Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

From Russia With Love: Hunter Biden Laptop Shenanigans Again

leave a comment »

Here we are again, it was inevitable really, these characters just don’t quit with all these shenanigans over the ersatz Hunter Biden laptop. This morning I logged into my cutout account on Telegram and dove into the thick, gooey, derp that is Qanon/Boogaloo/PatriotParty/MAGA leftovers and came upon a string of posts by “The True Great Awakening”

This account strated dropping more images of images allegedly taken from the Hunter Biden Laptop (henceforth HBLT) The images included things I had not seen before, but I guess I was not looking in the right place, until today that is, to find them. The images were of no forensic value because they were manipulated into pages of images, or collages if you will, and thus the metadata and EXIF data was nil. However, the narrative that was being played up here was of some interest and is a pivot I had not anticipated.

What was being selectively dropped on Telegram was data showing that the Russians, were in fact, running Hunter Biden, and by proxy, his father, POTUS is now an asset of Russia.

*blink blink*

Now, I had thought that the main ideas within the Q-verse and the spillover into the new “PatriotParty”, was that China owned Biden, right? Well, the winds of change are here and now, thanks to a slippery charla… I mean, “character” named Yaacob Apelbaum (yes, yes, errily close to Jacob Appelbaum of other ill repute) who claims to be the CTO of an AI/Facial Recognition firm called XRvision.

Appelbaum has a whole blog full of crazy conspiracy theories and alleged dirt that has been spotted in places like, coming out of the mouth of Matt Gaetz just post the insurrection and in the Washington Post. In fact, the whole flap with Gaetz has made the rounds in the news after Matt Binder (NYT) did a little digging with the Google (like five minutes worth) and showed that XRvision and the whole drivel that Appelbaum had been spewing was bunkem, which now has Appelbaum screaming about “Cease and Desist”

I did a bit of digging on XRvision as well as Apelbaum and details are rather sketchy, as you can see from the LinkedIN, he say’s he’s done a lot, but, scrutiny of those claims leaves a lot of blank spaces really. Also, the company itself seems to have an inflated sense of importance and not much can be proven out on the claims that are made. In addition to this, the location of the firm in Singapore is, interesting, and the finances that seeded the startup as well all lead back to Asia and Luxembourg. It is the Asian money though that interests me, and some searches on the companies that seeded them could have ties to Chinese money. There is one site that has a picture and article showing XRvision winning some kind of award in China, so, *shrug*

Anyway, yeah, Apelbaum’s blog is chock full of Qanon crap and in fact, seems to have been pimped by Q themselves as well as other cutout accounts on Twitter that have since been banned from the platform. All of this singularity activity makes me wonder just how connected this guy is to the whole Q thing in the first place, as he was posting stuff on his flickr account in 2008 about child abuse and other strange art works that show a rather hamfisted artistic quality.

Hell, this cat even claims that Apelbaum was the CTO of Homeland Security? Which is cleverly mirrored on his LinkedIN but doesn’t really say that outright. He was though, evidently, CTO at Dunn & Bradstreet for less than a year…

Hmm….

Well, the HBLT, has not seen its end in the Q-verse now with this new retcon of “RUSSIA OWNS POTUS!” and I am wondering just how much more we will see of this narrative as well as the hoked up images that Apelbaum seems to have a plethora of. I mean, I do not remember a lot of these being out there before, but maybe I was just living under a rock. for the last year in particular. The locus here of Apelbaum and so much of the Q/Biden/Mueller/Russia/China/ disinformation is rather interesting, and one has to wonder where he is getting all this stuff, and why is his site being cited, as well as himself, in all this alt-right media?

So, gentle readers, buckle up, cuz I expect to see more out of this cat and his blog showing up on Telegram, Gab, ThePatriot.win, and all of the other dark and derpy corners of the internet. It will gurgle up I am sure and appear as talking points by the likes of Boebert and Marjorie Taylor Greene on the senate floor, and we all will want to just hit ourselves in the head with a hammer until the pain diminishes.

Smoke em if you got em.

K.

Written by Krypt3ia

2021/01/23 at 20:50

Posted in Uncategorized

Perilous Times

leave a comment »

Earlier today I posted a long thread, but I wanted to make a more cogent post for those of you not on Twitter. My tweet thread went something like this…

Militia site proposing and architecting the 4k militia action against the inauguration of Joe Biden and Kamala Harris

The events of January 6th, 2021, were I fear, just a prelude to an ongoing threat that will culminate in actions against not only the inauguration, but also across the country at capitols in most of the states. These actions, basically more insurgency and insurrections, will be a turning point for the United States more so than what has already taken place within the space of four years of Trump degradation to the values the Constitution upholds.

What I have been monitoring online in the open and places more dank, has been the first time since monitoring Islamic Jihad, that I have felt that we have finally reached a point where domestic terrorism was the larger threat to the nation than Islamic Jihad and all the various flavors of that there are. Specifically, since 9/11, I have never felt that internal forces could come close to wreaking the devastation that the 19 attackers did on September 11th, 2001. Now though, I am worried that the first skirmish at the Capitol of our Democracy, will not be the last, nor will it be the bloodiest.

The forces of the Alt-Right, are now, it seems, the totality of the Republican base, and within them are a melange of unstable individuals and groups:

We have the Qanon folks, who are outright paranoid delusional individuals or grifters, mostly though, they comprise of true believers with mental instability and ideations that lean toward violence when their world view is challenged.

We have the MAGAheads who also cross pollinate with the Qanon true believers as well. These are the people who are just drawn to the strongman in Trump.

We have the ProudBoys, who, well, are much more oriented toward hate and are often times bridges between Neo Nazism. The Nazis are all over the place too now in amongst the sheeple that are the MAGAheads and the Qanon’s, and they are something to really be concerned about.

What is really happening here is that as things play out, it is becoming increasingly clear in the Telegram channels for the NaziProudBoy set, is that they are planning on using the MAGAheads and the Qanon’s as cannon fodder in their own putsch for their own goals. These people have another more hate filled agenda and that is of the kind that you saw some in the crowd at the events on Capitol Hill. The kind who wear shirts like this and believe that eleven million Jews killed in the holocaust were not enough.

The net effect though, is that there are forces at work in the open at first, but now scattering to the darker parts of the internet, plotting and planning actively, another series of attacks because they have been empowered to do so by the likes of MAGA and Qanon. This canon fodder, are their diversion to carry out more focused and dangerous attacks like what was attempted at the Capitol. They failed last time, but only just, and now, if they can rally their canon fodder along with Trump, then they will have another few bites at the apple.

Also, if they succeed, even marginally, then they will be empowered further in recruiting and planning for more later on down the road. All of us should be concerned by this, just as much as you should be concerned in how many of these people of like mind, already sit within the government, military, and police forces of the United States.

As the date approaches for the next insurrection, we should all concern ourselves with idea that Washington DC and in fact many places in the United States (e.g. capitols, state buildings, federal buildings as well as corporate buildings) may become the new American Kabul or Palestine. With fighting in the streets by pseudo guerilla forces of Trump America. They will plan all their actions in private chat rooms on Gab and Telegram, or create new venues that likely will rely on services from places like Russia, where they will not deplatformed, because these sites and these forces, plotting and acting out, are a boon to Putin.

As if this all wasn’t bad enough, last night the Joint Chiefs felt moved to put out a statement memorandum admonishing sedition and re-iterating that the military is not a political body and that their directive was to protect the Constitution and the people. The fact that they had to say this in this way, is a troubling thing and we all should be concerned about just how many in the military and other forces like the police, are in fact believers in Trump and these other doctrines being put out there by Qanon, Alt-Right, Nazi’s and Proudboys.

One of the biggest concerns out there that you all should be aware of, is just how much sway someone like Flynn might have on these same people. Also, just how many connections and loyalties he may still have, as he is now the titular leader of Qanon, the public face of Q, a man in the “know” as he was in the IC proper and held a high position.

Here he is before the insurrection at the capitol, basically pointing at the stadium seats and saying “go for it, I got your back and Q has all the answers as well as Trump” This is a dangerous man, who is now free to carry out Trump’s and his own grifter agenda after being pardoned by his master. This man, who worked as an agent of Turkey, willing to rendition a US citizen to the Turks for money.

We are through the looking glass ,people.

Be afraid, because if Trump continues to be a chaotic and psychotic force, whipping these people up, we will be seeing more of this in the coming years. Unless the states that have criminal cases against him act, we will not see the last of Trump. Without him being charged and perhaps incarcerated, he will continue on this path and it seems, attempt to run for high office again.

This will not end well.

Keep your wits about you.

K.

Written by Krypt3ia

2021/01/13 at 12:50

Posted in Uncategorized

Supply Chain Attacks and Nation State Pwnage: A Primer

leave a comment »

I've seen things, you people, wouldn't believe....

Last Sunday night, while I was lounging on the couch watching some British Bake Off, I got word of the Solar Winds supply chain hack. After kicking back the last of my whiskey, I immediately got on the phone to start IR at work, cuz, yep, we have Solar Winds too.

Who’da thunk it?

Anyway, three days of IR stuff later, I am here to blog on the meanings for the muggles out there after having a conversation with a reporter on what it all meant. The reporter asked me about a tweet that was put out by Richard Blumenthal about needing to know more about this evolving hack and fallout thereof.

While I think that Dick is being a bit hyperbolic here, I also can tell you, gentle reader, that there is a lot to in fact be worried about regarding this instance of adversarial activity (most likely Russia’s APT29 Sluzhba vneshney razvedki Rossiyskoy /SVR group) which managed to break into a system application that many in the government, military, and corporations still run to manage their network.

This system is so prevalent in the space, that even in my environment, we still had it running and man, I thought we had made it go away long ago. So, you might be wondering what does Solar Winds really do? Well, glad you asked, it is a series of applications that help you maintain your large networks.

As you can see from the graphic from their site, the companies software performs a lot of management and monitoring capabilities within a network of individual systems. Servers, routers, databases, service desk applications, resource monitoring, network configuration, and security management. Now, you might be saying; “Ok, well, those are a lot of things that this stuff does, but, what does that mean security wise if the application (Orion) is compromised?” and that is a good question, the primary one I want you to comprehend if you are not in tech or security of the tech. What this means, is that this program suite by SolarWinds, is the ‘skeleton key’ now to a host of around 33k companies/networks that downloaded the tampered with update. This could affect around 300k clients in all, should there be more tampering or vulnerabilities exploited by the adversary now that they have the code base (assuming here) after they spent all that time inside SolarWinds systems.

So, we have a rather prevalent application suite that usually functions on a level of administrative access to do the very things it is bought to do. This means, that the Orion system contains ALL of your admin passwords up to and including domain administrator and enterprise administrator. What does this mean? It means that once the adversary had control over the Orion system, they had control over EVERYTHING that that system touched as well as now, if it did not have direct control, the passwords that would allow access within a network running this compromised system, are in the hands of the enemy.

Put simply, the adversary, has control over pretty much everything you own. They can log in, take data, manipulate data, and in the most extreme, burn your network down using other malware like a wiper or ransomware to do it. All of this, while you may not see the activity because everything is using credentials that are admin level and authenticated on your network. This is why it was so hard to detect this attack and to stop it and why they were inside the systems for so long.

Ok, so, what does that mean from the perspective of damage and about what groups the adversary hit? Well, so far, we know that the following entities were hit in this supply chain attack(s)

  • Department of Homeland Security
  • FireEye
  • Treasury
  • Commerce
  • The National Security Council

These are all either government agencies or companies that handle a lot of government contracts, so you can kind of get a sense of what it means. However, let me expand on this, DHS and the NSC alone is a treasure trove for the Russians to gather all kinds of unclassified/classified data that they would want. Not only that, but, if you own the Orion systems in places like that, and that systems is in fact running in the CLASSIFIED space, then you have broached into the CLASSIFIED networks of things like NIPRNET and SIPRNET as well probably JWICS.

What does this mean? Lemme put it into internet vernacular for you;

This could be spectacularly bad. This is why so many are freaked out about this supply chain attack and the incident responses are all going on 24×7 now. It has yet to really be determined (at least publicly) how long the adversaries were inside these networks, but, I am going to assume that it was a long time, and a lot of damage has been done. Now all these places have to clean up the mess, re-set their networks and rebuild so that this cannot happen again. Then they have to assess the real damage to our security and perhaps someday give testimony in congress about it.

Now, about the other entities, these are the reasons that this hack is bad;

  • FireEye: They do all the pentesting and security work for many of the same orgs as well as incident response. If they were owned as hard as we think, well, there is a lot of data that the adversaries could use on top of using all the tools they stole from them.
  • Treasury, well, money right? Plans? Routes? All things monetary that the adversaries could use to mess with the united states up to and including theft of large sums of money potentially.
  • Commerce as well, plans and other details that they could use against the US financially internally as well as globally.

Time will tell just how many other orgs got hit and may in fact have had data lost to the attackers. Also, do not forget the potential for further logic bombs out there that might be placed by the actor as well for future fun. Of course I have been hearing stories about power and water companies and systems being affected by this as well. All in all, it could be very bad for us all, and places us in our back foot most solidly globally.

One other aspect here, and this is highly speculative, but, what other secret orgs had connections to others with Orion? What orgs themselves in the secret spaces like FireEye, had the same software as well? What classified intelligence has been lost here?

Let that sink in…

Also, on the critical infrastructure end, I am not worried that the power will go off nationally, but, the Russians could mount more, and working attacks against regions with the right kind of access vis a vis this kind of hack.

Think about that too.

Gotta hand it to the Russians man, they play a good long game. Expect to be hearing about fallout on this for quite a long time. If you want to kind of get a sense of the scope of this, I would recommend watching “Sneakers” the whole McGuffin of the movie is the little black box that the mathematician created that decrypts all the things. This hack is kinda like that. With one box, the Russians decrypted EVERYTHING and then, like the Grinch, took it all up the chimney.

K.

Here’s a reading list too for you all to follow along with:

https://triblive.com/news/world/cyberattack-may-have-exposed-deep-u-s-secrets-damage-yet-unknown/

https://www.darkreading.com/attacks-breaches/concerns-run-high-as-more-details-of-solarwinds-hack-emerge/d/d-id/1339726?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

https://us-cert.cisa.gov/ncas/current-activity/2020/12/13/active-exploitation-solarwinds-software

https://us-cert.cisa.gov/ncas/current-activity/2020/12/08/theft-fireeye-red-team-tools

https://us-cert.cisa.gov/ncas/current-activity/2020/12/07/nsa-releases-advisory-russian-state-sponsored-malicious-cyber

https://www.nbcnews.com/tech/security/russian-hacking-campaign-highlights-supply-chain-vulnerabilities-n1251187

https://www.solarwinds.com/securityadvisory/faq

https://www.solarwinds.com/securityadvisory

Post Script:

Someone put out a tweet earlier that is very prescient;

This is an important context to have. Russia has used Ukraine as their down range test bed. If you remember back to NotPetya, you can see this exact supply chain attack cycle being leveraged there first, and tested. The Russians are old hands at this now.

Not Petya:

Written by Krypt3ia

2020/12/16 at 18:47

Enemies of The People: An Information Operation

leave a comment »

Yesterday, I saw an article on the news wire that had Krebs lawyer mention a site (enemiesofthepeople) and decided to do a little looking. Going down the rabbit hole, I used Google Domains to do some searches to see what iterations of the site were already taken and found a list of sites that I began investigating. Once I located the main site, it became clear that the creators had also taken out a bunch of sites to post the same content and and were actively putting them online even as I was digging.

The sites are registered all over the place, including non domain named sites in Russia and Germany as well as a domain in Singapore and a presence in the darknet. Many of them are behind DoS protection with CloudFlare, and all are hosting the exact same content. The content is in fact the personal details of people that these actors are seeing as “enemies of the state” including Chris Krebs, Gretchen Witmer, and others in the government (state and federal) that they deem need to be assassinated.

The site also has a host of social media outlets including a now defunct Twitter account and a VK, as well as Gab and of course, Parler. In taking a more nuanced look at all of the domain data and links, I have come to the conclusion that this is probably an information operation, but the question is, by who? The domain data is littered with Russian addresses, names, and email addresses for Yandex, but, nothing in all of this data has shown to me a slip up, instead, this is all deliberate and methodical. A means to an end to make this look like, for all intents and purposes, this is Russia’s GRU putting this out on the net to cause a stir, and to enthuse the Trump/Alt-Right base to talk to each other directly about the “”next steps” post SCOTUS denial of the case to overturn the election in favor of Trump. This also tracks with the timing of the postings of these sites as we JUST heard last night that SCOTUS denied the case in a one sentence ruling in thirty four minutes.

Details of Domains:

pcp6uxkzhavhxnwb.onion
pcp6uxkzhavhxnwb.onion.ws —> Clearnet gateway to access onion
enemiesofthenation.com
enemiesofthepeople.mx
enemiesofthepeople.ca —-> Hosted on monovm VPS/Hosting

enemiesofthepeople.us
SUB DOMAINS:
cpanel.enemiesofthepeople.us
cpcalendars.enemiesofthepeople.us
cpcontacts.enemiesofthepeople.us
enemiesofthepeople.us
mail.enemiesofthepeople.us
ns1.enemiesofthepeople.us
ns2.enemiesofthepeople.us
webdisk.enemiesofthepeople.us
webmail.enemiesofthepeople.us
http://www.enemiesofthepeople.us

donttouchthegreenbutton.us —>Ties to AZ movement and had it’s own site on WayBack
enemiesofthepeople.us
donttouchthegreenbutton.net
enemiesofthepeople.org
donttouchthegreenbutton.org

Non Domain Named Sites:
2.56.242.22 —>Russia Hosting
193.56.255.179 —> Russia Hosting

Email addresses:
info@enemiesofthepeople.us

mailto:EnemiesOfThePeople@protonmail.com

mailto:EnemiesOfThePeople@hotmail.com

Domain contacts:
voychik-7923@yandex.com
ivan0v.pi@yandex.com
onzayt@yandex.com
Kulkov Ei
viladiof@yandex.com

Social Media Links:

https://vk.com/id628343065

https://twitter.com/Pe0pleThe

https://parler.com/profile/EOTP

https://gab.com/Enemies0fTheNati0n

FULL REPORTING of Domain Data HERE

As I said above, so far, the searches I have done show no real mistakes that would lead to the real people behind the sites, and that is going to have to come from the FBI getting warrants on the US entities (the .us domains and the sub domains likely will bear fruit) and track how the domains were paid for. Much of the other data gleaned from email addresses and names listed are pretty much dead ends on a cursory evaluation of them. Which, once again, leads me to believe that someone really wants you to think that this is Russia, but their tradecraft has been too good so far to make me think that these sites are all the work of the would be Trump acolytes, who for the most part, have shown themselves to not be tacticians.

I have yet to log into the social media sites, but I did look at the VK and it is brand new with no followers I could see. Overall though, this is something I will keep an eye on to see what develops and will report what I see when I see it.

For now though, the information operation is afoot, and, from what I have seen in chatter elsewhere, this will be a moth to the flame kind of thing for the more idiotic of the Trumplings. Here’s hoping that they all get rounded up for plotting assassinations and captures like the idiots who went after Witmer a while back.

K.

Post Script:

They also just added a jpg file of an alleged “SECRET” memo that alleges that Krebs (who ostensibly wrote and signed this document) stating that there was a hack that happened on the election systems from Dominion. This is a pretty bad attempt, and because they did not even take the time to fake up a PDF file, I am gonna just say they may be getting a little more desparate…

Updates:

Since wordpress is a fucking hot mess on editing, I lost some stuff so here it is again…

The sites keep getting updated with names and bios to attack now including Chris Wray

Meanwhile, the sites have started soliciting for Bitcoin with a wallet that at last check had about 6K in it and was zeroed out recently:

I also started a Maltego mapping session on the sites and all data:

Bitcoin transactions:

Written by Krypt3ia

2020/12/12 at 17:03

72 Days

leave a comment »

While everyone is still elated by the defeat of Donald Trump in the election that just ended, I would like to caution you all and temper that elation with some gaming out of what may yet still happen. While it is ok to be happy with this outcome, and to celebrate it, please also take a moment to consider that Trump is still in office for another 72 days.

In those 72 days, Trump may well wreak havoc with our system as much as possible out of spite, but, more likely will start to work on covering up all his crimes by a slew of pardons, which, may also include himself. So in that vein of thought, I would like to outline some potential actions Trump might take in the next 72 days that you should all contemplate as we move towards his possible physical removal from the White House.

  • Trump is likely to leave the White House in the near future and head to his lair, uh, I mean, Mar-A-Lago, where he will stew about the loss that he is not able to really confront, because he is a malignant narcissistic psychopath. There will be turns of rage and depression that will alternately seize him and in those moments of rage, he will either act out, or hatch plots to punish us all. It is more likely though, we will see a period of inactivity from Trump as he processes this. It is called “Checking Out” and in that time we have some breathing space.
  • Trump’s people will start to flee the sinking ship for the most part. There will be others who will double down. Most will though, be seeking other jobs (as some already I have heard have begun to do so) and begin the process of disengaging.
  • Trump’s MAGA minions will also be mimicking the soon to be former president and processing the loss. They too will go through the same stages and likely will also be doubling down in their disinformation bubbles. These people will not be going away, and much like Jihadist movements, will just re-tool their process, and we must be vigilant about this. We have already seen a shift in messaging platforms, and we are likely to see them go quiet for a while, but make no mistake, they are not inactive, they are planning, re-grouping.
  • In that time of re-tooling the message, we will see them double down on the conspiracies and, pardon the vernacular, “butthurt”, which will only intensify as the Biden Administration takes over and starts, in particular, to undo the damage that Trump has done these last four years. Also as its is looking at present, Biden will have to make numerous changes by using the same power that Trump did to undo the damage (Executive Orders) because the Senate will, unfortunately, be still controlled by the Republicans and Mitch McConnell, who will block him at every step. This will be twisted in the disinformation rhetoric as an abuse of power.
  • Likely Trump actions once he returns to the White House are the following:
    • Pardons for:
      • Roger Stone
      • Paul Manafort
      • Presumtive Pardon: Ivanka
      • Presumtive Pardon: Jared
      • Presumtive Pardon: Stephen Miller
      • Presumtive Pardon:Bannon
      • Presumtive Pardon: Donald J. Trump
      • Presumtive Pardon: Rudy Giuliani
      • Michael Flynn
      • Basically anyone in his orbit he wants to pardon to protect himself from being flipped on. His inner cricle, watch them.

Of course it is hard to prognosticate every move that this unhinged president might take, but, here are some possible actions that should worry you all.

  • Use of the war powers act to create chaos and perhaps burnish his image. This could mean unilateral actions using the military on places like Iran.
  • More executive orders that would help himself and his cronies after the presidency is over, gifts if you may, to his many “donors”
  • Attempts to manipulate Barr into rigging things so that any and all Federal, and perhaps State level cases against him are sabotaged.
  • Trump may trade on his knowledge of secrets with foreign powers as play for pay. The soon to be former president is an easy mark for espionage adversaries, but, also may be willing to trade in order to secure his future state. (Think Edrogan and Turkey interference with the courts)
  • Trump may seek to secure future political capital with those who are aligned with him in the government today. This may include the aforementioned pardons, but also deals to lay possible future plans of a comeback, or, more to the point, line up Jr. for a run in 2024.

These are just a few possible actions on Trump’s part that could take place in the next 72 days. I also suspect that we will not see Trump just fade off into the Mar-A-Lago sunset. He will take some time, and then he will begin his push to continue his “legacy” as he will still be seeing it all as he was “cheated” out of the presidency in 2020. One of the more likely scenarios I see, is that he will align himself with OAN and use it as his new Fox news propaganda outlet.

We will just have to see how much of the limelight he is allowed by the media in general, and the populace though. But, you must know, that his malignant narcissism will not allow him to just go into his bunker of seclusion like an orange Hitler. He will take some time to stew, but he will be back, and so will his brood and followers.

This isn’t over for him or them.

Biden, in the process of undoing all the damage that Trump has done, after removing all his “yes” men and women will also have to help create laws where “norms” were the standard. We have seen how someone like Trump can abuse the systems of power, without any kind of firewall to protect the republic, and nearly bring it down. Biden will also have to work with the DOJ, FBI, Homeland Security, and other organs of the state to monitor the MAGA/Alt-Right groups to insure that they stop them before they potentially activate and cause real harm to people as well. In this, I mean that they may in fact act just like many Jihadi’s and hope to start the civil war that they so desperately seem to want.

So, while I am happy with the outcome here, and feel better about things, I also know that this is not over. Be aware too, that this is not over. We have a lot of work to do to repair the government, the nation, and the stature of this country ahead of us.

This is no time to relax, there is work to do. Let’s make sure it gets done.

K.

Written by Krypt3ia

2020/11/08 at 16:06

Posted in 2020

The Biden October Surprise is Here

leave a comment »

This morning I was pinged by someone after seeing a Tweet that went by on my feed from Maggie Haberman (NYT) linking a lurid New York Post story claiming the smoking gun has been found on Hunter Biden.

This story is riddled with holes and innuendo but, may have some kernels of truth. But all a good disinformation warrior needs to carry out a disinformation campaign, is that Russian formula of 80/20 disinformation to real information, so this story certainly fits that model. The story line thus far, is that some unnamed computer repair store owner received a mac laptop for repair in April of 2019.

The customer who brought in the water-damaged MacBook Pro for repair never paid for the service or retrieved it or a hard drive on which its contents were stored, according to the shop owner, who said he tried repeatedly to contact the client.

The shop owner couldn’t positively identify the customer as Hunter Biden, but said the laptop bore a sticker from the Beau Biden Foundation, named after Hunter’s late brother and former Delaware attorney general.

NY Post 10/14/2020

So, yeah, a laptop of uncertain provenance, in the hands of an anonymous computer repair guy, say’s he found incriminating data on the hard drive, and it was subsequently taken by the FBI. Of course the laptop, who brought it in, and who it belonged to are all quite unknown as the anonymous computer guy fails to give any details such as he should have, ya know, like a reciept or a write up of who it belonged to and at least the number he tried to call right?

Say, while we are at this point, would you like to buy a bridge I have for sale? Perhaps a nice piece of swamp land in Florida maybe? Going cheap!

But, I digress… Anywho, yeah, this guy only thinks that this could be Hunter Biden because there is a Beau Biden sticker for the charitable orginization that was set up after his death. Pay no never mind to the fact that this alleged computer repair guy had the WHOLE HARD DRIVE to access and he couldn’t maybe tell who it belonged to just by looking say at the documents folder?

COME ON!

So, yeah, this anonymous guy somehow see’s some nefarious emails (OH LOOK, HE’S IN THE EMAILS ON THE HARD DRIVE AND STILL DOESN’T KNOW WHO THE LAPTOP BELONGS TO?) from Vadim Pozharskyi and BOOM we have the coverup of the century! But wait, it gets better. So this guy calls the FBI and then makes a copy of the hard drive and passes that ILLEGALLY to Rudy Giuliani’s lawyer?

But before turning over the gear, the shop owner says, he made a copy of the hard drive and later gave it to former Mayor Rudy Giuliani’s lawyer, Robert Costello.

Steve Bannon, former adviser to President Trump, told The Post about the existence of the hard drive in late September and Giuliani provided The Post with a copy of it on Sunday.

New York Post 10.14.2020

Wow! That’s some epic shit right there! So, are your spidey senses tingling too? Cuz mine are just screaming here. What’s more is that all this began only on the NY Post, in an “exclusive” which means the Post is all in for Trump it seems. That aside, I also had to ask myself why Maggie Haberman was flogging this on Twitter (pssst hey NYT, what the fuck?) without as much as a howdy do on doing any leg work to rebut these allegations. Anyway, if you look further into the article though, you see some screen shots of things like the alleged email from Burisma and photo’s alleged to be of Hunter Biden (from the hard drive? It is not clear) along with a nice picture of the alleged subpoena that was served to the computer store guy that has been “redacted” according to the naming of the file.

HUNTER BIDEN DOCUMENTS

Of course this alleged picture has a few issues. First of all, no court case number is conveniently there to look up. Of course no name of the person to be deposed, and then there is the EXIF data that they conveniently left in the photo for people like me to find…

This photo was shot on an iPhone and it has the geolocation still in it. Once you extrapolate that, you get a tavern in Delaware where the photo was snapped.

So, someone with an iPhone took a picture of an allegedly redacted grand jury subpoena in Jessop’s Tavern on January 11th 2020. And this is just popping up now, in October 2020, conveniently a couple weeks from the election of a century… Right… Oh, and there are a couple of Mac specialists with in easy drive of this tavern, so, it may be possible to guess who it may be.

So far, this story has only been getting traction on Fox and Bloomberg other than being on fire, then quickly put out by removal by Facebook. A removal mind you, that has many people in the Trump camp gnashing their teeth about, boo hoo. I would expect this story to get more traction though as I have already seen on Fox one Senator demanding more information from the now defunct Barr/Durham investigation that managed to charge no one with a crime.

Convenient eh?

Lastly, let me just say this, all of this story screams no chain of custody, and a large probability of tampering, hacking, disinformation creation and propagation by forces yet to be seen. The rest of the photos in the story on the post all lack any EXIF/Metadata, which is kinda suspicious, so there is that too. I would not put it past Russian assets and the Trump camp from being central to the creation, curating, and release of this disinfo campaign against Biden now for fullest effect.

I don’t buy it, and neither should you.

K.

Written by Krypt3ia

2020/10/14 at 19:15

Posted in Uncategorized

1142020.txt

leave a comment »

Written by Krypt3ia

2020/09/30 at 16:57

Posted in 2020, Elections

Dickson Yeo: International Man of Mystery *giggle*

leave a comment »

I recently went on Blogs of War: Covert Contact and talked with John about online OPSEC and social media. In the process of prepping for the podcast, I went and looked up the stories about LinkedIN being used as a means for Chinese espionage. I had often written about this in the past, and in fact had specifically talked about LinkedIN and how much people over share there. Well, I was given a small surprise when I did, It turns out ‘Dickson Yeo‘, the guy arrested by the feds recently, was someone on my LinkedIN. I remember him as being someone I held at arms length and thought that this account was probably a cutout. Turns out I was right. Full disclosure, he messaged me a few times about posts I had made here and complimented me, but, like I said, and many of you who know me personally, I am not so much a cuddly guy, so he went on his way. Of course later on I was banned from LinkedIN anyway (no I still don’t know why, they would not tell me) so, yeah…. You can hear more on the story and on LinkedIN and our oversharing here on;

Blogs of War Covert Contact: Avoiding Your Own October Surprise

~K

Written by Krypt3ia

2020/08/02 at 19:34

Posted in Espionage, OPSEC, OSINT

SAR-CoV-2 COVID19 Twitter Thread

with one comment

Since my account is locked… Twitter thread on SARS-CoV-2/COVID-19

Link to paper on SARS-CoV-2 TTL’s for aerosol and surfaces HERE

Written by Krypt3ia

2020/03/12 at 12:50

Posted in COVID19

Pandemic Threat Intelligence and Response Briefing For Executives: Planning For INFOSEC/Supply Chain/Continuity

leave a comment »

Johns Hopkins COVID-19 Heat Map Tracking

Threat Intel:

SARS-CoV-2 has been exponentially spreading within the global community and the effects of the virus and its attendant disease (COVID-19) are rapidly causing shocks within the global community. The affects of the pandemic are far reaching, we have seen the strain on the global supply chain as China fell into the height of the pandemic with supply chains being diminished or broken outright. As such, as the virus spreads, it is important to consider the threat space to the security and function of your organization due to loss of these supply chains as well as work forces within and without. As the spread of this disease continues, expect more supply chain degradation if not complete failures for some amount of time as the quarantines commence and play out.

As such, here are some basic questions to consider for your organizations security and continuity both as a whole and as separate functions such as the security of your networks. Use this document to spark discussions around the security response as well as the larger continuity and integrity of the whole as we are affected by this pandemic. These scenarios may not actually come to pass, but, as a security body, it is our job to forecast eventualities and the responses to them that might be needed to continue the function of the org.

Executive Briefing:

With the outbreak of SARS-CoV-2 and it’s resultant COVID-19 (syndrome from infection) we have been seeing the arc of this outbreak becoming a global pandemic. With that in mind, it is advantageous to start planning for the effects from this pandemic on the businesses that you are responsible for. In this assessment, we will be taking a look primarily at the CIA Triad of the response but not just on a data security level, but, at an expanded outlook on the security, continuity, and supply chains that make up the the CIA triad. All of these affect the security of your organizations as well as the basic functionality of your business.

With this in mind, it is important to look to the effects of the pandemic projecting out from initial outbreak to pandemic globally and how that will affect your business. Primarily the effects can be broken down into these discreet areas of concern:

  1. Supply chains: What supply chains will be affected that will impact your business model?
    • Human capital, how many people does it take to function properly if the work force is down from COVID-19
      • What are your tolerances on head count?
      • What contingencies do you have if work force is depleted due to sickness and quarantine?
      • Where are your single points of failure in the knowledge base were these assets to be sick and quarantined?
    • Supplies on demand that go into making your product; How much tolerance do you have for supply chains breaking?
      • What regions do your supplies come from?
      • Are they affected now?
      • Plan for pandemic loss of work forces and how long you can function without supplies or with less

2.) Infrastructure Capacities: What tolerance does your network have to expanded remote working capabilities?

    • With a workforce that may be in social isolation mode, what is the capacity for your company to allow people to work from home?
      • People will self quarantine if they become ill
      • Children may be home as schools and day care shut down in order to prevent spread of disease
      • The state and federal government may recommend that people stay home and isolate to stop spread
      • In a protracted scenario of isolation and potential re-infection, what are your projections on your organizations ability to function?

3.)  Information Security Events and Response: With a global pandemic, the same draw down on work forces will also apply to MSP’s (SOC) workers as well

    • With automation today much of the function of a SIEM/SOC is canned response, but, there is always a need for human intervention, who handles your response?
      • During the time of pandemic and response, if your team is depleted due to sickness or quarantine procedures, what is your contingency for response?
      • During the time of pandemic and response, the same applies to your SIEM/SOC solutions that you pay for if you do not have it in house, what is their contingency?
      • If you have a true incident in your environment, how will you handle it if the primary incident handlers are unavailable?
      • Do you have a service you work with?

All of these questions should be addressed going into an event like the one that is playing out globally with the SARS-CoV-2 (COVID-19) pandemic today. It is recommended that the executive suite be briefed on these questions and assure that these possible eventualities can be answered by the organization to insure the continuity of the org. Other elements of this narrative also come to bear on scenarios in others areas such as infrastructure, and overall output of whatever your organizations products are, but these are a good set of questions for the security element to bring to the executive suite to have the initial discussions.

As such, use this document accordingly.

PDF format of this post here

Written by Krypt3ia

2020/03/02 at 14:38