Notices by BrianKrebs (briankrebs@infosec.exchange)

A steady rain has moved into the DC area. Visibility is not great. Whoever ordered it to rain on his parade, <chef's kiss>

IDK why, but out of all the horrible, no good, very depressing news on the front pages today, this one stuck in my head the most so far. From WaPo:

"At least several months ago, Israel’s top spy agency, the Mossad, began to smuggle missiles into Iran and secretly installed swarms of explosive drones deep inside the country, laying the groundwork for a devastating Israeli surprise attack on Friday morning. As Israel launched its air attack, the Mossad activated its planted drones, which struck missile launchers at a base near Tehran, a senior Israeli official said, speaking on the condition of anonymity to discuss intelligence operations."

But sure, let's spend a bajillion dollars building a nationwide golden ICBM shield.

https://www.washingtonpost.com/world/2025/06/12/israel-attacks-iran-tehran-explosions/#link-SFGHTH4RRVBZJPJXL2ZBVMJY5I

New, by me: A Dark Adtech Empire Fed by Fake CAPTCHAs

Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising technology that powers a sprawling ecosystem of online hucksters and website hackers. A new report on the fallout from that investigation finds this dark ad tech industry is far more resilient and incestuous than previously known.

https://krebsonsecurity.com/2025/06/inside-a-dark-adtech-empire-fed-by-fake-captchas/

Really enjoyed David Gerard's amusing take on how programming with AI becomes like a gambling addiction for many.

"Large language models work the same way as a carnival psychic. Chatbots look smart by the Barnum Effect — which is where you read what’s actually a generic statement about people and you take it as being personally about you. The only intelligence there is yours."

"With ChatGPT, Sam Altman hit upon a way to use the Hook Model with a text generator. The unreliability and hallucinations themselves are the hook — the intermittent reward, to keep the user running prompts and hoping they’ll get a win this time."

"This is why you see previously normal techies start evangelising AI coding on LinkedIn or Hacker News like they saw a glimpse of God and they’ll keep paying for the chatbot tokens until they can just see a glimpse of Him again. And you have to as well. This is why they act like they joined a cult. Send ’em a copy of this post."

https://pivot-to-ai.com/2025/06/05/generative-ai-runs-on-gambling-addiction-just-one-more-prompt-bro/

PSA: After getting duly sanctioned last month by the EU for being a conduit for Russian disinformation and cyberattacks, the people behind the massive bulletproof hosting service known as Stark Industries Solutions Inc are rebranding.

Stark's two sanctioned owners -- the Neculiti brothers -- have operated Stark via a related business called PQ Hosting, which is now changing its name to the[.]hosting.

"The PQ.Hosting project no longer exists — neither as a legal entity nor as an operational structure. From the moment of transition, full control over all operational and technical activities has passed to new owners with no connection to the previous management or beneficiaries."

Uh huh.

https://the.hosting/en/news/pqhosting-thehosting-important-news-about-the-companys-transformation

I learned a lot writing this, and there is a lot more here to pick at.

Ukraine has seen nearly one-fifth of its Internet space come under Russian control or sold to Internet address brokers since February 2022, a new study finds. The analysis indicates large chunks of Ukrainian Internet address space are now in the hands of shadowy proxy and anonymity services that are nested at some of America’s largest Internet service providers (ISPs).

"...A cursory review of all Internet address blocks currently routed through AT&T — as seen in public records maintained by the Internet backbone provider Hurricane Electric — shows a preponderance of country flags other than the United States, including networks originating in Hungary, Lithuania, Moldova, Mauritius, Palestine, Seychelles, Slovenia, and Ukraine.

Asked about the apparent high incidence of proxy services routing foreign address blocks through AT&T, the telecommunications giant said it recently changed its policy about originating routes for network blocks that are not owned and managed by AT&T. That new policy, spelled out in a February 2025 update to AT&T’s terms of service, gives those customers until Sept. 1, 2025 to originate their own IP space from their own autonomous system number (ASN), a unique number assigned to each ISP (AT&T’s is AS7018).

https://krebsonsecurity.com/2025/06/proxy-services-feast-on-ukraines-ip-address-exodus/

Attendee at a recent talk: "You're the reason I got into security."

Me: "I'm really sorry."

It's not every day your name is on the top of the Google Cloud blog. Google's engineers wrote about the ginormous 6.3 terabits per second attack on KrebsOnSecurity.com on May 12.

"In the May incident, the attacker sent large data packets to random ports at a rate of approximately 585 million packets per second, which is over 1,000 times the usual rate for KrebsOnSecurity."

https://cloud.google.com/blog/products/identity-security/project-shield-blocked-a-massive-recent-ddos-attack-heres-how

Here's my May 20 story about the attack:
https://krebsonsecurity.com/2025/05/krebsonsecurity-hit-with-near-record-6-3-tbps-ddos/

The closing thank you slide in my talk yesterday had my profile photo from here and a link to my profile, and I actually had multiple people come up afterward saying they were signing up here after meaning to for some time. Guess I'll keep that as my last slide going forward.

In January, I wrote about a vast China-based cloud CDN called Funnul that catered to cybercriminals in China and Russia seeking to route their traffic through US-based Cloud providers, particularly Microsoft and Amazon.

https://krebsonsecurity.com/2025/01/infrastructure-laundering-blending-in-with-the-cloud/

I did not expect this, or so quickly, but it looks like Treasury just sanctioned Funnel, calling it a major scam distributor.

https://home.treasury.gov/news/press-releases/sb0149

January's story was based on research by Silent Push, which found a large number of domains hosted via Funnull promoting gambling sites that bear the logo of the Suncity Group, a Chinese entity named in a 2024 UN report (PDF) for laundering millions of dollars for the North Korean Lazarus Group.

In 2023, Suncity’s CEO was sentenced to 18 years in prison on charges of fraud, illegal gambling, and “triad offenses,” i.e. working with Chinese transnational organized crime syndicates. Suncity is alleged to have built an underground banking system that laundered billions of dollars for criminals.

LOL. I posted the same thing on LinkedIn just as like an FYI, and within minutes the post attracted a comment from a scam HR recruiter whose account is 5 days old.

There are a number of AI platforms now that will allow people to engage agentic AI bots, and I have to say these places are generally libertarian utopias. It's kind of like CoPilot, but w/out any of the ethical and security guardrails.

Come to think of it, we're not far from a future in which nation states are founded on the idea that AI should be unbridled by laws and regulations.

Just FYI, I was asked to talk about what's ahead for AI and then freaked out because I don't know anything about AI. So I set aside a few days to sit w/ a couple of the best red-teamers I know.

Tl;dr: one told it to mimic the IT infrastructure of the target environment, and then run a battery of tests using APIs for some vulnerability testing services. He told it to dox the employees of the targeted company; to provide a roadmap for exploitable vulnerabilities. It did all this and more. The expert said the resulting report produced by the agentic AI bot was the equivalent of an entire team of red-teamers working for a week. The compute time cost less than $10.

Oh yay. Our dystopian AI agentic future is now at 4.0

https://news.ycombinator.com/item?id=44063703

For a clue at how new agentic AI is for most noobs (including me), agentic is not even technically a globally accepted word yet AFAICT.

As much as I detest the term "agentic AI" for all that it stands for, it's a term that everyone should understand and be conversant about. If you thought we had problems already with systems being compromised by botnets, wait until everyone and his mom starts handing control over their system to agentic AI. It won't be long now.

I realize now I set up a dunk shot without dunking: Basically, agentic AI involves you consenting to give AI control over your computer, with the idea that instead of actually pressing keys you tell the system what you want it to do and how, and it figures out the most expedient way to comply with your request.

Upon further consideration, I feel should point out that many low-cost or "free" VPNs very much do route other peoples' traffic through your system. This is an incredibly common practice among "free" or low-cost VPN providers. Just understand that running a VPN is not cheap, and anyone giving it away for free probably does not have your best interests at heart.

And for further clarification (as per an astute reader on LinkedIn) I’d add that it might not necessarily be *your* computer that’s compromised; it could be another device connected to your Wi-Fi network, since they would share the same public IP address.

PSA: If you are not browsing the interwebs with a VPN enabled and you suddenly find your browser sessions are frequently stymied by constant CAPTCHA requests, that's one potential sign that your system may be compromised by something that is routing other peoples' Web traffic through your computer. It's not a dead giveaway of a compromise by any stretch, but it is something that you should probably investigate further.

In case you needed a playbook for responding to would-be dictators. From the NYT:

"The funny thing is that there’s a playbook for overturning autocrats. It was written here in America, by a rumpled political scientist I knew named Gene Sharp. While little known in the United States before his death in 2018, he was celebrated abroad, and his tool kit was used by activists in Eastern Europe, in the Middle East and across Asia. His books, emphasizing nonviolent protests that become contagious, have been translated into at least 34 languages."

“I would rather have this book than the nuclear bomb,” a former Lithuanian defense minister once said of Sharp’s writing."

"A soft-spoken scholar working from his Boston apartment, Sharp recommended 198 actions that were often performative, ranging from hunger strikes to sex boycotts to mock funerals."

“Dictators are never as strong as they tell you they are,” he once said, “and people are never as weak as they think they are.”

"The Democrats’ message last year revolved in part around earnest appeals to democratic values, but one of the lessons from anti-authoritarian movements around the world is that such abstract arguments aren’t terribly effective. Rather, three other approaches, drawing on Sharp’s work, seem to work better."

"The first is mockery and humor — preferably salacious."

"Wang Dan, a leader of China’s 1989 Tiananmen Square democracy demonstrations, told me that in China, puns often “resonate more than solemn political slogans.”

"The Chinese internet for a time delighted in grass-mud horses — which may puzzle future zoologists exploring Chinese archives, for there is no such animal. It’s all a bawdy joke: In Chinese, “grass-mud horse” sounds very much like a curse, one so vulgar it would make your screen blush. But on its face it is an innocent homonym about an animal and thus is used to mock China’s censors."

"Shops in China peddled dolls of grass-mud horses (resembling alpacas), and a faux nature documentary described their habits. One Chinese song recounted the epic conflict between grass-mud horses and river crabs — because “river crab” is a play on the Chinese term for censorship. It optimistically declared the horses triumphant."

http://nytimes.com/2025/05/21/opinion/authoritarianism-democracy-protest.html