As an IT professional with security, web hosting, and infrastructure experience, I listened with amusement at the news clips yesterday of Marco Rubio claiming he and his staff were targeted by “IP addresses with an unknown location within Russia”.
Like so much of what we hear on the news about most any subject, his statement sounds impressive, but actually means nothing.
If you have access to web server, mail server, FTP server logs, from even a meaningless site like this one, they’re full, full of attempts to break in from IP addresses the world over. Most are from automated “bots” that do this 24x7x365. And you know what, the location of those IP addresses that attempt to break into your site, email, server, etc. is, for the most part, MEANINGLESS. Do you know why? There’s a thing call “proxy servers” that can be used to mask your current location and make it appear to come from somewhere else. There are “open proxy servers” that are open to anyone to use. Some of the open ones come and go as they’re discovered by security software and services. There are others proxy servers that are closed and part of hacking networks accessible only to members. There are also “zombie” computers, systems that have been infected with malware that can be controlled by hackers to route their nefarious activities and hide their location.
This is why it’s important to have good security measures and practices in place.
There are valid reasons to have proxy servers, so don’t jump to the conclusion that they’re all used by criminals. With the recent privacy issues of repeal of laws protecting consumer browsing data accessible to ISPs, you may be advised to use browsers such as TOR that hide your browsing activities… it basically bounces your browsing requests around various proxies… so they do have valid uses.
Any serious hacker, especially one that is working for, or is part of the Russian government is smart enough to make their hacking attempts look like they came from either nowhere, or, from somewhere other than Russia.
Knowing what I’ve just described, anyone wanting to make it appear to laypersons that the Russians were hacking the USA election, would mask THEIR hacking attempts by routing them through Russian IP addresses, as is suggested in the article I link to below.
So when you hear politicians and news people who have diarrhea of the mouth spouting off about Russian IP addresses, it’s all nonsense.
It takes highly trained IT security specialists to determine exactly who, what, when, and where hacking comes from and in some cases they may never know.
Until next time,