A couple of theories on the postcard after reading more about it elsewhere:
* It was sent and paid for by someone off their rockers. The QR code leads to a long PNG image that reads like a religious text stored on the distributed InterPlanetary File System (IPFS)[1]. I haven't read the entire "text" yet, but I can't see (yet) any side scheme to hack folks clicking the link (unless the image itself is compromised in some way) or do something shifty like mining Monero in the browser[2] while reading the tract.
* It's the first step in a more sophisticated social engineering scheme. Other than the (seemingly) harmless image link (might not be harmless if it's exploiting a browser-based zero-day exploit targeting PNG processing - explore at your own risk), the other call to action is to e-mail the GMail address pictured on the back of the card. Similar to the reason scam e-mails are intentionally poorly written[3], the person at the other end of the e-mail is waiting for victims to self-select by contacting them, and follow-up communications will then exploit those who e-mail.
* It's a false flag operation intended to discredit Qanon by invoking the names of demons such as Asmodeus[4] and to annoy people in general. (I find this one the least likely as there are simpler ways to do this than what they're doing here.)
I made sure that some Redditors went into that breach before me - I'm largely cribbing from their work, since I don't have one of the postcards myself.
Thanks for the yeoman’s work here. I haven’t had a chance to follow the link and wanted a sandboxed computer before I did it. I am looking from the other angle: who mailed the mailpiece. Hopefully will be able to link it all together.
Given the deployment methods, you're not dealing with a dummy. (I couldn't tell you right now how to host a file on IPFS.) I'll be interested in hearing what you find out.
I've looked into how to host data using IPFS a bit: it's not necessarily that complex once you read up on it, but it definitely takes some knowledge to configure your own IPFS node.
A couple of theories on the postcard after reading more about it elsewhere:
* It was sent and paid for by someone off their rockers. The QR code leads to a long PNG image that reads like a religious text stored on the distributed InterPlanetary File System (IPFS)[1]. I haven't read the entire "text" yet, but I can't see (yet) any side scheme to hack folks clicking the link (unless the image itself is compromised in some way) or do something shifty like mining Monero in the browser[2] while reading the tract.
* It's the first step in a more sophisticated social engineering scheme. Other than the (seemingly) harmless image link (might not be harmless if it's exploiting a browser-based zero-day exploit targeting PNG processing - explore at your own risk), the other call to action is to e-mail the GMail address pictured on the back of the card. Similar to the reason scam e-mails are intentionally poorly written[3], the person at the other end of the e-mail is waiting for victims to self-select by contacting them, and follow-up communications will then exploit those who e-mail.
* It's a false flag operation intended to discredit Qanon by invoking the names of demons such as Asmodeus[4] and to annoy people in general. (I find this one the least likely as there are simpler ways to do this than what they're doing here.)
[1] https://en.wikipedia.org/wiki/InterPlanetary_File_System
[2] https://monerominer.rocks/
[3] https://www.mentalfloss.com/article/82814/secretly-smart-reason-scam-emails-are-poorly-written
[4] https://en.wikipedia.org/wiki/Asmodeus
Thanks Chris. You are braver than I am. Did not want to follow that QR code, let alone read the text at the end of that rainbow.
I made sure that some Redditors went into that breach before me - I'm largely cribbing from their work, since I don't have one of the postcards myself.
Thanks for the yeoman’s work here. I haven’t had a chance to follow the link and wanted a sandboxed computer before I did it. I am looking from the other angle: who mailed the mailpiece. Hopefully will be able to link it all together.
Given the deployment methods, you're not dealing with a dummy. (I couldn't tell you right now how to host a file on IPFS.) I'll be interested in hearing what you find out.
I've looked into how to host data using IPFS a bit: it's not necessarily that complex once you read up on it, but it definitely takes some knowledge to configure your own IPFS node.