Related thread: https://voat.co/v/pizzagate/1527919
As you can see, I'm a first-time poster and please correct me, if I did something wrong while posting and of course if I missed some information.
It did basicly makes "sense" to me, that those organizations act the way they want and don't even try to hide their identity and it would be an interesting coincidence, but it seems like it is, because those IPs should be VPN IPs (of course it's possible, that they use the VPN provider to attack the wiki).
So I started researching the IP ranges the suspicious IPs are in. As pointed out before[1] the IPs belong to CachedNet LLC. A lot of those ranges are banned by several Anti Spam services[2], which is typical for VPN/Proxy-Providers.
After more research, since this is just speculation yet, I ended up in the support forum[3] of a VPN-Provider called "privateinternetaccess". There are multiple threads, in which people are complaining about the VPN, because it's not working that well. People, who use the VPN, get IPs (in Delaware) of CachedNet LLC, because the VPN-Provider probably bought them from CachedNet. You can also find a reference about the IPs status in spam databases like Spamhaus. The IPs are used for a lot of spam.
Quote from the forum user:
This doesn't appear to be working, when I connect via the New Zealand location. I have checked the IP location, and it comes up as Delaware U.S.A.
So, as I said at the beginning, DYNCORP might use the VPN to attack the Wiki, but the IPs location in Delaware is no evidence itself. Correct me, if I missed a fact.
[1] https://voat.co/v/pizzagate/1527919/7433447
[2] http://www.spambotsecurity.com/forum/viewtopic.php?f=7&t=3874
https://stopforumspam.com/ipcheck/162.212.171.37
https://cleantalk.org/blacklists/162.212.171.37
etc. etc.
[3] https://www.privateinternetaccess.com/forum/discussion/18802/new-zealand-vpn-not-working
Archive in case of deletion: http://archive.is/ACcDs
PizzaDestroyer ago
At the very least it is really annoying that ARIN allows a "business" like CachedNet to have an AS Number when they have no apparent signs of a legitimate business on the internet.
When doing a traceroute to cachednet.net(http://network-tools.com/default.asp?prog=trace&host=cachednet.net)), the nearest hop is a business registered right down the road in Wilmington DE called Netirons. Guess what - Netirons' website, http://netirons.com/, doesn't even work... a webhosting company with a broken website... and they are actually probably better off with a broken website because when it was up (https://web.archive.org/web/20160311003031/http://netirons.com/)) you could see that they were making some highly questionable claims about their business. They claimed to have 12,345 happy clients which supposedly included Equinix, NTT Communications, and Peak10 among others. Looks like a front for a spammers to me...
Then the next hop up is PCCW Global, who was previously named "Beyond The Network America" or BTNA (https://www.pccwglobal.com/en/dmca)). It appears that BTNA has a long history of hosting spamming and malicious services - https://community.spiceworks.com/topic/74374-beyond-the-network-america
RebelSkum ago
You, brave anon, are #1
tazytale ago
Thanks taking time reading through the information I found! It was looking very suspicious on first sight, that's for sure though.
throwaway345678 ago
So the attack on the wiki has nothing to do with the dyncorp voat posts being deleted here about at the same time and the VPN's in the wiki attack accidentally indicate Dyncorp....
I don't see how this works.
ghost_marauder ago
Occam's razor. Dynacorp IP was attacking host of anti Dynacorp Information. Means and motive.
Alternative actors must first have access to that particular VPN, or put a RAT on somebodies computer (1 being simple, 2 being a bit more difficult (especially on corp machines)). Motive, probable disinfo and narrative building. Or, to knock out the information.
Disinfo to drive down reputation and stock (reputation is already in the toilet, so money would matter), or to false flag us.
Narrative building. Launch attack, get us to look into this, waist time and effort of investigators. Alternatively, get us to pay more attention to dynacorp because they are doing something.
Knock out the info. Taking down the Pizzagate wiki would be a good blow for a Hacktivist, or somebody wanting attention. Either way, failure would not be good enough, and a continuation of attacks would be required.
If there is not a continuation of attacks then either a, they realize they are being watched and are planning side strategy; b have already achieved their goal.
In the end, I'll stick with the razor. Going down the alternative bunny wholes without any proof or sign post is kind of messy. And apologies to those who actually made it through my rant. My mind works off of branching, and linear text is like the worst form of communication for me.
Catsfive ago
This is not how the razor works. The number of assumptions in both theories is still the same. Our standards for proof must remain high. There is nothing wrong with having two plausible theories in play here and considering them both equally.
The_Invincible_Moose ago
An apparent means and motive also make it easy for a false flag to appear convincing.
Bottom line: We don't know who it was. It's only speculation at this point.
tazytale ago
You're writing in a very cryptic way imo.
By
I'll stick with the razor
you want to say you think it's DYNACORP trying to spam at the Wiki? If yes, I can just advise to read the post again and (I don't know how technically adepted you are) get some information about those bots. Create a simple blog or even a MediaWiki aswell, publish some content and let search engines like Google index it, so bots find it. You will have a lot of fun by default.There are clear evidence it's VPN IPs and even if the VPN provider doesn't use the IPs anymore, the IPs are well known for attacking a lot of random pages with CMS-systems, no matter if they blame DYNACORP for anything or not. Every tech can relate, everyone else should read the post again and think. The important links are all there.
ghost_marauder ago
Having a life gets in the way of quality commenting. It's a pain. (Takes me 8x as long to organize my thoughts into a flat story from my mental map.)
I had not read that it was a spam bot, to my memory it was an injector attack from what I remember hearing. Don't care enough to go down that path right now (OK curiousity peaked and I did go back through https://voat.co/v/pizzagate/1528966 it's spam).
So, could it be a spam bot by a script kiddie or a minor attack disguised as a spam bot. Given the prevalence of those little bots, highly likely a spam bot.
"Every one of these attacks starts with a direct landing on the DynCorp page" That's the part of their post that I find strange. Could have been the first search result they ran across and got stored as the entry point for the bot, could have also been a fuck up by whoever programmed the attack. ???
I'm required at work to reverse engineer and debug code in 5 languages, I've written my own compiler, One cages virus was my summer unemployed and bored hobby (hacking is more boring than anything I ever imagined), have a large grasp of 10 other languages (I think, I kind of lost count really, it's all either assembly, procedural, or functional). I've fully automated my job, so that all I do at work is answer stupid questions and let my bots bring in the pay check. How technically adapt am I. There's always some asshole making everything I know useless (Just waiting for quantum processors to hit the industrial market, I'm ready to pick up whatever language some asshole tacks onto their system).
Yep, did not argue that.
yep, like I said, my memory was off (I usually go to injection attacks with bots not spam. Memory issue, spam doesn't irritate me as much I guess, fun to do though. Loved hijacking the mail relay at work and sending out ultimatums to follow policy.)
True.
Ok, so I'll just put it this way. I don't care enough about internet attacks. If it's a false positive then it got people worked up. Otherwise, it's another day on the internet. ( https://www.youtube.com/watch?v=MticYPfFRp8 8:17 - 9:50 describes my opinion of the internet fairly well, particularly "4chan might destroy your life and business because they decided they don't like you for an afternoon. And we don't even worry about 4chan because another nuke doesn't make much difference in a nuclear winter." )
tazytale ago
True. I write the way I right (hopefully in an understandable way), because otherwise I could just do other things, if I don't invest some time into my comments. But now to the main topic.
That's why I wrote that sentence, didn't want to offend you, because I didn't know who I am "talking" to.
It's not surprising at all, that there is a connection from Waltham MA in their Analytics. Thousands of people are checking in here on a daily base and probably found the wiki too. There is no direct connection to the VPNs anyway. The only thing, which is a little strange, is the entry page, which is the DYNCORP page itself. I already provided a possible explanation for this.
On top of that, I can imagine, that there are other entry pages in the logs too. If not, step back to my explanation. On top of that, the point of those spam bots (most of them I guess) is to create an account and post new bullshit entries (spam). So the entry page is not relevant anyway (if this is the bots intention). DYNCORP would be incredible retarded, if they connected to the page before with clear IP from the partnered company in Waltham MA and told the bot to search for a CMS/Wiki software on that particular subpage, when they could just enter any URL of the wiki. But yea, I don't have to tell you.
ghost_marauder ago
Well, I said I had nothing else to say. But check out the analytic page. Simple crawler spam bots don't switch up their attack exit point like that. That is funky.
http://imgur.com/a/kCvbs
ghost_marauder ago
No, but it's good to have these discussions. Keeping our knowledge in the tech circle jerks keeps those around us blind. A bit of open banter sheds so much light to others.
Ha, offend away. I'm aggressive as fuck on this place. Probably driven off a couple of people by accident. Woops, but personally I'm not thin skinned and need to be pushed back into the correct path when my brain has a fart and I run into a wall.
You know what? We don't know. The assumption is that this is the only page. A nice sub-clause to drive narrative if it is that way.
That being said, a good amount of research is being done in that direction now. Along with the mod check. Overall having a net positive result (if other shit that's being posted is not driving users away).
Anyway, I have nothing else to plug into this discourse. Have a good one!
tazytale ago
Sorry, one last comment, because I just read Update 8 in his thread. So it seems like there are other entry pages, not just the DYNCORP page. So I think we are done here. More information see my edit #3. The IP is known for spamming at MediaWikis too.
Now finally have a good one!
tazytale ago
I can just agree, thanks for your input and have a good one, too!
DarkMath ago
"VPN-Provider"....A VPN "provider" doesn't give you an ip address the company that's using that VPN software does. That's why all these attacks are coming from Dyncorp. Basically what I'm saying is I don't understand the point you're trying to make. Care to help me understand?
ghost_marauder ago
A VPN works by taking your message, and handing it off as a middle man. Their IP will show up on the victims logs, not the person running the attack.
DarkMath ago
See my answer to tazytale immediately below for more detail on what I'm talking about. I don't want to retype it in here.
tazytale ago
The main points are included in Edit #1 and #2. Those are typical automated bot attacks. Important is, that the bots are randomly chosing targets to spam at and those IPs are known spamers on WordPress Blogs, MediaWiki (pizzagate.wiki's software) & more.
I don't really get what you are saying and asking to be honest. A lot of people call the business, where you pay for the (mostly) shared server capacity and (mostly) shared IPs VPN provider. In this case: privateinternetaccess. It's Business-to-Customer. That provider has to buy the IPs the websites will see, when a user connects to them with the server-structures (and their IPs) of the provider as a middleman. privateinternetaccess as a provider is using the suspected IPs from CachedNet LLC for their customers (they probably rented or bought them). So a user's computer (a bot in this particular case) connects to the VPN-servers of privateinternetaccess, chooses a server (they are categorized by the country/ip) and will connect to every third party over the VPN-servers now, so they will see the CachedNet LLC IPs at the end.
Those IPs are located in locations like Delaware, where the company related to DYNCORP is located. That's the only reason they thought it's DYNCORP (and they are mostly directly visiting the /DynCorp page of the wiki, the bots might have found this page first while searching for targets on Google or something else). The fact it's VPN IPs, this is typical bot behaviour and those IPs are known for attacking sites like this, says it all.
DarkMath ago
I think the issue is VPN is too general a term. My experience with VPNs is through work. So if I was working from home one day I'd start up my companies VPN software which would create a secure IP tunnel from my computer to the companies network. My IP address would then change to one given to my by my company. From then on while I was logged into the VPN and say I went to cnn or foxnews or wherever they would see my IP as coming from the company I work for not from my own IP address originally given to me from Comcast(in my case). I think you're talking about a different type of VPN basically, one that I'm not familiar with. When I read this thread for the first time my immediate thought was "Oh, some people working for Dyncorp are working from home this weekend and after they joined the Dyncorp VPN that day they then went and did X, Y or Z thing like try to hijack the PizzaGate Wiki or delete valid posts on voat as NumbChuck did." Does that make anymore sense?
tazytale ago
Okay, now I get the point. Replace the company you are working at with a commerical service, where you just pay for using their VPN-servers and IPs. That's basicly it. They provide it to give some privacy and a bit of anonymity to the user. The people, wo are running those spambots, don't want their real IP in the website's owner hand, so they use a VPN.
DarkMath ago
But Dyncorp doesn't sell that VPN service. I don't get it.
tazytale ago
That's it. That's my point. DYNCORP has nothing to do with the company (privateinternetaccess), which is providing the suspicious IPs to their users. It's not DYNCORP trying to spam to the wiki. Look at my two edits in the post, those IPs attack a lot of random websites which run the software (MediaWiki) the pizzagate wiki uses. They are just a random target of an idiotic kid (or not) which is running a bot over a VPN by privateinternetaccess.
DarkMath ago
Here's the post from RebelSkum where they say the IP was from Raytheon/Dyncorp in Waltham MA: https://voat.co/v/pizzagate/1528966
"I have evidence that an IP, 162.212.171.37, accessed our DynCorp page and proceeded to create the same spam attack situation which had brought down the Pizzagate Review but was unsuccessful this second time."
tazytale ago
The IP he posted is located in Delaware, is a VPN as far as we know, and known for spam and doing those attacks on a regular base.
Location: 162.212.171.37 -> https://www.iplocation.net/
VPN: See my post.
DarkMath ago
I asked this lower down but I'm still stuck on why RebelScum would say this: "was being accessed by Waltham, MA"? Do you think he's a LARPer or something?
tazytale ago
Sorry for answering that late, I had a cooldown, I reached 10 comments/24 hours if I remember that right.
Read my other comment, we kinda split our talk into two trees.
And no, there is no good reason for me to say or think he is a LARPer. I think he is not a tech at all, doesn't know about those bots, which just do this kind of spam at a daily base and he didn't know, that those where just VPN IPs. Not his fault at all. Actually @RebelSkum would be a good idea, so he sees it, since nearly nobody upvoated the thread, but people are still upvoating his thread.
RebelSkum ago
I'm honestly an average guy who's done whatever my skills will allow me to help with Pizzagate:
https://www.reddit.com/user/CatacystFPV
https://voat.co/user/RebelSkum
I understand skepticism and would probably be doing the same thing if I was DarkMath, but I am not in this for money or any reason other than the rare chance I have to enact positive social change. I absolutely refuse to accept money for this project and all of my personal projects (contributed to UFOdetector for Raspberry Pi, develop open source Raspberry Pi robots, AI, and sensors, as well as contributions to QTCSDR for Raspberry Pi 3 and BetaFlight for Naze32 flight controllers for quadcopters).
See for more: http://pizzagate.wiki/Pizzagate.Wiki_Mission,_Rules,_and_Guidelines#Mission_Statement
tazytale ago
I can relate, posts like this are my contribution to the whole thing. I also want to underline my last comment in this comment chain again, it was just about the information I could find on the web, not about you in particular.
RebelSkum ago
No hard feelings all around. Thanks for the support!
DarkMath ago
But the PizzaGate Wiki moderator said the IP address of the person maliciously trying to edit the Wiki was from Raytheon/Dyncorp in Waltham MA.
tazytale ago
He said
When I looked into our analytics the page itself was being accessed by Waltham, Massachusetts.
.He didn't say the spamers IP is from Waltham, Massachusetts. All the IPs he posted are Wilmington, Delaware (https://www.iplocation.net/)). He also wrote it (Edit: Well he actually said it's sure the attacker is located in Wilmington, but he didn't not provide any proof, the only proofs are those IPs, and they are VPN IPs and random bots anyway). The location of the IPs, which are trying to spam, are not relevant at all anyway, since they are VPN IPs and the actual user/bot can live on the moon basicly, as I said before.
DarkMath ago
Why did he say the page "was being accessed by Waltham, MA"?
tazytale ago
Do you know what those analytic softwares do? They save the IPs accessing the page and you can see where your users or bots come from. A normal user or bot connected to the page from an IP, which is located in Waltham, MA. Raytheon, the company connected to DYNCORP, has their HQ in Waltham, MA. That's it. This is why he connected those other IPs (which turned out to be VPNs) are attackers from DYNCORP. But at the end, those are just... Yea, I wrote it a lot of times now. Just read my post and comments.
There is no reason (with a REAL proof), that DYNCORP did this. Bots do this all the time with VPNs. They are a random target. Actually the post violates the rules imo, there is no proof for what he is saying.
DarkMath ago
I agree but that's quite a coincidence having the PizzaGate Wiki page for Dyncorp get attacked from the town Dyncorp is based in (or has an office in).
tazytale ago
A company with a big relation to DYNCORP has their HQ there, yes. But the IPs from the bots where located in Wilmington, Delaware, not Waltham, MA, where the company has their HQ. And even if it would be the same town, it's still just VPNs (so location doesn't matter) and the bot behaviour is nothing special.
DarkMath ago
I don't mean to beat a dead horse but I think RebelSkum referenced a Google Analytics page that showed locations(not ips, at least on the Analytics page) accessing the /Dyncorp page on the PizzaGate wiki. In the screen shot there's no IP address just a name like Charlotte, Miami, Pittsburgh etc. This is where it get's a little sketchy, RebelSkum said he saw Waltham in the list but when he went back it said "not set".
I want to believe the guy. If it was Waltham and it was changed to "not set" then to me that's legitimate evidence of some sort of cover up. No?
tazytale ago
No problem at all, this whole subvoat has been created to discuss and share.
So we're talking about this I guess.
I actually can't tell you that much about Google Analytics in detail (everyone should use Piwik, it's a great open source analytics software, you can host yourselve, so no data for big brother Google), but (not set) is nothing that unusal. Especially not, when it comes to bots. Just googled around a bit and found an article, which covers spike of some analytics data and is dealing with bots in that context. You don't have to read it, just as a reference. Sometimes historical data changed to (not set) as well.
And if this wasn't the case, do you want to believe they connected to the page clear IP (think, thousands of people are using this page here and probably a lot of them found the wiki, and this is just one way to find it, so why wouldn't user from there find the page?), closed it after like 0 seconds, because they noticed they did not use a VPN, call their friend Google and they delete it within minutes/hours (don't know the range, doesn't matter if it would be days for me though) and then they do those spam bullshit on the wiki. On top of that, it's a coincidence, that those IPs do it on a daily base, because they are VPNs?
The "evidence", that all bots connected to the /DynCorp page is old, don't know if you read that, there are other entry pages to. So the only thing is a connection from Waltham, MA (I googled it, 60.000+ people live there), where a company related to DynCorp has their HQ in?
rush22 ago
Good work. If it's a VPN it's possible that the location of the servers is just be a coincidence, and you can't really tell anything about where the attack actually came from (which of course is the point of VPNs).
tazytale ago
Thanks!
Yea right, the most important part is Edit #2 here in my opinion - the link especially. Everybody, who has some knowledge about tech and/or has run a blog or something yet, can confirm the bots behaviour.
It's very interesting how threads, which contain those big scandals like "Hey, they are trying to hack us" or other things are upvoated, which is okay, because they didn't know better, but threads like this (when the big scandals are just boring little bots) get 3 upvoats in over 1 hour. Fine for me, this site is for the investigation, not to get upvoats, but it's really not helpful at all. Everyone will see the post in Top with over 200 upvoats, but they don't know it's completly wrong. Well, it's a good thing to talk about in the meta concern subvoat I guess.