(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Russia Insider: How A Connecticut Gold Coast Boy Grows Up To Be A Russian Troll

leave a comment »

I was recently looking at some stuff online about the Skripal case and came across this guy and his site through a link from an article. The article was on a guy who also has been evidently poisoned by Russia (biotoxin this time) in France but they make reference to Inside-Russia as they wrote about the case evidently. Anyway, the Inside Russia thing intrigued me because the guy who started the site and still runs it is from my neck of the woods (Greenwich Connecticut) on the gold coast as we call it here. Evidently Charles J. Bausman, a 53 year old American (ex… Patriot?) who now evidently lives in Russia, runs the propaganda site known as “Inside-Russia” and works in finance, or agro-business finance. At any rate, the site is quite the nest of pro Putin propagandist and antisemitism. In looking around I had to wonder just how a kid from Connecticut who went to a swank prep school here and Wesleyan University (somewhere I went for a summer) ended up a Russian propagandist front and allied with a couple oligarchs close to the Kremlin?

Bausman’s Resume in Cyrillic sent to an Oligarch in hopes of getting financing

Bausman say’s he was born in Germany in 64 and travelled a lot including a long stint in Russia (Moscow) when his father was on a “long business trip” which is to say that his father was bureau chief for the AP back in the old Sov days. John Bausman III was all over the place as an AP reporter but that time in Russia seems to have affected Charles quite a bit. I am not sure just when and how Charles became a Putin propagandist but the site he set up started in August 2014 and has been gaining momentum ever since. In doing all the background on Charles I had to wonder about his father, which, I could not find too much on other than his obit’s online.

I have to wonder just how his father felt about his son’s Soviet/Putin leanings after he started the site, which by the way, was registered with the house in Greenwich where they Bausman’s lived in Greenwich CT. As John was older, perhaps he did not really get to see the site or know much about it. Maybe he did and approved of his son’s leanings? I am not sure, but suffice to say that it may be their travels in the Baltics during the old days might have affected his young son profoundly. I can imagine that if he wasn’t home schooled, he may have been indoctrinated by the Soviet state in some way in his youth. I just don’t really know, but, the other thing that kinda crossed my mind again and again was what were John’s leanings on all this? Like father like son?

At any rate, the son is an out and out Putin “Praetorian” as the book “Putin’s Praetorians” claims and evidently Charles could not resist writing a review of it on Amazon. In fact Charles enjoys his titles as even on his Twitter feed, he boasts of being one of Louise Mensch’s “Russian Trolls” which is I have to say Amusing as I myself am blocked by her because she is an idiot hanger on of the jester. Anyway, if not a troll, what Charles is is, a propagandist tool. Or, I should really say a “would be” tool because he is not trying to hide his identity and is fairly open with his propaganda claptrap he is trying to sell the the conspiracy masses. His site is a “collective” of writers he says, but in looking at them only a few are named and one of them, Anatoly Karlin, is a straight out conspiracy Nazi connected apparatchik for Putin.

Now, on the account of this site being akin to the IRA, well, no that is not the case. However, the Twitter feed and the content is pretty popular and has been rising over the last couple years, peaking in January this year as everything went to hell concerning the RussiaGate story. I would not be surprised if anyone were to do some more mining and find that accounts proximal to the IRA Twitter accounts might have this on their feeds as well. While all of this spin and energy has been building though, Charles has been hungry for funds to continue his work, even though he is some kind of finance wizard according to all his degree work and jobs over the years with Russian banks and the like.


You can donate to Russia-Insider on their site and they take bitcoin and paypal as well as a couple other more obscure payment schemes. Evidently “citizen journalism” costs the big bucks! While his bitcoin wallet has had no transactions at all, I have to wonder just who is paying for his site and activities. In 2014, just after launching the site he exhorted Alexey Komov and Konstantin Malofeev that “I still need money!” which can be seen in the screen shots above from emails that I got from Shaltai Boltai’s dump of Malofeev’s email spool. I went through all seven hundred plus emails and found no more than those you see above. So it is unclear whether or not the Kremlin connected Komov and Malofeev ponied up money but they seemed amenable to it in the emails that I saw. I am going to assume that since the site is still up and that Bausman has added a slew of other domains, he has more plans and that he also got the funding to start. Only time will tell if he moves further and activates the other sites that he owns.

As you can see, if he had it his way, perhaps Russia-Insider would not be the only “insider” site that he could be spreading propaganda with. It is interesting to note that the countries he has chosen to create domains for are all ones that the Russian state would be interested in targeting propaganda at. I am not really sure what the “Cadmus” site would be all about but if you know your history, Cadmus was a slayer of monsters in the Greek pantheon. So far none of these sites has ever had content on them so there is nothing to see.. yet. Maybe if Charles gets his money he will someday have a media empire eh?

Overall, this guy is no clear and present danger but he is one of the lights in the constellation that is RU apologist propaganda. He isn’t RT or Sputnik just yet but he has ambitions to be I think. What really just makes me wonder is, as I said at the top, how does this kid go from US citizen to Russian propagandist? So many unanswered questions on this one for me. Was his father enamored with the Soviet state in the 60’s and 70’s? I mean it was no pleasure dome out there at that time no matter what the Soviet state would like you to think. Of course some might see Wesleyan and think that the left leaning’s of the school would only entice a youth to become more liberal, but jeez, I mean this guy is full on nutbaggy! Also, this guy still has everything listed in America as ownership goes! The Russia-Insider site before being set to privacy still has his parents place listed as the address! Choose a country dude.

Well, that’s about it on this one. Just a little heads up on this guy and a bit of background. I kind of have a yen to drive down to Greenwich and visit the Russia-Insider HQ just for shits and giggles. If anyone else has any tidbits they care to drop on me use the Protonmail acct. Until next time, keep watching these whacknuts.

Dos vidanya,


Written by Krypt3ia

2018/03/19 at 18:46

Follow The Trail of Dead Russians

with 2 comments

On September 7th 1978 Georgi Markov, a Bulhgarian defector and vocal opponent of the Bulgarian regime felt a pinch of what he thought was a bug bite on his thigh as he walked across the Waterloo Bridge in London England. Four days later after a fever started that day on the bridge, Georgi was dead from what would be discovered as a Ricin attack using a small pellet of refined Ricin injected into his system by an umbrella created and used by the KGB. Of course this assassination was carried out by both Bulgaria and the KGB, but it was the KGB who planned the operation and insured it worked.

This event was the first time I had been cognizant of a KGB assassination in the UK back in the day and in light of recent events, it seems what is old is new again in London and with the Putin KGB regime in Russia. The latest assassination using dangerous nerve toxin was even more dangerous and brazen in that, as we understand it today, the deployment of the Novichok agent was likely either in the form of a spray (puff) aimed at the Skripal’s or it was a dusting of objects or places in the public by the KGB (and yes, it’s the KGB, always will be in my book. Nothing has changed but the name of the org) Though it has yet to be revealed just how the KGB operatives deployed the nerve agent, it is important to note that back in the day it seems that the KGB at least took more care to not have collateral damage with innocent bystanders possibly being killed with the umbrella device as opposed to the anything goes style of the Skripal assassination. This post is about the change in aggression and sloppiness by Putin and his KGB minions and what is motivating these attacks and methods.


Putin’s Putsch

Since I am not sure how many of you are familiar of how Putin rose to power, I will just highlight the fact that he came to power as the inside KGB man that he was. When Yeltsin finally fell apart Putin made his move. Or, more to the point perhaps Putin helped Yeltsin fall apart and made his move. Granting a “pardon” of sorts to Yeltsin he took over the presidency and his regime began in earnest December 31st 1999. It is an interesting fact that Putin himself was under investigation for corruption as well, but soon after the take over the investigation was dropped. Since then, Putin has consolidated power, side stepped the Russian rules of law concerning the presidency, and carried out his desires on making Russia Great Again. Along the way Putin has amassed what is considered possibly to be the largest amount of wealth held by one person, annexed other countries territories, and of late, brazenly attacked another sovereign nations electoral system to sow chaos and potentially install a friendly entity at it’s head, or at least one that is beholden to him.

Putin has pushed the envelope and no one has stopped him. NATO cannot, the US was the bulwark against an unchecked Russia, but now that is no more. This is an important factor that will play out below but you have to understand the players and the dynamic of the game to realize just what is happening here with the assassination of Skripal and it’s political import. We are living through a time where the shift seems to be occurring where China and Russia are becoming the super powers and the US is steadily losing, if not already has lost, it’s seat at the super power table at least politically if not literally. Putin has directly affected our policy in Trumps winning the presidency and now he is empowered. This empowerment will only lead to more attacks on the US and anywhere else he deems he wants to destabilize.

Putin’s Assassinations

Let’s go back though and look at the assassinations that we know the Putin regime carried out.

Yuri Shchekochikhin, 2003: Shchekochikhin died suddenly on 3 July 2003 after a mysterious 16-day illness. It was officially declared though that he died from an allergic Lyell’s syndrome. His medical treatment and his post-mortem were held secret by state security though.

Sergei Yushenkov, 2003: Sergei Yushenkov was shot dead near his house in Moscow on 17 April 2003, just hours after finally obtaining the registrations needed for his Liberal Russia party to participate in the December 2003 parliamentary election

Paul Klebnikov 2004: On July 9, 2004, while leaving the Forbes office, Klebnikov was attacked on a Moscow street late at night by unknown assailants who fired at him from a slowly moving car. Klebnikov was shot four times and initially survived, but he died at the hospital after being transported in an ambulance that had no oxygen bottle and the hospital elevator that was taking him to the operating room broke down.

Anna Politkovskaya, 2006: Shot dead in the elevator of her apartment block in central Moscow

Alexander Litvinenko, 2006: On 1 November 2006, Litvinenko suddenly fell ill. His illness was later attributed to poisoning with radionuclide polonium-210 after the Health Protection Agency found significant amounts of the rare and highly toxic element in his body. This was deployed in a cup of tea by two Russian assets of the Putin regime.

Sergei Magnitsky, 2009: n 16 November, eight days before he would have had to have been released if he were not brought to trial, Magnitsky died. Prison officials at first attributed his death to a “rupture to the abdominal membrane” and later to a heart attack. It was later reported however that Magnitsky had died from being beaten and tortured by several officers of the Russian Ministry of Interior.

Natalia Estemirova, 2009: Estemirova was abducted on 15 July 2009 from her home in Grozny, Chechnya. Two witnesses reportedly saw Estemirova being pushed into a car shouting that she was being abducted. Lokshina said Estemirova was abducted as she was working on “extremely sensitive” cases of human rights abuses in Chechnya.

Stanislav Markelov 2009: Markelov was shot to death on 19 January 2009 while leaving a news conference in Moscow less than half a mile from the Kremlin; he was 34. Anastasia Baburova, a journalist for Novaya Gazeta who tried to come to Markelov’s assistance, was also shot and killed in the attack.

Anastasia Baburova, 2009: Russian law enforcement authorities declared that Baburova was shot in the back of her head. Baburova died a few hours after the attack at a Moscow hospital

Boris Berezovsky, 2013: On 23 March 2013, Berezovsky was found dead at his home, Titness Park, at Sunninghill, near Ascot in Berkshire. His body was found by a bodyguard in a locked bathroom, with a ligature around his neck. hen Berezovsky’s death became known, there was speculation by mainstream British news media that Moscow might be somehow involved. The Thames Valley Police classified his death as “unexplained” and launched a formal investigation into the circumstances behind it. There are still some questions on this case.

Boris Nemtsov, 2015: Just before midnight (at 23:40 GMT+3) on 27 February 2015, Nemtsov was shot several times from behind as he was crossing the Bolshoy Moskvoretsky Bridge in Moscow, close to the Kremlin walls and Red Square (55.7495°N 37.62421°E). He died at the scene. A convenient dump truck obscured the surveillance cameras on the bridge when the event occurred.

Sergei Viktorovich Skripal 2018: On 4 March 2018, Skripal and his 33-year-old daughter Yulia, who was visiting from Moscow, were found in a catatonic state on a public bench near a shopping centre in Salisbury by a passing doctor and nurse. Paramedics took them to Salisbury District Hospital where medical staff determined that the pair had been poisoned with a nerve agent (Novichok)

This list is just the one’s we know about, those who directly opposed Putin, I am sure there are others out there without names who disappeared as well. In looking at these assassinations, many of them in country, they are pretty brutal and straight forward. However, with the operations outside the countries where Putin has influence he had to get a bit more creative. Thus we have the polonium poisoning of Litvinenko and now Sergei Skripal with a nerve agent. Notice also that both of these guys were former secret services people (KGB/FSB/GRU) and as such, their acts of defection or opposition are seen by Putin as the ultimate insult. Putin you see, does not forgive or forget those who worked for the state turning their backs on him or the state. So, since these former operatives made Putin mad, he decided to do away with them in a very public and dastardly way. Dying of nerve agent or being poisoned by polonium are both painful ways to die and certainly send a message to anyone else who might cross Putin.

Lack of Response

Post the assassination of Skripal though, I fear that Putin will only become more brazen in his assassinations outside the greater confines of Russia. I say this because post election of Trump and the chaos that has been sown with his election as well as the BREXIT by the UK, the world is fairly unstable and factional. In the case of Skripal as well as Livinenko, it seems that the UK may be somewhat hard pressed to have a response against Russia that would mean anything. In fact, given the reaction this week by Theresa May on this incident, it is clear that the UK wants to do something but is unsure exactly what they can do because of Russia’s heavy investment in England as a whole. Add to this that the US and Trump specifically, seem unable or unwilling to respond to the actions of Putin and his regime and you can see how impotent the UK may in fact be in response to an overt act of criminality on their shores by Russia. It remains to be seen just what the UK will do in response to this attack but I for one hope that they do act, even if it is just a sting to Putin’s ego if anything.

Will the UK eject the Residentura?

Will they sanction certain players?

Will they go after Putin’s money?

Time will tell…

Dynamic Changes (Trump)

Meanwhile, all of this, the ability and the gumption for Putin to carry out these attacks is directly possible because of the election and inaction of Trump and the US government. By interfering in our election and potentially getting Trump elected by the active measures campaigns of 2015-2016 Putin has destabilized our ability to react. In fact, it may even be said that he has nulled out our ability to react because he has kompromat on the president himself and thus he knows that Trump will not act substantively against him. At worst this is the case, at best it is Trump’s own inability to govern that allows for Putin to go unchecked. As we move along with the special prosecutor’s case being made, we may eventually see just what happened in the Trump campaign and whether or not there is kompromat on him and others within his inner circle. However, as the spectacle continues Putin will have free reign to wreak havoc as he see’s fit, and that includes assassinating former assets with impunity that might still threaten his regime or just piss him off.

Please do note that it is likely this is just the tip of the iceberg yet to be seen. As we move forward there may be other assets who will be assassinated like this. Recently in fact there have been rumblings that there is also a hit out on anyone involved with the Steel dossier and that includes an intimation that Steel himself is a current target of opportunity for the KGB assassins. There is furthermore allegations and insinuations that Skripal actually was an active asset and in fact had a hand in the dossier as well. If this is the case then you can also say that the motives for assassination of Skripal would be two fold; one, don’t talk and two, this is what happens if you do. Now that there seems to be little that the US is willing to do and other countries seem to be groping for answers, Putin will live in the slack space and carry out more of these until he is satisfied.

Are We Headed To A US Assassination?

So what’s next? Do we think that this assassination will be the last? Do we really believe that there won’t be an assassination to come on US territory? I for one think that if Trump is allowed to erode our abilities to respond further, there may come a time when someone here will suddenly die of some kind of poison. What would be the response if this happened? Would the Republicans finally come out of their Trumpian stupor? I have been thinking about this for a while and honestly this all kind of scares me. Will Putin feel so secure that he would pull something like this here in the United States?

Time will tell…

If you have anything to do with saying anything against Putin you best watch what you ingest, touch, breathe, well, just live in a hazmat suit.




I was reminded by two comments on here about these two suspicious deaths in the US

1) Mikhail Lesin; Putin’s media tsar who died in The Dupont Circle Hotel Washington DC 11/5/2015

2) Vitaly Churkin, embassador to the UN from Russia who died in NYC in 2017

Both of these have had no autopsy records released and both seemed to maybe have had heart attacks… Maybe… In the case of Lesin he was VERY close to Putin BUT he was in trouble with the FED’s here because of his excesses financially. I figure that Lesin got the whack because he was a threat to Putin were he to have financial kompromat on him by the US.

Now, are these two assassinations? Well, the government would have to say something on that account I think for me, but, it is really convenient that at least Levin died when he did huh?

Written by Krypt3ia

2018/03/13 at 14:13

Posted in KGB, Putin, Russia

Why I don’t Allow Reporters On My Feed

leave a comment »

Recently I posted about the Russian Troll Farm’s data being on sale for more than a year on, an auction site for RU hackers most likely to be affiliated with Shaltai Boltai (humpy dumpty). I went through the dump looking for metadata and to backstop the screen shots that were on the site as part of the proofs that the data was legit. In doing so I managed to find out quite a bit more on the infrastructure, players, and accounts that the SVR had set up to carry out the active measures campaign against the US election in 2016. Now having been a security researcher blogger all these years I certainly expect that others may see a story and write their own and often times this happens with a link back to my post if it is germane. However, in this case it kinda seems like Beast and the reporters who wrote the two pieces on their site saw my post and decided that they would just say they had “discovered” the site and the data for their own clickbait desires.

Post 1

Post 2

The fact of the matter is that Beast didn’t discover anything, if anyone discovered the story it was who posted the story in Russia on the 21st of February. I cited them in my post as well as the url that the Insider piece had linked in the article February 21st. So no Daily Beast and “reporters” thereof, you did not discover this nor did you even have the decency to link back to either pieces in your story. I find it funny how I post on February 26th and four days later the Beast is claiming to have “found” this site and the juicy data. What’s even worse is that Beast just goes on about accounts and tracking them back to people while the real story should be that the data is genuine, it shows more of the inner workings of the troll farm aside from the accounts on Reddit and other places, and that either an insider had been selling the data or they had been hacked for over a year and we all missed it.

At first I griped a bit on Twitter about this but I was willing to let it go until one of the editors at Beast wanted in on my Twitter feed all of a sudden. I allowed it and watched for a couple days. They did not attempt to reach out at all so now I am pretty sure they were fishing for more to rip off of my site or my feed and possibly claim it as their own “investigative journalism” cum click bait. This was the last straw, and with a word from another reporter who exhorted me to do a write up about this.. Well here I am writing this piece that I am kind of ambivalent about. I don’t want to come off as just some asshole saying “I DID IT FIRST!” but the fact of the matter is that this has happened on more than one occasion and of late more so (looking at you Franklin Foer on that Atlantic article on Manafort)

So, Beast, at least credit the Russian’s ( for seeing this first and reporting on it even if you can’t bring yourselves to link back to my post which I am pretty sure was the tip off to what you claimed you “discovered” In fact, you should really do your own research and stop leeching off of others you yellow journalism hacks. Shit, you even really didn’t do a good job at parsing all the data in those screen shots! You really have not added to the knowledge base here on the Russia investigation.. But you sure did re-create the “Penny Dreadfuls” of the 19th century!


Written by Krypt3ia

2018/03/05 at 17:43

The Insider and The IRA Data That’s Been On Auction For Over A Year

leave a comment »

Today a tweet was directed at me concerning some new information posted on a Russian news site back on February 21st that no one in the US media seems to have noticed nor the NATSEC community. In fact, I had not seen this and I kinda have chided myself for not paying better attention to the Joker Buzz site that the data was for sale on, for a year! I had actually been on their site(s) in the clearnet and darknet and thought I had posted a blog about the notion of the site and what they sell but I can’t seem to locate it. I guess maybe I just tweeted about it and moved on …My bad.

Anyway, the post on The Insider has the skinny on how a user there named “AlexDA” had ALL of the IRA’s internal documents on the active measures campaign for sale for over a year and no one really took notice. This means that we could have bought the data and had all of the actors, their data, and their METADATA if we had only seen or purchased them back in January/February 2017. What’s more is that had we had this intelligence in the open much more could have been easily available for the general public to be aware of how this was all working and what to look for. Of course now after the Indictment by Mueller of the 13 entities the op has been completely blown and the infrastructure is likely not to be operational, but, we could see operational details and OPSEC mistakes that the players made and extend that to the upcoming years election cycle and Russian influence and active measures campaigns to come right?

Even so, big things are in the small details even within the offering itself that AlexDA is making on JokerBuzz. I have been going through the images from the auction site that Alex put up to entice and prove that they are legit and here is what I have found by doing my thing as usual mining:

Proxy IP Space Used:

In the offering images you can see that AlexDA tried to obfuscate the last couple octets but if you look real hard you can see the numbers pop up. Of course if you just take the first two or three octets and you put that into Google you can see what pops right up. So, the first thing to see is that the service mentioned in the indictment is actually Total Server Solutions LLC out of Plano Texas. I would like to call your attention to how much “Texas” was involved in many of the Twitter and facebook accounts that were super patriotic. It was mentioned in the indictment that they rented the server space to appear that they were in the US. Well, there you have it kids. The data fits and it makes sense that they would try to do this to appear as if they were in the US to fool first pass looking right? I ran an Nmap of the /24 and as you can see if you look, there are some proxies, port 80 and 22 open but none are available to access at this time, so maybe they went back to being just space owned by Total server… I would hope though that those there servers had been, ya know, collected on by subpoena by the FBI right?

Wink wink nudge nudge.


Meanwhile, there’s a bunch of servers/IP’s listed in the images as well that are in Russia using port 8888. I haven’t looked at those with Nmap but they are VPS as well so maybe they are still in play. Suffice to say though, it is interesting data and could lead to more things coming to light if you look into them a little further. If you want to play the home game please feel free. I will be circling back over this stuff in the near future and enlightenment will be posted here when I have it for you all.

Alias and Users To Search:

Gee, look at all those aliases man! I have yet to dig into these and I am sure some are already known but you now too can play the home game! Take a look and see what histories you can find on these accounts/nicks. I am willing to bet we can put together quite the timeline and then use that as data to look at future attacks as well. All those Blacktivist accounts though were the appetizer to what I saw next in the screen shots. Alex gives us a whole thing to work with in the image below and if you start digging on that you can get some good stuff.

Nolan Hack, a name that I believe others have seen in the press accounts, has a Facebook page, a phone number, and a site that is in fact still live but not updated since 2017 it seems. His Facebook is live still as well (Why no take down Facecult?) I looked up his details on there and the blackmatersus site and what I came back with was a cell phone out of california marked as a bad number and a site that has been around since 2015 that was registered anonymously and kept so throughout the time it has been up.

I am sure with more digging on the name (Nolan Hack *amusing*) I can put together more of the breadcrumb trail to show the cutout’s actions. Maybe in a post to come, but suffice to say that this data also is legit and tracks with everything we have been told by the IC and the news up to today on the active measures by the IRA.


Amazingly enough in the screen shots given on the jokerbuzz site you can also see where Alex tried to remove at least half the passwords in a couple posts. I immediately knew what the password was because, I mean, come on! The phrase “Greed is good” is a classic line from Wall Street and Gordon Gekko. If you look close enough at these images though you can make out the lower part of the G so you know it is that. Now we have to work backwords on those accounts and get the full data in order to attempt top maybe log into them and see what intel we can gather from them (see below for lower part of the g) It also amusing to see that these guys were sloppy and re-using passwords in various accounts. If we get the accounts right I am betting we could own them all and gather much more insight.

Greedisgood…. You guys amuse me.

Illegals Names and drop sites:

In amongst all the stuff is also an address and name where drops were made in NV used by the IRA and more likely the illegals who were in country. The address comes back to a known bad drop/company in NV that has a history of being used for Ebay scams. The cutout name of Gneeda Harris has zero history on first pass but I will look again and dig a little more. Maybe I can turn up something more on this ID but at the very least we have something more to work with than what the special counsel decided to drop on us.

Maybe the FBI can check this place out and see if they have had DVR’d video surveillance? Maybe this dead drop is still live? Are there still illegals in country that have been told to sleep? I wonder…


Lastly, or near the last thing I will cover here on this is the metadata. I used wget to pull down the jokerbuzz site and in the folder for the page of the auction are the screen caps used. Pulling those down and then running them through the old EXIF scan you can see that these captures were done September 28th and 29th 2016. The time stamp says +3hrs and that as of today they were done 1 year 4 months 28 days ago. So, back in September 2016, this data was in the hands of AlexDA and ostensibly about to be put up on Jokerbuzz. This means that either someone on the INSIDE decided to sell out the operation because they knew they were blown and wanted some cash, OR, someone hacked them and downloaded all this shit making the screen shots in September for the jokerbuzz auction. This in tandem with all the backstopping I just did shows that this data is legit and it has been on sale for at least a year and no one knew or was clued in enough to say anything about it.

Who is AlexDA?

Lastly, who is AlexDA? How did they get this data and what is the motive here other than money? Money mind you that they did not get in over a year as the auction timed out and NO ONE bought it. Now, I have been looking at who this may be and there is a case to be made that this dump came from Shaltai Boltai (humpty dumpty) a group that is now broken up due to arrests but has one last player on the loose. That player is in fact a guy named Alexander Glazastikov who has not been caught and may in fact be AlexDA. I will also point to the fact that if you look at the Jokerbuzz auctions there are a number of them from Shaltai Boltai offering all kinds of interesting data leaked from Russian operations. So, it is my guess that this is the case but just an educated one. I for one would like to have a conversation with AlexDA and see just how much he wants for the dump now that it has not sold in over a year. Maybe we all can crowdsource it?

Summing Up:

Anywho, this is what I found just by looking at the details here in the auction post. Imagine what we could have if we actually had all the documents? Hell, I would love to get my hands on them, prize out all the details and then pass it along to the feds. The data is legit, it has been around for a year online, and we all missed it man!

Hey AlexDA, you wanna just gimme that data for free feel free to reach out to my protonmail acct!

More stuff when I have it kids.


Written by Krypt3ia

2018/02/26 at 22:55

Russian Meddling: Indictments and Troll Farms

leave a comment »

The indictment by the Mueller special counsel investigation into the meddling by Russia into the election cycle last year is just another nail in the coffin on the conclusion that there was no action by the Russians to affect the election cycle in favor of Trump. Though many still have their cognitive dissonance helmets on full, the reality even struck into the White House with Trump tweeting out that there was actually meddling, no collusion, but meddling. So this indictment has shown it’s potential power on the whole case but I wanted to dig a bit deeper into the Troll farm and it’s KGB ties before we ever heard about it as a general populace post 2016.

Point of fact is that in 2015 Adrian Chen wrote about the Troll farm as it was still carrying out attacks on Russia’s other pressing enemy, Ukraine. People seem to have forgotten with all of the talk about the farm in 2016, that the Russian propaganda and PSYOPS machine was actively working for Putin in support of his agenda against Ukraine and it is this fact and how they operated then that should be addressed and shown how they evolved to today’s hybrid warfare tip of the spear.

Back in 2015 the nascent troll farm was active in trying to spin stories about Ukrainian ologarchs and their activities as counter to Russia. One particular story line took place after the assassination of Boris Nemtsov, an opposition candidate to Putin and a progressive in Russia. A reporter for a Russian news service did a story on the Troll Farm and actually managed to gather their documentation including opposition research (internet research) which later would be the name they would take up as IRA right? Anyway, within that cache of documents you have papers with links on things like the Middle East and other areas with ideas on how you could attack them politically with posts like the above on Nemtsov’s being killed not by Putin, but instead by those nasty Ukrainians.

It is informative to look at the postings and the nick names that were being used by the early IRA as opposed to what they have used in 2016 and still use today. In early days they did not really try to insert themselves so well into the public space as being citizens of the areas they were talking about, in fact, most of the names have English connotations  and not Russian at all. So by looking at the users and their posts (livejournal for instance) show’s you what it was like in 2015 spinning up and learning. There may have been just as many Twitter accounts but for the most part they were using Livejournal, which makes sense because at the point this was going on, Russia had bought Livejournal…(I left LJ when they did)

No. П / П









3 koka-kola23 raphahunthig
4 lipyf837 panebcaj
5 vince-crane tergparriotio
6th ya_karnavalova lihohor
7th nannik-dr sojaan884
8 Rezites cypetcompbis
9 konorlaoo04 destforkowoo
10 qkempek nouglysv
eleven caradoxee5 petraffilya
12 ynuka Backlashealthma
13 natalex84 amenem
14 anna_02051990 paintbellu
15 mrokiralex iugegeizh
16 annetjohnson pexirgarnez
17th rghkride chicocali
18 gkohio pexirub
19 karber861 kmfemovmpxxx
20 innyla92 lojtautome
21 cotedo inkiptiruc
22 Smurfetka-24 palecefaz
23 raikbowee1 hhlayz
24 ohvis134 ningcotedin
25 demouu1 olginarkew
26th nofk452 renfidebun
27th alexander7171 portlandam
28 vadro olga_lebedyan
29 makgxiewua andriudruz
thirty mofan926 unmolarlay
31 smspudilj repaw968
32 varkhotel stepalexos
33 shtots prasingyy55
34 rijbc steltertheeness
35 wylwurwolv spinrarata
36 workroman ddesesexla
37 pheyeroo57 antaauu4
38 tritonst wihhie917
39 milka_e20 pagkagezmeat
40 codirips814 werhellvolkfu
41 lorislaley tiopretytcur
42 eekim81 aladorzam
43 oftibar nyntynuriu
44 elegmhehov begtotenlu
45 aple_at_the_tab abezhiu
46 Nikolaabil oxyitt
47 hey_son1c rabrukywiz
48 firyupa snowdidsmomuds
49 asus paradana
50 Symatvei durenhuntpi
51 xamit251 sixfeevae
52 farpodmuu07 nebozuanrou
53 oloviit procomdn
54 diuu085 kovikotuss
55 alenkujl urigcon211
56 rcrims peosaytranos
57 snoop83 borgperwensgod
58 vynal rhealaltrades
59 sportto nishihatu
60 danybody asafasngut
61 alexmosyan cophetycoo
62 poragpalkhe merzasarsgepf
63 sergalyev839 promvogtsigold
64 vadim_spx pesina20k
65 rus-policy vuhyzowi
66 wafyy248 skewerilgraph
67 katerina2703 wladmancornnes
68 dragon_uz feedpecosleft
69 Winter-kinder prosorouqu
70 Pjobynrutri frantirigesch
71 green_margo cirgadisla
72 ptirenw precalacov
73 pastogross zlavaq037
74 igerenbart hrilepswia
75 mskilys szehdes
76 pantyyy08 bestthecalpa
77 thepicard lasorpprogso
78 igtego classatopos
79 paqurni zipkingfilci
80 emory6townsend preaphoubowo
81 aspera76 geoversive
82 zymecs gingsenpirem
83 001usa tes40uvir
84 ca119idia judj747
85 fadaqpm throwenelan
86 pybden sfouninmire
87 Protsyon diotradconpe
88 phidiwp507 llanpaclaive
89 makabu neytilmigers
90 osobroim glyzitneko
91 yuliya_korshyn metcentlighrou
92 Parabellum50 bentakiffo
93 policyrus pqalongese
94 tuyqer898 chaicoffskaya
95 aljin cenhoufimou
96 rammathets siohuntired
97 overtimorouq feascoacoca
98 overtimorouq prozaet
99 ntnwoc inga
100 stranamasterov glycmamortga
101 ktoroj14 imclasfulte
102 Yohohoguy izorylie646
103 pbijipsfem lighwinsbrachig
104 wyazfunovv mafomeri
105 ariol921 oryanhuazo
106 mariya-789 kfuu0
107 roavrumper daytrolchildcha
108 kyxapka odassaflot
109 ryypaulinm tamred1
110 jang033 paca979
111 wwwevgemie vollatasklu
112 p01t11 legahedddis
113 pohezvitie othoee111
114 zhakim755 trugleyscorun
115 Asswalker ybdocegesch
116 vvp2014 rpmuntar
117 to12scorta nahezuu91
118 Spicemachine socompdanfi
119 nastia642 beadeadsdentfi
120 nungsorivat pia986
121 homyr657e pzsg
122 orlenrenosr pdachee
123 kalininkhu paschig
124 parydaq070 plimtintaza
125 enot_kot ptimenalhook
126 abfyr890 Ladushki2014
127 vamiqyy63 photographereye
128 evgenyashm balyk2014
129 palfemine polza1985
130 tay-zakulisnay1 polina_i_liza
131 radbec gymbreaker
132 revivaldude strelach
133 cykularj tolstunovich
134 ageev013 demosfen-en
135 porkimes Ikehujaik
136 owwaxde082 nersis
137 andrei-kovrin IvanichKem
138 pasioda BVDfan
139 fooqbal951 bookworm-war
140 nugotvapi nina_zlova
141 swull786
142 nina_istomina
143 gig180
144 raokabea
145 synbmulty
146 beloham848
147 lissa-marioko
148 kater971
149 peflirz
150 hikonozauu00
151 hikonozauu00
152 michael_jd
153 uglycoyotespb
154 urajr
155 bobzan
156 peulgieness
157 scavamerzl
158 levyshkinr
159 pavetbrer
160 ddanii33
161 goodrus
162 supersonicwall
163 mannaliobrit
164 pierii01
165 panbiran
166 georgi-grusha
167 pashka208
168 vmoffee179
169 etopiterdetka99
170 jenyamelika
171 anya_rocket
172 snowy_trail
173 malkovich_i
174 samiyymniy
175 chadimi
176 kvazarion
177 Nestero85
178 nika_anisina
179 savoiyar
180 oksadoxa
181 mercymt

Most of these you have to look up with the Wayback Machine and you will notice that a lot of them were one off posts and that was it. Just sowing the ground for the infowar and then linking that post around. For Ukraine and anyone who has been paying attention, the PSYOPS and Hybrid War has been ongoing for many years so this is nothing new. For the US, well, the general populace that is, they hadn’t a clue I guess but I wanted to get across to you that what they pulled off in the US wasn’t new, it was just the next evolution of what they have been doing all along elsewhere. It was the magic of ubiquitous social media and a really polarized political landscape that made it work so well in 2016.

So with this indictment we can peek further under the hood of the hybrid information war against the US election process. It seems that this all kind of was being at least thought about in 2013 when Putin was pissed off with Clinton about his own elections and some of what later came out in the cables that were dumped by Wikileaks. By 2014 the notion of hybrid warfare had been put out by the Gerasimov and Russia was starting to plan. The creation of the Troll Farm I personally think was a part of the Gerasimov doctrine’s modus operandi that the SVR/GRU and Putin decided to create for this purpose and furthermore that the first fledgling attacks were the prelude to what would come in 2016. Certainly by 2015 they were spinning up and already had assets in place in the US gathering intel and creating the baselines for the attacks.

Truly this was a hybrid form of warfare using human assets and technical ones to carry off the plan. This wasn’t just some one off fly by night operation, they invested a lot of time and money getting assets in country (US) to collect data and to add to the planning stages. They then went as far to hire out servers in the US and create VPN’s to make it look as though their troll armies were actually here in the states. Add to this the fact that they also used carding sites to create users and bank accounts to fund the operations also speaks to the sophistication of the operation.

This wasn’t dedushka’s propaganda operation!

So what does all this mean other than it is an entertaining diversion for those who want to go down the rabbit hole OSINT wise? Well, it shows that the Russian plan was larger than one might have thought, more effective than some still think, and was but one component of a larger operation. That last bit is key for me to get across to you all. Of late I have been seeing reports online since the indictments came out that said the campaign really did not affect the election and this is poppycock. This was just a part of the larger whole and to take this module of the whole plan and separate it out to say nothing happened, is idiotic.

Though the President and the Russian operations still ongoing would like you to believe this is the case, it is a falsehood. In tandem with the hacking and the leaks, the Russians most definitely affected the voting by the populace. In fact, when information starts to come out about how Analytica data targeting very specific groups and regions comes to light you will see just how much the whole is the sum of the parts and the synergy was leveraged. This was no simple hack and dump of data, there were psychologists and social scientists involved as well as technicians and hackers.

This indictment just sets the stage for more to come my friends… And seeing Donny squirm and rage has been amusing.

More will come. For now though, do read the aricle and look at all the docs in the Google docs dump there.

Dos va donya


UPDATE: I am going through the metadata of the files from the Google drive and I have found a document that comes from a .mil address ( and this document (Nightly TK of 06.01) gives direction on post keywords and writing direction for content.

Ночное ТЗ от 06.01

It was created 1/26/2015 by “user”

You can now see a military connection to the Troll farm.

Written by Krypt3ia

2018/02/20 at 20:57

Create NEW Ransomware: Darknet Site Ransomware Scheme

leave a comment »

Surfing the darknet as I do, I came across this little gem of a site today. The idea here is that you can share in the bitcoin ransom by entering your wallet address and then getting a download of the malware to deploy wherever you like. This seems like a ponzi scheme to me where you offer a great reward for a little action and in the end you get ripped off but ok, let’s run with it. The site is in the darknet and I am not sure if or how they are publishing this site elsewhere so people can find it and use it. I must say though that the site is more complete than I thought it would be once you start to dig and the ransomware is new to me as well as it seems to be to VT and Hybrid.

So yeah, I decided to play along and I used someone’s wallet to start the process here. Who’s wallet you ask? Well this guy’s wallet will do since he has never had anything in it. So it’s fairly simple, you put in the wallet address then solve the captcha and lo and behold you download the ransomware. I also decided to see if I put in an alternate wallet address would I get another hashed file, and yes, yes I did. I only changed the wallet address by one letter (a) and got a new file that I uploaded to VT after the first one.


Upon upload to VT and Hybrid I get hits on the major players and the designation of the malware is of course ransomware but you choose the name you like because there are too many per the AV firms (please stop this)…

So yeah, the ransomware is not so stealth and likely anyone with current AV will have some intervention one hopes …But how many really keep their AV up to date and working?


Anyway, I uploaded it to Hybrid and got the following report and the second with the second sample here


The malware reaches out to the darknet via .casa online bridge to the darknets. Once you plug in that address you get the Qrypter site frontend. This site is your C&C ostensibly to track your malware and your bitcoin “donations” from the poor sods who get the malware. The unfortunate bit is that when you go to the url that is in the malware you get the following sad news:

OH NOES! Are you smelling a scam? Cuz I am kinda smelling a scam here now…

Anywho, the interesting bit for the site itself is that it has a display on how many AV vendors are seeing the malware and as of today it’s… Wrong?

Mmmmmmyeaahhhh no, I see 14 vendors seeing this as malware and I have just added to the hash pile by uploading my samples here so that is likely to get even more detected as the day passes on. So, this is an interesting turn in malware as a service, or in this case Ransomware As A Service (RAAS) as I have seen out there on the net. I have captured the whole site in the darknet and I will be spending some more cycles on the malware later on so updates will likely follow on this post. For now though, just enjoy the novelty and the derp.



UPDATE: This is evidently a new replay of something seen in 2017

Written by Krypt3ia

2018/02/19 at 15:49

Posted in DARKNET, Malware, Ransomware

Useful Idiots, Russians, and FISA Warrants

leave a comment »

Now that the Nunes memo is out and all the news cycles have been spent ad nauseum on point-counterpoint of the cherry picked facts ol’ “recused” Devin put to paper, I thought I would add my two cents here. The fact of the matter is that Nunes seems to have been in the pocket of the Trump admin from the get and this memo was just crafted as part of a propaganda operation to give Trump shelter to possibly plead the fifth in interviews with Bob Mueller. The idea goes like this;

  • The FBI is bias

  • The DOJ is bias

  • The Steele Dossier is bias and false… Oh and it was paid for by the opposition!

  • The Steele Dossier was used as the predicate to eavesdrop on poor innocent Carter Page!

  • By proxy of use of the Steele dossier to obtain a FISA warrant and continued approvals it was BAD! and ILLEGAL!

  • I, Donald J. Trump cannot get a fair hearing out of the BIAS FBI/DOJ/Mueller! So I will plead the fifth or not talk to him at all!

I would like to set aside all the cognitive dissonance that Trump and his quislings would like you all to suffer and show you some facts about good ol’ Carter Page that make the introduction of the Steele dossier a trigger to legally get a FISC court to approve of extensions on surveillance. Pay no mind to the general argument that the surveillance was illegal at all or that the FBI lied their way into getting approval to do so because that is just wholly untrue. The warrants were warranted and the data that enabled the FBI to listen to his conversations and watch his texts and emails wasn’t just this “dossier” (notes really) that came from the opposition investigations started by the GOP in 2016. You see, Carter had already been on the radar of the FBI since 2013 and this is an important fact to all of this.

You see, back in 2010 the FBI popped “The Illegals” in NYC, remember? The 10 NOC operatives in the US looking to gather intelligence and connections that the SVR (Directorate S) could pass to Directorate E at Moscow Center. You might all remember the most spectacular of the reporting concerning Anna Chapman, the ersatz NOC who managed to get pretty close to a number of important people within the constellation of the US president. Well anyway, those guys were popped by the FBI, which in turn left another group of NOC agents for the FBI to start working on with renewed vigor and FISA warrants. In 2012 the FBI began to intercept communications and tail one NOC agent and two official cover agents in the NYC area (where Anna and others in the 2010 ring were) who were out there working to gather intelligence and recruit assets.

The three, revealed in 2015 via affidavit in NYC, were Evgeny Buryakov, (NOC working for Vnesheconombank), Igor Sporyshev, and Victor Pdobnyy. Buryakov was the contact man and the two others (Igor and Victor) were his bag men and controllers passing information to and from Moscow Center. During the time that the FBI was surveilling and carrying out intercepts on them, the handlers (Igor and Victor) were heard through the intercepts talking about various other things like how they thought being a spy would be a bit more Bond like and other routine things. Until that is, one day they were caught talking about a certain individual that the Affidavit names as “Male-1” which was later confirmed to be none other than Carter William Page, the boy wonder.

Igor and Victor really didn’t have that much nice to say about Carter, basically calling him what the Russians in the trade call a “полезный идиот” or useful idiot. In reading the text of the intercept you can see that Carter was eager to have connections with potential Russians who could garner him access in the Russian government and or business environment such as Rosneft. He emailed Victor who had given him his card with two email addresses on it that the FBI was most likely monitoring as well, though the affidavit here does not outline this. In any case, all of these conversations were captured in the SVR offices that the two were working in and had been compromised if not by SSG at the very least by FISA intercepts of the infrastructure used to send messages. In this case though, the conversation was caught on a bug in their offices *wink SSG*

So it seems the plan here concerning Carter Page was that they planned on grooming him, using him for intel with the lure of getting him hooked up to make a lot of money and or, to get him to do something for money and then use that as kompromat for more later. It seemed that Carter was interested but the FBI stepped in and interviewed Carter in 2013 and nothing much more is said about him by the FBI nor the two SVR agents that we the public have been made aware of. The affidavit in 2015 relates the tradecraft and the operations the Russians undertook up to and including an interesting interlude where the FBI sent in an agent of their own ostensibly making overtures about making a deal on a casino in Moscow. Suffice to say it is interesting reading and in the end the three were rolled up with Evgeny (Zhenya as he was referred to) arrested by the feds and the other two returned home to Russia having been blown.

If you read the whole affidavit you get a pretty good picture of what they were up to and a lot of the espionage they were carrying out centered on financial information and, wait for it, wait for it, “sanctions” against Russia. Gee, now where have we heard a lot about sanctions lately say since like 2016? Right, these guys were working on the same types of information gathering and asset recruitment that the previous ten illegals had been doing for the same SVR division. So, are you all seeing the pattern here? In the case of Carter, he happened into their sights because he wanted, needed, was hungry for those connections to the Russian oligarchs within the energy sector that he was working in himself. He showed the two SVR officers that in the MICE or RASCALS list of reasons to spy, money was his biggest motive according to Victor in the bugged conversation in 2013.

Right, so Carter has already come into contact with the Russian SVR in 2013 and has been admonished/interviewed by the FBI. You might think that he would maybe back off a bit but not our Carter! He goes on to only ingratiate himself with the Russians and as time goes by, either is put in the way of Trump by the SVR by way of Paul Manafort, or, by just blind luck he ends up not only in the Trump orbit but also inside the inner circle as an expert in foreign relations. How might have Manafort been directed possibly to use Carter Page? Well, if the SVR kept it’s records it may have nudged him in that direction because they KNEW they could possibly use Page because he was so eager in the past with Victor and Igor as well as his multiple trips to Russia to “make friends” there.

So when Carter suddenly turned up in the Trump inner circle, and the Steele dossier mentions overtly that there was intelligence given by a source that Manafort was using Page as a proxy as well, then the FBI just had to go back to it’s records on Page and the 2013 incident. Honestly, this is not that hard people! So, when the FBI went to the FISC to get a new warrant as well as to extend them, they had a history already that likely contained even more information on Page and his interlude in 2013 with the SVR to use as just cause to get a warrant signed and intercepts started.

But once again, it was not Carter Page and his FISA warrants or intercepts that started the Mueller investigation kids, like the memo said, that was Papadopolous!

But I digress…

Back to Carter and his Russian pals. You see in the Dossier by Steele you also have direct intelligence product that claims that Carter met with Igor Sechin who offered him tasty tasty things for some sanctions quid pro quo in 2016. Notice that this guy is involved in Rosneft, a name you have heard before and within the space that Carter claims to be expert in. If I were the FBI then I would be looking rather closely at ol’ Carter and getting all the information I could out of him. Obviously just having another nice little chat would do no good.

Well, all of this just refutes any claim of “poor me” by Page in my book and I am sure the IC as well. The whole #releasethememo crap was just another propaganda/hybrid warfare program by Russia and the Trump administration with the help of the GOP in my book. It’s all a little like playing Clue, and it certainly does look like it was Professor Page, in the library, with the candle stick if you ask me. Much of the Steele Dossier information has been backstopped by information that has come since it’s creation. We have seen a president and his minions all act guiltily and extremely stupidly in trying to cover up their connections and it is just all the worse that this group of people has been aided and abetted by the GOP. The memo release was just the cherry on top of the shit sandwich but it should not distract all of you from the truth of the matter when you do the research and pay attention.

Whether or not Trump actively has been an asset of the Russian SVR, or an unwitting полезный идиот, I for one believe now he knows the scope of things and is trying with all his wiles to get away with the biggest con he has pulled to date; that of taking the presidency with the help of the SVR and GRU. Certainly Manafort seems to have been a bit more directed and in a bind because he owed so much money to a Putin aligned oligarch, but Page is clearly an idiot, just watch any of his TV appearances to see for yourselves. Alas though, you needn’t be a super genius to be used by the SVR and effective enough to damage the country targeted.

There you have it kids.


Written by Krypt3ia

2018/02/07 at 01:05

Posted in Espionage