Visitors Now:
Total Visits:
Total Stories:
Profile image
Story Views

Now:
Last Hour:
Last 24 Hours:
Total:

U.S. Government Misrepresents IP Addresses Used by Thousands as Belonging to Russian Hackers

Saturday, January 7, 2017 10:18
% of readers think this story is Fact. Add your two cents.

(Before It's News)

 

Investigative journalist for the Intercept Micah Lee found that nearly half of the IP addresses cited in the FBI and Department of Homeland Security’s public report arguing that Russians hacked the 2016 election were “Tor exit nodes”—servers that let anyone “bypass internet censorship, evade internet surveillance, and access websites anonymously.”

“… this means that anyone in the world — not just Russian hackers — can use the internet from those IP addresses,” Lee explained.

Lee conducted his investigation after discovering that IP addresses named in the government report showed up as attributed to visitors to his blog.

I found out, after some digging, that of the 876 suspicious IP addresses that the Department of Homeland Security and the Department of National Intelligence put on the Russian cyber attacker list, at least 367 of them (roughly 42%) are either Tor exit nodes right now, or were Tor exit nodes in the last few years. I have a lot of regular readers who are Tor users, and I’m pretty sure they’re not all Russian hackers. So the quick answer to the mystery of my website apparently being attacked by nefarious IP addresses listed in the U.S. report is that the Russians, along with many thousands of others, just happened to use the Tor IP addresses that my regular readers used (and still use). …

Tor is a decentralized network of servers, called nodes, that help people bypass internet censorship, evade internet surveillance, and access websites anonymously. Today, there are over 7000 nodes in the Tor network (about 1000 of those are “exit nodes”), distributed geographically around the world, and run by volunteers (I run a few myself). Tor Browser is a web browser, like Chrome or Firefox, but all of its internet traffic goes over the Tor network. If you type in the URL https://www.fbi.gov in your normal web browser, the IP address of your current internet connection will end up in the FBI’s web server logs. But if you type that URL into Tor Browser, an encrypted copy of your web request will bounce around the world through multiple Tor nodes before finally exiting the Tor network, and the IP address of a Tor exit node will end up in the FBI’s logs, rather than the network you’re currently connected to.

Since nearly half of the IP addresses in the Grizzly Steppe report are actually just Tor exit nodes, this means that anyone in the world — not just Russian hackers — can use the internet from those IP addresses. In fact, if you open Tor Browser and visit a website right now, there’s a pretty decent chance that you’ll be using the internet from one of those suspicious IP addresses.

It’s plausible that Russian hackers use Tor to hide their real IP addresses when they do attacks, and this is likely why these IP addresses ended up in the Grizzly Steppe report. But finding these IPs in your web server logs (like I did for my website) does not mean that the Russians are attacking you. Tor has over 1.5 million daily users around the world — about a third of a million of them are in the United States. If you see a Tor IP address in your logs, you know that a Tor user visited your website, and that’s it.

“If Vladimir Putin, the Russian leader, is truly responsible for manipulating the U.S. election, and if the Obama administration wishes to prove its case,” Lee adds, “it needs to publish actual smoking-gun proof, such as intercepted emails or phone calls from within the Kremlin, or more complete technical details that connect dots directly to the Russian government, rather than to a Tor node that thousands of people use.”

Read more here.

—Posted by Alexander Reed Kelly

Related Entries

Report abuse

Comments

Your Comments
Question   Razz  Sad   Evil  Exclaim  Smile  Redface  Biggrin  Surprised  Eek   Confused   Cool  LOL   Mad   Twisted  Rolleyes   Wink  Idea  Arrow  Neutral  Cry   Mr. Green

Total 1 comment
  • US DHS CAUGHT HACKING US PRESIDENTIAL ELECTION! Look it up! IT IS NOT THE RUSSIANS, ITS YOUR OWN FAKE GOVERNMENT!

Top Stories
Recent Stories

Register

Newsletter

Email this story
Email this story

If you really want to ban this commenter, please write down the reason:

If you really want to disable all recommended stories, click on OK button. After that, you will be redirect to your options page.