bvssvni
commented
5 years ago @theotherphil can you publish https://github.com/PistonDevelopers/inflate/pull/52 for me?
Closed bvssvni closed 5 years ago
bvssvni
commented
5 years ago @theotherphil can you publish https://github.com/PistonDevelopers/inflate/pull/52 for me?
bvssvni
commented
5 years ago An unpaid internet bill reduced the bandwidth enough for me to start running tests, which might be detected by some malware somewhere triggering to open up a new url in my browser, seemingly as a political intimidation strategy. I have been a target for political intimidation through twitter before (likely automated attack), so this isn't anything new.
Due to website might contain scripts to hijack browsers, I don't want to post the url here.
I suspect this is automated and not specifically targeted at PistonDevelopers, but I'm not willing to take the chance.
bvssvni
commented
5 years ago It seems my browser was compromised by malware. Some cookies were accessed a few hours ago that wasn't supposed to. I'm up and running in a more secure browser.
theotherphil
commented
5 years ago @bvssvni do you still need me to publish inflate? I'm not clear if your last comment means that this is no longer required.
CryZe
commented
5 years ago Considering it isn't published yet, it still needs to be published.
bvssvni
commented
5 years ago @theotherphil Yes, I need to monitor this situation for a while.
theotherphil
commented
5 years ago Done.
CryZe
commented
5 years ago Thank you guys so much :)
bvssvni
commented
5 years ago Since the nature of this incident might be considered a criminal acts by violating the security on my computer, I decided to write a warning against making similar attacks in the future: https://github.com/PistonDevelopers/piston/issues/1275
I won't report this incident to the authority in case it is just a mentally ill person behind the attack, but I can't prevent other people from reporting similar incidents in the future. Also, I can't prevent any outside actor from investigating based on logs from the Piston project.
I do not believe this attack was from a professional security agency, due to the amount of information that was revealed during the attack and traces left behind.
bvssvni
commented
5 years ago I've made further steps to track potential targets possible only from using the information available during the attack on my computer. This will reveal further information about the attacker or prevent the information from being actively used.
bvssvni
commented
5 years ago Microsoft just released news about hacking attempts targeting democratic institutions, think-tanks and non-profits in Europe: https://www.reuters.com/article/us-microsoft-cyber-europe/microsoft-says-discovers-hacking-targeting-democratic-institutions-in-europe-idUSKCN1Q90GF
This seems to be consistent with the nature of this attack.
The leak of information about the attacker might be caused by running a large scale operation, involving enough people and programs to lose oversight, such that they do not set the usual high standards for covering their traces as used in other intelligence agencies.
bvssvni
commented
5 years ago Just received a suspicious email that passed the spam filter, using custom information. This falls in line with a typical targeted automatic attacks made by bots, intended to spread malware and intimidate politically. I expect to receive similar periodic emails with various customized content in the future. I made some steps ready to get an early warning if the situation escalates, which are being monitored for now.
With other words, apparently nothing to worry about. I think we can go back to normal.
Closing.
I've detected suspicious activity on my Internet connection. My computer might possibly be compromised. It will take time to set up a new computer and test from a new location.
@mitchmindtree you are now in charge of appointing people to the @PistonDevelopers/publish team.