Targeted Attack Leveraging FSF Servers

Dr. Roy Schestowitz

2020-03-25 05:22:42 UTC
Modified: 2020-03-25 05:22:42 UTC

Target

Summary: Targeted by a determined and persist perpetrator, I've received over 20,000 E-mails. And the weapon of choice was the FSF's infrastructure, remotely misused against yours truly.

THOSE who read our IRC logs or follow us outside this site (e.g. social control media) would likely be aware of communications we had opened up with the FSF in the form of a report, support ticket, and correspondence.

"Leveraging Tor exit nodes, some party decided to 'weaponise' the FSF's mailing lists to bombard my E-mail accounts several times per minute."First of all, I'd like to commend the FSF for swift action, transparency and eventually an explanation (including technical aspects).

So what is it that happened? Well, it seems like more than a week ago someone (or someones) was trying to cause nuisance if not conflict (it was a nuisance, but I spoke to 3 people at the FSF and there was no conflict). Leveraging Tor exit nodes, some party decided to 'weaponise' the FSF's mailing lists to bombard my E-mail accounts several times per minute. For several days. Non-stop.

"Suffice to say, it clogged things up and caused technical issues."By week's end I had received over 20,000 E-mails from the FSF's mailman services. Suffice to say, it clogged things up and caused technical issues. Rather than flag as spam or report the FSF I contacted them, at the advice or Mr. Oliva, and the problem was resolved within less than a day (despite COVID-19 disruptions to workflows and LibrePlanet right there in the middle, keeping FSF staff very busy).

The timing of the incident was particularly inconvenient to all and its perpetrators remain unknown. We can only speculate about the motivations. This week I asked the FSF if I can interpret the situation as, "as far as we know only Roy was targeted by this" and John Sullivan responded with a yes.

The spam mails have stopped.

It's worth noting that not one E-mail address of mine was targeted (the public address; there are more addresses). Two accounts were targeted, including a private one (which isn't easy to find).

"It's worth noting that not one E-mail address of mine was targeted (the public address; there are more addresses). Two accounts were targeted, including a private one (which isn't easy to find)."So it seems rather clear that someone targeted me, specifically, and used FSF servers for this purpose.

"Given various recent events," I told the FSF, "it's rather clear that some people try driving a wedge and strive harm Free software groups. There's ample evidence of it. Who would have the persistence to get 20,000 spam mails sent to my account from FSF servers?"

The mystery persists, but the FSF and us are in good terms. Many thanks and kind regards to Ruben Rodriguez, Zoë Kooyman, and John Sullivan. ⬆

Targeted Attack Leveraging FSF Servers

Recent Techrights' Posts