24.3.17

Ramiro Helmeyer & RaFa new reputation-cleaning online technique: DDoS & IoT


UPDATED 28/03/2017 - 15:42GMT* - In the latest chapter of new and creative forms of silencing / eliminating from view, accurate and relevant information about certain characters of Venezuela's underworld, this week I've been battling with yet another DDoS attack against my first, now inactive, website: vcrisis.com. This time round, thousands of smartphones are being used, presumably without owners consent, to direct traffic (POST and GET requests) to my site. But the more interesting aspect is that most traffic comes from a handful of Google Cloud's IP addresses.

You read that right, DoSers are using Google's power to crash my server. For public benefit and future reference, abused addresses are:

104.199.239.63
104.155.223.136
35.185.97.148
35.185.71.234
104.198.44.92
104.154.156.18

The requests being made, by the thousands, look like this:

www.vcrisis.com 35.185.71.234 - - [23/Mar/2017:00:01:13 -0400] "POST /index.php?content=archive HTTP/1.1" 200 498751 "-" "Mozilla/5.0 (BlackBerry; U; BlackBerry 9900; en)

www.vcrisis.com 35.187.34.71 - - [23/Mar/2017:00:01:11 -0400] "POST /index.php?content=archive HTTP/1.1" 200 498752 "-" "Mozilla/5.0 (Linux; U; Android 2.3.3; de-ch; HTC Desire Build/FRF91) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"

www.vcrisis.com 104.155.223.136 - - [23/Mar/2017:00:01:11 -0400] "POST /index.php?content=archive HTTP/1.1" 200 498764 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows Phone OS 7.0; Trident/3.1; IEMobile/7.0; Nokia;N70)"

www.vcrisis.com 104.155.223.136 - - [23/Mar/2017:00:01:07 -0400] "GET /? HTTP/1.1" 200 22781 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36"

www.vcrisis.com 35.187.34.71 - - [23/Mar/2017:00:01:07 -0400] "POST /index.php?content=archive HTTP/1.1" 200 498759 "-" "Opera/9.80 (J2ME/MIDP; Opera Mini/9 (Compatible; MSIE:9.0; iPhone; BlackBerry9700; AppleWebKit/24.746; U; en) Presto/2.5.25 Version/10.54"

Logs show thousands of such requests, to the extent that the server has been shut down and special measures have been put in place by my web hosting provider. I have, of course, shared relevant data with Google's Project Shield, whose staff alerted me to increased traffic towards my vcrisis.com site the other day.

One of the benefits of this new association with Project Shield is that I get to see things that I couldn't / wasn't aware of before, such as the number of removal requests made on articles posted on my website. The one reprinted below, for instance, which is a post written by blog friend, financial crime consultant Ken Rijock, seems to be causing some discomfort to criminal Ramiro Helmeyer and his community manager, also convicted criminal, RaFa the hacker

My dashboard shows that since 27 September 2016, 54 removal requests have been made on stuff posted on vcrisis.com, almost all of them to have the article below removed. Checking on removal requests made on articles posted in my other site, infodio.com, I noticed that all 368 such requests, from the first one made also on 27 September 2016, are either articles on RaFa, or those exposing his who's who list of thuggish / criminal Venezuelan clients, from convicted Helmeyer, to more recently convicted Roberto Rincon...

Some time ago I alerted Matt Cutts about RaFa's astroturfing. I guess he's having to do all the criminals' white washing again. And he's succeeding at it I reckon. Google searches for Ramiro Helmeyer return these results these days: surely David Beckham, Alec Baldwin and Jesse Eisenberg wouldn't be proud of such usage of their images.



* An update: the good folks at Project Shield sent a message saying "It was a Layer 7 HTTP flood DDoS attack." Further investigation revealed that Project Shield own IP addresses were indeed used in the DDoS attack. What interests me is the level of sophistication Venezuelan crooks are employing to scrub their reputations. Considering the staggering amounts of money they've gotten through corruption, and the kind of services employed, is not difficult to foresee that their past misdeeds will be eliminated from public domain.



Drug Traffickers, Money Launderers And Terrorists Running Venezuela

By Kenneth Rijock, Financial Crime Consultant

27.02.06 | Today we profile some of the career criminals who run Venezuela today, and are covertly moving it towards the military application of nuclear power, as well as other equally suicidal goals of their president, including but not limited to, looting the country of its national wealth, and destroying its economy. Here’s today’s selection:

Carlos Rafael Lanz Rodriguez (ID. 3437254) - This former career terrorist, who once kidnapped and held an American businessman for several years, was named by Chavez to head ALCASA, Venezuela’s aluminum processing utility, believed by some experts to be a front for Uranium mining. Last year, he was seen meeting with Mustafa Setmariam Nasar onboard a Panamanian-registered freighter on the Caribbean coast. For those of you not following the global war on terrorism, Mr. Nasar is the Syrian Al-Qaeda leader who was the intellectual author of the Madrid train bombing, and is one of the most wanted fugitives in the world. This super-terrorist is regularly protected by the Direccion De Los Servicios De Inteligencia Y Prevencion, DISIP, when he travels in Venezuela. What was the subject of their conversation?

Guillermo Antonio Garcia Ponce (ID. 10804) - One of Venezuela’s most radical Marxists, (Liberacion Nacional in the 1960s) Comandante Garcia is Chavez’ liaison with the government of the Democratic Peoples’ Republic of Korea, or North Korea. His mission is to acquire prohibited nuclear technology, and he has taken at least 8 trips to North Korea for that express purpose. It makes you wonder why North Korean military officers have been seen at Fort Tiuna, and what exactly Venezuela has purchased from that rogue country.

Ramiro Francisco Helmeyer Quevedo (ID. 5217226) - Released by Chavez from a 30-year prison sentence for murder (Mario Patty), this psychopath has been wanted in the US for weapons violations and escape for twenty four years (Northern District of Georgia, Case Numbers 1982cr-00220 and 1982cr-00355). His status as a trafficker in narcotics to Canada doesn’t seem to bother the Chavez government, though; Chavez unilaterally threw out his Venezuelan murder conviction, case No. 182-M-142. He is a “financial advisor” to DISIP, looter of PDVSA funds. His government-sanctioned crimes remain unknown thus far, but his involvement is a certainty, as is his longtime involvement with Orlando Castro Llanes. Helmeyer’s close associate, Alex Del Nogal, was also released by Chavez from a 20-year prison term, and is also currently with DISIP. One wonders how DISIP leaders reconcile Del Nogal’s prison term in Switzerland, and subsequent escape from custody, with his law enforcement role.

Orlando Castro Llanes (ID. 12391789) - Cuban-born Venezuelan financier and money launderer, he played a key role in Venezuela’s 1993-1994 banking crisis. He was convicted in the US of defrauding depositors of more than $ 55 million at Banco Progreso Internacional de Puerto Rico. This individual has been allowed to reopen his insurance business and is now a close aide to Chavez. Is it his communist past or his ability to destroy financial institutions, or both, that attract Chavez, and is he the brains behind Chavez’ foreign bank purchases?

Ricardo Fernandez Barrueco (ID. 9095496) - No stranger to our attention, a man who went from living in a grain silo to being a PROAREPA multimillionaire in record time, thanks to the Chavez family. He represents one of the greatest threats to Venezuela’s economy, as he has the ability to drain all of Venezuela’s wealth, both domestic and foreign, using his network of offshore tax haven bank accounts. Will he be the bagman who pays HAMAS with Venezuela’s PDVSA profits in Teheran? We shall continue to investigate, so stay tuned.

No comments: