چگونه آنها منشاء روس ها که مبارزات جنگ اطلاعات بر روی رسانه های اجتماعی زد اگر آنها با استفاده از ایالات متحده آمریکا S VPN شکل بود؟ چون ارائه دهندگان VPN سیاهههای مربوط را نگه داشته است؟ اگر چنین است، روس ها دقیق تر از آن سوال نمی

چگونه آنها منشاء روس ها که مبارزات جنگ اطلاعات بر روی رسانه های اجتماعی زد اگر آنها با استفاده از ایالات متحده آمریکا S VPN شکل بود؟ چون ارائه دهندگان VPN سیاهههای مربوط را نگه داشته است؟ اگر چنین است، روس ها دقیق تر از آن سوال نمی



خرید فیلترشکن

7 دیدگاه برای “چگونه آنها منشاء روس ها که مبارزات جنگ اطلاعات بر روی رسانه های اجتماعی زد اگر آنها با استفاده از ایالات متحده آمریکا S VPN شکل بود؟ چون ارائه دهندگان VPN سیاهههای مربوط را نگه داشته است؟ اگر چنین است، روس ها دقیق تر از آن سوال نمی”

  1. They probably set up their own VPNs on VPS providers like DigitalOcean, AWS, Vultr, etc. This is pretty easy to do. It’s relatively cheap to set up a shit ton of them if you have a budget like the Russians did, like $5 per month per unique IP address.

    However, the IP would be linked directly back to the VPS account used at the time. This means the FBI could just serve a warrant to DigitalOcean (or whoever) for all the details from the account – getting IPs used to log in, billing, contact, etc. That’s one way to chase it down.

    Example:
    https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04

    https://www.vultr.com/docs/one-click-openvpn

  2. There are a ton of different methods that are used and a lot of them do not need a warrant. Additionally, it is in the interest of these platforms to cooperate as they see a monetary value in not being seen as the bad actor in this case so they are unlikely to fight hard to protect the data and might even offer it up directly. So how did the social media platforms detect them? Easy. Besides the obvious like detection of various language and time settings in the browser (lots of what is used for browser fingerprinting to get a unique tracker on you also reveals info about the client, and unless you are really, really good it is likely that something will leak and an anomalous bit of data will get into the browser) there are a ton of different timing games that are used and detected by platforms like Facebook.

    As a simple example, FB will use packet timings and browser clock skews to detect when you are using a VPN and when you are hopping through multiple VPNs. The VPN hops show up as clear jumps in the traces and you can even get a good idea of the distance the packets travel. In case you are wondering how this works, consider the fact that even if you are using a VPN your FB page loads do not all come from FB data centers. Some comes from CDNs and some from FB’s CDN. This makes it possible to have the page getting resources from multiple locations and if FB knows how long it takes for the CDN data to load from various points (and the on-page analytics that are used for performance analysis tell FB how long it took to load each resource) then you can get differing timing signals to get the VPN<->FB link out of the picture and then work on the timing distance of VPN<->user. Most of this was developed for spam fighting and it is good at this task. Even people who have good opsec are caught out when they are analyzed against the petabytes of data that FB stores.

    Their goal was to _use_ the platform, so they had to do certain things that made their continuing use of the platform possible. Things like not bouncing around too much in terms of source IP (lest they appear to be a spammer or compromised account) and other activity that made their actual location easier to discover. FB could do a lot of analysis of the posts, apply a lot of the techniques developed for detecting spam and scammers, and backtrack things until they have a large collection of accounts that they think are participants in the scheme. Then they take every bit of data they have from every connection these accounts have made and run a lot of analytics on the data. The Russians were trying to work a bit like spammers in terms of hiding activity, but unlike spammers they needed to have what was a comparatively long-term engagement with the FB platform and so they were bound to leak even more data.

    As past analysis of these actors has shown, their opsec is not as good as people think and the more you interact with any large platform the more information you are going to end up revealing to them no matter how good your opsec is.

  3. They tracked this all through payments. They asked fb, twitter, google, who paid with IRA (internet research agency) money for ads etc and then matched accounts with the fake news the spread. Its easy to find bots this way. When RT posts a story and the first 100 retweets are the same accounts over and over and those accounts all follow each other and spread only their own tweets and somehow are able to post 20 times a minute and those same accounts end up posting tweets to the Donald, its easy to link them up as part of a campaign ….a campaign that started with IRA money. VPN makes the internal controls of say twitter to figure out if an account is a Russian not or not, but only in the most cursory way. Doing any kind of detailed analysis will out them very easily despite VPN.

دیدگاه‌ها بسته شده‌اند.