Why is a Russian hacker interested in my March To Leave blog post?
Despite what it might look like, I'm not trying to tell you this is important. I'm just reporting the facts that happened.
I own a website. I use it to write blog-style posts. Some of them I like, some of them I know lazy but harmless. I move haplessly between the two because I do this for fun, I'm not trying to be the next big thing in the blogosphere and I am happy with a global audience of two.
On the morning of 16 March 2019 I created a page which was definitely the latter. It was a list of tweets about March To Leave which I found funny. There was no editorial, no analysis, just some tweets which I thought deserved a wider audience. I assumed I would delete it in two weeks when everyone had forgotten what a funny thing March To Leave was.
Anyway, while all this was going on, a strange coincidence happened. Let me explain, badly.
It's really easy to switch a website into 'editing mode'. Before you can do any damage you'll be asked for a username and password. Hackers and their robots will sit there all day trying to guess passwords for any website they can find. Normally they are looking for somewhere to store their scams and malware.
This website has a typical security system on it, where if someone falls at the logging in hurdle it will stop them and let me know. This firewall protects against an average of one hack attempt a day (sometimes none, sometimes two, you get the idea).
The firewall also records the suspicious person's IP address, and reports where that IP address is based - giving a domain if possible. I can see from the records that over the course of a year, most of those blocked hackers have been based in China, with the US second and the Netherlands third. You may or not be surprised.
So that's a normal day in the firewall. But, from the moment I published that page which was making fun of March To Leave (and tweeted about it), I received a surge of activity.
That's 30 attempts to login overall, most of them back-to-back, and all of them coming from someone or something in Russia. Normally I wouldn't publish people's IP addresses, but frankly they shouldn't be trying to edit my website.
When I saw this I thought of the Russian troll farms and their interest in Brexit and thought 'typical'. It would be nice to end this page with that conclusion. But actually it's a lot stranger than that.
There are lots of big websites which write about Brexit in cold, hard facts. They would be much better targets than me. If my suspicion is correct, those big news websites, blogs and campaign groups would have been targetted before, and they would have spotted the pattern and reported on it much better than I just did.
I am a nobody. I have no clout. I'm forever complaining about having to maintain my website. The idea that any member of the Russian trolling community would spend time trying to remove my hastily-pasted listicles is really laughable. They could produce more interesting content than I can for starters.
It's also one of the most pathetic hacking attempts in history. I don't doubt that within the Russian propaganda industry they have plenty of tools to truly shut down any amateur website they don't like. They wouldn't try to log in 20 times, give up, and then come back tomorrow for 5 more.
At the same time, the coincidence is remarkable. I never get that many hack attempts, and I barely ever get them from Russia, so excuse me for being so suspicious.
So that's what I've spotted. I'll leave it to others with bigger and better websites than me to see if they've spotted the same.