fact me! Gee thanks big computer in the sky, for the anxiety, the minor panic attack and the final approval of my humble human existence.

I know younger people absolutely love their phones (I understand – it’s tied up with freedom, acceptance as an individual, communication, privacy, a social life and lots of other stuff) but I’ve never really felt like that.

Even with things like the assisted speech function, for me it all just slows my ability to get stuff done! That and I’m fairly fumble fingered with an object like a phone – also I have a theory that I sort of collect a lot of static electricity (if your a cat person and have ever zapped your cat you know what I mean) I hit the wrong button with my face, I was brought up analoug I suppose.

My preferred weapon of choice is a laptop, I can touch type and move about with it and take all my digital stuff and well… for me it just works. Which is what we want isin’t it? Technology that just works.

Pegasus spyware and MVT

So just for the heck of it I installed MVT (Mobile Verification Toolkit) the other day, which is a piece of software released by Amnesty international to check if you have Pegasus spyware installed on your phone.

If you haven’t read about it Pegasus spyware is some nasty stuff (It’s developed by the Israeli cyberarms firm NSO Group). It seems it was installed on Jamal Khashoggi’s phone (you know that chap who was assassinated by agents of the Saudi government at the Saudi consulate in Istanbul, Turkey). Also today I read that Sheikh Mohammed used spyware on Princess Haya and five associates in an unlawful abuse of power.

In short this Pegasus spyware is so bad, they recommend that if it’s installed on your phone you should get rid of / destroy the phone. Apparently even erasing the phone from scratch has no effect!

The detection software it’s self is command line interface based (So not for the average user) and it took a bit of mucking about to get it to run. Using a debian linux machine from scratch it took an hour or 2 to get the dependencies and settings on the phone sorted so that the computer could fossick about the phone for any trace of the nasty.

Although it’s satisfying to be able to do this – the need to do more to protect your devices sprang to mind – a quick glance thru some of the documentation came up a number of urls a few of which I’ll list.

free247downloads[.]com
urlpush[.]net
get1tn0w.free247downloads[.]com
infospress[.]com
https://d38j2563clgblt.cloudfront[.]net
https://2far1v4lv8.get1tn0w.free247downloads[.]com

There is more in this document that you might like to grep thru.
https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/.

Be warned The [.] should be removed to find the current related ip address. Do this with care, and only use command line interface related commands, do not open any of the above in a browser!

Which brings up the issue of if your running your own network and routers. I’d slap some acl’s on these darn things and the related ip address, as it will give you a little more protection against possible infection.

In addition to this, is that this software seems to use a lot of url redirects. So if your concerned this article on how to stop redirects may be worth reading.

https://www.techadvisor.com/how-to/internet/how-block-webpage-redirects-3690103/

Stay safe people. It seems that the Internet is still the wild wild west.

You can find the mvt software here.
https://github.com/mvt-project/mvt