“Do what you love, “ they say, “and you’ll never work a day in your life.” Such lies they tell. Do what you love for work, and then it becomes work, and you do it for money instead of love, and then you realize how little capitalism values what you love, and you start to hate it instead.
What they should say is, “Do What You Care Enough To Do Well, Even If Underpaid And Underappreciated, And Save What You Truly Love For Yourself. “ You’ll work, though. Still.
I find small joys in my work, and there is a sense of achievement when the job is done well and some people are actually helped. But it is work. I fight through corporate bureaucracy, indifference and gaps in my technical skills to hunt badness and impose cost every day. When I’m not in meetings.
I love birds though. If I had to, could I make money off bird photography? Not a lot, I suspect. My work pays for my bird photography habit. I may get better at it, but it will not pay for itself. And if it did, it would be work.
A birb.
I loved journalism. I loved it but it did not love me back so much.It paid the bills for years, and made it possible for me to work from home long before others could, but it was work that was never really rewarded with anything other than “you are lucky we don’t lay you off” until they did.
Journalism and my tech skills made me resilient in that I could always freelance and scrape by (even if I had to cash out 401ks to get by for a few months starting up again), but it turns out having both just makes you a freak that publishers like to have around sometimes to help sell things.
But fortunately those tools also translate well to OSINT and analysis and threat hunting and translating telemetry into stories that explain what bad people did with computers and maybe make the bad people’s lives a little less comfortable.
So I work. I can pay for the birding. I put my daughter (with some help ) through college with no student loan debt. I can be sort of middle class.
Political Action Committees are a great way to launder money, and SuperPACs even moreso. But even the smallest of PACs can have a diluting effect on the gifts from citizens hoping to support the candidate of their choice.
So a few days ago I got one of those many political fundraising SMS messages anyone who has ever made the decision to support a political cause has been seeing hundreds of this election season. But this one reminded me more of a phishing message:
Now, this wasn’t the first text I had gotten from them. The first two were chastising for not “endorsing” Kamala Harris. But this one, and the website it led to, sort of burnt my toast.
And it was tied to data from ActBlue, the organization that is central to Democratic fundraising efforts.
So I did what I usually do when something triggers my cybercrime research setting. I went digging to see who was behind this and exactly how much money was actually going to help political campaigns.
It turns out that very little of their fundraising so far this year actually went to help candidates’ campaigns. In October , the Alsobrooks Victory Fund got the only candidate-affiliated disbursement : $1000.
The first page of UNITEDemocrats PAC’s October FEC filing.
So in this campaign cycle , UNITEDemocrats has brought in $618,292 in contributions. Of that, the PAC has donated…$6,833 to federal candidates. That’s basically a penny of every dollar raised-a percentage that would even make a Fraternal Order of Police fundraising company blush.
Where does all the money go? Well, a tiny bit goes to sustain their web presence on Squarespace. More goes to ActBlue for their “merchant account”, and to an SMS delivery company called Tatango. And then a bunch goes to a minority/woman owned fundraising messaging company called Momentum Campaigns LLC. And there’s the salaries of the PAC staff and the rent for their office on C Street NW in DC, right across the street from the Bureau of Federal Prisons.
But they aren’t the only organization at that suite number. There’s also BlueWave Politics, a consulting firm…for whom the treasurer of UNITEDemocrats works:
“Sue [Jackson] has 13 years of compliance, accounting and campaign finance reporting experience working on various Presidential, U.S. Senate, Congressional, PAC and non federal committees. Prior to starting her second career in political compliance, she worked for 13 years in international business while living in Atlanta, GA. She has a B.A. in Government from The College of William and Mary.
Fun Fact: Sue has lived in 4 foreign countries and visited 27 others.
Recent Clients: Deborah Ross for Congress, Montanans for Bullock, North Carolina Democratic Party, Josh Harder for Congress, Citizens for Boyle”
So other than the treasurer, we don’t know who else from this consultancy is involved in UNITEDemocrats. I suspect I can find a bunch of other PACs sharing the same address.
It sure is an interesting business model. It reminds me of…pig butchering, but it’s legal.
So what about MAGA grifters?
Most of the Trump-aligned PACs I saw dumped about half of what they brought in directly into Donald J Trump For President 2024 Inc. — a total of $315 million over this election cycle. Almost all that money (aside from what was given back to angry or ineligible donors) was spent on Trump…but not necessarily for the campaign. There were over $1.3 million in American Express credit card payments which were not itemized.
Then there’s the more than $50,0000 in “travel reimbursements”to Southern Baptist minister and podcaster Michael Clary and other “influencers” who Donald J Trump For President 2024 Inc. directly paid to be at the convention and other events. And between DJTFP2024 and other contributing funds, just shy of $1 million went into Mar-A-Lago Club LLC.
Another Trump-aligned PAC, ULTRA MAGA PAC, spent 10 percent of its raised funds on contributions to candidates like Kari Lake. But most of the money went into direct mail and other fundrasing costs (and lawyers, and other players).
My colleagues in Sophos X-Ops MDR and Incident Response are tracking a series of attacks in the past month leveraging compromised credentials and a known vulnerability in Veeam (CVE-2024-40711) to create an account and attempt to deploy ransomware. We put out a social media thread on this last week that was highlighted in a recent BleepingComputer article on the Veeam vulnerability. As I wrote in our Mastodon post:
In one case, attackers dropped Fog ransomware. Another attack in the same timeframe attempted to deploy Akira ransomware. Indicators in all 4 cases overlap with earlier Akira and Fog ransomware attacks.
In each of the cases, attackers initially accessed targets using compromised VPN gateways without multifactor authentication enabled. Some of these VPNs were running unsupported software versions.
Each time, the attackers exploited VEEAM on the URI /trigger on port 8000, triggering the Veeam.Backup.MountService.exe to spawn net.exe. The exploit creates a local account, “point,” adding it to the local Administrators and Remote Desktop Users groups.
In the Fog ransomware incident, the attacker deployed it to an unprotected Hyper-V server, then used the utility rclone to exfiltrate data. Sophos endpoint protection and MDR prevented ransomware deployments in the other cases.
These cases underline the importance of patching known vulnerabilities, updating/replacing out-of-support VPNs, and using multifactor authentication to control remote access. Sophos X-Ops continues to track this threat behavior.
We’ve since connected another case to the same threat activity cluster, and are continuing to hunt and research the threat. But this is just another case of weaponized unpatched hardware and software being used against organizations struggling to stay on top of security threats— particularly small and medium businesses without dedicated information security teams.
The Packet Rat 