Yes, Russia.

I previously said that the Russians are coming. Yes, I meant it.

In the last two weeks, I’ve had registrations from 25 accounts that flagged themselves as bots. Of those, about half went on to post exactly one spammy toot.

Of these, 24 of them had email addresses that were hosted by mxsrv.mailasrvs.pw. That one server itself is hosted by DigitalOcean, an American hosting company. The other email address is from a domain without a designated mailserver (that is, it lacks an MX record).

22 of the users connected to the FreeRadical.zone instance from IP addresses in owned by “QUALITY NETWORK CORP” out of Seychelles. They are in ASNs AS50896 or AS50896, both referring to “Depo Data Center Kaluga”, at “248021, Russia, Kaluga region, Moscow Street 258, office 16”.

2 of the remaining users connected from IP address that are also owned by “QUALITY NETWORK CORP”, but for which whois doesn’t show their ASNs (yay RIPE!).

The 1 other user connected from a netblock with ASN AS61440 owned by “Digital Energy Technologies Chile SpA” out of Santiago, Chile. They still used the mxsrv.mailasrvs.pw mailserver, though.

I’ve been called a “paranoid liberal”, a “fascist”, and “retarded” for saying that I thought that the recent spam flood had ties to Russia. Turns out I underestimated the connection: out of 25 spammers I identified and blocked, 25 are directly tied to hosting accounts in Moscow through at least one means.

Social media managers at companies establish presences on all new social networks. Even if they don’t use them immediately, they plant a stake in the ground in case those networks later become popular. It’s unreasonable to believe that social media engineers from major world governments don’t also do the exact same thing.

Update

The information I worked with to compile those stats is at https://gist.github.com/kstrauser/bb63763363e81fa5f843fc7bcb9f84b4.