Ukraine takes down massive bot farm, seizes 150,000 SIM cards(www.bleepingcomputer.com)

posted 1 year ago

DannyMac@lemmy.world

world@lemmy.world

172 commentshide report

Sort:

Hot Top Controversial New Old

You are viewing a single thread.

View all comments View context

[ - ]

mea_rah@lemmy.world

5 points

1 year ago

Depends what you mean by “faking”. You can fake Ukrainian IP by using some VPN service, but then you’re using VPN IP which is quite obvious. If you want many genuinely residential IPs, you could use some botnet and infected computers in Ukraine. This is more authentic and harder to filter out. But some services actually require phone number and at least capability to receive texts to verify the number, some use the number as user account. (Telegram and such) Then you need actual SIM cards (not to be confused with Sims 3, the game 😉) and you need to connect to local cell tower. (perhaps you could do roaming, but that would be quite obvious long term) Now to fake all that, you’d need at least some devices operated in Ukraine and at that stage it’s probably easier to find some people willing to do this locally for money or because they are high on russian propaganda themselves.

permalink

report

parent

[ - ]

another_lemming@lemmy.world

1 point

1 year ago

Do you need to connect to actual celltowers tho? I know legit SIMs are a kind of a barrier, but then…

Using a portal through KZ to an UA endpoint via VPN\proxy, faking geoloc and other identifying stuff on your device.

For me, it sounds like enough, and a collaborant is only holding an exit node that is easier to defend in court than having all infrastructure at their place.

permalink

report

parent

[ - ]

mea_rah@lemmy.world

1 point

1 year ago

Well you do if you want to receive the confirmation text. And while you’re at it, you might as well use the same cell tower for data so that you get “residential” IP.

You can definitely fake geolocation and perhaps you could fake IP through some proxy, but you can’t use commercial VPN services as their IPs are well known VPN IP ranges at this stage. (these SIMs might have been used as such proxies for some spamming besides being used for this specific botnet) Effectively the more you want to blend in with the actual Ukrainian end user traffic, the more you need to be present in the country and the more complicated it is to fake it otherwise. Especially if you’re trying to hide from state level investigation, that has access to triangulation from cell towers, providers logs, etc…

permalink

report

parent

[ - ]

another_lemming@lemmy.world

1 point

1 year ago

It’s just I see one collab having a gateway on their PC for russian-based labs to operare rather than the whole scheme based oin Ukraine.

Cell-tower data would be hepfull to locate the guy, but do web\apps collect it?

permalink

report

parent

[ - ]

mea_rah@lemmy.world

2 points

1 year ago

You can do the gateway on a PC thing. You don’t even need to have collaborator to do that, plenty of people run outdated systems riddled with malware.

But once you need actual working SIM (Telegram, Watsapp, etc…) you really need that SIM somewhere in Ukraine. And you need plenty of them. (see the pictures in the article, there’s a ton) At minimum to activate the accounts and more realistically for occasional re-verification. (2fa) Sure you can then run actual bots in russia, but that need for physical presence is still there at least occasionally. The article mentions 100 individuals, when you consider that 150k SIMs were there, most of the operation indeed was in russia or somewhere else.

The triangulation is just a way to maybe correlate multiple SIMs in the same spot by Ukrainian officials once they had enough suspected malicious SIMs. (So that they know it’s not just few random persons with malware on their phone, but it’s indeed huge concentration of SIMs in one spot)

permalink

report

parent

[ - ]

another_lemming@lemmy.world

1 point

1 year ago

Thanks for your detailed answers.

permalink

report

parent

Show more comments

World News

!world@lemmy.world

Create post

A community for discussing events around the World

Rules:

Rule 1: posts have the following requirements:
- Post news articles only
- Video links are NOT articles and will be removed.
- Title must match the article headline
- Not United States Internal News
- Recent (Past 30 Days)
- Screenshots/links to other social media sites (Twitter/X/Facebook/Youtube/reddit, etc.) are explicitly forbidden, as are link shorteners.
Rule 2: Do not copy the entire article into your post. The key points in 1-2 paragraphs is allowed (even encouraged!), but large segments of articles posted in the body will result in the post being removed. If you have to stop and think “Is this fair use?”, it probably isn’t. Archive links, especially the ones created on link submission, are absolutely allowed but those that avoid paywalls are not.
Rule 3: Opinions articles, or Articles based on misinformation/propaganda may be removed. Sources that have a Low or Very Low factual reporting rating or MBFC Credibility Rating may be removed.
Rule 4: Posts or comments that are homophobic, transphobic, racist, sexist, anti-religious, or ableist will be removed. “Ironic” prejudice is just prejudiced.
Posts and comments must abide by the lemmy.world terms of service UPDATED AS OF 10/19
Rule 5: Keep it civil. It’s OK to say the subject of an article is behaving like a (pejorative, pejorative). It’s NOT OK to say another USER is (pejorative). Strong language is fine, just not directed at other members. Engage in good-faith and with respect! This includes accusing another user of being a bot or paid actor. Trolling is uncivil and is grounds for removal and/or a community ban.

Similarly, if you see posts along these lines, do not engage. Report them, block them, and live a happier life than they do. We see too many slapfights that boil down to “Mom! He’s bugging me!” and “I’m not touching you!” Going forward, slapfights will result in removed comments and temp bans to cool off.

Rule 6: Memes, spam, other low effort posting, reposts, misinformation, advocating violence, off-topic, trolling, offensive, regarding the moderators or meta in content may be removed at any time.
Rule 7: We didn’t USED to need a rule about how many posts one could make in a day, then someone posted NINETEEN articles in a single day. Not comments, FULL ARTICLES. If you’re posting more than say, 10 or so, consider going outside and touching grass. We reserve the right to limit over-posting so a single user does not dominate the front page.

We ask that the users report any comment or post that violate the rules, to use critical thinking when reading, posting or commenting. Users that post off-topic spam, advocate violence, have multiple comments or posts removed, weaponize reports or violate the code of conduct will be banned.

All posts and comments will be reviewed on a case-by-case basis. This means that some content that violates the rules may be allowed, while other content that does not violate the rules may be removed. The moderators retain the right to remove any content and ban users.

Lemmy World Partners

News !news@lemmy.world

Politics !politics@lemmy.world

World Politics !globalpolitics@lemmy.world

Recommendations

How to spot Misinformation and Propaganda

For Firefox users, there is media bias / propaganda / fact check plugin.

https://addons.mozilla.org/en-US/firefox/addon/media-bias-fact-check/

Consider including the article’s mediabiasfactcheck.com/ link

Community stats

11K
Monthly active users
17K
Posts
272K
Comments

Rules:

Lemmy World Partners

Recommendations

Community stats

Community moderators