Shadow-Tap

Posted on by
Reply

This is pretty incredible and also a bit terrifying how much data the government has and the amount of time the breach persisted before it was found and closed.

OPERATION SHADOW-TAP: March/April 2026 Breach

⚠ OPERATION SHADOW-TAP

Declassification Analysis: March/April 2026 CALEA Infrastructure Breach

STATUS: ACTIVE INCIDENT

In early March 2026, a highly sophisticated Advanced Persistent Threat (APT) breached the primary Law Enforcement Agency (LEA) routing hubs governing the Communications Assistance for Law Enforcement Act (CALEA) infrastructure. This enabled unauthorized access to active wiretaps, metadata routing, and target identification lists across major US telecommunications providers.

🔓

Telecoms Breached

14

📁

Records Exposed

2.3M+

Estimated Dwell Time

45 Days

💸

Mitigation Cost

$1.5B

📈 Attack Timeline: Traffic Anomalies

Network monitors detected a massive spike in outbound encrypted traffic originating from Tier-1 CALEA portals starting March 12, peaking in late March before the FBI completely severed external connections on April 4.

📊 Composition of Exfiltrated Data

The attackers prioritized metadata and target identities over raw audio intercepts, indicating a strategic intelligence-gathering operation rather than standard extortion or disruption.

⚑ Attack Vector & Kill Chain

The breach utilized a zero-day exploit in the legacy VPN gateways used by LEA personnel to access telecom interception interfaces. Below is the mapped progression of the intrusion.

🔐 1. Initial Access

Zero-day exploit on LEA VPN endpoints

💻 2. Lateral Movement

Compromise of CALEA routing servers

🔍 3. Collection

Harvesting target lists & active metadata

📡 4. Exfiltration

Encrypted bursts to external C2 nodes

🌐 C2 Infrastructure Connection Clusters

This scatter plot illustrates the mapping of outbound exfiltration bursts. The X-axis represents the duration of the burst, and the Y-axis represents the payload size. Clusters indicate automated, structured exfiltration algorithms designed to evade threshold alarms.

Harbor Freighting the woods

Posted on by
Reply

I’ve been storing some stuff out at my property just… in the open air, finally decided to put some shelter up, albeit temporary just to get things out of the elements. Cheapo $199 shelter from Harbor Freight, came out pretty good. Welds on it are super suspect and not straight but hey, whatever, it was $199 and can fit all my stuff.

Ubiquiti SuperLink and USL Environmental Sensors

Posted on by
Reply

First off, lets start with a warning; If you order your SuperLink and Sensors from the Ubiquiti US store, it’s possible that you may get one of the units or in our case, all the sensors as the EU model and then a US SuperLink and well… they don’t work together. You can identify if you end up with an EU sensor or device via a small sticker on the box like this;

But once you get the right sensors – Kudos to UBNT for overnighting us replacements – they work very quickly, just pull the battery tab and they come up. So far so good, they’ve been pretty reliable connection wise for us and we’ve been testing them through concrete filled CMU w/ steel and we still have a reliable connection with reliable monitoring:

Overview: What is SuperLink?

The SuperLink platform from Ubiquiti is a new wireless sensor protocol & gateway ecosystem designed to integrate with the UniFi OS / UniFi Protect environment and deliver IoT sensor connectivity with enterprise-grade range, latency, and battery longevity.

Key technical highlights

  • SuperLink is designed for multi-kilometre line-of-sight range, enabling large-scale deployments (industrial, commercial, smart-buildings) rather than just short-range BLE sensors.
  • Ultra-low latency communications, tailored for security / alarm / automation sensor use-cases.
  • Efficient power management: supports long battery life endpoints (key for sensors in remote/undisturbed locations).
  • Integrated into UniFi OS: the gateway is adopted into UniFi Protect, which means your existing UniFi-based infrastructure (if you have one) can leverage the sensors and gateway.
  • For deployments: the gateway supports dual radios – Bluetooth (for legacy BLE sensors) plus the proprietary sub-GHz SuperLink radio for the new sensors.
  • In short: if you are managing facilities (data center racks, network closets, remote MSP sites) and you need environment-monitoring (temperature, humidity, water leak, light) with wide coverage and minimal wiring, the SuperLink + USL-Environmental combo offers an interesting path.

Tucson, Data Centers and the AI “Bubble”

Posted on by
Reply

I’m the Vice President of Operations for a Data Center Provider in Tucson – It’s easy to find out which one, I just keep them purposefully separate – and we’ve had a lot talk lately within the community about Data Centers and the resource consumption they demand, specifically in Tucson around Project Blue.

One of the big demands of some facilities is water, if they’re going to be doing GPU workloads or just intense workloads and turn to child water ( they should… it’s very efficient at scale ) the initial proposal was for an open loop water cooled chiller plant. Because of the low humidity in Arizona, and the initial low cost to implement such a system it would make sense to go open loop but there’s one issue…. water consumption. Now, given that we are in the desert, and if you had done any research in the city, you’d know that you are not going to have a warm reception to high water usage. They did not do that and so the community rejected the offer.

Closed loop cooling is more expensive up front and not quite as efficient but they do last longer and only require small amounts of makeup water after fill.

Finally you can do chilled water or glycol with a refrigerant based system, again just sticking with fluid type systems and not direct expansion systems.

We use direct expansion right now as our critical load is only 250kW at the moment, and that’s not enough to build out more than 1 chiller from a cost perspective. We will install a glycol loop for GPU workloads and direct to chip cooling before convert our DX units.

All this to say, being careful of your surroundings and environment makes a big difference in what type of headwinds you face in a given project. Perhaps if the team behind it had more than 6 months of experience working together and spent some time in the community before the initial design they could have known this. Furthermore the power load, some 650MW is more than the city currently consumes. A consumption that is already hare for the local utility to provide reliable power to, we have hundreds of power monitors across southern AZ and it’s not great. Additionally we ourselves have to routinely go to generator in unplanned events every year due to utility failures, in the city. I don’t think that it’s rational to think that the local utility was going to be able to double their power supply in 2 years without community impact.

The AI boom is not a bubble – I don’t think, but it will be interesting to see how much capital comes calling back and how soon, there’s a lot hanging out there right now and I’m not sure what they are going to reasonably do for power. Microsoft bought a nuke… others are using gas turbines on site through various loopholes. It’s interesting… We have been looking at the same requirements and we are going to install about 300kW of solar in the city to offset some load. We have about 250kW of critical power shell available right now but hopefully in the near future we will have about 10MW available but, hopefully, in a sustainable manner.

Some thoughts on the world today.

Posted on by
Reply

I don’t like to make political posts of any kind on this page, it is sincerely geared towards just notes and tips and tricks for technical topics, it is not meant to be anything beyond that however, I think it’s important for the technical community to safeguard certain data that is attempting to be removed from access by citizens of the US.

If you are of the ability and have the capability and you see something that is being scrubbed, take that data, and share it with the world elsewhere, things that are resources for people and the Internet as a whole should not be censored, ever. Access to the Internet should not be controlled by a governmental body, ever.

Data collection is bad, but removing the choice of what you consume in order to control the narrative is even worse, do not accept actions of your government to control the information for which you have access, resist.

That is it, thanks.

Extending an LVM / XFS mount/partition online in Rocky Linux

Posted on by
Reply

Scenario: You have a VM and you’ve increased the disk size in the hypervisor and want to extend the LVM and partition in the guest.

LVM is the last partition so we can grow it versus creating a new partition and adding it to the VolGroup:

(parted) p                                                                
Model: Xen Virtual Block Device (xvd)
Disk /dev/xvda: 335544320s
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags: 

Number  Start     End         Size        Type     File system  Flags
 1      2048s     2099199s    2097152s    primary  xfs          boot
 2      2099200s  167772159s  165672960s  primary               lvm

The easiest way to extend this is via the growpart tool, found in the cloud-utils-growpart package in AppStream

dnf install cloud-utils-growpart
Last metadata expiration check: 3:13:02 ago on Fri 25 Oct 2024 04:47:25 AM MST.
Dependencies resolved.
==============================================================================
 Package                                                                               Architecture                                                            Version                                                                      Repository                                                                  Size
==============================================================================
Installing:
 cloud-utils-growpart                                                                  noarch                                                                  0.33-0.el8                                                                   appstream                                                                   35 k

Transaction Summary
==============================================================================
Install  1 Package

Total download size: 35 k
Installed size: 75 k
Is this ok [y/N]: y
Downloading Packages:
cloud-utils-growpart-0.33-0.el8.noarch.rpm                                                                                                                                                                                                                                                    78 kB/s |  35 kB     00:00    
------------------------------------------------------------------------------
Total                                                                                                                                                                                                                                                                                         47 kB/s |  35 kB     00:00     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                                                                                                                                                                     1/1 
  Installing       : cloud-utils-growpart-0.33-0.el8.noarch                                                                                                                                                                                                                                                              1/1 
  Running scriptlet: cloud-utils-growpart-0.33-0.el8.noarch                                                                                                                                                                                                                                                              1/1 
  Verifying        : cloud-utils-growpart-0.33-0.el8.noarch                                                                                                                                                                                                                                                              1/1 

Installed:
  cloud-utils-growpart-0.33-0.el8.noarch                                                                                                                                                                                                                                                                                     

Complete!

Now extend partition #2 with the tool:

growpart /dev/xvda 2
CHANGED: partition=2 start=2099200 old: size=165672960 end=167772159 new: size=333445087 end=335544286

That’s it, the partition is now extended, next up, extend the LV:

lvextend -l +100%FREE /dev/mapper/rl-root 
  Size of logical volume rl/root changed from <71.12 GiB (18206 extents) to <151.12 GiB (38686 extents).
  Logical volume rl/root successfully resized.

Finally grow the XFS file system via xfs_growfs

xfs_growfs /
meta-data=/dev/mapper/rl-root    isize=512    agcount=4, agsize=4660736 blks
         =                       sectsz=512   attr=2, projid32bit=1
         =                       crc=1        finobt=1, sparse=1, rmapbt=0
         =                       reflink=1    bigtime=0 inobtcount=0
data     =                       bsize=4096   blocks=18642944, imaxpct=25
         =                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0, ftype=1
log      =internal log           bsize=4096   blocks=9103, version=2
         =                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0
data blocks changed from 18642944 to 39614464