Related thread: https://voat.co/v/pizzagate/1527919
As you can see, I'm a first-time poster and please correct me, if I did something wrong while posting and of course if I missed some information.
It did basicly makes "sense" to me, that those organizations act the way they want and don't even try to hide their identity and it would be an interesting coincidence, but it seems like it is, because those IPs should be VPN IPs (of course it's possible, that they use the VPN provider to attack the wiki).
So I started researching the IP ranges the suspicious IPs are in. As pointed out before[1] the IPs belong to CachedNet LLC. A lot of those ranges are banned by several Anti Spam services[2], which is typical for VPN/Proxy-Providers.
After more research, since this is just speculation yet, I ended up in the support forum[3] of a VPN-Provider called "privateinternetaccess". There are multiple threads, in which people are complaining about the VPN, because it's not working that well. People, who use the VPN, get IPs (in Delaware) of CachedNet LLC, because the VPN-Provider probably bought them from CachedNet. You can also find a reference about the IPs status in spam databases like Spamhaus. The IPs are used for a lot of spam.
Quote from the forum user:
This doesn't appear to be working, when I connect via the New Zealand location. I have checked the IP location, and it comes up as Delaware U.S.A.
So, as I said at the beginning, DYNCORP might use the VPN to attack the Wiki, but the IPs location in Delaware is no evidence itself. Correct me, if I missed a fact.
[1] https://voat.co/v/pizzagate/1527919/7433447
[2] http://www.spambotsecurity.com/forum/viewtopic.php?f=7&t=3874
https://stopforumspam.com/ipcheck/162.212.171.37
https://cleantalk.org/blacklists/162.212.171.37
etc. etc.
[3] https://www.privateinternetaccess.com/forum/discussion/18802/new-zealand-vpn-not-working
Archive in case of deletion: http://archive.is/ACcDs
view the rest of the comments →
ghost_marauder ago
Occam's razor. Dynacorp IP was attacking host of anti Dynacorp Information. Means and motive.
Alternative actors must first have access to that particular VPN, or put a RAT on somebodies computer (1 being simple, 2 being a bit more difficult (especially on corp machines)). Motive, probable disinfo and narrative building. Or, to knock out the information.
Disinfo to drive down reputation and stock (reputation is already in the toilet, so money would matter), or to false flag us.
Narrative building. Launch attack, get us to look into this, waist time and effort of investigators. Alternatively, get us to pay more attention to dynacorp because they are doing something.
Knock out the info. Taking down the Pizzagate wiki would be a good blow for a Hacktivist, or somebody wanting attention. Either way, failure would not be good enough, and a continuation of attacks would be required.
If there is not a continuation of attacks then either a, they realize they are being watched and are planning side strategy; b have already achieved their goal.
In the end, I'll stick with the razor. Going down the alternative bunny wholes without any proof or sign post is kind of messy. And apologies to those who actually made it through my rant. My mind works off of branching, and linear text is like the worst form of communication for me.
tazytale ago
You're writing in a very cryptic way imo.
By
I'll stick with the razoryou want to say you think it's DYNACORP trying to spam at the Wiki? If yes, I can just advise to read the post again and (I don't know how technically adepted you are) get some information about those bots. Create a simple blog or even a MediaWiki aswell, publish some content and let search engines like Google index it, so bots find it. You will have a lot of fun by default.There are clear evidence it's VPN IPs and even if the VPN provider doesn't use the IPs anymore, the IPs are well known for attacking a lot of random pages with CMS-systems, no matter if they blame DYNACORP for anything or not. Every tech can relate, everyone else should read the post again and think. The important links are all there.
ghost_marauder ago
Having a life gets in the way of quality commenting. It's a pain. (Takes me 8x as long to organize my thoughts into a flat story from my mental map.)
I had not read that it was a spam bot, to my memory it was an injector attack from what I remember hearing. Don't care enough to go down that path right now (OK curiousity peaked and I did go back through https://voat.co/v/pizzagate/1528966 it's spam).
So, could it be a spam bot by a script kiddie or a minor attack disguised as a spam bot. Given the prevalence of those little bots, highly likely a spam bot.
"Every one of these attacks starts with a direct landing on the DynCorp page" That's the part of their post that I find strange. Could have been the first search result they ran across and got stored as the entry point for the bot, could have also been a fuck up by whoever programmed the attack. ???
I'm required at work to reverse engineer and debug code in 5 languages, I've written my own compiler, One cages virus was my summer unemployed and bored hobby (hacking is more boring than anything I ever imagined), have a large grasp of 10 other languages (I think, I kind of lost count really, it's all either assembly, procedural, or functional). I've fully automated my job, so that all I do at work is answer stupid questions and let my bots bring in the pay check. How technically adapt am I. There's always some asshole making everything I know useless (Just waiting for quantum processors to hit the industrial market, I'm ready to pick up whatever language some asshole tacks onto their system).
Yep, did not argue that.
yep, like I said, my memory was off (I usually go to injection attacks with bots not spam. Memory issue, spam doesn't irritate me as much I guess, fun to do though. Loved hijacking the mail relay at work and sending out ultimatums to follow policy.)
True.
Ok, so I'll just put it this way. I don't care enough about internet attacks. If it's a false positive then it got people worked up. Otherwise, it's another day on the internet. ( https://www.youtube.com/watch?v=MticYPfFRp8 8:17 - 9:50 describes my opinion of the internet fairly well, particularly "4chan might destroy your life and business because they decided they don't like you for an afternoon. And we don't even worry about 4chan because another nuke doesn't make much difference in a nuclear winter." )
tazytale ago
True. I write the way I right (hopefully in an understandable way), because otherwise I could just do other things, if I don't invest some time into my comments. But now to the main topic.
That's why I wrote that sentence, didn't want to offend you, because I didn't know who I am "talking" to.
It's not surprising at all, that there is a connection from Waltham MA in their Analytics. Thousands of people are checking in here on a daily base and probably found the wiki too. There is no direct connection to the VPNs anyway. The only thing, which is a little strange, is the entry page, which is the DYNCORP page itself. I already provided a possible explanation for this.
On top of that, I can imagine, that there are other entry pages in the logs too. If not, step back to my explanation. On top of that, the point of those spam bots (most of them I guess) is to create an account and post new bullshit entries (spam). So the entry page is not relevant anyway (if this is the bots intention). DYNCORP would be incredible retarded, if they connected to the page before with clear IP from the partnered company in Waltham MA and told the bot to search for a CMS/Wiki software on that particular subpage, when they could just enter any URL of the wiki. But yea, I don't have to tell you.
ghost_marauder ago
Well, I said I had nothing else to say. But check out the analytic page. Simple crawler spam bots don't switch up their attack exit point like that. That is funky.
http://imgur.com/a/kCvbs