As many of you might recall, during past presidential elections the government filtered TV, Radio and shut down some SMS network and most venezuelan ISPs had a DNS glitch.. Most end users solved this by restarting their computers, At the same time many opposition websites that were informing about irregularities suffer DDoS attacks.
This year with the penetration of social networks and use that the student community of Venezuela haven to them to spread their message and denounce irregularities; The venezuelan government seem to be preparing for a new attack, the target this time are the social networks..
Repeat as parrots
As every venezuelan knows the presidential candidate and current president of the republic uses the twitter handle @chavezcandanga which is controlled by what I assume is his P.R. committee. This same group has a twitter application that makes the account of everyone who chooses to install it a robot (bots) that will retweet what ever @chavezcandanga post. Not to mention that 46% of his followers are users who only have one tweet or less, have a follower none, this to me are clearly, bot accounts.
Clamping down on social networks
What worries me now is that the same IP address that hosts the subdomain http://mensajes.chavezcandanga.org.ve/ proxy also hosts a twitter proxy that so far does not contain malicious code (that I can see). But it does not mean that this will not change days before the election or during. Right now you can see it for yourself but just in case CONATEL (entity that controls this IP) removes the proxy, page that distributes the application to send send spam on twitter and who knows what else, Here are some screenshots of what I was talking about.
As you can see the IP in question is
126.96.36.199 wich differs from twitter IPs as you can see from this output:
host twitter.com| grep address
twitter.com has address 188.8.131.52
twitter.com has address 184.108.40.206
twitter.com has address 220.127.116.11
For those who are wondering the source for this story or how I learned about this, a follower on twitter contact was the one who found this this “coincidence” as you can see in this tweet:
— Javier Moreno (@MorenoVJavier) September 10, 2012
Update: December 15, 2012
At this moment the IP
http://18.104.22.168 still host a Twitter proxy although I don't see any malicious code you should be careful during the upcoming regional elections this upcoming Sunday (the 16th) 16. I recommend you stay tuned and avoid to accept any new SSL certificates when using twitter during this weekend. I would also avoid to use my credendentials if “mysteriously” you get prompt to provide them while navigating Twitter.com, specially if the URL doesn't begin with HTTPS.