alt.hn

1/12/2025 at 4:01:00 PM

Backdooring Your Backdoors – Another $20 Domain, More Governments

 https://labs.watchtowr.com/more-governments-backdoors-in-your-backdoors/

by mooreds

1/12/2025 at 4:58:22 PM

To avoid my comment being entirely a terminology nitpick I will say this is very cool work that I would be too afraid of CFAA to ever attempt. Especially funny to see four parasites on one government domain. Do skiddies not excise other skiddies' backdoors when pwning systems so they can have them all to themselves?

> We then hooked that up to the AWS Route53 API, and just bought them en-masse. Honestly, it’s $20, and we’ve done worse with more.

> We’re incredibly grateful for the support of The Shadowserver Foundation, who have agreed yet again to save us from our own adventures and to take ownership of the domains implicated in this research and sinkhole them.

I wish we could collectively stop using the terms “buy” and “own” with regard to domains. Try “leased” or “rented”. If they could be bought then they wouldn't have been available again for this exercise.

by Lammy

1/13/2025 at 1:00:14 AM

What would buying even mean in this sense? Even countries don't "own" their ccTLDs, but ICANN has made considerable efforts to outline policies that go "we really need to treat ccTLDs like the countries own them to avoid tensions over internet namespaces". That's why most gTLD rules don't apply to ccTLDs.

Countries "own" their ccTLD in the sense that they (or most) have the military prowess to defend their usage of their ccTLD if ICANN, or the servers at root-servers.net, were to stop resolving TLDs appropriately.

by judge2020

1/13/2025 at 6:51:35 AM

The root servers hold the real power, and IIRC over 50% are operated in the US, with many of them being operated by the US military and others educational institutions.

I can only assume that the US has tolerated varied use of ccTLDs for the sole purpose of avoiding a competing alternate DNS root zone becoming more prominent.

by NewJazz

1/13/2025 at 5:25:43 PM

I’m sure the NSA does their best to make sure the US doesn’t politically fuck that up

by preciousoo

1/13/2025 at 2:15:55 PM

But root servers aren't a democracy, are they? If US root servers went bonkers, people would just use different root servers. Doesn't matter whether it's 50% or 90% that are in US if they can be ignored?

by croemer

1/13/2025 at 3:35:17 PM

Yeah that's the point. If US acted up, and pressured other operators to follow suit, the root zone could split up. They don't want that to happen.

by NewJazz

1/13/2025 at 2:45:32 AM

DNS is then a weapon of mass destruction

by BobbyTables2

1/13/2025 at 1:16:12 AM

All property, physical and digital, is rented if you squint just right.

by awwaiid

1/13/2025 at 1:53:21 AM

I'm curious if this is a socialist lament about landlords or a libertarian complaint about governments.

by noduerme

1/13/2025 at 2:34:48 AM

Maybe it's an existential comment about the fleeting existence of life.

by lazyasciiart

1/17/2025 at 10:51:37 AM

That was actually the first way I squinted at it, and it doesn't have to be existential - the lack of ownership in the fourth dimension is stated well in most religions. But for some reason I doubt they meant it that way.

by noduerme

1/13/2025 at 5:41:49 AM

I think it's just acknowledging the reality that property is a social construct, one that's created by the social contract.

by nightpool

1/13/2025 at 9:25:45 AM

Well, Rousseau himself would say property is theft in not exactly those words

From his discourse on inequality

> The first man who, having enclosed a piece of land, thought of saying "this is mine" and found people simple enough to believe him, was the true founder of civil society. How many crimes, wars, murders; how much misery and horror the human race would have been spared if someone had pulled up the stakes and filled in the ditch and cried out to his fellow men: "beware of listening to this imposter. You are lost if you forget that the fruits of the earth belong to everyone and that the earth itself belongs to no one!"

by mathieuh

1/13/2025 at 10:57:51 AM

Ultimately it comes down to force. The person with the pointiest sticks will likely be able to enforce their view about ownership over others.

Taken quite literally, property is armed theft from the commons I guess. Unfortunately, it's tricky to do otherwise in a loosely organized swarm of barely tribal actors, because any peaceful society based on shared ownership will be prone to exploitation by malicious actors. It's basically a very large prisoner's dilemma: the global optimum would be to abolish private property, but as long as there are (enough) people around to exploit the situation for their own benefit (and to the massive detriment of everyone else), we have to stick to a sub-optimal system where everyone is worse off than the optimum.

by short_sells_poo

1/17/2025 at 10:57:35 AM

How would the global optimum be to abolish private property when you just stated that without it we live in a swarm of barely tribal actors?

The alternative to large-scale force is small-scale theft. Which is not so small-scale when you multiply it across every village and province. Ever been in the middle of a full social breakdown? Or a riot? Anyone who's seen what actual anarchy looks like would beg for some sort of order, even if it has to be imposed by force. It requires a very sheltered understanding of how the world actually works to think that anything good will come from unleashing chaos.

by noduerme

1/13/2025 at 10:53:57 PM

> Ultimately it comes down to force. The person with the pointiest sticks will likely be able to enforce their view about ownership over others.

This is a common but simplistic view that ignored e.g. concerns about popular legitimacy and support that often lead to the downfall of strongman regimes. Many people think they can enforce their views of ownership over others, but find that it's not quite that simple when they try to put it into practice. That's why I mentioned the social contract.

by nightpool

1/13/2025 at 11:53:18 AM

> the global optimum would be to abolish private property

The Soviet Union had this I believe, at least with buildings, and it didn't necessarily work out optimally.

by robertlagrant

1/13/2025 at 1:46:00 PM

Certainly, and to be clear I'm not arguing for communism as a realistic system. It would be ideal in an ideal world without greed and selfishness. As long as those exist, we need to have a system that functions when the individual actors place their own interests far above the interests of others.

by short_sells_poo

1/13/2025 at 2:45:43 PM

I like to think of it biomimetically. Organisms and ecosystems have both competition and collaboration at every level of organization.

If I were to design a government from scratch I think it would actually be relatively easy to know what's best nationalized and what's best privatized. Nationalize the things that you do not want to be driven by the profit incentive because they need to be fair and accessible to all (mass transit, healthcare, utilities, communication networks, science), and privatize everything else (entertainment, retail, food, services).

by foobarbecue

1/13/2025 at 4:54:31 PM

> privatize everything else [including] food

yet:

> Nationalize the things that [...] need to be fair and accessible to all

Should food be accessible to all?

Or is food production privatized because market economies more accurately meet consumer demand?

by throw5673985

1/13/2025 at 5:22:08 PM

Food is tricky. The food supply is one of the highest national security concerns IMO. Free market proponents love to go about saying that growing food should be left to countries and regions who do it well (due to climate and infrastructure), but if your country cannot grow enough food to supply it's own citizens' basic calorie needs, you are literally living on borrowed time. If the food supply is cut off for any reason, things go down very-very rapidly and the government has days, if not hours to sort things out before things descend into chaos.

At the same time, governments do not have a good track record of running the food/ags industry. I guess a system where the government heavily subsidizes it and incentivises domestic production, but lets farmers do their thing is probably as good as we can do?

by short_sells_poo

1/17/2025 at 11:09:31 AM

Countries that allow markets to control food prices have a far better track record of not starving, spiraling into hyperinflation, and losing wars than do countries which attempt to regulate food prices.

by noduerme

1/13/2025 at 11:30:13 PM

> Free market proponents love to go about saying that growing food should be left to countries and regions who do it well (due to climate and infrastructure),

I think this is globalism rather than free market.

by robertlagrant

1/17/2025 at 11:06:38 AM

I agreed with your first statement about competition and collaboration both being necessary. But if you extend that over time you see that those states in nature exist in a state of endless conflict, not in parallel. So in the realm of governing economies (democratically or otherwise), one of the most unfortunate but profitable outcomes of the human desire to oscillate between competition and collaboration is to be something like Argentina: Nationalize those things you want to be fair and accessible every 10 years and then privatize them again every other 10 years. This way, each new generation can lean capitalist or communist and make a killing by raiding whatever wealth was built by the previous generation in the name of fixing the system. Because after all, neither system is real. Both are just ways to paper over the fact that each new generation of young people are animals who kill their parents.

by noduerme

1/13/2025 at 2:34:18 PM

Wow, he sure can write! Proudhon literally wrote "property is theft" (see my other comments).

by foobarbecue

1/13/2025 at 2:42:25 PM

I'm aware, I was quoting Rousseau because the person I was replying to mentioned the social contract which was an area of particular concern for Rousseau. I would recommend reading Rousseau's Discourse on Inequality if you're interested, it's very accessible.

by mathieuh

1/13/2025 at 2:48:15 PM

Thanks, I will!

by foobarbecue

1/13/2025 at 6:20:51 PM

Maybe a deeper truth that is harder to put into words but which feeds into both of them. Something captured in much higher dimensional concept space that, when forced into our 3D world (and our <whatever>D political discussion space), looks like a sphere in one projection and a cube in the other, but which is neither.

by SkyBelow

1/13/2025 at 10:51:16 AM

I tend to think is neither of those, but meant very literally. For that reason I like it and I think it's an interesting subject.

What is ownership after all? The universe does not seem to have any form of ownership embedded in it's fundamental laws. If ownership is a human construct, then it is only meaningful insofar as a group of humans agrees on it.

I can stroll up to the White House and declare that I own it, but I'll struggle to convince a sufficient number of other people that this is true. If I can't assert my ownership, then I don't really own it, do I? It doesn't matter whether it is just, or fair (again - purely human constructs), ownership only matters if it can be enforced.

Being a human construct, it is also by definition temporary. It is only valid as long as humans are around to enforce it, and humans are fleeting. Humanity might endure, but there's no reason to think we are going to be around for eternity.

So it looks like ownership is not only temporary, but it is also fickle. People routinely disagree on ownership and are willing to kill- or be-killed for asserting their claims.

It looks like neither the communists, nor the liberatarians are in the right. Things will be owned by whoever has more pointy sticks :D

by short_sells_poo

1/17/2025 at 11:18:36 AM

It's not a human construct. If you have ever spent time around a cat, you can understand ownership completely without any legal constructs. What we as humans are somewhat proud of, or the definition of civilization, is that we spend most of our time trying to create systems to define boundaries and property rights without resorting to violence. Those systems can be fair and well-distributed or unfair and hereditary, or somewhere in-between; they inevitably hand over the violence to some arbiter or government (whether market-driven or communist dictatorship, it's the same in terms of a structure enforcing who gets what, even if the incentives and dynamics are skewed); but the point is that we code them into law so that any arbitrary cat can't just post up inside another cat's borders and terrorize the house.

The point of PROPERTY writ large isn't the piracy or acts of violence that people here make it out to be. Property doesn't arise from the law. Legal frameworks arise from the existence of property. And legal frameworks are an unadorned good in a world without them, because normal, domestic, and peaceful life does not exist where laws don't exist.

by noduerme

1/13/2025 at 11:55:38 AM

> Things will be owned by whoever has more pointy sticks :D

That sounds like the feudal or socialist systems. Isn't one of the points of modern democracies that we have the pointy sticks for outside invaders, and a legal system that replaces the system of internal-facing pointy sticks with an economic system and a justice system?

by robertlagrant

1/13/2025 at 12:04:02 PM

No. All systems of law, regardless of their "democratic" nature, are based on the principle of the state's monopoly on violence, and that violence is always directed towards the citizenry.

No matter how civil your society may seem, resistance to the state will eventually mean you get shot or beaten with truncheons.

by krapp

1/13/2025 at 1:37:38 PM

Exactly. Democratic and highly civilized countries still enforce property rights with pointy sticks. They maintain their claim on their territory against outside invaders with the army, and internally they enforce the laws of ownership using the police.

by short_sells_poo

1/13/2025 at 3:29:26 AM

Property is theft from the state

by foobarbecue

1/13/2025 at 7:00:51 AM

A curious assertion, considering that the protection of private property and enforcement of contracts is one of the foundational reasons for the existence of most modern states.

Stop me if I missed the sarcasm.

by noduerme

1/13/2025 at 9:25:26 AM

This was intended to be a wry comment referencing a communist idea that has always tickled my brain. Somehow I had it in my head that Marx said this (probably because of another joke-- "why did Karl Marx only drink herbal tea? Because proper tea is theft").

Checking my facts now, I see it was actually Proudhon, not Marx (although Marx did discuss the idea here: https://www.marxists.org/archive/marx/works/1865/letters/65_..., but seems to say it has a self-reference problem, and seems to delight in insulting Proudhon).

I think the "from the state" part is an accidental addition either of my own or from whoever explained the "proper tea" joke to me the first time. I just thought it always referenced the extreme philosophy that all property should be communal and therefore private property was theft from everyone, or equivalently from "the state".

by foobarbecue

1/17/2025 at 11:50:15 AM

Hah! I love the proper tea joke. Hadn't heard that one.

Extreme philosophy or not, I reject the idea that "everyone"=="the state". Most (all?) states which confiscate property in the name of "everyone" don't distribute it fairly anyway, so it's all a bit of a sham. Even if it wasn't, I still don't fancy having the 7 or 8 drunks I know at the local bar showing up to sleep on my floor, shower in my toilet and claiming it in the name of everyone, or the state, or whatever. Screw those people.

by noduerme

1/13/2025 at 11:53:56 AM

Drinking tea is in itself an act of theft - he drank that tea and now no-one else can drink it.

by robertlagrant

1/13/2025 at 9:19:32 PM

what's the difference?

by hhh

1/13/2025 at 11:10:05 AM

I read it as a libertarian complaint about governments.

i.e. own real estate? Try not paying the property tax on it, and see who really owns it. :)

by sgjohnson

1/13/2025 at 10:18:03 AM

> I wish we could collectively stop...

That's a "feature" of human nature and English. People say "my car" and "my phone number" when those are leased. "My house" when they have a new zero-down mortgage. And all sorts of other conceptual contractions - with the messier reality assumed to be common knowledge. Or just irrelevant to the point at hand.

by bell-cot

1/13/2025 at 1:21:09 AM

[dead]

by TacticalCoder

1/12/2025 at 8:58:04 PM

I loved this write up. Light-hearted. Conscious of the impact of any disclosure. Everything substantiated, but not taking themselves too seriously. Enjoying read, and at the same time talking about a serious issue.

by fn-mote

1/13/2025 at 1:38:49 AM

Thank you for putting it in words. I felt the same way, both about this and the writeup for their previous .mobi thing. Well explained with plenty of context, no buzzwords, light hearted and cool (while not trying too hard to make themselves sound cool), and plenty of substance with no fluff. A lot of blog posts or security write-ups violate some of these; this is a breath of fresh air.

by ipdashc

1/13/2025 at 12:31:04 AM

I also loved the appearance of WordArt, shame they did not do the rainbow one.

by taspeotis

1/12/2025 at 7:14:19 PM

I wonder what would happen if they exploited these webshells' backdoors to delete the webshells...

by Thorrez

1/12/2025 at 8:12:00 PM

If you're the FBI (and maybe also have a court order), you can do this [1]. If you're a grey hat hacker in Russia, you can maybe do this [2]. If you're a random person in the US, you're likely exposing yourself to a lot of (CFAA) risk.

As the authors of this post note, they were careful to only receive + log traffic and not otherwise send interesting responses/engage with the webshells.

[1] https://www.malwarebytes.com/blog/news/2024/02/fbi-removes-m...

[2] https://www.zdnet.com/article/a-mysterious-grey-hat-is-patch...

by abound

1/13/2025 at 1:41:45 PM

I'm not sure I understand this correctly:

> This is a line of CSS, specifying that the ‘menu’ style should fetch a background image from the given URL. On loading the page, the web browser will attempt to fetch the specified .gif file from the w2img.com server.

> Note: Disclosing just the domain in referrers is a relatively recent browser change, and indeed attackers using older browsers were sending us full shell URLs.

In particular re "attackers using older browsers": haven't the (original) attackers taken over the _server_ that's serving the CSS and the browser belongs to unsuspecting _users_ of the pwned server? Isn't it wrong to say the attackers use the browsers then, as the browser is used by a victim?

Under which circumstances would _attackers_ be using a browser? I can't make sense of this.

by croemer

1/13/2025 at 1:45:30 PM

A webshell is a page (typically a .php file) uploaded to a site by an attacker after a compromise (e.g. an RCE), which is then used by an attacker through their browser to perform further actions on the compromised webserver. These premade webshell files however have been made by other attackers and come pre-compromised with a backdoor. In this case the CSS in the webshell makes the attacker's browser snitch the webshell's location to a domain controlled by the author of the webshell.

by TazeTSchnitzel

1/13/2025 at 1:53:12 PM

Thanks that makes sense, not sure how I could miss that.

by croemer

1/13/2025 at 1:42:31 PM

> with the hopes of painting a paint a clear picture.

Typo: "a paint" is superfluous

> Taking a look through the results for high-value domains within our referrers, we the following stood out like a shining beacon:

Typo: superfluous "we" in "we the following"

> Atleast there will be memes on the record, and an awkward explanation of a raccoon.

Typo: "Atleast"

by croemer

1/12/2025 at 8:47:47 PM

Slightly off topic but what's going on with the font for the "y" character in this article? It sticks out like a sore thumb.

by busymom0

1/12/2025 at 10:15:27 PM

I find this sort of thing bothers me often enough that I've disabled downloadable_fonts. I think of the web as a place where I read things, so custom fonts that hurt readability are undesirable. I get why designers want a unique style, but I rarely want that as an end user.

by 8organicbits

1/12/2025 at 9:01:47 PM

It's the font design: https://abcdinamo.com/typefaces/favorit

by sosborn

1/13/2025 at 12:45:42 AM

Wow what is going on with that website.

by roygbiv2

1/13/2025 at 3:24:14 AM

I guess it's "Brutalism" or something, but I had a physical revulsion to the entire site design and all their fonts. It's so ugly it's almost charming.

by lioeters

1/13/2025 at 6:01:25 PM

Brutalism is a form of unapologetic minimalism, specifically the kind that does not spend effort covering up structural components.

Adding visual crap and animation isn't minimalism at all.

by yencabulator

1/12/2025 at 9:12:56 PM

Looks like the font provides an "alternative y" which looks normal. But the default one has that ugly broken look.

by busymom0

1/13/2025 at 1:43:14 PM

That website had me in tears of laughter.

From the amazing picture at the top, to the hand offering cookies, to the over the top shaking and spinning of everything on hover. This is one funny website.

by alt227

1/12/2025 at 9:50:34 PM

I think some fonts do this so that they have a distinguishing feature. Fonts seem to be a very saturated market, so this might help being noticed in a crowd of sameness and copycats, and many people don't look at a font otherwise either, even people who use them in designs.

I think the sticking out part is supposed to irritate somewhat, but it still needs to make some sense, like a hot take. I noticed some online personalities use the same strategy with pronunciation, consciously and consistently mispronouncing specific words, play up their accent. Media analysts also recognize verbal tics as a trope, for similar effect.

Back to fonts, another site that I remember using a similar thing is the Genius lyrics site. For a long time, while establishing their presence, they used the square character forms from the Programme font, which you can see on my link. They still use Programme, but use the normal forms for some time now though, presumably, because it was indeed irritating, and it hurt legibility.

https://www.typewolf.com/programme

by npteljes

1/13/2025 at 4:39:05 PM

If you can't compete on quality, you compete by being difficult to compare to better things.

by pessimizer

1/13/2025 at 8:21:39 PM

I think this is too cynical to be true. I brought up saturation and uncare of primary users (designers) specifically to address that quality is not enough. You put your heart and 1000 person-hours into a lovely font, but many will still opt for whatever ships with their OS or design tool. Quality is simply not enough, and sometimes don't even enter the picture, very similarly to creative work - for a musician, talent itself does nothing. Same for well-written code for software engineers - nobody cares, maybe only themselves in the future. Software achieving business goals, and being well written, or by brilliant people are two different things, with very weak correlation.

Usually the recipe for success includes good quality / talent, sure. But it also usually includes something that is markedly different from others. People, searching for this distinct something, can seem tryhard, or just throwing sh!t at the wall, to see what sticks - and maybe they are - but they are also doing something that's an organic part of the road to success.

For a font-related example, that might be easier on the eyes, could be Fira Code. One of the immediate distinguishers is the ligatures. Check it out if you haven't already, it's quite neat, and it was the talk of the town for quite some time.

by npteljes

1/13/2025 at 1:34:17 AM

Blast from the past seeing h0no mentioned.. Brings me back to days of darpanet/m00/#darknet/dikline

by pea

1/13/2025 at 2:19:14 PM

I wonder why they redacted almost all domains but the Federal High Court of Nigeria's? It's not mentioned explicitly, so I hope they did responsible disclosure.

by croemer

1/13/2025 at 10:19:59 PM

Should be called front dooring your backdoor

by m3kw9

1/13/2025 at 11:26:11 PM

so, it was 99% based on dns hijack, but he says nothing about how it was done?

by 1oooqooq

1/14/2025 at 9:11:25 AM

Have you actually read the article ? He explains everything in sufficient detail. He didn't "hijack" the DNS records, he bought the ones that were expired and available.

The only thing he doesn't explain (for obvious reasons) is the how he found the shells online (because as he puts it, they fell off the back of a truck).

by aneutron

1/14/2025 at 10:47:49 AM

they do mention the dns are still owned by advertising agencies fronts...

by 1oooqooq

1/14/2025 at 1:02:37 PM

Yes, but they did not touch that DNS specifically.

by aneutron