Meddling

It would’ve worked, too, if it weren’t for those meddling kids!

There are 611 posts filed in Meddling (this is page 7 of 62).

Hacking and tracking SpaceX’s Starlink Internet satellites

Starlink Microsat/TinTin

Update 1 March: I found the satellites!

As my family and I strolled our neighborhood at sunset, my eagle-eyed son spotted a light in the sky sliding slowly away from us before fading. At first we thought it was the International Space Station (ISS) but it was too dim for that. We decided it was a low-earth orbit satellite and the conversation shifted to SpaceX’s recent launch of two low-earth-orbit test satellites for their proposed satellite Internet service, Starlink.

I have no idea whether the satellite we watched is a Starlink Satellite (more formally called TinTin A & B and previously known as Microsat 2A and 2B). I didn’t have my satellite tracking app fired up on my phone at the time. It did get me thinking, though, that it would be fun to track the TinTin satellites to see what I could discover.

A search on the Internet reveals very little information about these birds. I have not yet found the two-line elements (TLE) which describe their orbits. They haven’t been mentioned on my satellite-tracking email list, either.

What if I could locate them, then what? I’d like to try to collect whatever telemetry is being broadcast, even if it’s just beeps. Better yet, I could capture the data stream from the Internet side but that would be challenging to do anything with as it’s said to be encrypted. The birds do have imagery capability. What if I could tune into that and download an image snapped from orbit? Wouldn’t that be cool!
Continue reading

Fake Amazon survey gift webpage

Fake Amazon survey popup

I was reading a cool story on BoredPanda.com this afternoon when suddenly my mobile browser was redirected to a fake survey purporting to be from Amazon.com. I’d seen this once before so I thought right away to screenshot it and save a copy of the page.

First it put a pop-up that enticed me to click “OK.” I declined. 🙂 After moving past that dialog, the user is presented with brain-dead-easy survey questions, promising an iPhone X or a $1000 gift card as a reward:


Continue reading

Drug firms shipped 20.8M pain pills to WV town with 2,900 people | Health | wvgazettemail.com

Somebody needs to go to jail. Several somebodies, in fact.

Over the past decade, out-of-state drug companies shipped 20.8 million prescription painkillers to two pharmacies four blocks apart in a Southern West Virginia town with 2,900 people, according to a congressional committee investigating the opioid crisis.

The House Energy and Commerce Committee cited the massive shipments of hydrocodone and oxycodone — two powerful painkillers — to the town of Williamson, in Mingo County, amid the panel’s inquiry into the role of drug distributors in the opioid epidemic.

“These numbers are outrageous, and we will get to the bottom of how this destruction was able to be unleashed across West Virginia,” said committee Chairman Greg Walden, R-Ore., and ranking member Frank Pallone Jr., D-N.J., in a joint statement.

Source: Drug firms shipped 20.8M pain pills to WV town with 2,900 people | Health | wvgazettemail.com

Oh noes! Mr. Belarus is tracking me with the pornz!

Another spam email I got today. Not the only one, it seems.

In my opinion 330 usd is pretty enough for this little false!

Date: Mon, 29 Jan 2018 22:08:52 -0700
From: “Skylar_Moodie” info@linkleadsmta.com
Reply-To: “Skylar_Moodie” john_d0ne@yahoo.com
To: @markturner.net
Subject: =?utf-8?Q?WUV=3A_=3C=40markturner.net=3E_30-01-2018_07=3A08=3A53_Anyone_can_make_a_mistake

Ticket Details: WUV-273-205439
Email:@markturner.net
Camera ready,Notification: 30-01-2018 07:08:53
Status: Waiting for Reply 85xuHa8n4kjjbiu84mbeioi1j438Hu5_Priority: Normal
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

hi.

If u were more attentive while playing with yourself, I wouldn’t write dis message. I don’t think that playing with yourself is extremely bad, but when all colleagues, relatives and friends receive video record of it- it is awful news.

I placed virus on a web-site for adults (with porn) which was visited by you. When the target press on a play button, device begins recording the screen and all cameras on ur device begins working.

Moreover, my virus makes a dedicated desktop supplied with key logger function from your system , so I was able to get all contacts from your e-mail, messengers and other social networks. I’m writing on dis e-mail because It’s your working address, so you will read it.
Continue reading

USAF Is Jamming GPS In The Western U.S. For Largest Ever Red Flag Air War Exercise – The Drive

Interesting. Glad to see the military conducting exercises without GPS, now that Russia has shown its willingness to jam it. In war we must be prepared to go without this incredibly-useful resource.

The year’s first iteration of the USAF’s premier set of aerial war games, known commonly as Red Flag, is kicking off today at Nellis Air Force Base just outside of Las Vegas, but this exercise will be different than any in the past. Not only is it the largest of its kind in the exercise’s 42 year history, but the USAF is going to blackout GPS over the sprawling Nevada Test and Training Range to challenge aircrews and their weaponry under realistic fighting conditions. The tactic will spill over throughout the region, with warnings being posted stating inconsistent GPS service could be experienced by aircrews flying throughout the western United States.

Source: USAF Is Jamming GPS In The Western U.S. For Largest Ever Red Flag Air War Exercise – The Drive

Bonus: Read more of the Navy’s rationale for blocking GPS.

Candid camera: Dutch hacked Russians hacking DNC, including security cameras | Ars Technica

Hackers hacking hackers. Reason #47,672 why I love the Dutch!

According to a report in the Dutch newspaper de Volkskrant, the General Intelligence and Security Service of the Netherlands (AIVD)—the Netherlands’ domestic intelligence service—had hacked into the network of a building at a Russian university in Moscow some time in the summer of 2014. The building housed a group running a hacking campaign now known as “Cozy Bear,” one of the “threat groups” that would later target the Democratic National Committee.

Russia’s hack of State Department was “hand-to-hand” combatAIVD’s intrusion into the network gave them access to computers used by the group behind Cozy Bear and to the closed-circuit television cameras that watched over them, allowing them to literally witness everything that took place in the building near Red Square, according to the report. Access to the video cameras in a hallway outside the space where the Russian hacking team worked allowed the AIVD to get images of every person who entered the room and match them against known Russian intelligence agents and officials.

Based on the images, analysts at AIVD later determined that the group working in the room was operated by Russia’s Foreign Intelligence Service (SVR). An information and technology sharing arrangement with the National Security Agency and other US intelligence agencies resulted in the determination that Cozy Bear’s efforts were at least in part being driven by the Russian Federation’s leadership—including Russian President Vladimir Putin.

Source: Candid camera: Dutch hacked Russians hacking DNC, including security cameras | Ars Technica

A Complete Taxonomy of Internet Chum – The Awl

The Awl provides an in-depth look at the outrageous “suggested for you” news stories that are on many media sites (like the News and Observer).

This is a chumbox. It is a variation on the banner ad which takes the form of a grid of advertisements that sits at the bottom of a web page underneath the main content. It can be found on the sites of many leading publishers, including nymag.com, dailymail.co.uk, usatoday.com, and theawl.com (where it was “an experiment that has since ended.”)

The chumboxes were placed there by one of several chumvendors?—?Taboola, Outbrain, RevContent, Adblade, and my favorite, Content.ad?—?who design them to seamlessly slip into a particular design convention established early within the publishing web, a grid of links to appealing, perhaps-related content at the bottom of the content you intentionally came to consume. In return, publishers who deploy chumboxes receive money, traffic, or both. Typically, these publishers collect a percentage of the rates that the chumvendors charge advertisers to be placed inside the grids. These gains can be pocketed, or re-invested into purchasing the publisher’s own placements in similar grids on thousands of other sites amongst the chummy sea, reaping bulk traffic straight from the reeking depths of chumville.

Source: A Complete Taxonomy of Internet Chum – The Awl

Google (GOOG) can still use Bluetooth to track your Android phone when Bluetooth is turned off — Quartz

This seems to cross the “don’t be evil” line, Google. Tracking people after the fact? Really?

When it comes to tracking the precise location of an Android user’s phone, Google appears to use every means available—including Bluetooth-based location information transmitted to the company when the user might think they have Bluetooth turned off entirely.

A Quartz investigation found that a user can turn Bluetooth off on their smartphone running Google’s Android software, and the phone will continue to use Bluetooth to collect location-related data and transmit that data to Google. It does this by sending Google, among other things, the unique identifier codes of Bluetooth broadcasting devices it encounters. Such devices, known as beacons, are often used in stores, museums, and other public places to help phones ascertain their locations within buildings. Alphabet-owned Google does the tracking in part so advertisers can target “more useful” digital ads to users, but Quartz discovered that the company taps into an array of signals that can yield an individual’s whereabouts even when the user thinks they’ve disabled such tracking.

Source: Google (GOOG) can still use Bluetooth to track your Android phone when Bluetooth is turned off — Quartz

Bot sends email with U.S. News links. Wut?

I got this unsolicited email two days ago from someone purportedly from U.S. News and World Report, asking if I would post some links to their site. The links provided appear to be legit and the message headers do, too. The one thing that looks out of place is the date of the domain registration for usnewsmoney.com, which is a recent May 2017.

The link the email goes to a post of a Mitt Romney story in Rolling Stone to which I added exactly zero of my own commentary. Hardly anything that would “really stand out!” So, it appears a keyword search found the word debt in my post (or title) and that’s why this post was chosen.

Ashley McNamara does not appear in other Internet searches, nor on LinkedIn as far as I can tell. Oh, and there was never any “email sent a few weeks ago.” There never is.

I checked my webserver logs back to the start of the month and the only thing that’s touched that link since Christmas are bots: mostly Google, but ones called Semrush (www.semrush.com), BLEXbot (webmeup-crawler.com), CommonCrawl (commoncrawl.org), and AwarioRssBot (awario.com), too.

Guessing this email came from a bot of some sort but I’m not sure of the endgame. What do y’all think? What’s the hustle here?

Hi Mark,

I wanted to follow up with you about an email I had sent a few weeks ago, did you get a chance to review it? It’s attached below just in case you needed it again. Let me know if you have any questions!
Continue reading

Russian agents pollute social media

A few weeks ago, I shared my long-held skepticism about the effectiveness of influenza vaccines and was pleased to see a friend chime in in agreement. My skepticism of flu shots is based on science – that the effectiveness of the mass-produced vaccine is abysmal and has been for years. My friend’s skepticism is based on something less reliable, it seems, because she shared a post from the dubious news site, YourNewsWire.com. It quotes an unnamed CDC doctor:

A CDC doctor has warned this year’s “disastrous” flu shot may be responsible for the deadly flu epidemic sweeping the country.

“Some of the patients I’ve administered the flu shot to this year have died,” the doctor said, adding “I don’t care who you are, this scares the crap out of me.”

“We have seen people dying across the country of the flu, and one thing nearly all of them have in common is they got the flu shot.”

Scientists were worried this year’s flu season was going to be rough and their fears have been proven well founded. The flu season is off to a record-breaking start, with the CDC reporting widespread flu activity from coast to coast. Many health officials believe that 2018 will ultimately be the worst flu outbreak that we have experienced since 1918.

The CDC doctor’s experience of patients dying of the flu after receiving the flu shot is sadly not uncommon. Eight Santa Barbara County residents have died from the flu in the last fortnight. Seven of them had the flu shot.

This seemed like a pretty radical claim, so I searched the Internet for it and … nothing. The unnamed doctor obviously does not exist. YourNewsWire is the place Russian trolls work to perfect their craft.
Continue reading