The Packet Rat

Grifter Action Committees

November 1st, 2024

Political Action Committees are a great way to launder money, and SuperPACs even moreso. But even the smallest of PACs can have a diluting effect on the gifts from citizens hoping to support the candidate of their choice.

So a few days ago I got one of those many political fundraising SMS messages anyone who has ever made the decision to support a political cause has been seeing hundreds of this election season. But this one reminded me more of a phishing message:

Now, this wasn’t the first text I had gotten from them. The first two were chastising for not “endorsing” Kamala Harris. But this one, and the website it led to, sort of burnt my toast.

And it was tied to data from ActBlue, the organization that is central to Democratic fundraising efforts.

So I did what I usually do when something triggers my cybercrime research setting. I went digging to see who was behind this and exactly how much money was actually going to help political campaigns.

It turns out that very little of their fundraising so far this year actually went to help candidates’ campaigns. In October , the Alsobrooks Victory Fund got the only candidate-affiliated disbursement : $1000.

I checked out their FEC report for October. It was very enlightening. OpenSecrets has a good summary of their activity based on FEC reports for 2023-2024 as well.

The first page of UNITEDemocrats PAC’s October FEC filing.

So in this campaign cycle , UNITEDemocrats has brought in $618,292 in contributions. Of that, the PAC has donated…$6,833 to federal candidates. That’s basically a penny of every dollar raised-a percentage that would even make a Fraternal Order of Police fundraising company blush.

Where does all the money go? Well, a tiny bit goes to sustain their web presence on Squarespace. More goes to ActBlue for their “merchant account”, and to an SMS delivery company called Tatango. And then a bunch goes to a minority/woman owned fundraising messaging company called Momentum Campaigns LLC. And there’s the salaries of the PAC staff and the rent for their office on C Street NW in DC, right across the street from the Bureau of Federal Prisons.

But they aren’t the only organization at that suite number. There’s also BlueWave Politics, a consulting firm…for whom the treasurer of UNITEDemocrats works:

“Sue [Jackson] has 13 years of compliance, accounting and campaign finance reporting experience working on various Presidential, U.S. Senate, Congressional, PAC and non federal committees. Prior to starting her second career in political compliance, she worked for 13 years in international business while living in Atlanta, GA. She has a B.A. in Government from The College of William and Mary.

Fun Fact: Sue has lived in 4 foreign countries and visited 27 others.

Recent Clients: Deborah Ross for Congress, Montanans for Bullock, North Carolina Democratic Party, Josh Harder for Congress, Citizens for Boyle”

So other than the treasurer, we don’t know who else from this consultancy is involved in UNITEDemocrats. I suspect I can find a bunch of other PACs sharing the same address.

It sure is an interesting business model. It reminds me of…pig butchering, but it’s legal.

So what about MAGA grifters?

Most of the Trump-aligned PACs I saw dumped about half of what they brought in directly into Donald J Trump For President 2024 Inc. — a total of $315 million over this election cycle. Almost all that money (aside from what was given back to angry or ineligible donors) was spent on Trump…but not necessarily for the campaign. There were over $1.3 million in American Express credit card payments which were not itemized.

Then there’s the more than $50,0000 in “travel reimbursements”to Southern Baptist minister and podcaster Michael Clary and other “influencers” who Donald J Trump For President 2024 Inc. directly paid to be at the convention and other events. And between DJTFP2024 and other contributing funds, just shy of $1 million went into Mar-A-Lago Club LLC.

Another Trump-aligned PAC, ULTRA MAGA PAC, spent 10 percent of its raised funds on contributions to candidates like Kari Lake. But most of the money went into direct mail and other fundrasing costs (and lawyers, and other players).
Goats on the Slope

October 27th, 2024

Goats grazing in Wyman Park Dell brings out a very specific demographic.

I might be in it.

Landscape-tainment
Crimechain remains Crimechain

October 24th, 2024

I’ve done a lot of research into fake “liquidity mining” cryptocurrency scams connected to “pig butchering” rings—enough to be super suspicious of anything having to do do with liquidity mining. Or cryptocurrency, to be honest.

But this latest bit of news is…🧑‍🍳🤌

As many in the Cosmos community are now aware, it was revealed that a significant portion of the Liquidity Staking Module (LSM), created by Iqlusion for the Cosmos Hub, was developed by North Korean agents.

Hat tip to Molly White of Web3 Is Going Great .
Hello, Steady Customer.

October 24th, 2024
Starling cam

October 24th, 2024

They’re back, they’re loud, they’re all starry-bellied and adorable. Also loud. And feisty.
America ≈ Dhalgren

October 24th, 2024

There are many times I wake up and feel like I’m living in a Samuel R. Delany novel. America sometimes seems to traverse history as a flat spiral, constantly re-encountering itself without recognizing itself as it passes.

I picked up Dhalgren in a remainders bookstore when I was 16, after moving at the end of my junior year of high school from Long Island to a small city upstate near the Quebec border, a town caught in its own desolate time loop with a SAC base and nightly scrambles of bombers and tankers.

The B-47 bomber outside what was once Plattsburgh Air Force Base.

The book was mind bending and the wildest thing I had read up to then, but Bellona felt like a town I knew somehow.

I was already living at something of a remove from the world around me, having moved 375 miles north of my whole life to that date because my father had taken a job as a high school principal. My mother was still going to be teaching on Long Island, commuting to our new home every other weekend-adding to the sense of unbelonging.

Margaret Street in Plattsburgh

Point Au Roche trail

I sometimes feel like I’m walking past that kid with Cold War neuroses when I walk through my neighborhood in Baltimore, where I have family and friends but will never be a native. To always be from someplace else is a hell of a thing.

Wandering the old Jones Falls mills with my son Jonah, 2011. Mill #1 is now luxury apartments.

A lot of this came to mind last night as I sat in an auditorium listening to Jeff VanderMeer talk about Absolution , his new Southern Reach book, and the rest of the series. He talked about how his research assistant had to construct a map of all the layers of previous human inhabitance in Florida’s Forgotten Coast — black communities’ burial grounds, indigenous settlements, and failed plantations, etc. — because no one had ever bothered to centralize all that knowledge.

We keep recolonizing our past, not even recognizing it as our past. As we approach the first Tuesday of November, this is…very much apparent.

Maybe we’ll wake up at some point and look around and see ourselves walking the other way as we pass on that footbridge out of this place where we are all visitors.
Unpatched Veeam and VPNs leveraged in recent ransomware attacks.

October 17th, 2024

My colleagues in Sophos X-Ops MDR and Incident Response are tracking a series of attacks in the past month leveraging compromised credentials and a known vulnerability in Veeam (CVE-2024-40711) to create an account and attempt to deploy ransomware. We put out a social media thread on this last week that was highlighted in a recent BleepingComputer article on the Veeam vulnerability. As I wrote in our Mastodon post:

In one case, attackers dropped Fog ransomware. Another attack in the same timeframe attempted to deploy Akira ransomware. Indicators in all 4 cases overlap with earlier Akira and Fog ransomware attacks.

In each of the cases, attackers initially accessed targets using compromised VPN gateways without multifactor authentication enabled. Some of these VPNs were running unsupported software versions.

Each time, the attackers exploited VEEAM on the URI /trigger on port 8000, triggering the Veeam.Backup.MountService.exe to spawn net.exe. The exploit creates a local account, “point,” adding it to the local Administrators and Remote Desktop Users groups.

In the Fog ransomware incident, the attacker deployed it to an unprotected Hyper-V server, then used the utility rclone to exfiltrate data. Sophos endpoint protection and MDR prevented ransomware deployments in the other cases.

These cases underline the importance of patching known vulnerabilities, updating/replacing out-of-support VPNs, and using multifactor authentication to control remote access. Sophos X-Ops continues to track this threat behavior.
Sophos X-Ops on infosec.exchange

We’ve since connected another case to the same threat activity cluster, and are continuing to hunt and research the threat. But this is just another case of weaponized unpatched hardware and software being used against organizations struggling to stay on top of security threats— particularly small and medium businesses without dedicated information security teams.
Morning Raven Report🐦‍⬛

October 17th, 2024

I’ve been running mornings this week with my neighbor’s dog (there’s another story there for later). This morning, we were just passing the local FOP lodge when I saw my favorite Baltimore Raven: an actual Common Raven swooped over us croaking. I turned us around to check the bird out, and the raven landed on a street light and clacked its bill. That’s typically a mating display, so maybe there was a lady raven nearby or maybe he mistook a nearby crow (or me) for a potential partner. Dunno. 🤷 Anyway, hope it’s an omen of a good day.
Money ruins everything: there are no tech heroes in the tech bro era.

October 15th, 2024

I have a lot to say about how rotten social media is/is becoming/always has been. But an essential part of how bad things have become is the cult of personality around the people who sit atop the engines of our permanently online social interaction, no matter how relatively “humble” they are on the Dennis Ritchie-to-Elon Musk spectrum:

Dennis Ritchie is what I consider to be on the “enlightened technologist” end of the spectrum–actually talented, unknown to the masses, did not launch a start-up and sell out, made great things possible with his work. He is, however, not a product of the Post-Microsoft Tech World.

Dennis Ritchie created the C programming language and is as a result directly responsible for both much of the software revolution and much of the non-memory-safe code that makes the digital world insecure*. Net +, with notes. Full disclosure: a personal hero, and he wrote a great book.

* as Ken Goldsholl pointed out, the memory un-safe-ness was probably not foreseeable at the time, and honestly I cannot hold anything against Ritchie because he was in it for all the right reasons.

Elon Musk is a nerd who had emerald mine money from his apartheid-fan dad and evaded the draft by coming to America…he got involved with PayPal and has been trying to name everything with an X ever since because he’s a fucking neofascist pirate.

Elon is on the other end of the spectrum. As far as I can tell, he can code but in a very unenlightened way–but his main talent is that he has money and rich friends and is part of the Paypaligarchy. He has put money and his weirdness into a lot of things, but he has not made anything of consequence himself–he has just imposed his weird aesthetic and pot-smoke-haze Ayn Randian philosophy on everything he touches and is all about extracting as much value as possible from everything he touches (except Twitter, which he has fucked up beyond all recognition).

And then there’s Matt Mullenweg, who owns the platform I blog on.

Where does he fall on the Dennis to Elon spectrum?

Welp.

WordPress has been part of my online life for almost 20 years. It’s hard to believe. I’ve done Moveable Type and all sorts of other platforms over the years (including a very interesting development project on Community Server .Net that nearly robbed me of my sanity). But most of the words I’ve ever published electronically, including everything at Ars Technica and my current gig, were processed through WordPress.

Matt was a PHP developer at CNET, and he did WordPress on the side. Then he became an open-source hero, and then a hosting hero to everyone who had used Google Domains. But he’s also something of a tech bro asshole. And his recent purge of employees at Automattic is just the latest symptom of a very confrontational, not very open-source kumbaya personality and business approach that has scorched a lot of fucking earth.

But WordPress is still open-source, and I am paying for hosting and patching, not for Matt’s personality. So… somewhere between Dennis and Elon. Am I going to move off a WordPress-hosted blog and take my words to a self-powered domain somewhere? Probably not anytime soon–just like I’m not going to stop using a Mac or an iPhone even though Tim Cook is a jackass.
Duck, duck, goose

October 13th, 2024

Duck

Duck

Goose.

#birds.