among other things, they work on AI there

but it also could just be someone using the wifi, if there is wifi there

"I find it a little suspect why would they want to hack a GOV agency to hack me." They don't have to hack anything to spoof an IP address.

maybe they got hacked and hacker is using a hacked unix account to operate?

unix account is not necessary for spoofing IP.

Please enlighten us how to "spoof an ip", because it definitely doesn't work the way you think it does.

There are many ways, but I'd assume this was an older infrastructure and the TCP sequence numbers were guessed correctly to spoof the location/IP address.

The fact that there are multiple people reporting the same kind of attack leads me to pull back on my "probably trolling" statement.

most likely trolling

That doesn't makes any sense, if you spoofed your IP address, you wouldn't even be able to complete the TCP 3 way handshake, let alone the HTTPS stuff, as it would send data back to this spoofed IP

Someone below said SSH was open, I'd guess they have proxied into a Google VPS, have somehow obtained a list of comprised accounts maybe from another site getting breached, and are trying to login to people's gmail accounts unsuccessfully.

Was a Google employee, its mainstream news now.

Same thing happened yesterday to my daughter. Then, she randomly asked a guy repairing her phone screen about it, and he said he received the same message. She traced her intrusion to a NASA center in Ashburn VA.

Another IP trace went to Merit Network in Ann Arbor. Could be the hosting co. for the software they're using?

There's fuckery afoot. Wondering if it's related to the messaging from the gov't going on tomorrow.

What messaging from the govt going on tomorrow ?

https://www.cbs46.com/archives/emergency-alert-test-delayed-due-to-hurricane-florence/article_572d9102-48a4-5df4-ae66-d66f6d1779f6.html

Link provided by another Redditor on this thread.

The emergency alert test has been called off and postponed for a few weeks. They didn't want any add confusion while dealing with the aftermath of Hurricane Florence.

https://www.cbs46.com/archives/emergency-alert-test-delayed-due-to-hurricane-florence/article_572d9102-48a4-5df4-ae66-d66f6d1779f6.html

Can you provide the IP?

Happened to my friend yesterday and Ashburn Virginia came up but it was a dead end. Curious to see how she was able to figure out her attacker from a NASA facility in the area.

35.241.196.144

That's the one from her initial alert that her account had an attempted hack.

I just had a google alert about someone trying to sign in from the same place the other day. That’s weird.

Yeah this seems to be a coordinated attack potentially coming through someone using Google as an ISP that traces to an unknown likely government facility and zip code.

Most probable explanation is there is a proxy server running on those machines at NASA that bots are using to do what they always do. NASA has historically had very poor it security, looks like that's still the case.

Ann Arbor is a HUGE intel/cyber security hub. There are all kinds of gov contractors based there.

Thursday is the National EAS test.

They pushed it back till October 2

Screenshot?

you may have googled wrong, it locates to detroit area / ann arbor:

ipaddress.is/35.242.216.1

Ok this is fucking weird.

I got a call from a buddy yesterday because someone tried to hack into his Gmail. The IP is different but similar and 3 of the tracebacks lead to Moffett Field in Mountain View which is leased by Google https://www.google.com/amp/s/www.mercurynews.com/2015/03/31/google-takes-over-aging-moffett-field-and-its-airship-hangars/amp/. The 4th location traced back to Ashburn Virginia to a zip code with no addresses.

The longitude and latitude that IP traces to is near a BBQ place in Ashburn. The IP shows up as being a Google ISP, so I searched the BBQ places address to see if Google Fiber is available in the area and it is not. Meaning there is no publicly available Google ISP in the area, and given the fact it’s listed with its own zip code I can only assume it’s like how some buildings in New York or even prisons have their own zip codes for a single building or facility.

Meaning there’s likely an unknown facility with its own zip code that has Google as an ISP as its provider thats potentially not publicly available. That computer system is then probing Gmail accounts to hack into them, and one of Google’s security systems is being triggered reporting Google and this Google ISP location as the source of the hack.

I port scanned the IP and the only thing open was SSH for remote access using some secure encryption. So this isn’t some random web app or server. It’s possible someone is just running this on Google Cloud but there’s no proxy, no VPN, and it’s traceable to a zip code that doesn’t exist and a BBQ place. Also I’m not sure why it would be tracing back to the Moffett Field data center. Most of Google Clouds facilities are located elsewhere.

My original guess was this was civilian, possibly corporate someone with ties to Google, maybe some kind of political operative. Now I don’t know. This could be deeper than that.

The fact I know this is now a coordinated attack is fascinating. My friend believes he’s being targeted for political reasons. I can’t disclose the situation but I can assure you he has reason to believe this and it is serious.

Anyone else who was targeted in this hack have any reason why they might be targeted?

Also if you know someone who has been targeted instruct them to turn on two step authentication to secure their accounts and prevent a second attempt on their accounts. Any IPs or other info you can provide would be useful.

I’m seriously interested in maybe writing about this publicly and seeing if we can figure out wtf is going on.

Geolocation is not that accurate that you could pinpoint it to specific building. It's Google's IP in Mountain View, CA. and in use by Google Cloud. Who/what used that could be anyone. I would try to contact google and ask.

I tried to geolocate my own IP. Seems to be over 100miles from my home in the middle of nature reserve.

https://www.iplocation.net/geolocation-accuracy

Trump has to backdoor into your phone before he can text you on Thursday.

They got cha my dude, watch out and good look <3

protip : government networks are easy to compromise

&#x200B;

someone has made a botnet out of NASAs datacenter and they are using it to scam and exploit, they must have complete remote access pretty neat.

This was my conclusion.

Would explain Sunspot being closed if that was where they uploaded it?

view my profile history for a writeup on sunspot, they were not spammers, it was advanced espionage, likely done by a foreign nation.

&#x200B;

&#x200B;

It could be just as likely CIA, trying to frame Russia with a "cyber attack".

Add in the explosions in the NE from the gas lines (cyber attack on infrastructure), bam, you've got a Tom Clancy novel.

Since it's an old account, the password was probably hacked sometime if you used the same password for multiple sites. Check your address at https://haveibeenpwned.com/ and other sites to see. A botnet can harvest these and test them and it seems that's the most likely explaination.

Whois IP 35.242.216.1updated 1 second ago

ARIN WHOIS data and services are subject to the Terms of Use

available at: https://www.arin.net/whois_tou.html

If you see inaccuracies in the results, please report at

https://www.arin.net/resources/whois_reporting/index.html

Copyright 1997-2018, American Registry for Internet Numbers, Ltd.

NetRange: 35.208.0.0 - 35.247.255.255 CIDR: 35.208.0.0/12, 35.240.0.0/13, 35.224.0.0/12 NetName: GOOGLE-CLOUD NetHandle: NET-35-208-0-0-1 Parent: NET35 (NET-35-0-0-0-0) NetType: Direct Allocation OriginAS:
Organization: Google LLC (GOOGL-2) RegDate: 2017-09-29 Updated: 2018-01-24 Comment: *** The IP addresses under this Org-ID are in use by Google Cloud customers *** Comment:
Comment: Direct all copyright and legal complaints to Comment: https://support.google.com/legal/go/report Comment:
Comment: Direct all spam and abuse complaints to Comment: https://support.google.com/code/go/gce_abuse_report Comment:
Comment: For fastest response, use the relevant forms above. Comment:
Comment: Complaints can also be sent to the GC Abuse desk Comment: (email@google.com) Comment: but may have longer turnaround times. Ref: https://rdap.arin.net/registry/ip/35.208.0.0

OrgName: Google LLC OrgId: GOOGL-2 Address: 1600 Amphitheatre Parkway City: Mountain View StateProv: CA PostalCode: 94043 Country: US RegDate: 2006-09-29 Updated: 2017-12-21 Comment: *** The IP addresses under this Org-ID are in use by Google Cloud customers *** Comment:
Comment: Direct all copyright and legal complaints to Comment: https://support.google.com/legal/go/report Comment:
Comment: Direct all spam and abuse complaints to Comment: https://support.google.com/code/go/gce_abuse_report Comment:
Comment: For fastest response, use the relevant forms above. Comment:
Comment: Complaints can also be sent to the GC Abuse desk Comment: (email@google.com) Comment: but may have longer turnaround times. Comment:
Comment: Complaints sent to any other POC will be ignored. Ref: https://rdap.arin.net/registry/entity/GOOGL-2

OrgTechHandle: ZG39-ARIN OrgTechName: Google LLC OrgTechPhone: +1-650-253-0000 OrgTechEmail: email@google.com OrgTechRef: https://rdap.arin.net/registry/entity/ZG39-ARIN

OrgAbuseHandle: GCABU-ARIN OrgAbuseName: GC Abuse OrgAbusePhone: +1-650-253-0000 OrgAbuseEmail: email@google.com OrgAbuseRef: https://rdap.arin.net/registry/entity/GCABU-ARIN

OrgNOCHandle: GCABU-ARIN OrgNOCName: GC Abuse OrgNOCPhone: +1-650-253-0000 OrgNOCEmail: email@google.com OrgNOCRef: https://rdap.arin.net/registry/entity/GCABU-ARIN

If you're concerned about your online security, I recommend investing in a physical security key (FIDO U2F), there are many on the market today:

1. https://www.yubico.com/solutions/fido-u2f/
2. https://store.google.com/product/titan_security_key_kit

If you're ultra concerned, buy two physical keys and contact Google for "Advanced Protection": https://landing.google.com/advancedprotection/

maybe they got hacked and hacker is using a hacked unix account to operate?

That doesn't makes any sense, if you spoofed your IP address, you wouldn't even be able to complete the TCP 3 way handshake, let alone the HTTPS stuff, as it would send data back to this spoofed IP

Someone below said SSH was open, I'd guess they have proxied into a Google VPS, have somehow obtained a list of comprised accounts maybe from another site getting breached, and are trying to login to people's gmail accounts unsuccessfully.

They pushed it back till October 2