The U.S. Government Thinks Thousands of Russian Hackers May Be Reading My Blog. They Ar... - 0 views
-
After the U.S. government published a report on Russia’s cyber attacks against the U.S. election system, and included a list of computers that were allegedly used by Russian hackers, I became curious if any of these hackers had visited my personal blog. The U.S. report, which boasted of including “technical details regarding the tools and infrastructure used by Russian civilian and military intelligence services,” came with a list of 876 suspicious IP addresses used by the hackers, and these addresses were the clues I needed to, in the end, understand a gaping weakness in the report.
-
I found out, after some digging, that of the 876 suspicious IP addresses that the Department of Homeland Security and the Department of National Intelligence put on the Russian cyber attacker list, at least 367 of them (roughly 42%) are either Tor exit nodes right now, or were Tor exit nodes in the last few years. I have a lot of regular readers who are Tor users, and I’m pretty sure they’re not all Russian hackers. So the quick answer to the mystery of my website apparently being attacked by nefarious IP addresses listed in the U.S. report is that the Russians, along with many thousands of others, just happened to use the Tor IP addresses that my regular readers used (and still use).
-
Since nearly half of the IP addresses in the Grizzly Steppe report are actually just Tor exit nodes, this means that anyone in the world — not just Russian hackers — can use the internet from those IP addresses. In fact, if you open Tor Browser and visit a website right now, there’s a pretty decent chance that you’ll be using the internet from one of those suspicious IP addresses.
- ...1 more annotation...