|
Post by Admin on Sept 7, 2013 18:44:26 GMT -8
Can't make this up.... We received an email today, a forward of, you guessed it, a link to a Google Docs file. The link in the Click Here to view was: http ://www.cedt.hu/hirlevel/googledrive.html cedt.hu is the domain of a Central Europe dance company: So, another person is sending "Google Docs" hosted someplace that's not Google..... Really guys? You want to go there again? Tommy's epic fail wasn't enough fail? You people really think this can be explained away as coincidence/hacked accounts at this point? Google Docs are only hosted by GOOGLE. Not on freechamps. Not on a Hungarian theater website. Some one kindly send the email headers so we can put these imbeciles in the ground. Figuratively speaking of course. Note: this old Indymedia thread may or may not be illuminating to the sender. And "Joe Anybody" makes an appearance: portland.indymedia.org/en/2012/12/420961.shtml
|
|
|
Post by Admin on Sept 7, 2013 19:06:11 GMT -8
|
|
|
Post by Admin on Sept 7, 2013 19:40:42 GMT -8
FYI: the individual who sent this is networked with at least two KKK people on Facebook. This is not a coincidence. We'll be sending emails with information out sometime next week after we have a chance to sort through this. Meanwhile, we can suggest contacting Hadrian. Assuming he's agreeable.
|
|
|
Post by lurker on Sept 7, 2013 20:09:49 GMT -8
It's possible to have Google Drive as an app. But "googledrive.html" come up in many suspected phish complaints/reports. Anyone know the exact url/subdomain for Google Drive is?
|
|
|
Post by lurker on Sept 7, 2013 20:29:18 GMT -8
|
|
|
Post by Admin on Sept 7, 2013 21:59:27 GMT -8
Phishy page and link: Real Google Docs page and link: This should be concerning to the Hungry Hungary people. Someone should email them: Statistically, it's got to be a record. What are the chances a friend of the KKK club has his/her email account 'hacked'(that's what they'll say) and sends a phishing link to enemies of the inner party twice in a couple of months?Quoting from the website:
|
|
|
Post by Hadrian Miccihe on Sept 7, 2013 22:40:32 GMT -8
The phishing email I received from the KBOO engineer linked to a page which was like, but unlike the fake site pictured here. I was linked to a page asking only for my Google log in. Highly suspicious in the context of Lisa Loving's call to hack a google hosted web site. Also highly suspicious: the KBOO engineer "dealing all day" with his supposedly compromised account without once notifying anyone that the email they received from him was, he claims, not from him. Finally, the phishing page being taken down soon after the KBOO engineer was called on his shenanigans. I understand Lisa has a complaint filed with the FBI. That's fine. If she wants to expose herself to the scrutiny of the FBI about her call to hack a website, more power to her -- and more power to those who will notify the FBI about Lisa's actions.
|
|
|
Post by Admin on Sept 8, 2013 8:20:19 GMT -8
That's an interesting distinction. Another one readers maybe unaware of was a legit Google docs invite, from someone at KBOO who had already sent a text version out, and had no reason to use Google docs. It's possible to get information from people editing/reading a Google doc if they're logged in. It's still "fishing", but not "phishing". This is the third (to the best of our knowledge) attempt to fish information from people the "Inner Party" has labeled hostile. While the technique is different, the pattern is the same. It's interesting to look where the file is on the website: This does look like a static page, but getting someone to check it from a different location, firewall. The email links don't click for me either. If it is a static page pretending to be a phish that tells us the person who put it up wants to avoid trouble with the law. They're in essence using an unloaded gun. But it also says it was deliberate because a random phisher doesn't set up a fake fish page. Ya know? The word hirlevel is a Hungarian for newsletter. A strange name. It might also mean/imply spam: hu.wikipedia.org/wiki/H%C3%ADrlev%C3%A9lFor the record, the email sender's Facebook has network connections to at least these two pro KKK Facebook accounts: Timothy Martin Flanagan groups.google.com/forum/#!topic/LaborRadioCollective/QyF7cgXeAyk John Walsh savekboofromsavekboo.blogspot.com/2013/06/lisa-loving-in-lavender-plus-more-inner.htmlWe're not publishing the email address until we have more information.
|
|
|
Post by Admin on Sept 8, 2013 18:03:05 GMT -8
Another interesting detail: email was bbc to undisclosed recipients:
Spamming the address book is not uncommon if an email account has bee hacked. BUT the person who leaked this doesn't know "XXXXX". So how did their email get in XXXX's address book?
Assuming that's the story they'll go with.
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Sept 8, 2013 20:06:26 GMT -8
Bottom line, we've all been a bit jumpy since the Tom phishing thing.
I'm the one who received an email, apparently from someone who I've known for decades, but with whom I haven't spoken in a while and who doesn't show up in my email history with this address. The person I know with this name is of the highest integrity and I couldn't see how they would be involved in this mess, or even care ... although he is a KBOO member and a dedicated lefty.
I sent a copy to "the gang" out of an abundance of caution, in case this was somehow linked to what happened before. I then phoned him several times, and emailed him to see what he knew. I also checked with several mutual friends to see if they had also received the email. One responded and said that she had received this email also, and she is not even close to being on the KKK hit list. I just spoke with the person whose account sent the email and he says it's a mystery to him and was curious what's all the fuss lately about KBOO. His reaction when I told him the Readers' Digest version was to ask me if I though he would be wasting his money contributing further to KBOO.
So ... we can all stand down. If prior posts can be edited to remove any references to names then we're all good. To tell you the truth, all this cyber sleuthing is something I've never needed to focus on before. It's all a bit bewildering and with a lot happening in the next two weeks I guess I'm being a bit jumpy.
So my call is that this was not KBOO related, even though the person knows several KBOO personalities (including me) and we can just assume he was hacked.
P.S. Kudos to all you SKFSK and OFS folks for respecting my request to withold names till things were clearer. Let's try to take the high but careful road as the next few weeks are going be be very interesting.
|
|
|
Post by Admin on Sept 9, 2013 9:48:53 GMT -8
Moving thread to actions board. Actions can only be seen by registered members.
|
|
|
Post by Admin on Sept 9, 2013 10:44:42 GMT -8
Bottom line, we've all been a bit jumpy since the Tom phishing thing. I'm the one who received an email, apparently from someone who I've known for decades, but with whom I haven't spoken in a while and who doesn't show up in my email history with this address. The person I know with this name is of the highest integrity and I couldn't see how they would be involved in this mess, or even care ... although he is a KBOO member and a dedicated lefty. I sent a copy to "the gang" out of an abundance of caution, in case this was somehow linked to what happened before. I then phoned him several times, and emailed him to see what he knew. I also checked with several mutual friends to see if they had also received the email. One responded and said that she had received this email also, and she is not even close to being on the KKK hit list. I just spoke with the person whose account sent the email and he says it's a mystery to him and was curious what's all the fuss lately about KBOO. His reaction when I told him the Readers' Digest version was to ask me if I though he would be wasting his money contributing further to KBOO. So ... we can all stand down. If prior posts can be edited to remove any references to names then we're all good. To tell you the truth, all this cyber sleuthing is something I've never needed to focus on before. It's all a bit bewildering and with a lot happening in the next two weeks I guess I'm being a bit jumpy. So my call is that this was not KBOO related, even though the person knows several KBOO personalities (including me) and we can just assume he was hacked. P.S. Kudos to all you SKFSK and OFS folks for respecting my request to withold names till things were clearer. Let's try to take the high but careful road as the next few weeks are going be be very interesting. Check your messages. I'll quote this part:
|
|
|
Post by Comrade Red on Sept 9, 2013 11:49:48 GMT -8
Bottom line, we've all been a bit jumpy since the Tom phishing thing. You may have been jumpy. We weren't. We were surprised anyone would be stupid enough to try the same stunt not once, but three times. That's three times, not one. First was Tommy. Second report was from a source that wishes to stay anonymous. Third from XXXXX. Or XXXXXX's hacked email if you prefer. Whatever. It's KBOO related as far as were' concerned. The burden of proof changed. After the second attempt(which you may not known about), everything is suspect. If anyone from KKK is reading who has a braincell left, what this means is you knock it the fuck off. "Hacking" isn't a mysterious plot device like in the movies. Just ask Lisa Loving. The first thing we do when we get an email about this type of shit is disable certain scripts before viewing. Then we find the link in the code and use it to find the host. Other tools are used to find the email address connected accounts across the web. Further research (that may be farmed out)is used to build a profile. Guess work figures very little in this process. It's insulting to imply it does. For the love of fuck treat any more Google Doc emails as malware. But don't send them to us if your afraid of what we'll find. Because we'll find it. I don't see any reason this thread shouldn't be made public again. Under no circumstances will we be protecting KKK members. If they don't want to be mentioned, then they should stop trying to fuck with people or suck people into their scams. Edit: One name in thread edited before returning to public view.
|
|
|
Post by partyhard on Sept 9, 2013 14:21:06 GMT -8
its time for that awkward moment when..... the youngest team member sayz FOCUS PEOPLE seriously, guys the election is less than 7 days away we can hunt hungarian kbots later fwiw i also dont buy this was a random thang what jumps out? undisclosed recipients(bcc)when a bot attack hijacks email accounts and spams the address book all examples i've known personally were cc'd not bcc. i'll try to find samples later right now finishing a couple posters. stay tuned
|
|
|
Post by partyhard on Sept 9, 2013 21:04:19 GMT -8
k now flyer done i'll weigh in briefly w what i've found elements of the phish page aren't hosted on the hungry site but in chile
email images hosted in chile
stillme is the website of a tranny performer daniela strange two supposed theater type websites are hosting malware/material used in malware
these pages predate lisa's hack request on june 19th
that seems to prove there's no direct connection between these websites and the kbots phish trips
that doesn't mean it's not kbots associates using them it just means the imgs weren't set up specifically for kbots
they're embedding a real google drive image after all
but unless they tampered with the dates anyone using this shit is exploiting pre-existing img files for the scam imho
kinda dum in a different way....but should help the email account holder making a report.
|
|